CIS700 - CISSP Certification Preparation

Outline info
Semester
School
Last revision date 2017-05-29 00:34:37.85
Last review date 2017-07-17 00:15:36.379


Subject Title
CISSP Certification Preparation

Subject Description
This is an advanced course designed to prepare information systems and network security professionals to write the CISSP (Certified Information Systems Security Professional) certification examination. CISSP is the gold standard in vendor-neutral security certification through the International Information Systems Security Certification Consortium (www.isc2.org).

Credit Status
1 Credit for CNS/CTY Diploma Students

Learning Outcomes
Upon successful completion of this subject the student will be able to:

Demonstrate knowledge in the following eight information security domains as outlined in the CISSP Common body of Knowledge:

Security and Risk Management
Asset Security
Security Engineering
Communication and Network Security
Identity and Access Management
Security Assessment and Testing
Security Operations
Software Development Security

Cheating and Plagiarism
Each student should be aware of the College's policy regarding Cheating and Plagiarism. Seneca's Academic Policy will be strictly enforced.

To support academic honesty at Seneca College, all work submitted by students may be reviewed for authenticity and originality, utilizing software tools and third party services. Please visit the Academic Honesty site on http://library.senecacollege.ca for further information regarding cheating and plagiarism policies and procedures.

Discrimination/Harassment
All students and employees have the right to study and work in an environment that is free from discrimination and/or harassment. Language or activities that defeat this objective violate the College Policy on Discrimination/Harassment and shall not be tolerated. Information and assistance are available from the Student Conduct Office at student.conduct@senecacollege.ca.

Accommodation for Students with Disabilities
The College will provide reasonable accommodation to students with disabilities in order to promote academic success. If you require accommodation, contact the Counselling and Disabilities Services Office at ext. 22900 to initiate the process for documenting, assessing and implementing your individual accommodation needs.

Prerequisite(s)
College Diploma* or University Degree in an IT related Program and a minimum of 4 years of IT security work or related experience in system administration, database administration, network administration or programming.

*Students who are recent Seneca CNS or CPA  graduates who do not meet the four year’s work requirement for the CISSP designation can write the CISSP exam and apply to be an Associate of (ISC)2. Exam candidates must register separately with (ISC)2 to write the exam. Certification examination fees are not included in the course fees. (See https://www.ics2.org for more details.)

Topic Outline
Information Security and Risk Management                                                           12.5%

  • Security and Risk Management   
  • Confidentiality, integrity, and availability concepts 
  • Security governance principles
  • Compliance
  • Legal and regulatory issues
  • Professional ethic
  • Security policies, standards, procedures and guidelines
Asset Security                                                                                                                          12.5%
  • Information and asset classification
  • Ownership (e.g. data owners, system owners)
  • Protect privacy
  • Appropriate retention
  • Data security controls
  • Handling requirements
Security Engineering                                                                                                                  12.5%
  • Engineering processes using secure design principles
  • Security models fundamental concepts
  • Security evaluation models
  • Security capabilities of information systems
  • Security architectures, designs, and solution elements vulnerabilities
  • Web-based systems vulnerabilities
  • Mobile systems vulnerabilities
  • Embedded devices and cyber-physical systems vulnerabilities
  • Cryptography
  • Site and facility design secure principles
  • Physical security
Communication and Network Security                                                                       12.5%
  • Secure network architecture design
  • Secure network components
  • Secure communication channels
  • Network attacks

Identity and Access Management                                                                                  12.5%
  • Physical and logical assets control
  • Identification and authentication of people and devices
  • Identity as a service
  • Third-party identity services
  • Access control attacks
  • Identity and access provisioning lifecycle (e.g. provisioning review)
Security Assessment and Testing                                                                               12.5%
  • Assessment and test strategies
  • Security process data (e.g. management and operational controls)
  • Security control testing
  • Test outputs (e.g. automated, manual)
  • Security architectures vulnerabilities
Security Operations                                                                                                          12.5%
  • Investigations support and requirements
  • Logging and monitoring activities
  • Provisioning of resources
  • Foundational security operations concepts
  • Resource protection techniques
  • Incident management
  • Preventative measures
  • Patch and vulnerability management
  • Change management processes
  • Recovery strategies
  • Disaster recovery processes and plans
  • Business continuity planning and exercises
  • Physical security
  • Personnel safety concerns
Software Development Security                                                                                   12.5%
  • Security in the software development lifecycle
  • Development environment security controls
  • Software security effectiveness
  • Acquired software security impact

Mode of Instruction
Classes will be presented through a combination of lecture, discussions and question and answer sessions.  This mode of instruction will be reinforced by assigned reading and assignments between classes.

It is the student's responsibility to save documents, articles and notes that the instructor has provided on BlackBoard or in class. Students will not be able to access BlackBoard as of the last day of the student’s class.

Prescribed Texts
Official (ISC)² Guide to the CISSP CBK, 4th Edition Adam Gordon Editor (ISC)² Press
ISBN-13: 978-1482262759


Supplementary Texts:

CISSP: Certified Information Systems,Security Professional Study Guide 6th edition; by James Stewart et al, John Wiley & Sons Canada, Ltd.
ISBN#978-1118314173

Promotion Policy

Grading Policy
A+ 90%  to  100%
A 80%  to  89%
B+ 75%  to  79%
B 70%  to  74%
C+ 65%  to  69%
C 60%  to  64%
D+ 55%  to  59%
D 50%  to  54%
F 0%    to  49% (Not a Pass)
OR
EXC Excellent
SAT Satisfactory
UNSAT Unsatisfactory

For further information, see a copy of the Academic Policy, available online (http://www.senecacollege.ca/academic-policy) or at Seneca's Registrar's Offices.


Modes of Evaluation
Since this is a professional credit subject, marking standards reinforce professional practice by demanding legible, tidy work. Written materials should be well organized and grammatically correct, with proper spelling and punctuation.

Assignments

  • Students must retain a duplicate of all assignments.
  • Computer assignments should be documented to the instructor's standards.
  • Assignments must be handed in on the scheduled due date. Late assignments are penalized.
  • For particulars, please obtain standards, dates, etc. from your instructor.

Absenteeism and Tests
  • Students should be aware that absenteeism will impact on their ability to achieve satisfactory grades.
  • If you miss a test, you must provide the reason in writing to the instructor prior to the next scheduled class. If your reason is accepted, you will be permitted to write a make-up test. Otherwise, you will be given a zero for the test. You must submit an original doctor’s certificate identifying the date, length of time of expected absence and the specific reason for your absence, or other appropriate documentation.

Term Work and Final Exam
  • Students must attain a combined grade of at least 50% on term work and the final exam. Students must pass the final exam in order to pass the subject
  • For further information on evaluation and academic standing, see a copy of the Academic Policy available at Seneca registration offices.

Grading is based on the following marking scheme:

Tests (minimum 10) 70%
Final Examination 30%

Approved by: Denis Gravelle