MGT414: S

 ANS Training Program for GISP

Information Security

CISSP® Certification Professional

giac.org/gisp

6 52 Laptop Need training for the CISSP® exam?

Day Program CPEs Not Needed
SANS MGT414: SANS Training Program for CISSP® Certification is an accelerated review course that
is specifically designed to prepare students to successfully pass the Certified Information Systems
You Will Be Able To Security Professional (CISSP®) exam.
• Understand the eight domains of
knowledge that are covered on the MGT414 focuses solely on the eight domains of knowledge as determined by (ISC)2 that form
CISSP® exam a critical part of the CISSP® exam. Each domain of knowledge is dissected into its critical
• Analyze questions on the exam and be components, and those components are then discussed in terms of their relationship with one
able to select the correct answer
another and with other areas of information security.
• Apply the knowledge and testing skills
learned in class to pass the CISSP® exam
• Understand and explain all of the
concepts covered in the eight domains After completing the course, students will have:
of knowledge
• Apply the skills learned across the eight • Detailed coverage of the eight domains of knowledge
domains to solve security problems when • The analytical skills required to pass the CISSP® exam
you return to work
• The technical skills required to understand each question
• The foundational information needed to become a Certified Information Systems Security
What You Will Receive Professional (CISSP®)
• Electronic courseware for each of the
eight domains
• 320 questions to test knowledge and
preparation for each domain External Product Notice:
• MP3 audio files of the complete course The CISSP® exam itself is not hosted by SANS. You will need to make separate arrangements to
lectures
take the CISSP® exam. Please note as well that the GISP exam offered by GIAC is NOT the same
as the CISSP® exam offered by (ISC)2.

Course Authors’ Statement

“The CISSP® certification has been around for nearly 25 years. The exam is designed to test
your understanding of the Common Body of Knowledge, which may be thought of as the
universal language of information security professionals. It is often said to be a mile wide
and two inches deep. The CISSP® exam covers a lot of theoretical information that is critical
“This course really pulls a lot for a security professional to understand. However, this material can be dry, and since most
together for me and it has students do not see the direct applicability to their jobs, they find it boring. The goal of this
been hugely valuable. I know course is to bring the eight domains of knowledge of the CISSP® to life. The practical workings
parts of this are going to of this information can be discovered by explaining important topics with stories, examples,
impact my approach to my and case studies. We challenge you to attend the SANS CISSP® training course and find the
exciting aspect of the eight domains of knowledge!”
work from the first day back.”
—Eric Conrad and Seth Misenar
— Merewyn Boak, Apple

• Watch a preview of this course

sans.org/mgt414 • Discover how to take this course: Online, In-Person
Section Descriptions

SECTION 1: Introduction; Security and Risk SECTION 2: Asset Security and Security Who Should Attend
Management Engineering – Part 1 • Security professionals who are
In this first section, MGT414 introduces the specific Understanding asset security is critical to building a solid interested in understanding the
requirements needed to obtain CISSP® certification. information security program. The Asset Security domain, concepts covered on the CISSP®
exam as determined by (ISC)2
The 2021 exam update will be discussed in detail. We the initial focus of the second course section, describes
will cover the general security principles needed to data classification programs, including those used by • Managers who want to understand
understand the eight domains of knowledge, with specific governments, the military, and the private sector. We will the critical areas of information
examples for each domain. The first of the eight domains, also discuss ownership, covering owners ranging from security
Security and Risk Management, will be discussed using business/mission owners to data and system owners. • System, security, and network
real-world scenarios to illustrate the critical points. We will examine data retention and destruction in detail, administrators who want to
TOPICS: Introductory Material; Overview of the Eight including secure methods to purge data from electronic understand the pragmatic
Domains; Domain 1: Security and Risk Management media. We then turn to the first part of the Security applications of the CISSP® eight
Engineering domain, including new topics for the 2021 domains
exam such as Data Loss Prevention (DLP), Cloud Access • Security professionals and managers
SECTION 3: Security Engineering – Part 2; Security Brokers (CASB), microservices, containerization, looking for practical ways the eight
Communication and Network Security serverless, High-Performance Computing (HPC) systems, domains of knowledge can be
This section continues the discussion of the Security and much more. applied to their current job
Engineering domain, including a deep dive into TOPICS: Domain 2: Asset Security; Domain 3: Security
cryptography. The focus is on real-world implementation Engineering (Part 1)
of core cryptographic concepts, including the three types
of cryptography: symmetric, asymmetric, and hashing.
SECTION 4: Identity and Access Management
Quantum cryptography and fault injection attacks (newly
added in the 2021 exam) will be discussed, as well as Controlling access to data and systems is one of the
salts and rainbow tables. We will round out Domain 3 primary objectives of information security. Domain 5,
with a look at physical security before turning to Domain Identity and Access Management, strikes at the heart
of access control by focusing on the identification,
GISP
4, Communication and Network Security. The discussion Information Security
will cover a range of protocols and technologies, from authentication, and authorization of accounts. Password- Professional
the Open Systems Interconnection (OSI) model to based authentication represents a continued weakness, giac.org/gisp
storage area networks. New topics for the 2021 exam so Domain 5 stresses multi-factor authentication,
biometrics, and secure credential management. The 2021 GIAC Information Security
will be discussed, including micro-segmentation, Virtual
eXtensible Local Area Network (VXLAN), Software-Defined CISSP® exam underscores the increased role of external Professional
Wide Area Network (SD-WAN), and Li-Fi. users and service providers, and mastery of Domain 5 The GIAC Information Security
requires an understanding of credential management Professional (GISP) certification
TOPICS: Domain 3: Security Engineering (Part 2);
systems, federated identity, SSO, SAML, cloud identity, validates a practitioner’s knowledge
Domain 4: Communication and Network Security
and third-party identity and authorization services like of the eight domains of cybersecurity
OpenID Connect (OIDC) and Open Authorization (Oauth) knowledge as determined by (ISC)2
SECTION 5: Security Assessment and Testing; TOPICS: Domain 5: Identity and Access Management that form a critical part of CISSP®
Security Operations exam. GISP certification holders will
This course section covers Domain 6 (Security be able to demonstrate knowledge of
SECTION 6: Software Development Security asset security, communications and
Assessment) and Domain 7 (Security Operations). Security
The final course section examines Domain 8 (Software network security, identity and access
Assessment covers types of security tests, testing
Development Security), which describes the requirements management, security and risk
strategies, and security processes. Security Operations
for secure software. Security should be “baked in” as part management, security assessment
covers investigatory issues, including eDiscovery, logging
of network design from day one, since it is always less and testing, security engineering,
and monitoring, and provisioning. We will discuss cutting-
effective when it is added later to a poor design. We will security operation, and software
edge technologies such as cloud, and we’ll wrap up the
discuss classic development models, including waterfall development security.
section with a deep dive into disaster recovery.
and spiral methodologies. We will then turn to more
TOPICS: Domain 6: Security Assessment; Domain 7: • Asset Security
modern models, including agile software development
Security Operations methodologies. New content for the 2021 CISSP® exam • Communications and Network
update will be discussed, including DevOps. We will wrap Security
up 414.6 by discussing security vulnerabilities, secure • Identity and Access Management
coding strategies, and testing methodologies.
• Security and Risk Management
TOPICS: Domain 8: Software Development Security
• Security Assessment and Testing
• Security Engineering
• Security Operation
“Great discussions and examples that provide a clear • Software Development Security
understanding and relate material to examples.”
— Kelley O’Neil, Wells Fargo