This powerful five-day class is an intense, exam-focused approach to the CISSP certification. This vendor-neutral credential is the ideal certification for those with proven technical and managerial competence, skills, experience and credibility to design, engineer, implement and manage their overall information security program to protect organizations from increasingly sophisticated attacks.

Backed by (ISC)², a globally recognized, nonprofit organization dedicated to advancing the information security field, the CISSP was the first credential in the field of information security to meet the stringent requirements of ISO/IEC Standard 17024. The CISSP is not only an objective measure of excellence but a globally recognized standard of achievement as well.

 

Prerequisites:

To qualify for the CISSP, you must have a minimum of five years of cumulative paid full-time work experience in two or more of the eight domains:

  • Security and Risk Management
  • Asset Security
  • Security Engineering
  • Communications and Network Security
  • Identity and Access Management
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security
Course Objectives:
  • Security and Risk Management
  • Asset Security
  • Security Engineering
  • Communications and Network Security
  • Identity and Access Management
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security
Course Outline:
  • Security and Risk Management
    • Confidentiality, Integrity and Availability
    • Security Governance – Alignment of security function to strategy, goals, mission and objectives; organizational processes; security roles and responsibilities; due care and due diligence
    • Compliance – Legislative and regulatory; privacy requirements compliance
    • Legal and Regulatory Issues Pertaining to Information Security in Global Context – Computer crimes; licensing and intellectual property; import/export controls; trans-border data flow; privacy; data breaches
    • Professional Ethics
    • Documented Security Policy, Standards, Procedures and Guidelines
    • Business Continuity Requirements
    • Personnel Security Policies
    • Risk Management Concepts
    • Threat Modeling – Identifying; determining and diagramming potential attacks; reduction analysis; technologies and processes to remediate threats
    • Security Risk Considerations Integrated into Acquisition Strategy and Practice – Hardware, software and services; third-party assessment and monitoring; minimum security requirements and service-level requirements
    • Information Security Education, Training and Awareness

 

  • Asset Security
    • Classify Information and Supporting Assets
    • Determine and Maintain Ownership
    • Data Privacy
    • Retention
    • Data Security Controls
    • Handling Requirements

 

  • Security Engineering
    • Engineering Processes Using Secure Design Principles
    • Concepts of Security Models
    • Controls and Countermeasures
    • Security Capabilities of Information Systems
    • Assess and Mitigate Vulnerabilities of Security Architectures, Designs and Solution Elements – Client-based; server-based; database security; large-scale parallel systems; distributed systems; cryptographic systems; industrial control systems
    • Assess and Mitigate Vulnerabilities in Web-based Systems
    • Assess and Mitigate Vulnerabilities in Mobile Systems
    • Assess and Mitigate Vulnerabilities in in Embedded Devices and Cyber-Physical Systems
    • Apply Cryptography – Lifecycle; types; PKI; key management practices; digital signatures; digital rights management; non-repudiation; integrity; methods of cryptanalytic attacks
    • Secure Principles – Site and Facility Design
    • Design and Implement Physical Security

 

  • Communication and Network Security
    • Secure Design Principles Applied to Network Architecture – OSI and TCP/IP models; IP networking; implications of multilayer protocols; converged protocols; software-defined networks; wireless networks; cryptography used to maintain communication security
    • Secure Network Components – Operation of hardware; transmission media; network access control devices; endpoint security; content-distribution networks; physical devices
    • Secure Communication Channels – Voice; multimedia collaboration; remotes access; data communications; virtualized networks
    • Prevent or Mitigate Network Attacks

 

  • Identity and Access Management
    • Control Physical and Logical Access to Assets
    • Manage Identification and Authentication of People and Devices
    • Identity as a Service
    • Third-Party identity Services
    • Implement and Manage Authorization Mechanisms
    • Prevent or Mitigate Access Controls Attacks
    • Manage Identity and Access Provisioning Lifecycle

 

  • Security Assessment and Testing
    • Design and Validate Assessment and Test Strategies
    • Conduct Security Control Testing
    • Collect Security Process Data
    • Analyze and Report Test Outputs
    • Conduct or Facilitate Internal and Third Party Audits

 

  • Security Operations
    • Investigations – Evidence collection and handling; reporting and documenting; investigative techniques; digital forensics
    • Requirements for Investigation Types – Operations; criminal; civil; regulatory; eDiscovery
    • Logging and Monitoring Activities
    • Sure Provisioning of Resources
    • Foundational Security Operations Concepts
    • Resource Protection Techniques
    • Incident Management
    • Operate and Maintain Preventative Measures
    • Patch and Vulnerability Management
    • Change Management Processes
    • Recovery Stages – Backup storage strategies; recovery site strategies; multiple processing sites; system resilience, high availability, quality of service and fault tolerance
    • Disaster Recovery Processes
    • Test Disaster Recovery Plans
    • Business Continuity Planning and Exercises
    • Implement and Manage Physical Security
    • Address Personal Safety Concerns
  • Software Development Security
    • Security in the Software Development Lifecycle
    • Security Controls in Development Environments
    • Assess Effectiveness of Software Security
    • Assess Security Impact of Acquired Software