1. Access Control Systems and Methodologies

• Access control concepts, methodologies, and implementation
• Access controls: detective, corrective, and preventative
• Access control techniques in centralized and decentralized environments
• Access control risks, vulnerabilities, and exposures

2. Security Architecture and Models

• Secure operating system principles, concepts, mechanisms, controls, and standards
• Secure architecture design, modeling, and protection
• Security models: confidentiality, integrity, and information flow
• Government and commercial security requirements
• Common criteria, ITSEC, TCSEC, IETF, IPSEC
• Technical platforms
• System security preventative, detective, and corrective measures

3. Disaster Recovery and Business Continuity Planning

• Business continuity planning, business impact analysis, recovery strategies, recovery plan development, and implementation
• Disaster recovery planning, implementation, and restoration
• Compare and contrast disaster recovery and business continuity

4. Security Management Practices

• Organizational security roles
• Identification of information assets
• Security management planning
• Security policy development; use of guidelines, standards, and procedures
• Security awareness training
• Data classification and marking
• Employment agreements and practices
• Risk management tools and techniques

5. Law, Investigation, and Ethics

• Computer crime detection methods
• Applicable computer crime, security, and privacy laws
• Evidence gathering and preservation methods
• Computer crime investigation methods and techniques
• Civil, criminal, and investigative law
• Intellectual property law
• (ISC) and IAB ethics application

6. Physical Security

• Prevention, detection, and correction of physical hazards
• Secure site design, configuration, and selection elements
• Access control and protection methods for facility, information, equipment, and personnel

7. Operations Security

• Resource protection mechanisms and techniques
• Operation security principles, techniques, and mechanisms; principles of good practice and limitation of abuses
• Operations security preventative, detective, and corrective measures
• Information attacks
• Access Control Subversion

8. Cryptography

• Cryptographic concepts, methods, and practices
• Construction of algorithms
• Attacks on cryptosystems
• Ancient cryptography and modern methods
• Public and private key algorithms and uses
• Key distribution and key management
• Digital signature construction and use
• Methods of attack, strength of function

9. Telecommunications and Network Security

• Overview of communications and network security
• Voice communications, data communications, local area, wide area, and remote access
• Internet/intranet/extranet, firewalls, routers, and network protocols
• Telecommunication and network security preventative, detective, and corrective measures

10. Application and System Development

• System development process and security controls
• System development life cycle, change controls, application controls, and system and application integrity
• Database structure, concepts, design techniques, and security implications
• Object-oriented programming
• Data warehousing and data mining

11. Review and Q&A Session

• Review concepts introduced in previous sessions
• Answer specific questions or concerns regarding CISSP preparation material

12. Testing-Taking Tips and Study Techniques

• Tips for additional preparation for the CISSP exam
• Additional resources
• Techniques for scoring well on the exam