Course Description
The C)ISSO course is designed for a forward-thinking cyber security professional or consultant that manages or plays a key role in an organization’s information security department.
The C)ISSO addresses a broad range of industry best practices, knowledge and skill sets expected of a security leader. The Candidate will learn both the theory and the requirements for practical implementation of core cyber security concepts,policies,practices, monitoring and compliance. Through the use of a risk-based approach the C)ISSO is able to implement and maintain cost-effective cyber security controls that are closely aligned with business requirements.
The Certified Information Systems Security Officer was a direct initiative of the DND – Department of Defense of Canada in cooperation with the DOD – Department of Defense of the United States. Defined in in this dual initiative titled CANUS CDISM MOU - ID#: 1974100118 found at:
http://www.state.gov/documents/organization/111449.pdf
In the CANUS CDISM MOU it states the following:
A. The CDRSN National Information System Security Officer (ISSO) is the focal point for all security issues pertaining to this network.B. The Director Information Management Security (DIMSECUR) is the DND authority for security assessment of the CDRSN, including the approval of Interim Authority to Process (IAP) and Authority to Communicate.
With these initiatives in mind, Mile2 created a certification for the ISSO called Certified ISSO. "The Certified Information Systems Security Officer training and certification program prepares and certifies individuals to analyze an organization's information security threats and risks, and design a security program to mitigate these risks. ISSO’s will be proficient in risk analysis, risk mitigation, application security, network security, operations security and business continuity."Whether you are a responsible for the management of an Cyber Security team, a Security Officer, an IT auditor or a Business Analyst the Certified Information Security Officer – C)ISSO course is an ideal way to increase your knowledge, expertise and skill.
The C)ISSO course, and subsequent examination, is the most up to date, practical and effective program available in the world today. The C)ISSO program is closely aligned with the leading standards of ISO27001, NIST, CISM® and the 2012 CISSP® CBK® exam objectives. But it excels by providing a well-rounded and comprehensive overview of each topic area without being restricted to a single model or conceptual approach.
The C)ISSO course focuses on information systems security, not informationtechnology security. The fact is that many participants are technological experts in their own right, be it network operations, storage management systems, database administration, etc. They don't need to be told what an MPLS network is, or the advantages of fiber over copper coaxial, etc. What they do need is a mind-set change.
How to think 'big-picture' instead of 'vertical silo'.
How deep principles within each domain interconnect into a whole.
How to view an area of responsibility through the lens of risk management.
How to perform a threat and risk analysis.
How to derive a residual risk position for your department, enterprise or client. While articulating the same as an organization, issue-specific or system policy, with advisory, regulatory or cyber security goals.
How to implement this policy through the right mix of physical, administrative and technical controls. While performing one or more of the six control services in a defense-in-depth enterprise security architecture.
The C)ISSO content is delivered within a proprietary 'Theory, Technique, Tool' delivery framework via a proprietary 'Discuss, Demonstrate, Do' action learning model. The 19 domains are full of theory, policies, practices and proceedures.
Take relational databases for example. Theoretically, a database must be normalized to at least 4 (out of 5) normal forms to qualify as a relational database. This is the minimum level consistency required to yield the functional benefits of the relational model for data organization. But no vendor has ever complied with this theoretical principle as the performance overhead required to do so is too high. Understanding the differences between relational database theory, and the techniques used by vendors to develop their products (tools) automatically explains 80% of the constant vulnerabilities we see in commercial and government databases.
This knowledge leads to a logical choice of compensating deterrent, preventive, detective, recovery, and corrective controls to govern access to relational data repositories. Mile2 is able to create learning labs where the theory is discussed, and the techniques demonstrated, with participants actively exploring (do) the 'vulnerabilities-within-the-gap'. As well as the natural, man-made and/or technical threats that can exploit these vulnerabilities. Leading to non-disaster, disaster and/or catastrophic impact levels, the likelihood thereof, and select the right mix of controls to mitigate these risks.
Thousands of students from around the world have actively learned the risk management mind-set by taking this Mile2 C)ISSO course.
Target:
• Cyber Security Manager/Officer/Director• IT auditor• Business Analyst
Prerequisites:
Experience in at least 2 modules of the outline is beneficial but not required Module 1: Risk ManagementModule 2: Security ManagementModule 3: Identification and AuthenticationModule 4: Access ControlModule 5: Security Models and Evaluation CriteriaModule 6: Operations SecurityModule 7: Symmetric Cryptography and HashingModule 8: Asymmetric Cryptography and PKIModule 9: Network ConnectionsModule 10: Network Protocols and DevicesModule 11: Telephony, VPNs and WirelessModule 12: Security Architecture and AttacksModule 13: Software Development SecurityModule 14: Database Security and System DevelopmentModule 15: Malware and Software AttacksModule 16: Business ContinuityModule 17: Disaster RecoveryModule 18: Incident Management, Law, and EthicsModule 19: Physical Security
DETAILED MODULE DESCRIPTION
Module 1 - Risk ManagementWhat Is the Value of an Asset?What Is a Threat Source/Agent?What Is a Threat?What Is a Vulnerability?Examples of Some Vulnerabilities that Are Not Always ObviousWhat Is a Control?What Is Likelihood?What Is Impact?Control EffectivenessRisk ManagementPurpose of Risk ManagementRisk AssessmentWhy Is Risk Assessment Difficult?Types of Risk AssessmentDifferent Approaches to Analysis Quantitative Analysis ALE Values UsesQualitative Analysis - LikelihoodQualitative Analysis - ImpactQualitative Analysis – Risk LevelQualitative Analysis StepsManagement’s Response to Identified Risks Comparing Cost and BenefitCost of a Countermeasure
Module 2 - Security ManagementEnterprise Security ProgramBuilding A FoundationPlanning Horizon ComponentsEnterprise Security – The Business Requirements Enterprise Security Program Components Control Types“Soft” ControlsTechnical or Logical ControlsPhysical ControlsSecurity RoadmapSenior Management’s Role in SecurityNegligence and LiabilitySecurity Roles and ResponsibilitiesSecurity Program ComponentsSecurity and the Human FactorsEmployee ManagementHuman Resources IssuesImportance to Security?Recruitment IssuesTermination of EmploymentInforming Employees About Security EnforcementSecurity Enforcement Issues
Module 3 - AuthenticationAgendaAccess Control MethodologyAccess Control AdministrationAccountability and Access ControlTrusted PathWho Are You?Authentication MechanismsStrong AuthenticationAuthorizationAccess CriteriaFraud ControlsAccess Control MechanismsAgendaBiometrics TechnologyBiometrics Enrollment ProcessDownfalls to Biometric UseBiometrics Error TypesBiometrics Diagram Biometric System TypesAgendaPasswords and PINsPassword “Shoulds”Password AttacksCountermeasures for Password CrackingCognitive PasswordsOne-Time Password AuthenticationAgendaSynchronous TokenAsynchronous Token DeviceCryptographic KeysPassphrase Authentication Memory CardsSmart Card AgendaSingle Sign-on TechnologyDifferent TechnologiesScripts as a Single Sign-on TechnologyDirectory Services as a Single Sign-on TechnologyThin ClientsKerberos as a Single Sign-on TechnologyTicketsKerberos Components Working TogetherMajor Components of KerberosKerberos Authentication StepsWhy Go Through All of this Trouble?Issues Pertaining to KerberosSESAME as a Single Sign-on TechnologyFederated AuthenticationAgendaIDSNetwork IDS SensorsTypes of IDSsBehavior-Based IDSIDS Response MechanismsIDS IssuesTrapping an Intruder
Module 4 - Access ControlRole of Access ControlDefinitionsMore DefinitionsLayers of Access ControlLayers of Access ControlsAccess Control Mechanism ExamplesAccess Control CharacteristicsPreventive Control TypesControl CombinationsAdministrative ControlsControlling AccessOther Ways of Controlling AccessTechnical Access ControlsPhysical Access ControlsAccountabilityInformation ClassificationInformation Classification CriteriaDeclassifying InformationTypes of Classification LevelsModels for AccessDiscretionary Access Control ModelEnforcing a DAC PolicyMandatory Access Control ModelMAC Enforcement Mechanism – LabelsWhere Are They Used?Role-Based Access Control (RBAC)Acquiring Rights and PermissionsRule-Based Access ControlAccess Control MatrixAccess Control AdministrationAccess Control MethodsRemote Centralized AdministrationRADIUS CharacteristicsRADIUSTACACS CharacteristicsDiameter CharacteristicsDecentralized Access Control Administration
Module 5 - Security Models and Evaluation CriteriaSystem Protection – Trusted Computing BaseSystem Protection– Reference MonitorSecurity Kernel Requirements Security Modes of OperationSystem Protection– Levels of TrustSystem Protection– Process IsolationSystem Protection – LayeringSystem Protection - Application Program InterfaceSystem Protection- Protection RingsWhat Does It Mean to Be in a Specific Ring?Security ModelsState MachineInformation FlowBell-LaPadulaRules of Bell-LaPadulaBibaClark-Wilson ModelNon-interference ModelBrewer and Nash – Chinese WallTake-Grant ModelTrusted Computer System Evaluation Criteria (TCSEC)TCSEC Rating BreakdownEvaluation Criteria - ITSECITSEC RatingsITSEC – Good and BadCommon CriteriaCommon Criteria ComponentsFirst Set of RequirementsSecond Set of RequirementsPackage RatingsCommon Criteria OutlineCertification vs. Accreditation
Module 6 - Operations SecurityOperations IssuesRole of OperationsAdministrator AccessComputer Operations – Systems AdministratorsSecurity AdministratorOperational AssuranceAudit and ComplianceSome Threats to Computer OperationsSpecific Operations TasksProduct Implementation ConcernsLogs and MonitoringRecords ManagementChange ControlResource ProtectionContingency PlanningSystem ControlsTrusted RecoveryFault-Tolerance MechanismsDuplexing, Mirroring, Check PointingRedundant Array of Independent Disks (RAID)Fault ToleranceRedundancy MechanismBackupsBackup TypesRemote Access Facsimile Security Email SecurityBefore Carrying Out Vulnerability TestingVulnerability AssessmentsMethodologyPenetration TestingPenetration TestingHack and Attack StrategiesProtection Mechanism – HoneypotThreats to Operations Data Leakage – Social EngineeringData Leakage – Object ReuseObject Reuse Why Not Just Delete File or Format the Disk?Data Leakage – Keystroke LoggingData Leakage – Emanation Controlling Data Leakage – TEMPESTControlling Data Leakage – Control ZoneControlling Data Leakage – White NoiseSummary
Module 7 - Symmetric Cryptography and HashingCryptography ObjectivesCryptographic DefinitionsA Few More DefinitionsNeed Some More Definitions?Symmetric Cryptography – Use of Secret Keys Cryptography Uses Yesterday and TodayHistorical Uses of Symmetric CryptographyHistorical Uses of Symmetric Cryptography – Scytale Cipher Historical Uses of Symmetric Cryptography: Substitution CipherCaesar Cipher ExampleHistorical Uses of Symmetric Cryptography: Vigenere CipherPolyalphabetic SubstitutionVigenere Table ExampleExample ContinuedHistorical Uses of Symmetric Cryptography: Enigma MachineHistorical Uses of Symmetric Cryptography: Vernam Cipher Historical Uses of Symmetric Cryptography: Running Key and ConcealmentOne-Time Pad CharacteristicsBinary Mathematical FunctionKey and Algorithm RelationshipWhy Does a 128-Bit Key Provide More Protection than a 64-Bit Key?Ways of Breaking Cryptosystems – Brute ForceWays of Breaking Cryptosystems – Frequency AnalysisDetermining Strength in a CryptosystemCharacteristics of Strong AlgorithmsOpen or Closed More Secure?Types of Ciphers Used TodayEncryption/Decryption MethodsType of Symmetric Cipher – Block CipherS-Boxes Used in Block CiphersType of Symmetric Cipher – Stream CipherEncryption ProcessSymmetric CharacteristicsSender and Receiver Must Generate the Same KeystreamThey both must have the same key and IVStrength of a Stream CipherLet’s Dive in DeeperSymmetric Key CryptographySymmetric Key Management IssueSymmetric Algorithm ExamplesSymmetric DownfallsSecret Versus Session KeysSymmetric Ciphers We Will Dive IntoSymmetric Algorithms – DESEvolution of DESBlock Cipher Modes – CBCDifferent Modes of Block Ciphers – ECBBlock Cipher Modes – CFB and OFBCFB and OFB ModesSymmetric Cipher – AESOther Symmetric AlgorithmsHashing AlgorithmsProtecting the Integrity of DataData Integrity MechanismsWeakness in Using Only Hash AlgorithmsMore Protection in Data IntegrityMAC – SenderMAC – ReceiverSecurity Issues in HashingBirthday AttackExample of a Birthday Attack
Module 8 - Asymmetric Cryptography and PKIAsymmetric Cryptography Public Key Cryptography AdvantagesAsymmetric Algorithm DisadvantagesSymmetric versus AsymmetricAsymmetricAsymmetric Algorithm – Diffie-HellmanAsymmetric Algorithm – RSAAsymmetric Algorithms – El Gamal and ECCExample of Hybrid CryptographyWhen to Use Which KeyUsing the Algorithm Types TogetherDigital SignaturesDigital Signature and MAC Comparison What if You Need All of the Services?U.S. Government StandardWhy Do We Need a PKI?PKI and Its ComponentsCA and RA RolesLet’s Walk Through an ExampleDigital CertificatesWhat Do You Do with a Certificate?Components of PKI – Repository and CRLsSteganographyKey ManagementLink versus End-to-End Encryption End-to-End EncryptionE-mail Standards Encrypted messageSecure ProtocolsSSL and the OSI ModelSSL Hybrid EncryptionSSL Connection SetupSecure E-mail StandardSSH Security ProtocolNetwork Layer ProtectionIPSec Key ManagementKey Issues Within IPSecIPSec Handshaking ProcessSAs in UseIPSec Is a Suite of ProtocolsIPSec Modes of OperationIPsec Modes of OperationAttacks on CryptosystemsMore Attacks
Module 9 - Network ConnectionsNetwork Topologies– Physical LayerTopology Type – BusTopology Type – RingTopology Type – StarNetwork Topologies – MeshSummary of TopologiesLAN Media Access Technologies One Goal of Media Access TechnologiesTransmission Types – Analog and DigitalTransmission Types – Synchronous and AsynchronousTransmission Types – Baseband and BroadbandTwo Types of Carrier Sense Multiple Access Transmission Types– Number of ReceiversMedia Access Technologies - EthernetMedia Access Technologies – Token PassingMedia Access Technologies – PollingCablingSignal and Cable IssuesCabling Types – CoaxialCabling Types – Twisted PairTypes of Cabling – FiberCabling Issues – Plenum-RatedTypes of NetworksNetwork TechnologiesNetwork TechnologiesNetwork ConfigurationsMAN Technologies – SONETWide Area Network TechnologiesWAN Technologies Are Circuit or Packet SwitchedWAN Technologies – ISDNISDN Service TypesWAN Technologies – DSLWAN Technologies– Cable ModemWAN Technologies– Packet SwitchedWAN Technologies – X.25WAN Technologies – Frame RelayWAN Technologies – ATMMultiplexing
Module 10 - Network Protocols and DevicesOSI ModelAn Older ModelData EncapsulationOSI – Application LayerOSI – Presentation LayerOSI – Session LayerTransport LayerOSI – Network LayerOSI – Data LinkOSI – Physical LayerProtocols at Each LayerDevices Work at Different LayersNetworking Devices RepeaterHubBridgeSwitchVirtual LANRouterGatewayBastion HostFirewallsFirewall – First line of defenseFirewall Types – Packet FilteringFirewall Types – Proxy FirewallsFirewall Types – Circuit-Level Proxy FirewallType of Circuit- Level Proxy – SOCKSFirewall Types – Application-Layer ProxyFirewall Types – StatefulFirewall Types – Dynamic Packet-Filtering Firewall Types – Kernel ProxiesFirewall PlacementFirewall Architecture Types – Screened HostFirewall Architecture Types – Multi- or Dual-HomedFirewall Architecture Types – Screened SubnetIDS – Second line of defenseIPS – Last line of defense?HIPSUnified Threat ManagementUMT Product CriteriaProtocolsTCP/IP Suite Port and Protocol RelationshipConceptual Use of PortsUDP versus TCPProtocols – ARPProtocols – ICMP Protocols – SNMP Protocols – SMTPProtocols – FTP, TFTP, TelnetProtocols – RARP and BootP Network Service – DNSNetwork Service – NAT
Module 11 - Telephony, VPNs and WirelessPSTNRemote AccessDial-Up Protocols and AuthenticationProtocolsDial-Up Protocol – SLIPDial-Up Protocol – PPPAuthentication Protocols – PAP and CHAPAuthentication Protocol – EAPVoice Over IPPrivate Branch ExchangePBX VulnerabilitiesPBX Best PracticesVirtual Private Network TechnologiesWhat Is a Tunnelling Protocol?Tunnelling Protocols – PPTPTunnelling Protocols – L2TPTunnelling Protocols – IPSecIPSec - Network Layer ProtectionIPSecIPSecSSL/TLSWireless Technologies– Access Point Standards ComparisonWireless Network TopologiesWi-Fi Network TypesWireless Technologies – Access PointWireless Technologies – Service Set IDWireless Technologies – Authenticating to an APWireless Technologies – WEPWEPWireless Technologies – More WEP WoesWeak IV PacketsMore WEP WeaknessesHow WPA Improves on WEPHow WPA Improves on WEPTKIPThe WPA MIC Vulnerability802.11i – WPA2WPA and WPA2 Mode TypesWPA-PSK EncryptionWireless Technologies – WAPWireless Technologies – WTLS Wireless Technologies – Common AttacksWireless Technologies – War DrivingKismetWireless Technologies – CountermeasuresNetwork Based AttacksARP AttackDDoS IssuesMan-in-the MiddleTraceroute Operation
Module 12 - Security Architecture and AttacksESA Definition…What is Architecture?Architecture ComponentsKey Architecture Concepts - PlanObjectives of Security ArchitectureTechnology Domain ModelingIntegrated Security is Designed SecuritySecurity by DesignArchitectural ModelsVirtual MachinesCloud ComputingMemory TypesVirtual MemoryMemory ManagementAccessing Memory SecurelyDifferent States that Processes Work InSystem FunctionalityTypes of CompromisesDisclosing Data in an Unauthorized Manner Circumventing Access Controls Attacks Attack Type – Race ConditionAttack Type - Data ValidationAttacking Through Applications How Buffers and Stacks Are Supposed to WorkHow a Buffer Overflow WorksAttack CharacteristicsAttack TypesMore AttacksHost Name Resolution AttacksMore Attacks (2)Watching Network TrafficTraffic AnalysisCell Phone CloningIllegal Activities
Module 13 - Software Development SecurityHow Did We Get Here?Device vs. Software SecurityWhy Are We Not Improving at a Higher Rate?Usual Trend of Dealing with SecurityWhere to Implement SecurityThe ObjectiveSecurity of Embedded SystemsDevelopment MethodologiesMaturity ModelsSecurity IssuesOWASP Top Ten (2011)Modularity of ObjectsObject-Oriented Programming CharacteristicModule CharacteristicsLinking Through COMMobile Code with Active Content World Wide Web OLEActiveX SecurityJava and AppletsCommon Gateway InterfaceHow CGI Scripts WorkCookiesPCI RequirementsVirtualization - Type 1Virtualization – Type 2
Module 14 - Database Security and System DevelopmentDatabase ModelDatabase Models – HierarchicalDatabase Models – DistributedDatabase Models – RelationalDatabase SystemsDatabase Models – Relational ComponentsForeign KeyDatabase ComponentDatabase Security MechanismsDatabase Data Integrity ControlsAdd-On SecurityDatabase Security IssuesControlling AccessDatabase IntegrityData WarehousingData MiningArtificial IntelligenceExpert System ComponentsArtificial Neural NetworksSoftware Development ModelsProject Development – Phases III, IV, and VProject Development–Phases VI and VIIVerification versus ValidationEvaluating the Resulting ProductControlling How Changes Take PlaceChange Control ProcessAdministrative Controls MalwareVirusMore MalwareRootkits and BackdoorsDDoS Attack TypesEscalation of PrivilegeProtect against privilege escalationDDoS IssuesDDoSBuffer Overflow DefinitionOverflow IllustrationMail BombingE-Mail LinksPhishingSpear Phishing Replay AttackCross-Site Scripting AttackTiming AttacksMore Advanced AttacksSummary
Module 15 – Malware and Software AttacksMalwareVirusMore MalwareRootkits and BackdoorsDDoS Attack TypesEscalation of PrivilegeDDoS IssuesDDoSBuffer Overflow DefinitionOverflow IllustrationBuffer OverflowsMail BombingE-Mail LinksPhishingSpear Phishing Replay AttackCross-Site Scripting AttackTiming AttacksMore Advanced AttacksSummary
Module 16 - Business ContinuityPhases of PlanWho Is Ready?Pieces of the BCPBCP DevelopmentWhere Do We Start?Why Is BCP a Hard Sell to Management?Understanding the OrganizationCritical products and servicesDependenciesSupply chainBetween departmentsPersonnelInformationEquipmentFacilitiesBCP CommitteeBCP Risk AnalysisIdentify Vulnerabilities and ThreatsCategoriesHow to Identify the Most Critical Company Functions Loss CriteriaInterdependenciesIdentifying Functions’ ResourcesHow Long Can the Company Be Without These Resources?Calculating MTDRecovery Point ObjectiveCalculation of maximum data lossDetermines backup strategyDefines the most current state of data upon recoveryRecovery StrategiesBased on the results of the BIAMay be different for each departmentMust be less than MTDSets the RTOWhat Items Need to Be Considered in a Recovery?Facility Backups – Hot SiteFacility Backups – Warm SiteFacility Backups – Cold SiteCompatibility Issues with Offsite FacilityWhich Do We Use?Choosing Offsite ServicesSubscription CostsChoosing Site LocationOther Offsite ApproachesBCP Plans Commonly and Quickly Become Out of DateSummary
Module 17 - Disaster RecoveryProper Planning Executive Succession PlanningPreventing a DisasterPreventive MeasuresBackup/Redundancy OptionsDisk ShadowingBacking Up Over Telecommunication Serial LinesHSMSANCo-LocationOther OptionsReview - Results from the BIAReview - Results fromRecovery StrategyNow What?PrioritiesPlan ObjectivesDefining RolesThe PlanRecoveryReturn to Normal Operations EnvironmentOperational PlanningEmergency Response Reviewing InsuranceWhen Is the Danger Over?Now What?Testing and DrillsTypes of Tests to Choose FromWhat Is Success?Summary
Module 18 - Incident Management, Law, and EthicsSeriousness of Computer CrimesIncidentsIncident Management PrioritiesIncident Response CapabilityIncident Management RequiresPreparing for a Crime Before It HappensIncident Response PhasesTypes of LawFoundational Concepts of LawCommon Laws – CriminalCommon Laws – Civil Common Laws – AdministrativeIntellectual Property LawsMore Intellectual Property LawsSoftware LicensingDigital Millennium Copyright Act Historic Examples of Computer CrimesWho Perpetrates These Crimes?The Evolving ThreatTypes of Motivation for AttacksA Few Attack TypesTelephone FraudIdentification Protection & ProsecutionComputer Crime and Its BarriersCountries Working TogetherSecurity Principles for International UseDetermine if a Crime Has Indeed Been CommittedWhen Should Law Enforcement Get Involved?Citizen versus Law Enforcement InvestigationInvestigation of Any CrimeRole of Evidence in a TrialGeneral Rules for EvidenceEvidence RequirementsEvidence Collection TopicsChain of CustodyHow Is Evidence Processed?Evidence TypesHearsay Rule ExceptionPrivacy of Sensitive DataPrivacy Issues – U.S. Laws as ExamplesEuropean Union Principles on Privacy Routing Data Through Different Countries Employee Privacy IssuesComputer ForensicsTrying to Trap the Bad GuyCompanies Can Be Found Liable Sets of EthicsEthics – mile2Ethics – Computer Ethics InstituteEthics – Internet Architecture BoardGAISP- Generally Accepted Information Security Principles
Module 19 - Physical SecurityPhysical Security – ThreatsDifferent Types of Threats & PlanningFacility Site SelectionFacility ConstructionDevices Will FailControlling AccessPossible ThreatsExternal Boundary ProtectionLock TypesFacility AccessPiggybackingSecuring Mobile DevicesEntrance ProtectionPerimeter Protection – FencingPerimeter Protection – LightingPerimeter Security – Security GuardsSurveillance/MonitoringTypes of Physical IDSElectro-Mechanical SensorsVolumetric SensorsFacility AttributesElectrical PowerProblems with Steady Power CurrentPower InterferencePower Preventive MeasuresEnvironmental Considerations<