CISSO Certified Information Systems Security Officer Exam

Opis

Egzamin prowadzący do uzyskania certyfikacji CISSO Certified Information Systems Security Officer obejmuje swoim zakresem zagadnienia wyznaczone przez program autoryzowanego szkolenia C)ISSO – Certified Information Systems Security Officer

Przebieg egzaminu

Egzamin zdawany w języku angielskim.

Maksymalny czas trwania egzaminu: 120 minut

Pytania typu test wyboru:

  • jedna prawidłowa odpowiedź
  • wiele prawidłowych odpowiedzi
  • odpowiedzi do ręcznego uzupełnienia

Przybliżona liczba pytań: 100

Egzamin jest realizowany w formule online z dowolnego miejsca i komputera oraz w dowolnym czasie.

Egzamin ma formę „open book” co oznacza, że podczas jego zdawania można korzystać z materiałów szkoleniowy.

Po zakończeniu egzaminu, jego wynik jest prezentowanych od razu. Dodatkowo informacja o wyniku egzaminu wraz z elektronicznym certyfikatem w przypadku pozytywnego wyniku jest wysyłana drogą email na adres podany przy zakładaniu konta My Mile2 https://mile2.com/students.html

Uwaga: W przypadku niepowodzenia (nie zdanie egzaminu) Mile2 oferuje zniżkę na poprawkowy egzamin (50%), w tym celu należy się kontaktować za pośrednictwem email mile2store@mile2.com.

Gdzie?

Wszystkie egzaminy firmy Mile2 w tym egzamin Mile2 CISSO Certified Information Systems Security Officer jest zdawany za pośrednictwem autorskiego systemu egzaminacyjnego online MACS (Mile2® Assessment and Certification System). System egzaminacyjny dostępny jest wprost na stronie www.mile2.com , aby uzyskać do niego dostęp w pierwszej kolejności należy zalogować się na swoje konto My Mile2 a po zalogowaniu po prawej stronie w User menu znajduje się link do MACS. Przechodząc do MACS widzimy wszystkie swoje zakupione lub opłacone za pomocą voucherów dostępne egzaminy.

Rejestracja na egzamin wymaga zakupu stosownego egzaminu za pośrednictwem sklepu online https://mile2.com/mile2-online-estore/exams.html , również ta sama droga obowiązuje w przypadku posiadania voucher egzaminacyjny np. otrzymywany podczas autoryzowanego szkolenia Mile2 – kupujemy wybrany egzamin wybierając jako formę płatności voucher. Po dokonaniu zakupu egzamin jest dostępny na naszym koncie My Mile2 i jest gotowy do uruchomienia w dowolnym dogodnym czasie dla kandydata.

Wymagania

Pozytywny wynik egzaminu.

Cena

400 USD

Zagadnienia

Egzamin Mile2 CISSO Certified Information Systems Security Officer został zaprojektowany do sprawdzania wiedzy i umiejętności kandydatów z następujących obszarów:

Security Management Practices

  • What is Information Security?
  • The Information Security Triad
  • Understanding the Business
  • Risk Management: Agenda
  • Risk Management Flow
  • Risk Definitions
  • What Is the Value of an Asset?
  • What Is a Threat Source/Agent?
  • What Is a Threat?
  • What Is a Vulnerability?
  • Examples of Some Vulnerabilities that Are Not Always Obvious
  • What Is a Control?
  • What Is Likelihood?
  • What Is Impact?
  • Control Effectiveness
  • Risk Management
  • Purpose of Risk Management
  • Risk Assessment
  • Why Is Risk Assessment Difficult?
  • Types of Risk Assessment
  • Different Approaches to Analysis
  • Quantitative Analysis
  • Threat Analysis
  • Annual Loss Expectancy
  • Quantitative Analysis
  • ALE Values Uses
  • Qualitative Analysis – Likelihood
  • Qualitative Analysis – Impact
  • Qualitative Analysis – Risk Level
  • Qualitative Analysis Steps
  • Completion of Risk Assessment
  • Risk Response
  • Management’s Response to Identified Risks
  • Risk Response
  • Comparing Cost and Benefit
  • Cost of a Countermeasure
  • Risk Monitoring
  • Agenda
  • Setting up a Security Program
  • Enterprise Security Program
  • Building A Foundation
  • Planning Horizon Components
  • Enterprise Security – The Business Requirements
  • Enterprise Security Program Components
  • Control Types
  • “Soft” Controls
  • Technical or Logical Controls
  • Physical Controls
  • Security Roadmap
  • Program Monitoring
  • Program Governance
  • Senior Management’s Role in Security
  • Negligence and Liability
  • Security Roles and Responsibilities
  • Security Program Components
  • Information Security Policy
  • Security Policy Review
  • Implementing Policy
  • Security and the Human Factors
  • Employee Management
  • Human Resources Issues
  • Importance to Security?
  • Recruitment Issues
  • Termination of Employment
  • Human Resources Practices
  • Types of Training
  • Quality Training
  • Informing Employees About Security
  • Enforcement
  • Security Enforcement Issues

Access Controls

  • Role of Access Control
  • Access Control Types: Agenda
  • Definitions
  • More Definitions
  • Layers of Access Control
  • Layers of Access Controls
  • Access Control Mechanism Examples
  • Access Control Characteristics
  • Preventive Control Types
  • Control Combinations
  • Administrative Controls
  • Controlling Access
  • Other Ways of Controlling Access
  • Technical Access Controls
  • Physical Access Controls
  • Accountability
  • Threats to Access Control
  • Access Control Domain Agenda
  • Information Classification
  • Information Classification Criteria
  • Declassifying Information
  • Types of Classification Levels
  • Access Control Domain Agenda
  • Access Control Methodology
  • Access Control Administration
  • Accountability and Access Control
  • Trusted Path
  • ID, Authentication, & Authorization: Agenda
  • Who Are You?
  • Authentication Mechanisms
  • Strong Authentication
  • Authorization
  • Access Criteria
  • Fraud Controls
  • Access Control Mechanisms
  • Biometrics Technology
  • Biometrics Enrollment Process
  • Downfalls to Biometric Use
  • Biometrics Error Types
  • Biometrics Diagram
  • Biometric System Types
  • Passwords and PINs
  • Password “Shoulds”
  • Password Attacks
  • Countermeasures for Password Cracking
  • Cognitive Passwords
  • One-Time Password Authentication
  • Synchronous Token
  • Asynchronous Token Device
  • Cryptographic Keys
  • Passphrase Authentication
  • Memory Cards
  • Smart Card
  • Single Sign-on: Agenda
  • Single Sign-on Technology
  • Different Technologies
  • Scripts as a Single Sign-on Technology
  • Directory Services as a Single Sign-on Technology
  • Thin Clients
  • Kerberos as a Single Sign-on Technology
  • Tickets
  • Kerberos Components Working Together
  • Major Components of Kerberos
  • Kerberos Authentication Steps
  • Why Go Through All of this Trouble?
  • Issues Pertaining to Kerberos
  • SESAME as a Single Sign-on Technology
  • Federated Authentication
  • Models for Access
  • Discretionary Access Control Model
  • Enforcing a DAC Policy
  • Mandatory Access Control Model
  • MAC Enforcement Mechanism – Labels
  • Where Are They Used?
  • Role-Based Access Control (RBAC)
  • Acquiring Rights and Permissions
  • Rule-Based Access Control
  • Access Control Matrix
  • Access Control Administration
  • Access Control Methods
  • Network Access Control
  • Policy on Network Services
  • Remote Centralized Administration
  • RADIUS Characteristics
  • RADIUS
  • TACACS+ Characteristics
  • Diameter Characteristics
  • Decentralized Access Control Administration
  • Intrusion Detection Systems: Agenda
  • IDS
  • Network IDS Sensors
  • Types of IDSs
  • Behavior-Based IDS
  • IDS Response Mechanisms
  • IDS Issues
  • Trapping an Intruder

Cryptography

  • Cryptography Uses Yesterday and Today
  • Cryptographic Definitions
  • A Few More Definitions
  • Need Some More Definitions?
  • Symmetric Cryptography – Use of Secret Keys
  • Historical Uses of Symmetric Cryptography
  • Historical Uses of Symmetric Cryptography – Scytale Cipher
  • Historical Uses of Symmetric Cryptography: Substitution Cipher
  • Caesar Cipher Example
  • Historical Uses of Symmetric Cryptography: Vigenere Cipher
  • Polyalphabetic Substitution
  • Vigenere Table Example
  • Example Continued
  • Historical Uses of Symmetric Cryptography: Enigma Machine
  • Historical Uses of Symmetric Cryptography: Vernam Cipher
  • One-Time Pad Characteristics
  • Historical Uses of Symmetric Cryptography: Running Key and Concealment
  • Binary Mathematical Function
  • Key and Algorithm Relationship
  • Why Does a 128-Bit Key Provide More
    Protection than a 64-Bit Key?
  • Ways of Breaking Cryptosystems – Brute Force
  • Ways of Breaking Cryptosystems – Frequency Analysis
  • Determining Strength in a Cryptosystem
  • Characteristics of Strong Algorithms
  • Open or Closed More Secure?
  • Types of Ciphers Used Today
  • Encryption/Decryption Methods
  • Type of Symmetric Cipher – Block Cipher
  • S-Boxes Used in Block Ciphers
  • Type of Symmetric Cipher – Stream Cipher
  • Encryption Process
  • Symmetric Characteristics
  • Sender and Receiver Must Generate the Same Keystream
  • They both must have the same key and IV
  • Strength of a Stream Cipher
  • Let’s Dive in Deeper
  • Symmetric Key Cryptography
  • Symmetric Key Management Issue
  • Symmetric Algorithm Examples
  • Symmetric Downfalls
  • Asymmetric Cryptography
  • Public Key Cryptography Advantages
  • Asymmetric Algorithm Disadvantages
  • Symmetric versus Asymmetric
  • Asymmetric Algorithm Examples
  • Using the Algorithm Types Together
  • Example of Hybrid Cryptography
  • When to Use Which Key
  • What if You Need All of the Services?
  • Secret Versus Session Keys
  • Asymmetric Algorithms We Will Dive Into
  • Asymmetric Algorithm – Diffie-Hellman
  • Asymmetric Algorithm – RSA
  • Asymmetric Algorithms – El Gamal and ECC
  • Symmetric Ciphers We Will Dive Into
  • Symmetric Algorithms – DES
  • Evolution of DES
  • Block Cipher Modes – CBC
  • Different Modes of Block Ciphers – ECB
  • Block Cipher Modes – CFB and OFB
  • CFB and OFB Modes
  • Symmetric Cipher – AES
  • Other Symmetric Algorithms
  • Protecting the Integrity of Data
  • Hashing Algorithms
  • Data Integrity Mechanisms
  • Weakness in Using Only Hash Algorithms
  • More Protection in Data Integrity
  • MAC – Sender
  • MAC – Receiver
  • Digital Signatures
  • Digital Signature and MAC Comparison
  • S. Government Standard
  • Security Issues in Hashing
  • Birthday Attack
  • Example of a Birthday Attack
  • Now What?
  • Key Management
  • Why Do We Need a PKI?
  • PKI and Its Components
  • CA and RA Roles
  • Let’s Walk Through an Example
  • Digital Certificates
  • What Do You Do with a Certificate?
  • Components of PKI –
    Repository and CRLs
  • Steganography
  • Cryptography in Use
  • Link versus End-to-End Encryption
  • End-to-End Encryption
  • E-mail Standards
  • Encrypted message
  • Secure Protocols
  • SSL and the OSI Model
  • SSL Hybrid Encryption
  • SSL Connection Setup
  • Secure E-mail Standard
  • SSH Security Protocol
  • Network Layer Protection
  • IPSec Key Management
  • Key Issues Within IPSec
  • IPSec Handshaking Process
  • SAs in Use
  • IPSec Is a Suite of Protocols
  • IPSec Modes of Operation
  • IPsec Modes of Operation
  • Attacks on Cryptosystems

Physical Security

  • Physical Security – Threats
  • Different Types of Threats & Planning
  • Agenda
  • Facility Site Selection
  • Facility Construction
  • Devices Will Fail
  • Controlling Access
  • Possible Threats
  • External Boundary Protection
  • Lock Types
  • Facility Access
  • Piggybacking
  • Entrance Protection
  • Perimeter Protection – Fencing
  • Perimeter Protection – Lighting
  • Perimeter Security – Security Guards
  • Surveillance / Monitoring
  • Agenda
  • Types of Physical IDS
  • Electro-Mechanical Sensors
  • Volumetric Sensors
  • Securing Mobile Devices
  • Agenda
  • Facility Attributes
  • Electrical Power
  • Problems with Steady Power Current
  • Power Interference
  • Power Preventive Measures
  • Environmental Considerations
  • Fire Prevention
  • Automatic Detector Mechanisms
  • Fire Detection
  • Fire Detection
  • Fire Types
  • Suppression Methods
  • Fire Extinguishers
  • Fire Suppression
  • Fire Extinguishers

Security Architecture and Models

  • ESA Definition…
  • What is Architecture?
  • Architecture Components
  • Key Architecture Concepts – Plan
  • Objectives of Security Architecture
  • Technology Domain Modelling
  • Technology Domain Modelling
  • Integrated Security is Designed Security
  • Security by Design
  • Architectural Models
  • Virtual Machines
  • Cloud Computing
  • Security Architecture and Models Objectives
  • Agenda
  • System Protection – Trusted Computing Base
  • System Protection– Reference Monitor
  • Security Kernel Requirements
  • Memory Types
  • Virtual Memory
  • Memory Management
  • Accessing Memory Securely
  • Different States that Processes Work In
  • System Functionality
  • System Self-Protection Agenda
  • Security Modes of Operation
  • System Protection– Levels of Trust
  • System Protection– Process Isolation
  • System Protection – Layering
  • System Protection – Application Program Interface
  • System Protection- Protection Rings
  • What Does It Mean to Be in a Specific Ring?
  • Types of Compromises
  • Access Control Models: Agenda
  • Access Control Models
  • Access Control Models – State Machine
  • Access Control Models – Information Flow
  • Access Control Models – Bell-LaPadula
  • Rules of Bell-LaPadula
  • Access Control Model – Biba
  • Clark-Wilson Model
  • Non-interference Model
  • Brewer and Nash Model – Chinese Wall
  • Take-Grant Model
  • Security Evaluations: Agenda
  • Trusted Computer System Evaluation Criteria (TCSEC)
  • TCSEC Rating Breakdown
  • Evaluation Criteria – ITSEC
  • ITSEC Ratings
  • ITSEC – Good and Bad
  • Common Criteria
  • Common Criteria Components
  • First Set of Requirements
  • Second Set of Requirements
  • Package Ratings
  • Common Criteria Outline
  • Certification vs. Accreditation
  • System Threats: Agenda
  • Disclosing Data in an Unauthorized Manner
  • Circumventing Access Controls
  • Attacks
  • Attack Type – Race Condition
  • Attack Type – Data Validation
  • Attacking Through Applications
  • How Buffers and Stacks Are Supposed to Work
  • How a Buffer Overflow Works
  • Attack Characteristics
  • Attack Types
  • More Attacks
  • Host Name Resolution Attacks
  • More Attacks (2)
  • Watching Network Traffic
  • Traffic Analysis
  • Cell Phone Cloning
  • Illegal Activities

Legal and Compliance

  • Seriousness of Computer Crimes
  • Incidents
  • Incident Management Priorities
  • Incident Response Capability
  • Incident Management Requires
  • Preparing for a Crime Before It Happens
  • Incident Response Phases
  • Legal Issues: Agenda
  • Foundational Concepts of Law
  • Common Laws – Criminal
  • Common Laws – Civil
  • Common Laws – Administrative
  • Intellectual Property Laws
  • More Intellectual Property Laws
  • Software Licensing
  • Digital Millennium Copyright Act
  • Investigation: Agenda
  • Computer Crimes: Agenda
  • Historic Examples of Computer Crimes
  • Who Perpetrates These Crimes?
  • The Evolving Threat
  • Types of Motivation for Attacks
  • A Few Attack Types
  • Telephone Fraud
  • Identification Protection & Prosecution
  • Computer Crime and Its Barriers
  • Countries Working Together
  • Security Principles for International Use
  • Determine if a Crime Has Indeed Been Committed
  • When Should Law Enforcement Get Involved?
  • Citizen versus Law Enforcement Investigation
  • Investigation of Any Crime
  • Role of Evidence in a Trial
  • General Rules for Evidence
  • Evidence Requirements
  • Evidence Collection Topics
  • Chain of Custody
  • How Is Evidence Processed?
  • Evidence Types
  • Evidence Types
  • Evidence Types
  • Hearsay Rule Exception
  • Privacy of Sensitive Data
  • Privacy Issues – U.S. Laws as Examples
  • European Union Principles on Privacy
  • Routing Data Through Different Countries
  • Employee Privacy Issues
  • Agenda
  • Computer Forensics
  • Trying to Trap the Bad Guy
  • Companies Can Be Found Liable
  • Sets of Ethics
  • Ethics – (ISC)2
  • Ethics – Computer Ethics Institute
  • Ethics – Internet Architecture Board
  • GAISP- Generally Accepted Information Security Principles

Telecommunications and Networks

  • Network Security Issues
  • Network and Communications Security
  • Communication Security
  • Network Security Methods
  • Network-Based Security Problems
  • Network Topologies– Physical Layer
  • Topology Type – Bus
  • Topology Type – Ring
  • Topology Type – Star
  • Network Topologies – Mesh
  • Summary of Topologies
  • LAN Media Access Technologies
  • One Goal of Media Access Technologies
  • Transmission Types – Analog and Digital
  • Transmission Types – Synchronous
    and Asynchronous
  • Transmission Types – Baseband
    and Broadband
  • Two Types of Carrier Sense Multiple Access
  • Transmission Types– Number of Receivers
  • Media Access Technologies – Ethernet
  • Media Access Technologies – Token Passing
  • Media Access Technologies – Polling
  • Virtualization – Type 1
  • Virtualization – Type 2
  • Agenda
  • Signal and Cable Issues
  • Cabling Types – Coaxial
  • Cabling Types – Twisted Pair
  • Types of Cabling – Fiber
  • Cabling Issues – Plenum-Rated
  • Types of Networks
  • Network Technologies
  • Network Technologies
  • Network Configurations
  • MAN Technologies – SONET
  • Wide Area Network Technologies
  • WAN Technologies Are Circuit or Packet Switched
  • Circuit Switching
  • WAN Technologies – ISDN
  • ISDN Service Types
  • WAN Technologies – DSL
  • WAN Technologies– Cable Modem
  • Packet Switching
  • WAN Technologies– Packet Switched
  • Packet Switched Networks
  • WAN Technologies – X.25
  • WAN Technologies – Frame Relay
  • WAN Technologies – ATM
  • Multiplexing
  • Permanent Virtual Circuits
  • OSI Model
  • An Older Model
  • Data Encapsulation
  • OSI – Application Layer
  • OSI – Presentation Layer
  • OSI – Session Layer
  • Transport Layer
  • OSI – Network Layer
  • OSI – Data Link
  • OSI – Physical Layer
  • Protocols at Each Layer
  • Devices Work at Different Layers
  • Networking Devices
  • Network Device – Repeater
  • Network Device – Hub
  • Networking Device – Bridge
  • Network Devices – Switch
  • Virtual LAN
  • Networking Devices – Router
  • Network Devices – Gateway
  • Networking Device– Bastion Host
  • Network Devices – Firewalls
  • Firewall – First line of defense
  • IDS – Second line of defense
  • IPS – Last line of defense?
  • Firewall Types – Packet Filtering
  • Firewall Types – Proxy Firewalls
  • Firewall Types – Circuit-Level Proxy Firewall
  • Type of Circuit- Level Proxy – SOCKS
  • Firewall Types – Application-Layer Proxy
  • Firewall Types – Stateful
  • Firewall Types – Dynamic Packet-Filtering
  • Firewall Types – Kernel Proxies
  • Firewall Placement
  • Firewall Architecture Types – Screened Host
  • Firewall Architecture Types – Multi- or Dual-Homed
  • Firewall Architecture Types – Screened Subnet
  • Unified Threat Management (UTM)
  • UMT Product Criteria
  • HIPS
  • Virtual Private Network Technologies
  • What Is a Tunnelling Protocol?
  • Tunnelling Protocols – PPTP
  • Tunnelling Protocols – L2TP
  • Tunnelling Protocols – IPSec
  • IPSec – Network Layer Protection
  • SSL/TLS
  • Network Services
  • Network Service – DNS
  • Network Service – NAT
  • Agenda
  • Wireless Technologies– Access Point
  • Standards Comparison
  • Wireless Network Topologies
  • Wi-Fi Network Types
  • Wireless Technologies – Access Point
  • Wireless Technologies – Service Set ID
  • Wireless Technologies – Authenticating to an AP
  • Wireless Technologies – WEP
  • WEP
  • Wireless Technologies – More WEP Woes
  • Weak IV Packets
  • More WEP Weaknesses
  • How WPA Improves on WEP
  • How WPA Improves on WEP
  • TKIP
  • The WPA MIC Vulnerability
  • 11i – WPA2
  • WPA and WPA2 Mode Types
  • WPA-PSK Encryption
  • Wireless Technologies – WAP
  • Wireless Technologies – WTLS
  • Wireless Technologies – Common Attacks
  • Wireless Technologies – War Driving
  • Kismet
  • Wireless Technologies – Countermeasures
  • Protocols
  • TCP/IP Suite
  • Port and Protocol Relationship
  • Conceptual Use of Ports
  • UDP versus TCP
  • Protocols – ARP
  • ARP Attack
  • Protocols – ICMP
  • Protocols – SNMP
  • Protocols – SMTP
  • Protocols – FTP, TFTP, Telnet
  • Protocols – RARP and BootP
  • Remote Access Protocols
  • Dial-Up Protocols and Authentication Protocols
  • Dial-Up Protocol – SLIP
  • Dial-Up Protocol – PPP
  • Authentication Protocols – PAP and CHAP
  • Authentication Protocol – EAP
  • PSTN
  • Voice Over IP
  • Private Branch Exchange
  • PBX Vulnerabilities
  • PBX Best Practices
  • Network Based Attacks
  • DDoS Issues
  • Man-in-the Middle
  • Traceroute Operation

Business Continuity Objectives

  • Phases of Plan
  • Who Is Ready?
  • Pieces of the BCP
  • Business Continuity Objectives
  • Where Do We Start?
  • Why Is BCP a Hard Sell to Management?
  • Understanding the Organization
  • BCP Committee
  • BCP Risk Analysis
  • Identify Vulnerabilities and Threats
  • Categories
  • How to Identify the Most Critical Company Functions
  • Loss Criteria
  • Interdependencies
  • Identifying Functions’ Resources
  • How Long Can the Company Be Without These Resources?
  • Calculating MTD
  • Recovery Point Objective
  • Determining Recovery Strategies
  • Recovery Strategies
  • What Items Need to Be Considered in a Recovery?
  • Facility Backups – Hot Site
  • Facility Backups – Warm Site
  • Facility Backups – Cold Site
  • Compatibility Issues with Offsite Facility
  • Which Do We Use?
  • Choosing Offsite Services
  • Subscription Costs
  • Choosing Site Location
  • Other Offsite Approaches
  • xPrevent and Preparing for a Disaster
  • Proper Planning
  • Executive Succession Planning
  • Preventing a Disaster
  • Preventative Measures
  • Preventive Measures
  • Disk Shadowing
  • Backing Up Over Telecommunication Serial Lines
  • HSM
  • SAN
  • Co-Location
  • Review – Results from the BIA
  • Review – Results from Recovery Strategy
  • Now What?
  • Priorities
  • Plan Objectives
  • Defining Roles
  • The Plan
  • Types of BC Plans
  • Recovery
  • Damage Assessment
  • Coordination Procedures
  • Sequence of Recovery Options
  • Relocate to the Alternate Facility
  • Restoration of Primary Site
  • Return to Normal Operations
  • Environment
  • Operational Planning
  • Emergency Response
  • Reviewing Insurance
  • When Is the Danger Over?
  • Now What?
  • Testing and Drills
  • Types of Tests to Choose From
  • What Is Success?
  • BCP Plans Commonly and Quickly Become Out of Date

Application and System Development

  • Device vs. Software Security
  • Why Are We Not Improving at a Higher Rate?
  • Usual Trend of Dealing with Security
  • Where to Implement Security
  • The Objective
  • Systems Security
  • Programming Environment
  • Secure Programming
  • SDLC
  • Development Methodologies
  • Maturity Models
  • Secure Programming
  • Programming Errors
  • Web Application Security
  • OWASP Top Ten (2011)
  • PCI Requirements
  • PA-DSS Requirements
  • Vendor Supplied Software
  • Outsourced Development
  • Trusted Program Modules
  • Middleware
  • Virtual Systems
  • Cloud Computing
  • Security Issues
  • Modularity of Objects
  • Object-Oriented Programming Characteristic
  • Module Characteristics
  • Linking Through COM
  • Mobile Code with Active Content
  • World Wide Web OLE
  • ActiveX Security
  • Java and Applets
  • Common Gateway Interface
  • How CGI Scripts Work
  • Cookies
  • Security of Embedded Systems
  • Agenda
  • Database Systems
  • Database Model
  • Database Models – Hierarchical
  • Database Models – Distributed
  • Database Models – Relational
  • Database Models – Relational Components
  • Foreign Key
  • Database Component
  • Database Security Mechanisms
  • Database Data Integrity Controls
  • Add-On Security
  • Database Security Issues
  • Controlling Access
  • Database Integrity
  • Data Warehousing
  • Data Mining
  • Artificial Intelligence
  • Expert System Components
  • Artificial Neural Networks
  • Agenda
  • Software Development Models
  • Project Development – Phases III, IV, and V
  • Project Development – Phases VI and VII
  • Verification versus Validation
  • Evaluating the Resulting Product
  • Controlling How Changes Take Place
  • Change Control Process
  • Change Control Steps (Continued)
  • Administrative Controls
  • Malware
  • Virus
  • More Malware
  • Rootkits and Backdoors
  • DDoS Attack Types
  • Escalation of Privilege
  • DDoS Issues
  • DDoS
  • Buffer Overflow Definition
  • Overflow Illustration
  • Buffer OverFlows
  • Mail Bombing
  • E-Mail Links
  • Phishing
  • Spear Phishing
  • Replay Attack
  • Cross-Site Scripting Attack
  • Timing Attacks

Operations Security

  • Operations Issues
  • Role of the Operations Department
  • Administrator Access
  • Computer Operations – Systems Administrators
  • Security Administrator
  • Operational Assurance
  • Audit and Compliance
  • Some Threats to Computer Operations
  • Specific Operations Tasks
  • Product Implementation Concerns
  • Logs and Monitoring
  • Records Management
  • Change Control
  • Resource Protection
  • Contingency Planning
  • System Controls
  • Trusted Recovery
  • Duplexing, Mirroring, Check Pointing
  • Redundant Array of Independent Disks (RAID)
  • Fault Tolerance
  • Redundancy Mechanism
  • Backups
  • Backup Types
  • Remote Access
  • Facsimile Security
  • Email Security
  • Before Carrying Out Vulnerability Testing
  • Vulnerability Assessments
  • Methodology
  • Penetration Testing
  • Penetration Testing
  • Hack and Attack Strategies
  • Protection Mechanism – Honeypot
  • Data Leakage – Social Engineering
  • Data Leakage – Object Reuse
  • Object Reuse
  • Why Not Just Delete File or Format the Disk?
  • Data Leakage – Keystroke Logging
  • Data Leakage – Emanation
  • Controlling Data Leakage – TEMPEST
  • Controlling Data Leakage – Control Zone
  • Controlling Data Leakage – White Noise

Dodatkowe informacje

Jak się przygotować?

Sugerowane:

Bezpośrednia drogą przygotowująca do egzaminu jest udział w autoryzowanym szkoleniu Mile2:

C)ISSO – Certified Information Systems Security Officer

W przypadku udziału w autoryzowanym szkoleniu Mile2, jego uczestnik otrzymuje poza materiałami szkoleniowymi w formie papierowe lub/i elektronicznej również darmowy voucher egzaminacyjny na stosowny egzamin certyfikacyjny.

Wysoce rekomendowane:

Upewnienie się, że wszystkie przedstawione zagadnienia egzaminacyjne są kandydatowi bardzo dobrze znane zarówno od strony teoretycznej jak i praktycznej.

Inne:

Mile2 oferuje również szereg innych materiałów i form edukacji pozwalających na przygotowanie się do egzaminu CISSO Certified Information Systems Security Officer są to:

– materiały typu prep guide https://mile2.com/mile2-online-estore/prep-guides.html

– książki szkoleniowe w wersji elektronicznej https://mile2.com/mile2-online-estore/electronic-books.html

– dostęp do laboratorium ćwiczeniowego Mile2 Cyber Range https://mile2.com/mile2-online-estore/cyber-range.html

– materiały wideo z nagranymi sesjami szkoleniowymi https://mile2.com/mile2-online-estore/training-videos.html