Learn: in:
» back to Search Results

Course rating of 0 Vendor rating of 4

The ISSO Boot camp provides 5 days of comprehensive, non-technical, entry-level professional training to achieve the fundamental knowledge necessary to facilitate & integrate requisite system-level security policies, processes, procedures & protocols.

Course Outline
This course focuses on planning, identifying, implementing, enforcing and maintaining data center security, as well as integrating technical and non-technical solutions for securing critical information infrastructures and establishing the standards necessary to help protect the confidentiality, maintain the integrity and ensure the availability of sensitive data and critical organizational computing resources.

The ISSO Boot camp provides five days of comprehensive, non-technical, entry-level professional training to achieve the fundamental knowledge, skills, and abilities necessary to facilitate and integrate requisite system-level security policies, processes, practices, procedures and protocols.

Anyone currently holding an ISSO position; those earmarked for current or planned ISSO billets; security managers (corporate or departmental security officer staff) responsible for IS security, chief informatics office (CIO) staff, including technical support, system managers, configuration managers, etc. who have collateral IS security responsibilities.

Course Objectives
  • Information systems security is the protection of information systems against unauthorized access to or modification of information whether in storage, processing, or transit, and against denial of service to authorized users, including those measures necessary to detect, document, and counter such threats.
  • Learn the security planning and administrative security procedures for systems that process sensitive, classified and national intelligence data.
  • Understand the implementation and enforcement of Information System Security Policies and Practices.
  • Know the concerns and requirements that determine the administration and management of physical, system and data access controls based on the sensitivity of the data processed and the corresponding authorization requirements.
  • Learn the identification, analysis, assessment and evaluation of information system threats and vulnerabilities and their impact on an organization’s critical information infrastructures.
  • Be able to identify management, technical, personnel, operational, and physical security controls.
  • Upon completion, understand the critical areas of knowledge required to step into any key information security position including Information Systems Security Officer.
Course Outline
I.  Develop Certification and Accreditation Posture
a. Plan for Certification and Accreditation

  • Planning
  • Defense in depth
  • Assets
  • Threats
  • Vulnerabilities
  • Criticality
  • Risk
  • Conduct risk assessment
  • Countermeasures
  • Organizational/agency systems emergency/incident response team
  • Education, training, & awareness (ETA)
  • Residual risk
  • Cost/benefit analysis
b.  Confidentiality, Integrity and Availability (CIA) Policy
  • Contingency plans
  • Concept of operations (CONOP)
  • Continuity plans
  • Legal plan
  • Disposition of classified material & emergency destruction policy (EDP)
  • Identification and authentication (I&A) policy
  • Monitoring and auditing policy
c.  Control Systems Policies
  • Configuration management policy
  • Protective technology policy
  • Intrusion detection policy
  • Malicious code policy
  • Access controls
d.  Culture and Ethics
  • Policy
  • Organization culture
  • Basic/generic management issues
  • Agency-specific security policies & procedures
e.       Incident Response
  • Concept of operations (CONOP)
  • Criminal activity preparedness planning
  • Organizational/agency systems emergency/incident response team
  • Malicious code
II.  Implement Site Security Policy
a.       Confidentiality, Integrity and Availability (CIA)
  • Contingency plans
  • Emergency destruction procedures (EDP)
  • Continuity plans
  • Disposition of classified material
  • Monitoring and auditing
  • Audit trail and logging, error/system logs
  • Intrusion detection
  • Investigation of security breaches
  • Monitoring
  • Configuration management
  • Countermeasures
b.  Ensure Facility is Approved
  • Facility Approval
c. Operations
  • Security policy
  • Agency/vendor cooperation/coordination
  • Certification advocacy
  • Conduct risk assessment
  • Contracting for security services
  • Ensure information system is approved
  • Life cycle system security planning
  • System security architecture study
d. General Principles
  • Access control models
  • Approval to operate
  • Attack
  • Business aspects of information security
  • Common criteria
  • Computer network attack
  • Criminal prosecution
  • Defense in depth
  • Due care
  • Education, training, & awareness
  • Industrial security
  • Information warfare (INFOWAR) concepts
  • Intellectual property rights
  • Interim approval to operate (IATO)
  • Investigative authorities
  • Knowledge of security laws
  • Lattice model
  • Law enforcement interfaces
  • Multi-level security
  • Need for system certification
  • Operating security features
  • Risk management
  • Security awareness as a countermeasure
  • Security education as a countermeasure
  • Security training as a countermeasure
  • Software licensing
  • Software piracy
  • Systems security authorization agreement (SSAA)
  • Systems security plan (SSP)
  • Standards of conduct
  • ITSEC/common criteria
  • Waive policy to continue operation
e. Security Management
  • Electronic records management
  • Records retention
  • E-mail
  • Non-repudiation
  • Hardware asset management
  • Software asset management
f.   Access Controls
  • Human access
  • Key management
g.  Incident Response
  • Security investigation procedures

III. Enforce and Verify System Security Policy
a. Confidentiality, Integrity and Availability/Accountability (CIA)
  • Planning
  • Monitoring and auditing
  • Environmental controls
  • Filtered power
  • Fire prevention
  • Grounding
  • Safety
b. Security management
  • Electronic records management
  • Records retention
  • E-mail
  • Non-repudiation
  • Hardware asset management
  • Software asset management
c.  Access Controls
  • Human access
  • Key management
  • Configuration management
  • Protective technology
  • Media security
  • Network assurance
d. Automated Security Tools
  • Automated security tools
  • Initiate protective and/or corrective measures
e. Handling Media
  • Handling media
  • Labeling
  • Marking of media/information systems oversight office (ISOO) rules
  • Marking of sensitive information
  • Physical controls & accounting
  • Remanence
  • Transportation
  • Disposition of classified material
  • Criminal prosecution
  • Evidence acceptability
  • Evidence collection and preservation
  • Legal and liability issues

IV.  Report on Site Security Status
a.  Security Continuity Reporting
  • Contingency plans
  • Continuity plans
  • Disposition of classified material & emergency destruction procedures (EDP)
  • Monitoring and auditing
  • Identification & authentication
  • Configuration management
  • Testing
b.  Report Security Incidents
  • Computer organizational/agency systems emergency/incident response team
  • Security incidents
  • Security violations reporting process (incident response)
c. Law
  • Investigative authorities
  • Law enforcement interfaces (LEI)
  • Witness interviewing/interrogation
  • Entrapment
  • Disgruntled employees
d. Report Security Status of Information System as Required
  • Administrative security policies and procedures
  • Agency specific security policies
  • Organizational/agency systems emergency/incident response team
  • Automated systems security incident support team (ASSIST)
  • Trade journals, bulletin board system (BBS) notices
e. Report to IG
  • Inspector General (IG) (external) audit & assessments

V.  Support Certification and Accreditation
a.  Certification Function

  • Assessments (e.g., surveys, inspections)
  • Risk assessment
  • Technical certification
  • Verification and validation process

VI. Accreditation Function
a.  ISSO

  • Managers
  • System administrator (SA)
b. Respond to Requests
  • Approval to operate
  • Assessment methodology
  • Certification statement
  • Certification tools
  • Identify security changes
  • Interim approval to operate (IATO)
  • Re-certification
  • Security test & evaluation (ST&E)
  • SSAA
  • Type accreditation
  •  Waive policy to continue operation

Prerequisites & Certificates

Certificates offered

The student kit includes a comprehensive workbook and other necessary materials for this class.

Cancellation Policy
10 business day cancellation policy. if the course is confirmed and the student cancels within 10 days of the course, then they get charged and apply a credit for future courses. If they cancel outside of 10 business days, then there are no charges at all.
Map & Reviews
CTE Solutions
[ View Provider's Profile ]


This course has not yet been rated by one of our members.

If you have taken a course through this vendor please log into your account and leave feedback for this vendor. You will be helping ensure our members get directed to the best training facilities.

Here are some reviews of the training vendor.
I realize that we are constantly dealing with technology, but I still think for a registration fee of almost $3,000, that a hardcover book should be included. I know that the option to print the book on a one-time basis exists.
Reviewed by 2016
Reviewed by 2016
The instructor was very knowledgeable and answered all questions. Jarod did an excellent job presenting.
Reviewed by 2015
The room was cold. I had to sit next to the space heater. It would be good to tell future patrons to dress warmly AHEAD of time. No suprises.
Reviewed by 2015
He was great and offered his contact info for further questions.
Reviewed by 2015
Howard was a fantastic instructor and the course was exactly what I required.
Reviewed by 2014
The trainer was excellent - the course exceeded my expectations.
Reviewed by 2014
This course provides an excellent overview and a bit of practice on the various functions of SharePoint 2013. I was disappointed at the number of exceedingly long breaks given after each module. I would have preferred less break time and more content to the course. Having never taken a SharePoint course with another provider, I don't know if this is the norm with all providers of just this one in particular.
Reviewed by 2014
I ranked the "Use of Technology" low because for Users who were remote the VM's that were setup were a little wonky. Could be very slow at times and then sometimes they needed to be refreshed to work properly with the lab. In some instances we couldn't follow along as replication would not occur fast enough and we would have our lab cut short (for us remote Users).
Reviewed by 2014
The instructor was good at remembering to acknowledge the online students even though he was facing a classroom of students also.
Reviewed by 2014
Insructor was not so good with the live examples. Also the handouts was not so useful
Reviewed by 2013
The trainer was excellent, very knowledgeable and had a lot of valuable experience to share. The problem was that there were way too many workshops that took too long and interfered with getting the maximum benefit from the instructor and the course.
Reviewed by 2013
This was quite informative. It was a great opportunity to have ‘real life’ discussions with certified PMs. The instructor had excellent examples and was able to share his PM experiences with us with concrete examples. In addition, this was a great opportunity to network with private sector/public sector PMs and develop a better appreciation of PM on both sides of the fence. Cheers, CL
Reviewed by 2013
Reviewed by 2013
I did not like the video format
Reviewed by 2013
As a remote attendee, it appeared the instructor paid attention to the "Attendee" and "Chat" windows only a few times throughout the day, so I was not confident that he would see if I sent a message or raised my hand during the course.
Reviewed by 2013
The chairs were not very comfortable and the material contained spelling and grammatical error (a few but still)as well as repetition of words.
Reviewed by 2013
Was a bit slow the last 1/2 day. Of course, for some, this was the last of a 4 day course (not just 2 days).
Reviewed by 2013
I really enjoyed the course and I learned a lot. The pace was excellent.
Reviewed by 2013
Reviewed by 2013
The room was excellent on its own - less distraction and no noise around you. There was no direction to the room when I walked in and therefore was not sure if I was heading in the right direction. We were not provided with the direction that there was coffee and fridge on the 3rd floor, and the bathroom floor was dirty.
Reviewed by 2012
This course was great, very informative, had Lionel as instructor and he was also very good.
Reviewed by 2012
Instructor was eager to assist but lacked subject matter expertise. Course time management was very poor. Content provided could have been delivered effectively in a one day course.
Reviewed by 2012
Good Course, good trainer. All questions addressed equally and in a timely professional manner.
Reviewed by 2011
The course content was interesting; however, the instructor didn't have enough knowledge about Microsoft Sharepoint 2010 Development and wasn't able to answer questions without google search. In the future CTE needs to make sure the instructors have real on-hands experience and are highly trained in the technologies they are supposed be teaching.
Reviewed by 2011

This course currently does not have any dates scheduled. Please call 1-877-313-8881 to enquire about future dates or scheduling a private, in house course for your team.

This page has been viewed 1833 times.