CNIT 125: Information Security Professional (CISSP Preparation)

Spring 2021 Sam Bowne

Thu 6:40 - 9:30 PM CRN 33191

Schedule · Slides · Links · Grading

Class meets Monday evenings
at 6:10 PM Pacific Time


Password: student1

Free Textbook Access

  • Go here
  • Click "Safari Online"
  • In the "Select your Institution" drop-down list box, click "Not listed? Click here"
  • Enter your CCSF email address
  • Enter the book's title the "Find a Solution..." field

Catalog Description

Covers information security in depth, including access control, application security, business continuity, cryptography, risk management, legal issues, physical security, and telecommunications and network security. This class helps to prepare students for the Certified Information Systems Security Professional (CISSP) credential, which is essential for high-level information security professionals.

Advisory: Students should have taken CNIT 123, or hold the Certified Ethical Hacker credential, or have equivalent knowledge of basic security.

After successful completion of this course, students will be able to:

  • Explain security and risk management
  • Protect the security of assets
  • Manage security of engineering and software development processes
  • Control access to resources and manage identity, communications and network security
  • Perform security assessment, testing, incident response, and disaster recovery


"CISSP Cert Guide (3rd Edition) "; by Robin Abernathy, Troy McMillan; ISBN-10: 0789759691 Buy from Amazon ($40)


The quizzes are multiple-choice, online, and open-book. However, you may not ask other people to help you during the quizzes. You will need to study the textbook chapter before the lecture covering it, and take the quiz before that class. Each quiz is due 30 min. before class. Each quiz has 5 questions, you have ten minutes to take it, and you can make two attempts. If you take the quiz twice, the higher score counts.

CCSF students should take quizzes in the CCSF online Canvas system: https://ccsf.instructure.com/

Non-CCSF students will have another Canvas to use, available in the second week of class.

Presentations and Papers

Each student must make two in-class Presentations and write two Papers. Topics must be submitted in advance. Presentations will be strictly limited to four minutes. Papers must be 500 - 1000 words, written in proper grammatical English, and free of plagiarism. Papers must be submitted in Canvas.

Here is an example of a suitable paper:

Xi's choice: Destroy Trump, or save him and weaken America

Discussion Board

Each CCSF student must contribute to the Discussion Board in Canvas. There are dates listed in the schedule with Discussion assignments due.

For the topics and requirements, see the Discussion board in Canvas.

Non-CCSF students don't have a Discussion Board in Canvas, but are encouraged to join Twitter and engage in the public discussions there.


For class-related questions, please send messages inside Canvas or email

Schedule (May be Revised)

DateAssignment DueTopic
Thu 1-21 Introduction: CISSP Certification
1. Security and Risk Management (Part 1)
Thu 1-28Quiz Ch 1 (Parts 1 & 2) * 1. Security and Risk Management (Part 2)
Thu 2-4Quiz Ch 2 *
Discussion 1 *
2. Asset Security
Thu 2-11Quiz Ch 3 (Part 1)
Discussion 2
Topic 1 due (5 pts)
3. Security Engineering
Thu 2-18Quiz Ch 3 (Part 2)
Early Presentation 1 (+10)
Discussion 3
3. Security Engineering
Thu 2-25No Quiz
Presentation 1 (50 pts)
Student Presentations
Thu 3-4No Quiz
Late Presentation 1 (-10)
Discussion 4
3. Security Engineering
Thu 3-11Quiz Ch 4 (Part 1)
Discussion 5
4. Communication and Network Security
Thu 3-18Quiz Ch 4 (Part 2)
Paper 1 due (50 pts)
Discussion 6
4. Communication and Network Security
Thu 3-25No Quiz Guest: TBA
Thu 4-1 Holiday: No Class
Thu 4-8Quiz Ch 5
Topic 2 due (5 pts)
Discussion 7
5. Identity and Access Management
Thu 4-15Quiz Ch 6
Early Presentation 2 (+10)
Discussion 8
6. Security Assessment and Testing
Thu 4-22No Quiz
Presentation 2 (50 pts)
Student Presentations
Thu 4-29Quiz Ch 7
Late Presentation 2 (-10)
Discussion 9
7. Security Operation
Thu 5-6Quiz Ch 8
Paper 2 due (50 pts)
Discussion 10
8. Software Development Security
Thu 5-13No Quiz Last Class: TBA
Wed 5-19 -  
Wed 5-26
Final Exam available online throughout the week.
You can only take it once.
All Quizzes due 30 min. before class
* No late penalty until 2-11


Introduction to the Class & CISSP Certification · KEY · PDF

CISSP Promo (pdf) · (Key)

1. Security and Risk Management · KEY · PDF
2. Asset Security · KEY · PDF
3. Security Engineering · KEY · PDF
4. Communication and Network Security · KEY · PDF
5. Identity and Access Management · KEY · PDF
6. Security Assessment and Testing · KEY · PDF
7. Security Operations · KEY · PDF
8. Software Development Security · KEY · PDF

Click a lecture name to see it on SlideShare.
To convert from KEY to PPT, use Cloud Convert.


Introduction to CISSP and CNIT 125

CISSP 1: CISSP Education & Certification
CISSP 2: (ISC)2 | Certified Information Security Education
CISSP 3: CISSP was the third highest salaried certification in 2009
CISSP 4: DOD 8570 requires CISSP, Sec+, and other certs for all gov\'t Information Assurance employees
CISSP 5: CISSP exam prices
CISSP 6: (ISC)2 Code of Ethics
CISSP 7: Associate of (ISC) Certification
CISSP 8: SSCP Education & Certification
CISSP 9: Exam Prices (pdf)
CISSP 10: Test Prep: 10 Tips For Preparing and Passing the CISSP Exam
CISSP 11: How to get continuing education credit for CISSP certification holders
CISSP 12: GIAC Research in the Common Body of Knowledge -- Good white papers for the ten CISSP domains
CISSP 13: DoD Directive 8570.1 M - DoD Approved Baseline Certifications
CISSP 14: Associate of (ISC)^2 FAQ
CISSP 15: 7 Types of Hard CISSP Exam Questions and How To Approach Them
CISSP 16: How I Prepared for the CISSP Exam--Sam Bowne
CISSP 17: A CISSP Study Plan Memoir
CISSP 18: CISSP Practice Test
CISSP 19: San Francisco Bay Area ISSA--CISSP Study Sessions
CISSP 20: CPE Requirements
CISSP 21: (ISC)^2 SF Chapter
CISSP 22: Average CISSP Salary 2017
CISSP 23: Exam Prices 2017
CISSP 24: Dilbert : How the CISSP Exam was Written
CISSP 25: Your Guide to the Certified Information Systems Security Professional (CISSP) Exam
CISSP 26: Transcender Practice Exam

Links for Chapter Lectures

Ch 2a: Octomom's hospital records accessed, 15 workers fired (from 2009)
Ch 2b: Three Primary Analytics Lessons Learned from 9/11 (2012)
Ch 2c: The Shadow Factory: The NSA from 9/11 to the Eavesdropping on America: James Bamford: 9780307279392: Amazon.com: Books
Ch 2d: Chelsea Manning explains why she leaked secret military documents, fought for transgender rights behind bars
Ch 2e: WikiLeaks Q & A: who is Bradley Manning and what did he do?
Ch 2f: Chelsea Manning - Wikipedia

Ch 4a: Memory segmentation - Wikipedia
Ch 4b: Trusted Computer System Evaluation Criteria - Wikipedia
Ch 4c: Internet of Shit (@internetofshit) | Twitter
Ch 4d: OWASP Top Ten Project
Ch 4e: Secret Service codename - Wikipedia
Ch 4f: Pretty Rindjael Animation
Ch 4g: IPsec - Wikipedia

Ch 5a: 64-bit Global Identifier (EUI-64)
Ch 5b: How FTP port requests challenge firewall security
Ch 5c: Online Dig | Men & Mice

Ch 6a: Call It Super Bowl Face Scan I (From 2001)
Ch 6b: Obama Eyeing Internet ID for Americans (from 2011)

Ch 9a: Metasploit Module Source Code in Ruby

Other Links

A Beginner's Guide to Data Compliance
HIPAA certification HCISPP vs CSCS
Certified Security Compliance Specialist
How to Reverse Engineering with Radare2 -- INTERESTING FOR PROJECTS
COBIT 5 Laminate
Describe the main differences in due dilligence and due care
DREAD (risk assessment model) - Wikipedia
US-EU Safe Harbor Data-Transfer Talks Enter Final Week (1-25-16)
Separation of Duties in Information Technology

New Unsorted Links

Ch 2g: U.S.-EU & U.S.-Swiss Safe Harbor Frameworks
Ch 2h: Privacy Shield
Ch 2i: Privacy Shield -- Is Safe Harbour's Replacement Up To The Job In 2017? (May, 2017)
ISC2 Launches New CISSP Exam Format to Help Bring More Cybersecurity Professionals into the Field
Ideas for Student Projects 2017
Official (ISC)^2 CISSP Study App
SpiderMonkey -- Deobfuscates JavaScript Malware ty @lennyzeltser #IRespondCon
CISSP 27: CASP vs. CISSP: The Real Fight Is For Candidates' Attention
Top 20 CIS Critical Security Controls (CSC) You Need to Implement
OWASP Top 10 Security Risks - Part V
The Phoenix Project
2020-02-03: CISSP Certification Cheat Sheet, Study Guides & Best Courses
Ch 3a: DOD Directive 5200.28 defining security modes


Old links

Last revised 12-29-20