Day 1 - Monday

Domain 1: Access Control Systems & Methodologies:

• Control Access by Applying the Following Concepts/Methodology/Techniques
• Understand and Identify Access Control Attacks (Brute Force, Dictionary, Spoofing, Denial of Service, etc.)
• Design, Coordinate and Evaluate Penetration Test

Domain 2: Telecommunications & Network Security:

• Establish Secure Voice and Facsimile Communications
• Establish Secure Data Communications
• Understand Secure Internet, Intranets, and Extranets
• Telecommunications Security Management & Techniques
• Prevent Attacks and Control Potential Attack Threats (e.g.; Malicious Code, Flooding, Spamming)
• Remote access protocols (e.g., PPP/CHAP/PAP/EAP)
• Practice Questions

Day 2 - Tuesday

Domain 3: Security Management Practices

• Understand goals, mission, and objectives of the organization(s)
• Understand the Concepts of Availability, Integrity and Confidentiality
• Develop a Security Plan/Policy
• Define Roles, Responsibilities and Organization (e.g., separation of duties)
• Implement Service Level Agreements
• Develop and Implement Standards, Guidelines, and Procedures
• Risk Management Concepts
• Evaluate Personnel Security
• Understand Change Control/ Configuration Management Concepts (e.g., Hardware/ Software)
• Conduct Security Awareness and Training
• Understand Data Classification Concepts
• Evaluate Information System Security Strategies
• Certification and Accreditation
• Privacy
• P. Security Assessment

Domain 4: Applications & systems Development Security

• Understand the System Life Cycle and Security (Cradle to Grave)
• Databases and Data Warehousing Vulnerabilities, Threats and Protections
• Application & System Development Knowledge Security-Based Systems (e.g., expert systems)
• Application and System Vulnerabilities and Threats
• Practice Questions & Testing

Day 3 - Wednesday

Domain 5: Cryptography

• Applications and uses (e.g., confidentiality, integrity, non-repudiation)
• Methods of Encryption
• Define Cryptographic Concepts
• Public Key Infrastructure (PKI) (e.g. Certification Authorities, etc.)
• Digital Signatures/ Non-repudiation
• Message Digests (e.g., MD5, SHA-1)
• Cryptanalytic Techniques
• Internet Security (e.g., SSL)
• Email Security (e.g., PGP, PEM)
• Alternatives (e.g., steganography and watermarking)

Domain 6: Security Architecture Models

• Understand the Theoretical Concepts of Security Models
• Understand the Components of Information Systems Evaluation Models
• Understand the Elements of Technical Platforms
• Understand how the Security Architecture is affected by certain attacks
• Practice Questions

Day 4 - Thursday

Domain 7: Operations Security

• Apply Concepts to Daily Activities
• Employ Resource Protection
• Handle Violations, Incidents, and Breaches and Report When Necessary
• Ensure Administrative Management and Control
• Respond to Attacks

Domain 8: Business Continuity & Disaster Planning

• Business organization analysis
• Resource requirements
• Business impact analysis
• Recovery strategy
• Plan design and development
• Implementation
• Restoration
• Review - Assorted Practice Questions & Testing

Day 5 - Friday

Domain 9: Law, Investigations, and Forensics & Ethics

• Identify International Laws that Pertain to Information Systems Security
• Understand the Parameters of Investigations
• Understand Forensic Procedures
• Understand Professional Ethics
• Understand Major Legal Systems (e.g., Common Law, Civil Law, Islamic, Socialist)

Domain 10: Physical Security

• Restricted areas/ work areas security
• Escort requirements/ visitor control
• Turnstiles and mantraps
• Security guards
• Badges, Smart/ Dumb Cards, Keys and locks
• Site selection and facility design configuration
• Intrusion detection system (e.g., motion detectors, sensors, alarms, CCTV)
• Audit trails/access logs & intrusion detection
• Biometric access controls to facility
• Power and HVAC considerations
• Water issues-leakage, flooding
• Fire detection and suppression
• Natural disasters
• Data center security
• Enterprise identity management
• Threats
• Perimeter and building grounds protections
• Portable Devices and Components
• Final review & Questions