Five (5) days, classroom (can also be offered as a remote, video-based offering) training, focused on preparing attendees for taking and passing the CISSP exam. This class is based on the Official (ISC)2 CISSP Study Guide, 8th edition. It is taught by one of the authors of the book, James Michael Stewart. This class completely covers the topics listed on the official exam outline and serves as a solid preparation for the certification exam. The class will consist of lecture presentation of the materials while striving to answer all student questions about topics along the way. Students will need to read and review materials as well as take practice questions in the evenings and in the weeks following to round out their studies to be well suited for passing the CISSP certification exam.

Course Duration: 5 Days
Prerequisites:

To qualify for the CISSP, you must have a minimum of five years of cumulative paid full-time work experience in two or more of the eight domains:

  • Security and Risk Management
  • Asset Security
  • Security Engineering
  • Communications and Network Security
  • Identity and Access Management
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security
Course Objectives:
  • Security and Risk Management
  • Asset Security
  • Security Engineering
  • Communications and Network Security
  • Identity and Access Management
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security
Course Outline:
  • Security and Risk Management
    • Confidentiality, Integrity and Availability
    • Security Governance – Alignment of security function to strategy, goals, mission and objectives; organizational processes; security roles and responsibilities; due care and due diligence
    • Compliance – Legislative and regulatory; privacy requirements compliance
    • Legal and Regulatory Issues Pertaining to Information Security in Global Context – Computer crimes; licensing and intellectual property; import/export controls; trans-border data flow; privacy; data breaches
    • Professional Ethics
    • Documented Security Policy, Standards, Procedures and Guidelines
    • Business Continuity Requirements
    • Personnel Security Policies
    • Risk Management Concepts
    • Threat Modeling – Identifying; determining and diagramming potential attacks; reduction analysis; technologies and processes to remediate threats
    • Security Risk Considerations Integrated into Acquisition Strategy and Practice – Hardware, software and services; third-party assessment and monitoring; minimum security requirements and service-level requirements
    • Information Security Education, Training and Awareness

 

  • Asset Security
    • Classify Information and Supporting Assets
    • Determine and Maintain Ownership
    • Data Privacy
    • Retention
    • Data Security Controls
    • Handling Requirements

 

  • Security Engineering
    • Engineering Processes Using Secure Design Principles
    • Concepts of Security Models
    • Controls and Countermeasures
    • Security Capabilities of Information Systems
    • Assess and Mitigate Vulnerabilities of Security Architectures, Designs and Solution Elements – Client-based; server-based; database security; large-scale parallel systems; distributed systems; cryptographic systems; industrial control systems
    • Assess and Mitigate Vulnerabilities in Web-based Systems
    • Assess and Mitigate Vulnerabilities in Mobile Systems
    • Assess and Mitigate Vulnerabilities in in Embedded Devices and Cyber-Physical Systems
    • Apply Cryptography – Lifecycle; types; PKI; key management practices; digital signatures; digital rights management; non-repudiation; integrity; methods of cryptanalytic attacks
    • Secure Principles – Site and Facility Design
    • Design and Implement Physical Security

 

  • Communication and Network Security
    • Secure Design Principles Applied to Network Architecture – OSI and TCP/IP models; IP networking; implications of multilayer protocols; converged protocols; software-defined networks; wireless networks; cryptography used to maintain communication security
    • Secure Network Components – Operation of hardware; transmission media; network access control devices; endpoint security; content-distribution networks; physical devices
    • Secure Communication Channels – Voice; multimedia collaboration; remotes access; data communications; virtualized networks
    • Prevent or Mitigate Network Attacks

 

  • Identity and Access Management
    • Control Physical and Logical Access to Assets
    • Manage Identification and Authentication of People and Devices
    • Identity as a Service
    • Third-Party identity Services
    • Implement and Manage Authorization Mechanisms
    • Prevent or Mitigate Access Controls Attacks
    • Manage Identity and Access Provisioning Lifecycle

 

  • Security Assessment and Testing
    • Design and Validate Assessment and Test Strategies
    • Conduct Security Control Testing
    • Collect Security Process Data
    • Analyze and Report Test Outputs
    • Conduct or Facilitate Internal and Third Party Audits

 

  • Security Operations
    • Investigations – Evidence collection and handling; reporting and documenting; investigative techniques; digital forensics
    • Requirements for Investigation Types – Operations; criminal; civil; regulatory; eDiscovery
    • Logging and Monitoring Activities
    • Sure Provisioning of Resources
    • Foundational Security Operations Concepts
    • Resource Protection Techniques
    • Incident Management
    • Operate and Maintain Preventative Measures
    • Patch and Vulnerability Management
    • Change Management Processes
    • Recovery Stages – Backup storage strategies; recovery site strategies; multiple processing sites; system resilience, high availability, quality of service and fault tolerance
    • Disaster Recovery Processes
    • Test Disaster Recovery Plans
    • Business Continuity Planning and Exercises
    • Implement and Manage Physical Security
    • Address Personal Safety Concerns
  • Software Development Security
    • Security in the Software Development Lifecycle
    • Security Controls in Development Environments
    • Assess Effectiveness of Software Security
    • Assess Security Impact of Acquired Software