Certified Information Systems Security Professional, CISSP, Part 1 of 9: Risk and Authentication

This course covers risk management and authentication. it will look at risk from a negative perspective or the likelihood of something bad happening. Topics covered will be plans, programs and infrastructure providing the foundation for all other domains including access control, validating, and verifying the use of resources. This course contains the following lessons:

Lesson 1:

• Risk Management Flow
• Risk Definitions
• What Is the Value of an Asset
• What Is a Threat Source/Agent
• What Is a Threat
• What Is a Vulnerability
• Examples of Non-Obvious Vulnerabilities
• What Is a Control
• What is Likelihood
• What Is Impact
• Control Effectiveness.

Lesson 2:

• Agenda
• Risk Management
• Risk Response and Monitoring
• Purpose of Risk Management.

Lesson 3:

• Risk Assessment
• Why Is Risk Assessment Difficult
• Different Approaches to Analysis
• Quantitative Analysis
• Threat Analysis and Annual Loss Expectancy
• Quantitative Analysis Continued
• ALE Value Uses
• Qualitative Analysis: Likelihood
• Qualitative Analysis - Impact
• Qualitative Analysis - Risk Level
• Qualitative Analysis Steps.

Lesson 4:

• Completion of Risk Assessment
• Risk Response
• Management's Response to Identified Risks.

Lesson 5:

• What Is Information Security
• What Is Information Security Continued
• The Information Security Triad
• Understanding the Business.

Lesson 6:

• Setting up a Security Program
• Enterprise Security Program
• Building a Foundation
• Planning Horizon Components
• Enterprise Security: The Business Requirements
• Enterprise Security Program Components
• Control Types
• Soft Controls
• Technical or Logical Controls
• Physical Controls
• Roadmap to Maturity
• Program Monitoring.

Lesson 7:

• Senior Management's Role in Security
• Security Roles and Responsibilities
• Roles and Responsibilities
• Agenda
• Security Program Components
• Information Security Policy
• Security Policy Review
• Implementing Policy.

Lesson 8:

• Agenda
• Security and the Human Factors
• Employee Management
• Human Resources Issues
• Importance to Security
• Recruitment Issues
• Termination of Employment
• Human Resources Practices
• Types of Training
• Quality Training
• Informing Employees About Security
• Enforcement
• Security Enforcement Issues
• Summary. Lesson 9:
• Access Control Administration
• Accountability and Access Control
• Trusted Path
• Who Are You?
• Authentication Mechanism
• Strong Authentication
• Authorization
• Access Criteria
• Fraud Controls and Access Control Mechanisms.

Lesson 10:

• Biometric Technology
• Biometrics Enrollment Process
• Downfalls to Biometric Use
• Biometrics Error Types
• Biometrics Diagram
• Biometric System Types
• Agenda
• Passwords and PINs
• Password Should
• Password Attacks
• Countermeasures for Password Cracking
• Cognitive Password
• One-Time Password Authentication
• Agenda
• Synchronous Token
• Asynchronous Token Device
• Cryptographic Keys
• Passphrase Authentication
• Memory Cards and Smart Cards.

Lesson 11:

• Single Sign-on Technology
• Different Technologies
• Scripts and Directory Services
• Thin Clients
• Kerberos as a Single Sign-on Technology
• Tickets
• Kerberos Components Working Together
• Major Components of Kerberos
• Kerberos Authentication Steps
• Purpose of Kerberos
• Issues Pertaining to Kerberos
• SESAME as a Single Sign-on Technology
• Federated Authentication.

Lesson 12:

• Host-Based IDS
• Network-Based IDS Sensors
• Types of IDSs
• Behavior-Based IDS
• IDS Response Mechanisms
• IDS Issues
• Trapping an Intruder
• Summary.