NTUC LearningHub

Course Objectives

 


Upon completing the course, students will be able to:

  • Relate confidentiality, integrity, availability, non-repudiation, authenticity, privacy and safety to due care and due diligence
  • Identify and select security assessment approaches, frameworks and standards
  • Relate information security governance to organizational business strategies, goals, missions and objectives
  • Identify the different types and categories of information security controls and their use.
  • Compare and contrast the security operations characteristics of different types of governance and administrative controls
  • Develop incident response policies and plans. Link incident response to needs for security controls and their operational use
  • Understand internal, external and third party assessment and testing
  • Explain how governance frameworks and processes relate to the operational use of information security controls

 

Pre-requisites

 

  • Practicing security, ICT professional or anyone that has the necessary IT qualifications that wants to enter the field of Information Security.
  • Below are the certification requirements, if you are taking the course just for knowledge, it is not mandatory to possess the below requirements:

*Find out more about getting certified (https://www.isc2.org/Certifications/CISSP/experience-requirements)

 


Candidates must have a minimum of five years cumulative paid work experience in two or more of the eight domains of the CISSP CBK. Earning a four-year college degree or regional equivalent or an additional credential from the (ISC)² approved list will satisfy one year of the required experience. Education credit will only satisfy one year of experience.

A candidate who doesn’t have the required experience to become a CISSP may become an Associate of (ISC)² by successfully passing the CISSP examination. The Associate of (ISC)² will then have six years to earn the five years required experience.

Work Experience:

Your work experience must fall within two or more of the eight domains of the (ISC)² CISSP CBK:

Domain 1. Security and Risk Management

Domain 2. Asset Security

Domain 3. Security Architecture and Engineering

Domain 4. Communication and Network Security

Domain 5. Identity and Access Management (IAM)

Domain 6. Security Assessment and Testing

Domain 7. Security Operations

Domain 8. Software Development Security

Full-Time Experience: Your work experience is accrued monthly. Thus, you must have worked a minimum of 35 hours/week for four weeks in order to accrue one month of work experience.

Part-Time Experience: Your part-time experience cannot be less than 20 hours a week and no more than 34 hours a week.

1040 hours of part-time = 6 months of full time experience

2080 hours of part-time = 12 months of full time experience

Internship: Paid or unpaid internship is acceptable. You will need documentation on company/organization letterhead confirming your position as an intern. If you are interning at a school, the document can be on the registrar’s stationery.

Hardware & Software
This course will be conducted as a Virtual Live Class (VLC) via Zoom platform. Participants must own a zoom account and have a laptop or a desktop with “Zoom Client for Meetings” installed. This can be downloaded from https://zoom.us/download.

System Requirement

Must Have:

Please ensure that your computer or laptop meets the following requirements.

  • Operating system: Windows 10 or MacOS (64 bit or above)
  • Processor/CPU: 1.8 GHz, 2-core Intel Core i3 or higher
  • Minimum 20 GB hard disk space.
  • Minimum 8 Gb RAM
  • Webcam (The camera must be turned on for the duration of the class)
  • Microphone
  • Internet Connection: Wired or Wireless broadband
  • Latest version of Zoom software to be installed on computer or laptop prior to the class.

Good to Have:

  • Wired internet connection
    Wired internet will provide you with stable and reliable connection.
  • Dual monitors
    Using a dual monitor setup will undoubtedly improve your training experience, enabling you to simultaneously participate in hands-on exercises and maintain engagement with your instructor.>

Not Recommended:

Using tablets is not recommended due to their smaller screen size, which could cause eye strain and discomfort over the course of the program's duration.

 

Course Outline

 

  • Chapter 1 (Information Security Environment)
    • Understand, adhere to and Promote Professional Ethics
    • Understand and Apply Security Concepts
    • Evaluate and Apply Security Concepts
    • Legal Environment
    • Basic Secure Design Principles
  • Chapter 2 (Information Asset Security)
    • Information Assets
    • Manage the data security life cycle
    • Determine Data security controls and compliance requirements
  • Chapter 3 (Identity and Access Management)
    • Manage the Identity and Access Provisioning Lifecycle
    • Implement and Manage Access Control Models and Mechanisms
    • Managing People and Operations
    • Control Physical and Logical Access to Assets
    • Manage Identification and Authentication of People, Devices and Services
    • Implement Authentication and Authorization Systems
  • Chapter 4 (Security Architecture and Engineering)
    • Assess and mitigate the vulnerabilities of Security Architectures, Design and Solution Elements
    • Cryptographic Systems
    • Hybrid Systems and the Public Key Infrastructure (PKI)
    • Cryptographic Systems Hygiene: Operation and Maintenance
    • Cryptanalysis – Methods of Cryptanalytic Attacks
  • Chapter 5 (Communication and Network Security)
    • Open Systems Interconnection (OSI) and Transmission Control Protocol (TCP) over Internet Protocol (TCP/IP) models
    • OSI Layer 1 (Physical Layer)
    • OSI Layer 2 (Data Link Layer)
    • OSI Layer 3 (Network Layer)
    • OSI Layer 4 (Transport Layer)
    • OSI Layer 5 (Session Layer)
    • OSI Layer 6 (Presentation Layer)
    • OSI Layer 7 (Application Layer)
    • Secure Design Principles in Network Architecture
    • Secure Network Components
    • Implementing Secure Communications Channels According to Design
  • Chapter 6 (Software Development Security)
    • Why so many software systems are Unsecure
    • Security Weaknesses at the source code level: Why so much software is unsecure
    • Why Databases can be unsecure
    • Why websites can be unsecure
    • Malware, ransomware, and Ransom Attacks: The software perspective
    • “Baking in “ Security: Development Management Choices
    • Security Controls in Software Development Ecosystems
    • Risk Analysis and Mitigation for Software Apps and Systems
  • Chapter 7 (Security Assessment and Testing)
    • Design and validate Assessment, Test and Audit Strategies
    • Conduct Security Control Assessment
    • Collect Security Process Data
    • Analyze and report on Organization Performance
  • Chapter 8 (Security Operations)
    • Conduct Logging and Monitoring Activities
    • Perform Change Management
    • Basic Incident Response Concepts
    • Conduct Incident Management
    • Operate and maintain Detective and Preventative Measures
    • Implement Backup and Recovery Strategies
    • Apply Security Design Principles to Site and Facility Design
    • Site and Facility Security Controls
    • Personnel Safety and Security Controls

 

Certificate Obtained and Conferred by

 

  • Certificate of Completion from NTUC LearningHub

Upon meeting at least 75% attendance and passing the assessment(s), participants will receive a Certificate of Completion from NTUC LearningHub.

  • Statement of Attainment (SOA) from SkillsFuture Singapore

Upon meeting at least 75% attendance and passing the assessment(s), participants will receive a SOA from SkillsFuture Singapore to certify that the participant has achieved the following Competency Standard(s):

    • ICT-SNA-4020-1.1 Security Governance
  • External Certification

After completing this course, participants can optionally purchase the official “Certified Information Systems Security Professional (CISSP)” certification exam and upon passing, participants will receive the official certification from International Information Systems Security Certification Consortium ((ISC)2).The certification is governed and maintained by (ISC)2.

 

Categories
More Information
  • NTUC LearningHub
  • No comments yet.
  • Add a review
    error: Content is protected !!