1. Training
www.fleming.events
Master Class on
Certified Information
Systems Security
Professional
The most essential certification in the cybersecurity world.
28 February – 3 March 2017 | Paramaribo – Suriname
“Learn the Skills and Techniques you need to succeed”
2. Key Benefits:
In-depth coverage of all
domains in a condensed,
focused approach
Detailed discussion of those
topics most likely to be on
the CISSP exam
Using this course,
students prepare for the
exam, while at the same
time obtaining essential
security knowledge that
can be immediately used
to improve organizational
security.
This knowledge enhances
services and products,
secures business functions
andinfrastructures,provides
better implementation
processes, and can be
used to restructure critical
programs and procedures
to help keep companies up-
to-date on today's business
and security strategies,
technologies, and best
practices.
Learning Objectives
Learn the information
necessary to become an
expert in cyber security
Learn the basic domains
developed by ISC(2)
Prepare yourself for the
CISSP certification exam
Expert Profile
Dominic Nessi, CISSP
DominicNessihas40yearsofexpeienceandistheformer
Deputy Executive Director and the Chief Information
Officer of Los Angeles World Airports (LAWA). He held
that position from September 2007 to March 2016. He
is presently working with a number of organizations which are critical
entities in the air transport industry. As chief information officer at
LAWA, Nessi was responsible for all information technology-related
functions, including technology planning, design, implementation and
utilization of LAWA’s information infrastructure and related voice, data
and video communications systems for LAX, the world’s fifth busiest
airport, Ontario International and Van Nuys, the world’s busiest general
aviation airport. Mr. Nessi was responsible for the oversight of over
200 applications, including all airport mission-critical systems.
In the area of cybersecurity, Mr. Nessi has achieved the CISSP and GSLC
certifications. He serves on the ISC2 North American Advisory Council
and is the chair of the ISC2 Executive Writer’s Bureau. Mr. Nessi is the
chair of the Airports Council International (ACI) World Cybersecurity
task force and chairs the ACI North American cybersecurity sub-
committee. Mr. Nessi completed a certificate in Cybersecurity policy
from the Harvard John F Kennedy School of Government and is
completing a series of cyber-related courses from Texas A&M. He is now
working with the recently formed A-ISAC to increase its membership in
the airport community. In 2013 LAWA received a CSO 40 award for its
work in cybersecurity.
Nessi holds a Bachelor of Science degree in Computer Science
from Roosevelt University in Chicago, a Bachelor of Arts degree
in Political Science from Northern Illinois University, a Masters in
Public Administration with special emphasis in public policy from the
University of Colorado, and a Master’s Certificate in Applied Project
Management from Villanova University in Pennsylvania. Mr. Nessi
taught information technology courses at Metropolitan State College
of Denver for seven years.
In March 2009, Mr. Nessi was named as one of Government Technology
magazine’s “25 doers, dreamers and drivers” in the information
technology industry. In 2010, Mr. Nessi was selected as one of
Computerworld’s 100 Premier IT Leaders. In 2011, a major IT project
led by Mr. Nessi was given an “Honorable Mention” in Government
Computer News’ annual IT awards. In 2014 LAWA received an award for
the delivery of complex closed circuit TV. In 2015, Mr. Nessi was named
a Global CIO by ICMG and LAWA was honored for its IT Strategic Plan
and IT Governance process, also by ICMG.
Mr. Nessi regularly speaks at domestic and international information
technology and airport conferences and is frequently published and/
or quoted in trade publications.
www.fleming.events
3. Course Description
As companies strive to protect themselves, their assets and
their customers from the ever increasing threat of cyber-attacks,
knowledgeable and experienced personnel are essential.
The growing impact of cyber-attacks on a company’s bottom-line,
as well as reputation is growing significantly each year. As reliance
grows on network communications and electronic storage of privacy
information, financial data and intellectual property, the threat will
continue to grow. Ranging from attacks by anonymous hackers to
intrusions by rogue nation-states and terrorists, governments and
businesses feel that they are under siege in this environment.
Many companies are beginning to regard a CISSP certification as
a requirement for their technical, mid-management, and senior IT
management positions. Achieving the Certified Information Systems
Security Professional (CISSP) -the world's global security certification
standard - proves high proficiency in foundation security disciplines.
In this course you will learn the basics of cyber security, preparing you
to receive one of the most recognized and desirable certifications in
the cyber security world.
We will take you through all of the domains necessary to become
an expert in cyber security and help to prepare you to achieve the
CISSP certification.
Course Duration
The course is planned for a total of 32 hours (4 days).
Training
Methodology:
The course is interactive and
is comprised of lectures, case
studies, technical process
learning and supplemental
discussions related to various
industries and the challenges
of implementation.
Who should attend?
The CISSP is ideal
for those working in
positions such as, but not
limited to:
Security Consultant
Security Manager
IT Director/Manager
Security Auditor
Security Architect
Security Analyst
Security Systems Engineer
Chief Information Security
Officer
Director of Security
Network Architect
www.fleming.events
4. DAY 1
Morning
Domain One – Security and Asset
Management
Setting the stage for a security program. The
basic concepts, policies and standards, and
identifying risk management as a critical
component to designing a proper program.
Topics include:
• Confidentiality, integrity, and availability
concepts
• Security governance principles
• Compliance
• Legal and regulatory issues
• Security policy, standards, procedures and
guidelines
• Business continuity requirements
• Personnel security policies
• Risk management concepts
• Threat modeling
• Integrating security risk considerations into
acquisition strategy and practice
• Security education, training and awareness
• Professional ethics
LUNCH
Afternoon
DOMAIN TWO – ASSET SECURITY
this domain contains the concepts, principles,
structures and standards used to enforce levels
of confidentiality, integrity and availability.
This domain outlines the need for a security
architecture. Classifying information, and
determine the responsibilities of data owners is
an essential aspect of ensuring asset security.
Topics include:
• Classify information and supporting assets
• Determine and maintain ownership
• Protect privacy
• Ensure appropriate retention
• Determine data security controls
• Establish handling requirements
www.fleming.events tel.: + 91 98 8673 1587 email: sahil.khan@fleming.events
5. Morning
DOMAIN THREE – SECURITY
ENGINEERING
This domain contains the tools to design,
implement, monitor and secure operating
systems, equipment, networks, applications
and those controls used to enforce levels
of confidentiality, integrity and availability.
Cryptography is an important tool for ensuring
that data at rest and data in transit cannot be
compromised. This domain also identifies a
number of security models that have been
developed for information protection. Physical
security focuses on the threats, vulnerabilities
and countermeasures that can be utilized to
physically protect the enterprise’s resources and
sensitive information. Topics include:
• Implement and Manage and Engineering
Lifecycle
• Fundamental concepts of security models
• Controls and countermeasures
• Security capabilities of information systems
• Security architectures, designs and solutions
• Vulnerabilities in web-based systems
• Vulnerabilities in mobile systems
• Cryptography
• Application of secure principles to site and
facility design
• Facility security
LUNCH
Afternoon
Domain FOUR – Communications &
Network Security
this domain encompasses the structures,
transmission methods, transport formats, and
security measures used to provide security
for transmissions over private and public
communications. Network security is the
cornerstone of IT security. This domain discusses
firewalls, network attacks, vulnerabilities in major
network systems such as VoIP. Topics include:
• Secure design principles
> OSI and TCP/IP models
> IP networking
> Converged protocols
> Wireless networks
• Securing network components
> Hardware
> Transmission media
> Network access control devices
• Secure communication channels
> Voice
> Multimedia collaboration
> Remote access
• Prevent or mitigate network attacks
DAY 2
www.fleming.events tel.: + 91 98 8673 1587 email: sahil.khan@fleming.events
6. DAY 3
Morning
Domain Five – Identity & Access
Management
This domain describes how access control is
a key element in security management. This
domain discusses the concept of access control
as the process of allowing only authorized users,
programs or computer systems to observe,
modify or take possession of a computer system.
Topics include:
• Physical and logical access to assets
• Information
• Systems
• Devices
• Facilities
• Identification and authentication of people and
devices
• Identity management
• Single/multi-factor authentication
• Accountability
• Identity as a service
• Third-party identity services
• Authorization mechanisms
• Role and rule based, mandatory and
discretionary access
LUNCH
Afternoon
Domain SIX – Security Assessment &
Testing
This domain covers a broad range of ongoing
and point-of-time based testing methods used
to determine vulnerabilities and associated risk.
The fundamental purpose of Test & Evaluation is
to provide knowledge to assist in managing the
risks involved in developing, producing, operating
and sustaining systems and capabilities. Topics
include:
• Assessment and test strategies
• Security control testing
> Vulnerability assessment
> Penetration testing
> Log reviews
> Synthetic transactions
> Code review and testing
> Negative testing
> Interface testing
• Collect security process data
> Account management
> Management review
• Test Output
• Conduct or facilitate third party audits
www.fleming.events tel.: + 91 98 8673 1587 email: sahil.khan@fleming.events
7. Morning
Domain SEVEN – Security Operations
This domain is actually two domains in one –
operations security and security operations.
Operations security is concerned with the
protection and control of information processing
events n centralized and distributed environments.
Security operations are concerned with the daily
tasks required to keep security services operating
reliably and efficiently. Topics include:
• Investigations
• Investigation types
• Logging and monitoring
• Provisioning of resources
• Foundational security operations concepts
• Resource protection techniques
• Incident response
• Preventative measures
• Patch and vulnerability management
• Change management processes
• Recovery strategies
• Disaster recovery processes and plans
• Business continuity planning and exercising
• Physical security and Personnel safety
LUNCH
Afternoon
Domain Eight - Security in the Software
Development Life Cycle
This domain covers application security which
differs from network and access control security.
Applications are increasingly becoming the threat
vector for system attack, especially web systems.
When examined, major incidents, breaches and
outages tend to be application vulnerabilities.
Topics include:
• Development lifecycle methodologies
• Maturity models
• Operation and maintenance
• Change management
• Security controls in the development
environment
• Security in software controls
• Security weaknesses at the source code level
• Security of code repositories
• Security of application interfaces
• The effectiveness of software security
• Auditing and logging of changes
• Risk analysis and mitigation
• Corrective actions
• Testing and verification
• Regression testing
• Acceptance testing
Summary
Course Closeout and Evaluation
DAY 4
www.fleming.events tel.: + 91 98 8673 1587 email: sahil.khan@fleming.events
8. Sales Contract
Please complete this form and send it back to:
Phone: + 91 98 8673 1587
E-mail to:sahil.khan@fleming.events
or FAX: + 91 80 6600 5100
Client Identification Details
(Please complete form IN CAPITAL LETTERS for each client)
Ms Mrs Mr Surname:
Name:
Job Title:
Email:
Ms Mrs Mr Surname:
Name:
Job Title:
Email:
Ms Mrs Mr Surname:
Name:
Job Title:
Email:
Company/Organisation Details
Name:
Contact person:
Email:
Address:
City:
Country:
Phone:
Nature of business:
Website:
Payment Method
Please debit my
Visa Eurocard / Mastercard Amex Diners club
Card Billing Address:
Street:
City:
Post/Zip Code
Card Holder´s Name:
Card Holder´s Signature:
Card Number:
Visa CVC Number or Mastercard CVV Number
(last 3 digits on the back of the card)
Valid from Expiry Date
I agree to Fleming Gulf FZE debiting my card.
Authorization and Acceptance of Sales
Contract Terms Conditions
I hereby declare I am authorised to sign this contract and terms
conditions in the name of the company/organisation:
Name:
Date:
Signature:
Booking is invalid without a signature
Code: LA TETC 13
Agreed Price of the Service
23 USD administration charge and any applicable withholding
or any other tax or fee will be applied
USD 2500
USD 580
Registration Fee
CISSP Exam Voucher
per delegate
Terms and Conditions:
1. Payment terms. Fleming Gulf FZE (hereinafter as “FG”) requires the full payment of the invoiced amount within 7 working days
from the issue date of the invoice or 3 working days prior to the start date of the event. Whichever is earlier. FG reserves the right
to refuse entry to any client who does not pay the invoice in full and on time. If the payment is not received on FG’s account on the
seventh day from the date of the issue of the invoice, FG is entitled to charge the Client an overdue interest of 5% p.a. for every day,
for which the Cleint’s payment is overdue. The registration fee includes: conference documentation, admission to all conference
sessions, lunches and refreshments, admission to networking social breaks during the event. The registration fee does not include:
travel, hotel accommodation, transfers or insurance..
2. Hotel accommodation. Overnight accommodation is not included in the registration fee. A reduced rate may be available at the hotel
hosting the event. The reservation form will be sent to the client after the venue has been confirmed, but no later than one month
before the event begins.
3. Cancellation by client. The client has the right to cancel his/her participation in the event. Cancellation must be received by FG in
writing, either by mail or fax. If the client cancels with more than one month’s advance notice before the start of the event, FG shall
be entitled to retain and charge 50% of the amount payable for participation in the event. If the client cancels with one month’s (or
less) advance notice, or fails to attend the event, then the client shall not be entitled to any refund. Failure to attend an event shall not
excuse a client from owing the full amount of the registration fee. A copy of the conference notes from the event will be sent to the
client after the event is over in case of cancellation by the client.
4. Cancellation by FG. While every reasonable effort is made to adhere to the advertised program, circumstances can arise which may
cause changes in the program, including but not limited to changes in the content, date(s), location or venue, or special features of
the planned event. Such circumstances include but are not limited to acts of terrorism, war, extreme weather conditions, compliance
with government requests, orders and legal requirements, failure of third party suppliers to timely deliver, and failure to register the
minimum target amount of attendees for a given event. FG reserves the right to change the content, date(s), location or venue and/
or special features of an event, to merge the event with another event, or to postpone it or cancel it entirely as appropriate under
the circumstances. Client agrees that FG shall not be liable for any cost, damage or expense which may be incurred by client as
a consequence of the event being so changed, merged, postponed or cancelled and client agrees to hold FG harmless and to
indemnify FG in case of liability caused by any such changes, mergers, postponements or cancellations.
5. Cancellation of the event. In case FG cancels an event, then FG may offer the client a full credit up to the amount actually paid by the
client to FG. This credit shall be valid for up to one year from the issue date of the invoice to attend any FG-sponsored events. The
client shall not be entitled to this credit as a contractual right.
6. Client’s identification information. By signing of this sales contract and these terms and conditions the client gives full right to EP to
share the client’s identification information such as, but not limited to, client’s name, address, email addresses, phone numbers and
names of representatives with third parties, which participated on the same event as the client.
7. Governing law. This contract shall be governed and construed in accordance with the laws of UAE (not including its conflict of laws
provisions). Any disputes arising out of this contract shall be brought before the courts of the UAE situated in the city of Dubai in the
UAE. At its sole discretion, FG may elect to bring any dispute arising under this contract to the jurisdiction of the courts in which the
client’s offices are located.
8. Indemnification. To the fullest extent permitted by the law, you agree to protect, indemnify, defend and hold harmless FG, its owners,
managers, partners, subsidiaries, affiliates, officers, directors, employees and agents, from and against any and all claims, losses
or damages to persons or property, governmental charges or fines, penalties, and costs (including reasonable attorney’s fees)
(collectively “the Claims”), in any way arising out of or relating to the event that is the subject of this contract, and regardless
of negligence, included but not limited to, Claims arising out of the negligence, gross negligence or intentional misconduct of
FG employees, agents, contractors, and attendees; provided, however, that nothing in this indemnification shall require you to
indemnify FG Indemnified parties for that portion of any Claim arising out of the sole negligence, gross negligence or intentional
misconduct of the FG parties.
9. Other currencies. In case that client requests payment in other than official currency (USD), FG reserves the right to apply 8%
currency risk surcharge to the actual exchange rate.
10. Other Conditions. Any terms or conditions contained in the client’s acceptance which contradict or are different from the terms and
conditions of this registration document shall not become part of the contract unless individually negotiated with FG and expressly
accepted by FG.
Master Class on Certified Information Systems Security Professional
28 February – 3 March 2017 | Paramaribo – Suriname