Page 3 - CISSO_Workbookv18
P. 3

Certified Information Systems Security Officer



                                                  Table of Contents
               Course Introduction ...................................................................................................................................... 6
               Module 1 – Risk Management .................................................................................................................... 13

                  Section 1 – Risk Definitions ..................................................................................................................... 16
                  Section 2 – Risk Management ................................................................................................................. 29

                  Section 3 – Risk Assessment ................................................................................................................... 35
                  Section 4 – Responding to Risk ............................................................................................................... 57

               Module 2 – Security Management ............................................................................................................. 69
                  Section 1 – Understanding Security ........................................................................................................ 71

                  Section 2 – Information Security Management System ......................................................................... 77
                  Section 3 – Roles and Responsibility ....................................................................................................... 91
                  Section 4 – Security Frameworks ............................................................................................................ 97

                  Section 5 – Human Resources ............................................................................................................... 105
               Chapter 3 – Identification and Authentication ......................................................................................... 119

                  Section 1 – Identity Management ......................................................................................................... 121
                  Section 2 – Authentication Techniques ................................................................................................ 134
                  Section 3 – Single Sign-on ..................................................................................................................... 152

                  Section 4 – Access Control Monitoring ................................................................................................. 167

               Chapter 4 – Access Control ....................................................................................................................... 178
                  Section 1 – Access Control Types and Characteristics .......................................................................... 180
                  Section 2 – Information Classification .................................................................................................. 194

                  Section 3 – Access Control Models and Techniques ............................................................................. 201
                  Section 4 – Access Control Methods ..................................................................................................... 214

               Chapter 5 – Security Models and Evaluation Criteria ............................................................................... 224
                  Section 1 – Trusted Computing Base .................................................................................................... 226
                  Section 2 – Protection Mechanisms ..................................................................................................... 231

                  Section 3 – Security Models .................................................................................................................. 240
                  Section 4 – Evaluation Criteria .............................................................................................................. 256

               Chapter 6 – Operations Security ............................................................................................................... 269
                  Section 1 – Administrative Management Responsibilities ................................................................... 271

                  Section 2 – Product Implementation Management ............................................................................. 282
                  Section 3 – Redundancy and Fault Tolerance ....................................................................................... 293

                  Section 4 – Operational Issues and Responses ..................................................................................... 303

               Certified Information Systems Security Officer  P a g e  | 3
               ©Mile2 – All Rights Reserved - v18
   1   2   3   4   5   6   7   8