Data and Applications Security
Developments and Directions
Dr. Bhavani Thuraisingham
The University of Texas at Dallas
CISSP Certification and GIAC/GCFA Certification
December 2, 2009
What is CISSP? (Wiki)
 Certified Information Systems Security Professional (CISSP)
is an independent information security certification governed
by the not-for-profit[1] International Information Systems
Security Certification Consortium, commonly known as (ISC)².
 As of June 30, 2009, (ISC)² reports 63,358 members who hold
the CISSP certification in 134 countries.
 In June, 2004, the CISSP was the first information security
credential accredited by ANSI ISO/IEC Standard 17024:2003
accreditation, and, as such, has led industry acceptance of
this global standard and its stringent requirements
 It is formally approved by the U.S. Department of Defense
(DoD) in both their Information Assurance Technical (IAT) and
Managerial (IAM) categories
 The CISSP has been adopted as a baseline for the U.S.
National Security Agency's ISSEP program.
CISSP Topics
 The CISSP curriculum covers subject matter in a variety of
Information Security topics.
 The CISSP examination is based on what (ISC)² terms the
Common Body of Knowledge (or CBK).
 According to (ISC)², "the CISSP CBK is a taxonomy -- a
collection of topics relevant to information security
professionals around the world. The CISSP CBK establishes a
common framework of information security terms and
principles that allow information security professionals
worldwide to discuss, debate and resolve matters pertaining
to the profession with a common understanding.”
CISSP Topics
 The core information security and assurance tenets:
confidentiality, integrity and availability,and attempts to
balance the three across ten areas of interest, which are also
called domains. The ten CBK domains are:
 Access Control
Categories and Controls
- Control Threats and countermeasures
 Application Security
- Software Based Controls
Software Development Lifecycle and Principles
 Business Continuity and Disaster Recovery Planning
- Response and Recovery Plans
- Restoration Activities
-
-
CISSP Topics
 Cryptography
- Basic Concepts and Algorithms
- Signatures and Certification
- Cryptanalysis
 Information Security and Risk Management
- Policies, Standards, Guidelines and Procedures
- Risk Management Tools and Practices
- Planning and Organization
 Legal, Regulations, Compliance and Investigations
- Major Legal Systems
- Common and Civil Law
- Regulations, Laws and Information Security
CISSP Topics
 Operations Security
- Media, Backups and Change Control Management
- Controls Categories
 Physical (Environmental) Security
- Layered Physical Defense and Entry Points
- Site Location Principles
 Security Architecture and Design
- Principles and Benefits
- Trusted Systems and Computing Base
- System and Enterprise Architecture
 Telecommunications and Network Security
- Network Security Concepts and Risks
- Business Goals and Network Security
General Requirements
 Candidates for the CISSP must meet several requirements:
 Possess a minimum of five years of direct full-time security
work experience in two or more of the ten (ISC)² information
security domains (CBK).
 One year may be waived for having either a four-year college
degree, a Master's degree in Information Security, or for
possessing one of a number of other certifications from other
organizations
 If you don't have the necessary 5 years of experience, you
may earn the Associate of (ISC)² designation by passing the
required CISSP examination. The Associate of (ISC)² for
CISSP designation is valid for a maximum of six years from
the date (ISC)² notifies you that you have passed the exam,
within which time, you'll need to obtain the required
experience and submit the required endorsement form for
certification as a CISSP.
General Requirements
 Once you have achieved the professional experience
requirements your certification will be converted to CISSP
status.
 Attest to the truth of their assertions regarding professional
experience and accept the CISSP Code of Ethics.
 Answer four questions regarding criminal history and related
background.
 Pass the CISSP exam with a scaled score of 700 points or
greater. The exam is multiple choice, consisting of 250
questions with four options each, to be answered over a
period of six hours.
 Have their qualifications endorsed by another (ISC)² certified
professional in good standing. The endorser attests that the
candidate's assertions regarding professional experience are
true to the best of their knowledge, and that the candidate is
in good standing within the information security industry.
On-going Certification
 The CISSP credential is valid for only three years, after which it must
be renewed. The credential can be renewed by re-taking the exam
 However, the more common method is to report at least 120
Continuing Professional Education (CPE) credits since the previous
renewal.
 Currently, to maintain the CISSP certification, a member is required
to earn and submit a total of 120 CPEs by the end of their three-year
certification cycle and pay the Annual Membership Fee of US$85
during each year of the three-year certification cycle before the
annual anniversary date.
 With the new changes effective 30 April 2008, CISSPs are required
to earn and post a minimum of 20 CPEs (of the 120 CPE certification
cycle total requirement) and pay the AMF of US$85 during each year
of the three-year certification cycle before the member’s certification
or recertification annual anniversary date.
On-going Certification
 For CISSPs who hold one or more concentrations, CPEs
submitted for the CISSP concentration(s) will be counted
toward the annual minimum CPEs required for the CISSP.
 CPEs can be earned through several paths, including taking
classes, attending conferences and seminars, teaching
others, undertaking volunteer work, professional writing, etc.,
all in areas covered by the CBK.
 Most activities earn 1 CPE for each hour of time spent,
however preparing (but not delivering) training for others is
weighted at 4 CPEs/hour, published articles are worth 10
CPEs, and published books 40 CPEs
Book I am using to study for CISSP
 CISSP All-in-One; A comprehensive, up-to-date revision of the
market-leading CISSP training resource
 Written by the Shon Harris
 This exam guide offers complete coverage of all the material
on the Certified Information Systems Security Professional
(CISSP) exam. With full treatment of all the 10 exam domains,
as developed by the International Information Systems
Security Certification Consortium (ISC2), this definitive tool
contains learning objectives at the beginning of each chapter,
sidebars with in-depth technical explanations, practice
questions, and real-world scenarios.
 Hardcover:1008 pages; Publisher: McGraw-Hill Osborne
Media; 4 edition ( November 20, 2007 ISBN:0071497870 (OR)
978-0071497879 CISSP All-in-One Exam Guide, Fifth Edition
is due for release February 8, 2010
Computer Forensics Certification: SANS Institute
 GIAC (Global Information Assurance Certification) Certified Forensic
Analysts (GCFAs) have the knowledge, skills, and abilities to handle
advanced incident handling scenarios, legally collect and secure
evidence, conduct incident investigations, perform Electronic
Evidence Discovery (EED), write forensic reports that can be utilized
in litigation, and legally carry out forensic investigation of
computers, networks, and hard drives.
GCFA certified personnel understand and can articulate fundamental
forensic concepts such as the file system structures, evidence
handling and acquisition, computer based media analysis, and
computer forensic report writing.
 GCFA certified personnel are able to demonstrate how commercial
forensic tools function step-by-step and can describe the process in
a court of law. They are adept at both live and dead evidence
acquisition as well as complete deep-dive forensic analysis.
Computer Forensics Certification: SANS Institute
 In addition, certified analysts are able to articulate and ensure an exact legal
process is followed to protect the rights of individuals, corporations, and of
themselves to ensure that every case they are called upon to analyze will be
able to be utilized in either civil or criminal proceedings.
 GCFA certification tests knowledge that is not geared for only law
enforcement personnel, but for corporate and organizational incident
response and investigation teams that have different legal or statutory
requirements compared to a standard law enforcement forensic
investigation.
 Certified analysts understand requirements from the Sarbanes-Oxley Act
(SOX) , the Gramm-Leach-Bliley Act (GLB), the Health Insurance Portability
and Accountability Act (HIPAA). In addition certified professionals have a
deep understanding of the Electronic Communications Privacy Act, the
Computer Fraud and Abuse Act, and the Wiretap Act. Certified Analysts also
are able to articulate evidence admissibility, weight, and how the
Daubert/Frye tests are applied.
Computer Forensics Certification: SANS Institute
 Acquiring Data and Evidence, Application Footprinting
Autopsy Forensic Browser, Computer Forensics Primer ,
Critical Analysis Tools , Data Preservation , File Name Layer ,
File System and Data Layer Tools, Forensic Imaging and
Filesystem Media Analysis, Forensic Investigation Process,
Hash Comparisons and Fuzzy Hashing, Linux File System
Basics, Metadata Layer, Unallocated Metadata and File
Content Types, Windows FAT File System Basics, Windows
File System Basics, Windows Live Imaging, Windows Media
Analysis, Windows Media and Artifact Analysis, Windows
NTFS File System Basics, Windows Response and Volatile
Evidence Collection