text

CNIT 125: Information Security Professional (CISSP Preparation)

Spring 2016 Sam Bowne

TEXTBOOK CHANGED

Scores

Schedule · Slides · Projects · Links · Home Page

37183 601 Lec Sat 9:10 - 12:00 SCIE 37


Catalog Description

Covers information security in depth, including access control, application security, business continuity, cryptography, risk management, legal issues, physical security, and telecommunications and network security. This class helps to prepare students for the Certified Information Systems Security Professional (CISSP) credential, which is essential for high-level information security professionals.

Advisory: Students should have taken CNIT 123, or hold the Certified Ethical Hacker credential, or have equivalent knowledge of basic security.

Upon successful completion of this course, the student will be able to:
  1. Explain security and risk management.
  2. Define and implement access controls.
  3. Assess application security.
  4. Plan for business continuity and disaster recovery.
  5. Apply cryptography correctly to protect information.
  6. Explain legal regulations and ensure compliance.
  7. Perform investigations, preserve evidence, and cooperate with law enforcement authorities.
  8. Explain codes of conduct and ethical issues.
  9. Maintain security of operations.
  10. Assess physical and environmental security.
  11. Design security architecture.
  12. Explain telecommunications and network security.

Textbook

"CISSP Study Guide, Third Edition"; by Eric Conrad, Seth Misenar, Joshua Feldman; ISBN-10: 0128024372 Buy from Amazon ($45)



Schedule

DateQuiz & AssignmentMeeting Time - Topic
Sat 1-23  9:10 - Introduction; Forming Groups; NDA; Ch 2 begins
Sat 1-30 9:10 - Ch 2 finishes
Fri 2-5 Last Day to Add Classes
Sat 2-6Quiz: Ch 2
Group Projects Begin
First Assignment Given
9:10 - Managers
9:30 - Ch 3
Sat 2-13 Holiday: No Class
Sat 2-20Quiz: Ch 3
Assignment 1 Due
9:10 - Managers
9:30 - Ch 4 begins
Sat 2-27No Quiz
Assignment 2 Due
9:10 - Managers
9:30 - Ch 4 continues
Sat 3-5No Quiz
Assignment 3 Due
9:10 - Managers
9:30 - Ch 4 finishes

Sat 3-12 Class meets at 9:30
No Quiz
No Assignment Due
Guest Speaker: Nicholai Piagentini
Palo Alto Networks

Sat 3-19Quiz: Ch 4
Assignment 4 Due
9:10 - Managers
9:30 - Ch 5 begins

Sat 3-26No Quiz
Assignment 5 Due
9:10 - Managers
9:30 - Ch 5 continues

Sat 4-2 Holiday: No Class

Sat 4-9No Quiz
Assignment 6 Due
Resume Due
9:10 - Managers
9:30 - Ch 5 finishes

Sat 4-16Quiz: Ch 5
Assignment 7 Due
9:10 - Managers
9:30 - Ch 6

Sat 4-23Quiz: Ch 6
Assignment 8 Due
9:10 - Managers
9:30 - Ch 7 & 8 begins

Sat 4-30No Quiz
Assignment 10 Due
9:10 - Managers
9:30 - Ch 8 finishes

Sat 5-7
Class
Cancelled

Sat 5-14No Quiz 9:10 - Last Class: Ch 9

Sat 5-21  9:10 - Final Exam





Slides

Introductory Materials

Welcome message
Policy
Non-Disclosure Agreement (PDF)

Introduction to CNIT 125 · KEY

Technical Lectures

Ch 2. Security and Risk Management I (part 1) (Ch 1 from old book) · KEY
Ch 2. Security and Risk Management I (part 2) · KEY
Ch 3. Asset Security · KEY
Ch 4. Security Engineering (Part 1) · KEY
Ch 4. Security Engineering (Part 2) · KEY
Ch 5. Communication and Network Security (Part 1) · KEY
Ch 5. Communication and Network Security (Part 2) · KEY
Ch 6. Identity and Access Management · KEY
Ch 7. Security Assessment and Testing · KEY
Ch 8. Security Operations · KEY
Ch 9. Software Development Security · KEY

Student Presentations

Honeypot and Malware: Alan Wennersten and Jeffrey Tom

Click a lecture name to see it on SlideShare. If you want to use other formats, you may find this useful: Cloud Convert.


Back to Top

Projects

Research & Present (extra credit)

Instead of the usual homework assignments, students will all work together in teams, led by student managers, to perform security audits of information systems and other projects with real significance. Every student will be required to sign a non-disclosure agreement.

Students are required to prepare professional resumes.

Students are required to give presentations in class.

Back to Top

Links

Introduction to CISSP and CNIT 125

CISSP 1: CISSP Education & Certification
CISSP 2: (ISC)2 | Certified Information Security Education
CISSP 3: CISSP was the third highest salaried certification in 2009
CISSP 4: DOD 8570 requires CISSP, Sec+, and other certs for all gov\'t Information Assurance employees
CISSP 5: CISSP exam prices
CISSP 6: (ISC)2 Code of Ethics
CISSP 7: Associate of (ISC) Certification
CISSP 8: SSCP Education & Certification
CISSP 9: Exam Prices (pdf)
CISSP 10: Test Prep: 10 Tips For Preparing and Passing the CISSP Exam
CISSP 11: How to get continuing education credit for CISSP certification holders
CISSP 12: GIAC Research in the Common Body of Knowledge -- Good white papers for the ten CISSP domains
CISSP 13: DoD Directive 8570.1 M - DoD Approved Baseline Certifications
CISSP 14: Associate of (ISC)^2 FAQ
CISSP 15: 7 Types of Hard CISSP Exam Questions and How To Approach Them
CISSP 16: How I Prepared for the CISSP Exam--Sam Bowne
CISSP 17: A CISSP Study Plan Memoir
CISSP 18: CISSP Practice Test
CISSP 19: San Francisco Bay Area ISSA--CISSP Study Sessions
CISSP 20: CPE Requirements
CISSP 21: (ISC)^2 SF Chapter

Links for Chapter Lectures

New Unsorted Links

Ch 1b: Describe the main differences in due dilligence and due care
Ch 1a: COBIT 5 Laminate
Ch 1c: DREAD (risk assessment model) - Wikipedia
Dilbert : How the CISSP Exam was Written
Ch 2a: Separation of Duties in Information Technology
Ch 1d: US-EU Safe Harbor Data-Transfer Talks Enter Final Week (1-25-16)
Ch 4a: Memory segmentation - Wikipedia
Ch 4b: Trusted Computer System Evaluation Criteria - Wikipedia
Ch 4c: Internet of Shit (@internetofshit) | Twitter
Ch 4d: OWASP Top Ten Project
Ch 4e: Secret Service codename - Wikipedia
Ch 4f: Pretty Rindjael Animation
Ch 4g: IPsec - Wikipedia
Ch 5a: 64-bit Global Identifier (EUI-64)
A Beginner\'s Guide to Data Compliance
HIPAA certification HCISPP vs CSCS
Certified Security Compliance Specialist
Ch 5b: How FTP port requests challenge firewall security
Ch 5c: Online Dig | Men & Mice
Ch 6a: Call It Super Bowl Face Scan I (From 2001)
Ch 6b: Obama Eyeing Internet ID for Americans (from 2011)
Ch 9a: Metasploit Module Source Code in Ruby
How to Reverse Engineering with Radare2 -- INTERESTING FOR PROJECTS

          

Old links

Back to Top
Last Updated: 5-9-16 10 am