CISSP, bağımsız bir kuruluş olan ISC2 tarafından geliştirilen ve bilgi güvenliğinin tüm alanlarını kapsayan ileri seviye bir sertifikadır.

Zengin , ürün ve teknoloji bağımsız bakış açısı, ezbere dayalı olmayan içeriğiyle CISSP sertifikası günümüzde en geçerli bilgi güvenliği sertifikasyonu olarak bilinmektedir. CISSP® sertifikası, ANSI (American National Standards Institute) ISO (International Standards Organization) 17024:2003 standartına uygun ilk bilgi güvenliği sertifikasıdır.

Eğitim Tarihleri-İstanbul: 26-30 Mart 2012

Eğitim Adresi-İstanbul: Sırma Perde Sok. No:17/5 Kat:2 Altunizade Üsküdar İSTANBUL

Eğitim Tarihleri-Ankara: 9-13 Nisan 2012

Eğitim Adresi-Ankara:  İller Sok. No:4 Mebusevleri / Tandoğan / ANKARA (Gençlik Cad. Anıtkabir yanı)

Kayıt Olun: Kayıt olmak için egitim@bga.com.tr adresine “CISSP Sertifikası Hazırlık Eğitimi” başlıklı e-posta gönderebilir ya da bizi +90 216 474 0038 numaralı telefondan arayabilirsiniz.

Eğitim Ücreti: Lütfen egitim@bga.com.tr adresine “CISSP Sertifikası Hazırlık Eğitimi Ücret Bilgisi” konulu e-posta gönderiniz.

---

Eğitim İçeriği:

1. Access Control

A. Control access by applying the following concepts/methodologies/
techniques
A.1 Policies
A.2 Types of controls (preventive, detective, corrective, etc.)
A.3 Techniques (e.g., non-discretionary, discretionary and mandatory)
A.4 Identification and Authentication
A.5 Decentralized/distributed access control techniques
A.6 Authorization mechanisms
A.7 Logging and monitoring
B. Understand access control attacks
B.1 Threat modeling
B.2 Asset valuation
B.3 Vulnerability analysis
B.4 Access aggregation
C. Assess effectiveness of access controls
C.1 User entitlement
C.2 Access review & audit
D. Identity and access provisioning lifecycle (e.g., provisioning, review, revocation)

2. Telecommunications & Network Security
A. Understand secure network architecture and design (e.g., IP & non-IP protocols, segmentation)
A.1 OSI and TCP/IP models
A.2 IP networking
A.3 Implications of multi-layer protocols
B. Securing network components
B.1 Hardware (e.g., modems, switches, routers, wireless access points)
B.2 Transmission media (e.g., wired, wireless, fiber)
B.3 Network access control devices (e.g., firewalls, proxies)
B.4 End-point security

C. Establish secure communication channels (e.g., VPN, TLS/SSL, VLAN)
C.1 Voice (e.g., POTS, PBX, VoIP)
C.2 Multimedia collaboration (e.g., remote meeting technology, instant messaging)
C.3 Remote access (e.g., screen scraper, virtual application/desktop, telecommuting)
C.4 Data communications

D. Understand network attacks (e.g., DDoS, spoofing)

3. Information Security Governance & Risk Management
A. Understand and align security function to goals, mission and objectives of the organization
B. Understand and apply security governance
B.1 Organizational processes (e.g., acquisitions, divestitures, governance committees)
B.2 Security roles and responsibilities
B.3 Legislative and regulatory compliance
B.4 Privacy requirements compliance
B.5 Control frameworks
B.6 Due care
B.7 Due diligence

C. Understand and apply concepts of confidentiality, integrity and availability

D. Develop and implement security policy
D.1 Security policies
D.2 Standards/baselines
D.3 Procedures
D.4 Guidelines
D.5 Documentation

E. Manage the information life cycle (e.g., classification, categorization, and ownership)

F. Manage third-party governance (e.g., on-site assessment, document exchange and review, process/policy review)

G. Understand and apply risk management concepts
G.1 Identify threats and vulnerabilities
G.2 Risk assessment/analysis (qualitative, quantitative, hybrid)
G.3 Risk assignment/acceptance
G.4 Countermeasure selection
G.5 Tangible and intangible asset valuation

H. Manage personnel security
H.1 Employment candidate screening (e.g., reference checks, education, verification)
H.2 Employment agreements and policies
H.3 Employee termination processes
H.4 Vendor, consultant and contractor controls

I. Develop and manage security education, training and awareness

J. Manage the Security Function
J.1 Budget
J.2 Metrics
J.3 Resources
J.4 Develop and implement information security strategies
J.5 Assess the completeness and effectiveness of the security program

4. Software Development Security
A. Understand and apply security in the software development life cycle
A.1 Development Life Cycle
A.2 Maturity models
A.3 Operation and maintenance
A.4 Change management

B. Understand the environment and security controls
B.1 Security of the software environment
B.2 Security issues of programming languages
B.3 Security issues in source code (e.g., buffer overflow, escalation of privilege, backdoor)
B.4 Configuration management

C. Assess the effectiveness of software security

5. Cryptography
A. Understand the application and use of cryptography
A.1 Data at rest (e.g., Hard Drive)
A.2 Data in transit (e.g., On the wire )

B. Understand the cryptographic life cycle (e.g., cryptographic limitations, algorithm/protocol governance)

C. Understand encryption concepts
C.1 Foundational concepts
C.2 Symmetric cryptography
C.3 Asymmetric cryptography
C.4 Hybrid cryptography
C.5 Message digests
C.6 Hashing

D. Understand key management processes
D.1 Creation/distribution
D.2 Storage/destruction
D.3 Recovery
D.4 Key escrow

E. Understand digital signatures
F. Understand non-repudiation

G. Understand methods of cryptanalytic attacks
G.1 Chosen plain-text
G.2 Social engineering for key discovery
G.3 Brute Force (e.g., rainbow tables, specialized/scalable architecture)
G.4 Cipher-text only
G.5 Known plaintext
G.6 Frequency analysis
G.7 Chosen cipher-text
G.8 Implementation attacks

H. Use cryptography to maintain network security

I. Use cryptography to maintain application security

J. Understand Public Key Infrastructure (PKI)

K. Understand certificate related issues

L. Understand information hiding alternatives (e.g., steganography, watermarking)

6. Security Architecture and Design
A. Understand the fundamental concepts of security models (e.g., Confidentiality, Integrity, and Multi-level Models)

B. Understand the components of information systems security evaluation models
B.1 Product evaluation models (e.g., common criteria)
B.2 Industry and international security implementation guidelines (e.g., PCI-DSS, ISO)

C. Understand security capabilities of information systems (e.g., memory protection, virtualization, trusted platform module)

D. Understand the vulnerabilities of security architectures
D.1 System (e.g., covert channels, state attacks, emanations)
D.2 Technology and process integration (e.g., single point of failure, service oriented architecture)

E. Understand software and system vulnerabilities and threats
E.1 Web-based (e.g., XML, SAML, OWASP)
E.2 Client-based (e.g., applets)
E.3 Server-based (e.g., data flow control)
E.4 Database security (e.g., inference, aggregation, data mining, warehousing)
E.5 Distributed systems (e.g., cloud computing, grid computing, peer to peer)

F. Understand countermeasure principles (e.g., defense in depth)

7. Security Operations
A. Understand security operations concepts
A.1 Need-to-know/least privilege
A.2 Separation of duties and responsibilities
A.3 Monitor special privileges (e.g., operators, administrators)
A.4 Job rotation
A.5 Marking, handling, storing and destroying of sensitive information
A.6 Record retention

B. Employ resource protection
B.1 Media management
B.2 Asset management (e.g., equipment life cycle, software licensing)

C. Manage incident response
C.1 Detection
C.2 Response
C.3 Reporting
C.4 Recovery
C.5 Remediation and review (e.g., root cause analysis)

D. Implement preventative measures against attacks (e.g., malicious code, zero-day exploit, denial of service)

E. Implement and support patch and vulnerability management

F. Understand change and configuration management (e.g., versioning, base lining)

G. Understand system resilience and fault tolerance requirements

8. Business Continuity & Disaster Recovery Planning
A. Understand business continuity requirements
A.1 Develop and document project scope and plan

B. Conduct business impact analysis
B.1 Identify and prioritize critical business functions
B.2 Determine maximum tolerable downtime and other criteria
B.3 Assess exposure to outages (e.g., local, regional, global)
B.4 Define recovery objectives

C. Develop a recovery strategy
C.1Implement a backup storage strategy (e.g., offsite storage, electronic vaulting, tape rotation)
C.2 Recovery site strategies

D. Understand disaster recovery process
D.1 Response
D.2 Personnel
D.3 Communications
D.4 Assessment
D.5 Restoration
D.6 Provide training

E. Exercise, assess and maintain the plan (e.g., version control, distribution)

9. Legal, Regulations, Investigations & Compliance
A. Understand legal issues that pertain to information security internationally
A.1 Computer crime
A.2 Licensing and intellectual property (e.g., copyright, trademark)
A.3 Import/Export
A.4 Trans-border data flow
A.5 Privacy

B. Understand professional ethics
B.1 (ISC)2 Code of Professional Ethics
B.2 Support organization’s code of ethics

C. Understand and support investigations
C.1 Policy, roles and responsibilities (e.g., rules of engagement, authorization, scope)
C.2 Incident handling and response
C.3 Evidence collection and handling (e.g., chain of custody, interviewing)
C.4 Reporting and documenting

D. Understand forensic procedures
D.1 Media analysis
D.2 Network analysis
D.3 Software analysis
D.4 Hardware/embedded device analysis

E. Understand compliance requirements and procedures
E.1 Regulatory environment
E.2 Audits
E.3 Reporting

F. Ensure security in contractual agreements and procurement processes (e.g.,
cloud computing, outsourcing, vendor governance)

10. Physical (Environmental) Security
A. Understand site and facility design considerations

B. Support the implementation and operation of perimeter security (e.g., physical access control and monitoring, audit trails/access logs)

C. Support the implementation and operation of internal security (e.g., escort requirements/visitor control, keys and locks)

D. Support the implementation and operation of facilities security (e.g., technology convergence)
D.1 Communications and server rooms
D.2 Restricted and work area security
D.3 Data center security
D.4 Utilities and Heating, Ventilation and Air Conditioning (HVAC) considerations
D.5 Water issues (e.g., leakage, flooding)
D.6 Fire prevention, detection and suppression

E. Support the protection and securing of equipment

F. Understand personnel privacy and safety (e.g., duress, travel, monitoring)

---

Eğitim Detayları

CISSP (Certified Information Systems Security Professional) sertifikası, bilgi güvenliği dünyasının CISO (Chief Information Security Officer) diploması sayılabilir. Güvenlik alanında derinlemesine bilgi ve deneyim, ezber yerine muhakeme yeteneği gerektiren, saygın, sahip olması ve sahipliğinin sürdürülmesi güç bir sertifikadır.
Sertifikasyon sürecinin amacı, CISO (Chief Information Security Officer) yetiştirmektir. Ülkemizde, bilgi güvenliği stratejisi belirleyebilecek nitelikte CISO ihtiyacı her zamankinden fazladır. Bu nedenle, nitelikli, deneyimli, vizyoner, CISSP sertifikalı profesyonel sayısının artması gerektiğine inanıyoruz.
Bilgi güvenliği yöneticisi, bulunduğu kurumdaki güvenlik stratejilerini belirler. İşinde başarılı olabilmesi, bilgi güvenliğinin tüm boyutlarına derinlemesine hakim olmasıyla birebir ilişkilidir. Tecrübe ve bilgi, başarıya ulaşmak için olmazsa olmazlardandır. CISSP eğitimi, yoğunlaştırılmış programıyla, katılımcıların bilgi düzeyini artırmayı hedefler.

Eğitim, katılımcıların ve eğitmenin iş hayatlarında yaşadıkları tecrübelerin paylaşıldığı sinerji ortamının ve iş hayatında önemli bir unsur olan networking ortamının oluşturulmasını sağlar. Eğitmen, katılımcıları, güvenlik stratejisi belirleyen/belirleyecek olan kilit profesyoneller olarak görür. Bu nedenle eğitim, bilgiyi veren-alan tarafın ya da, bilen eğitmenin-bilmeyen katılımcıların olduğu sıkıcı bir ortam değildir. Eğitim süresince ekip olarak konular değerlendirilir ve fikir alışverişinde bulunulur, tecrübeler paylaşılır.

Eğitim süresince, toplam 10 adet CISSP alanı, 40 saat boyunca, sınavdaki ağırlık derecesi ve katılımcı profiline göre önceliklendirilerek işlenecektir.

---

Katılımcı Profili

CISSP sertifika sınavına hazırlananlar, bilgi güvenliği yöneticileri, bilgi güvenliği yönetici adayları, bu eğitime katılmalıdır.

---

Katılım Koşulları

Eğitime katılım için, bilgi güvenliği alanında, içerik kısmında belirtilen 10 alandan en az ikisinde birkaç yıllık tecrübe sahibi olmak ve iyi düzeyde Ingilizce bilmek tavsiye edilir.

---

Eğitim Dili

Eğitimin konuşma dili Türkçe, yazma dili çoğunlukla Ingilizce olacaktır. CISSP sınavında başarılı olmanın ön gereksinimlerinden biri, ileri düzeyde Ingilizce bilgisidir. Bu nedenle yazma dili olarak Ingilizce kullanılmıştır.