CISSP & EC-Council CEH/ECSA

CISSP training is an advanced course designed to meet the high demands of the information security industry by preparing students for the Certified Information Systems Security Professional (CISSP) exam. This course reveals the necessary tools and techniques used by system administrators to defeat attacks and hack-proof their networks.

Ethical Hacking and Countermeasures will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems.

EC-Council's Certified Security Analyst program is a highly interactive security class designed to teach Security Professionals the advanced uses of the methodologies, tools and techniques required to perform comprehensive information security tests. Students will learn how to design, secure and test networks to protect your organization from the threats hackers and crackers pose. By teaching the tools and ground breaking techniques for security and penetration testing, this class will help you perform the intensive assessments required to effectively identify and mitigate risks to the security of your infrastructure. As students learn to identify security problems, they also learn how to avoid and eliminate them, with the class providing complete coverage of analysis and network security-testing topics.

• CISSP
• Ethical Hacking
• ECSA

To qualify for a re-sit of the Official ISC2 CISSP course, a student must have attempted the exam and failed before a free re-sit is permitted.

Prerequisites

A foundational knowledge of computers Operating Systems and Networking protocols.

CISSP

Reimbursement of the CISSP exam scheduled through ISC2.

CISSP training is an advanced course designed to meet the high demands of the information security industry by preparing students for the Certified Information Systems Security Professional (CISSP) exam.

Led by an authorized instructor, this training course provides a comprehensive review of information security concepts and industry best practices, covering the 8 domains of the CISSP CBK:

• Security and Risk Management
• Asset Security
• Security Engineering
• Communications and Network Security
• Identity and Access Management
• Security Assessment and Testing
• Security Operations
• Software Development Security

Who should attend?

This training course is intended for professionals who have at least 5 years of recent full-time professional work experience in 2 or more of the 8 domains of the CISSP CBK and are pursuing CISSP training and certification to acquire the credibility and mobility to advance within their current information security careers. The training seminar is ideal for those working in positions such as, but not limited to:

• Security Consultant
• Security Manager
• IT Director/Manager
• Security Auditor
• Security Architect
• Security Analyst
• Security Systems Engineer
• Chief Information Security Officer
• Director of Security
• Network Architect

The CISSP Helps You:

• Validate your proven competence gained through years of experience in information security
• Demonstrate your technical knowledge, skills, and abilities to effectively develop a holistic security program set against globally accepted standards
• Differentiate yourself from other candidates for desirable job openings in the fast-growing information security market
• Affirm your commitment to the field and ongoing relevancy through continuing professional education and understanding of the most current best practices
• Gain access to valuable career resources, such as networking and ideas exchange with peers

The CISSP Helps Employers:

• Protect against threats with qualified professionals who have the expertise to competently design, build, and maintain a secure business environment
• Ensure professionals stay current on emerging threats, technologies, regulations, standards, and practices through the continuing professional education requirements
• Increase confidence that candidates are qualified and committed to information security
• Ensure employees use a universal language, circumventing ambiguity with industry-accepted terms and practices
• Increase organizations' credibility when working with clients and vendors

Learning Objectives

• Understand and apply the concepts of risk assessment, risk analysis, data classification, and security awareness and Implement risk management and the principles used to support it (Risk avoidance, Risk acceptance, Risk mitigation, Risk transference)
• Apply a comprehensive and rigorous method for describing a current and/or future structure and behavior for an organization's security processes, information security systems, personnel, and organizational sub-units so that these practices and processes align with the organization's core goals and strategic direction and address the frameworks and policies, concepts, principles, structures, and standards used to establish criteria for the protection of information assets, as well as to assess the effectiveness of that protection and establish the foundation of a comprehensive and proactive security program to ensure the protection of an organization's information assets
• Apply a comprehensive and rigorous method for describing a current and/or future structure and behavior for an organization's security processes, information security systems, personnel, and organizational sub-units so that these practices and processes align with the organization's core goals and strategic direction and examine the principles, means, and methods of applying mathematical algorithms and data transformations to information to ensure its integrity, confidentiality, and authenticity
• Understand the structures, transmission methods, transport formats, and security measures used to provide confidentiality, integrity, and availability for transmissions over private and public communications networks and media and identify risks that can be quantitatively and qualitatively measured to support the building of business cases to drive proactive security in the enterprise.
• Offer greater visibility into determining who or what may have altered data or system information, potentially affecting the integrity of those asset and match an entity, such as a person or a computer system, with the actions that entity takes against valuable assets, allowing organizations to have a better understanding of the state of their security posture.
• Plan for technology development, including risk, and evaluate the system design against mission requirements, and identify where competitive prototyping and other evaluation techniques fit in the process
• Protect and control information processing assets in centralized and distributed environments and execute the daily tasks required to keep security services operating reliably and efficiently.
• Understand the Software Development Life Cycle (SDLC) and how to apply security to it, and identify which security control(s) are appropriate for the development environment, and assess the effectiveness of software security

To qualify for a re-sit of the Official CISSP course, a student must have attempted the exam and failed before a free re-sit is permitted.

Course Outline

Security and Risk Management

• Security governance principles
• Compliance
• Legal and regulatory issues
• Professional ethic
• Security policies, standards, procedures and guidelines

Asset Security

• Information and asset classification
• Ownership (e.g. data owners, system owners)
• Protect privacy
• Appropriate retention
• Data security controls
• Handling requirements (e.g. markings, labels, storage)

Security Engineering

• Engineering processes using secure design principles
• Security models fundamental concepts
• Security evaluation models
• Security capabilities of information systems
• Security architectures, designs, and solution elements vulnerabilities
• Web-based systems vulnerabilities
• Mobile systems vulnerabilities
• Embedded devices and cyber-physical systems vulnerabilities
• Cryptography
• Site and facility design secure principles
• Physical security

Communication and Network Security

• Secure network architecture design (e.g. IP & non-IP protocols, segmentation)
• Secure network components
• Secure communication channels
• Network attacks

Identity and Access Management

• Physical and logical assets control
• Identification and authentication of people and devices
• Identity as a service (e.g. cloud identity)
• Third-party identity services (e.g. on-premise)
• Access control attacks
• Identity and access provisioning lifecycle (e.g. provisioning review)

Security Assessment and Testing

• Assessment and test strategies
• Security process data (e.g. management and operational controls)
• Security control testing
• Test outputs (e.g. automated, manual)
• Security architectures vulnerabilities

Security Operations

• Investigations support and requirements
• Logging and monitoring activities
• Provisioning of resources
• Foundational security operations concepts
• Resource protection techniques
• Incident management
• Preventative measures
• Patch and vulnerability management
• Change management processes
• Recovery strategies
• Disaster recovery processes and plans
• Business continuity planning and exercises
• Physical security
• Personnel safety concerns

Software Development Security

• Security in the software development lifecycle
• Development environment security controls
• Software security effectiveness
• Acquired software security impact

[ back to top ]

Ethical Hacking

CEH Version 11 will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system.

Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student leaves this intensive class they will have hands on understanding and experience in Ethical Hacking.

This course prepares you for EC-Council Certified Ethical Hacker (Exam 312-50)

Who Should Attend

This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure.

Certification

The Certified Ethical Hacker certification (Exam 312-50) will be conducted on the last day of training. Students need to pass the online Prometric exam to receive CEH certification.

Prerequisites

A foundational knowledge of computers Operating Systems and Networking protocols.

Course Outline

Module 01: Introduction to Ethical Hacking

Module 02: Footprinting and Reconnaissance

Module 03: Scanning Networks

Module 04: Enumeration

Module 05: Vulnerability Analysis

Module 06: System Hacking

Module 07: Malware Threats

Module 08: Sniffing

Module 09: Social Engineering

Module 10: Denial-of-Service

Module 11: Session Hijacking

Module 12: Evading IDS, Firewalls, and Honeypots

Module 13: Hacking Web Servers

Module 14: Hacking Web Applications

Module 15: SQL Injection

Module 16: Hacking Wireless Networks

Module 17: Hacking Mobile Platforms

Module 18: IoT Hacking

Module 19: Cloud Computing

Module 20: Cryptography

[ back to top ]

ECSA

The ECSA v10 penetration testing course provides you with a real world hands-on penetration testing experience and is a globally accepted hacking and penetration testing class available that covers the testing of modern infrastructures, operating systems and application environments while teaching the students how to document and write a penetration testing report.

The ECSA pentest program takes the tools and techniques you learned in the Certified Ethical Hacker course (CEH) and enhances your ability into full exploitation by teaching you how to apply the skills learned in the CEH by utilizing EC-Council’s published penetration testing methodology. It focuses on pentesting methodology with an emphasis on hands-on learning

Who Should Attend

• Ethical Hackers
• Penetration Testers
• Network server administrators
• Firewall Administrators
• Security Testers
• System Administrators and Risk Assessment professionals

Prerequisites

A foundational knowledge of computers Operating Systems and Networking protocols & the CEH certification.

Course Outline

Module 01: Introduction to Penetration Testing and Methodologies

Module 02: Penetration Testing Scoping and Engagement Methodology

Module 03: Open-Source Intelligence (OSINT) Methodology

Module 04: Social Engineering Penetration Testing Methodology

Module 05: Network Penetration Testing Methodology – External

Module 06: Network Penetration Testing Methodology – Internal

Module 07: Network Penetration Testing Methodology – Perimeter Devices

Module 08: Web Application Penetration Testing Methodology

Module 09: Database Penetration Testing Methodology

Module 10: Wireless Penetration Testing Methodology

Module 11: Cloud Penetration Testing Methodology

Module 12: Report Writing and Post Testing Actions

Self Study Modules

This is an Essential Prerequisite as it helps you to prepares you the ECSA courseware. Serves as a base to build Advanced Pen Testing Concepts

Module 1. Penetration Testing Essential Concepts

Module 2. Password Cracking Penetration Testing

Module 3. Denial-of-Service Penetration Testing

Module 4. Stolen Laptop, PDAs and Cell Phones Penetration Testing

Module 5. Source Code Penetration Testing

Module 6. Physical Security Penetration Testing

Module 7. Surveillance Camera Penetration Testing

Module 8. VoIP Penetration Testing

Module 9. VPN Penetration Testing

Module 10. Virtual Machine Penetration Testing

Module 11. War Dialing

Module 12. Virus and Trojan Detection

Module 13. Log Management Penetration Testing

Module 14. File Integrity Checking

Module 15. Telecommunication and Broadband Communication Penetration Testing

Module 16. Email Security Penetration Testing

Module 17. Security Patches Penetration Testing

Module 18. Data Leakage Penetration Testing

Module 19. SAP Penetration Testing

Module 20. Standards and Compliance

Module 21. Information System Security Principles

Module 22. Information System Incident Handling and Response

Module 23. Information System Auditing and Certification

[ back to top ]

MCSEClasses.com is your best choice for CISSP CEH ECSA, CISSP CEH ECSA training, CISSP CEH ECSA certification, CISSP CEH ECSA certification boot camp, CISSP CEH ECSA boot camp, CISSP CEH ECSA certification training, CISSP CEH ECSA boot camp training, CISSP CEH ECSA boot camp certification, CISSP CEH ECSA certification course, CISSP CEH ECSA course, training CISSP CEH ECSA, certification CISSP CEH ECSA, boot camp CISSP CEH ECSA, certification CISSP CEH ECSA boot camp, certification CISSP CEH ECSA training, boot camp CISSP CEH ECSA training, certification CISSP CEH ECSA course.

mcseclasses home | technical schedule | application schedule | class outlines | mcse, mcdba, mcsd training | microsoft .net | cisco certification | security training | ced solutions oracle® certification training | linux, unix, aix | comptia certification | webmaster training | pricing | locations | financing | instructors needed | e-mail us