Administrative Roster Syllabus Review Class overview 10 domains overview
Class presentations Don’t just read off slides Make sure you are engaging the class – Actually look at the class – Don’t read off of notes – refer to them if needed Try giving the presentation to a friend first 5 min target, limit 7 min.
Diagrams (visio) Use color – Green trees, black parking lot It needs to make sense – Is there a road leading to the parking lot? – Are there doors and an emergency exit or three? Remember you are selling something Make it readable Executives must understand your presentation
Grades Lowest quiz grade dropped. – If you miss a class, take this into account – NO MAKEUPS – Think you have an exception? Note from the dean
Computer use during class It’s distracting It’s annoying It’s discourteous Monitors off during presentations or lecture – unless you use the computer for taking notes
Final presentations Remember this is a proposal Make it look good, professional Technical accuracy is critical ‘bling’ helps more than you think – Color, flashy graphics always welcome Again, don’t just read off your slides. Try the presentation on a friend You are actually trying to sell us your proposal.
CISSP Ten Domains – CISSP CBK “An inch deep and a mile wide”
Information Security Pyramid Confidentiality AvailabilityIntegrity
Access Control Controlling what subjects can access Identification and authentication Auditing Monitoring
Telecommunications and Network Security LAN, MAN, WAN technologies Security infrastructure Internet, Intranet Attack Methods
Information Security and Risk Management Data classification Policies, procedures, standards, and guidelines Risk Assessment methodologies Personnel security
Application Security Data Warehousing and Data mining Software components and vulnerabilities Malicious code Development practices
Cryptography Encryption systems PKI and Hashing Attack methods
Security Architecture and Design Enterprise architecture Security models Common flaws in applications and systems
Operations Security Administrative security controls Standards, compliance, and due care Training and personnel activities Antivirus and patching
Business Continuity and Disaster Recovery Planning Resource identification Business impact analysis Plan development, implementation, and maintenance
Legal Regulations, Compliance, and Investigation Laws, regulations, crimes Evidence types and admissibility into court Incident handling
Physical Security Physical security controls Intrusion detection Fire detection and suppression Fencing, security guards, badge systems.
The catch The cops have to guard all the banks all of the time, I’ve just got to hit one. -Public Enemies