CISSP: Certified Information System Security Professional
CISSP validates your expertise and knowledge in various domains of information security, including security and risk management, asset security, security architecture and engineering, communication and network security, identity and access management, security assessment and testing, security operations, and software development security.
Exam
Certification by
per person
Level
Duration
Training Delivery Format
Face-to-face / Virtual Class
Associated Certification
per person
Level
Duration
Training Delivery Format
Face-to-face (F2F) / Virtual Class
Associated Certification
Class types
Public Class
Private Class
In-House Training
Bespoke
About this course
If you want to show that you know how to make sure an organization’s computers are safe, you need to have the right knowledge and experience.
This course, called CISSP: Certified Information System Security Professional Certification Prep, is made for people who already work in information security and have a lot of technical and managerial knowledge. It will teach you how to design, engineer, and manage the security of an entire organization.
An authorized instructor from (ISC)² will teach you all about information systems security concepts and best practices. You will learn about the eight different areas of knowledge that are important for the CISSP certification.
If you get the CISSP certification, it will help you advance your career in cybersecurity. You’ll be able to show employers that you have the skills to keep their computers safe.
Who should attend?
This training program is designed for people who want to get the CISSP certification. The CISSP certification is meant for professionals who have at least 5 years of work experience in two or more of the eight areas of knowledge covered in the CISSP Common Body of Knowledge (CBK).
If you have a college degree that takes four years to complete, or a recognized credential from a list approved by (ISC)², it will count as one year of experience. However, you can only use education credit to substitute for one year of experience.
Prerequisites
Before taking this CISSP course, you should have experience, skills, or knowledge that you gained from working in the following positions:
- Chief Information Security Officer
- Chief Information Officer
- Director of Security
- IT Director/Manager
- Security Systems Engineer
- Security Analyst
- Security Manager
- Security Auditor
- Security Architect
- Security Consultant
- Network Architect
Course Content
Module 1: The Information Security Environment
- Justify an organizational code of ethics.
- Relate confidentiality, integrity, availability, non-repudiation, authenticity, privacy and safety to due care and due diligence.
- Relate information security governance to organizational business strategies, goals, missions, and objectives.
- Apply the concepts of cybercrime to data breaches and other information security compromises.
- Relate legal, contractual, and regulatory requirements for privacy and data protection to information security objectives.
- Relate transborder data movement and import-export issues to data protection, privacy, and intellectual property protection.
Module 2: Information Asset Security
- Relate the IT asset management and data security lifecycle models to information security.
- Explain the use of information classification and categorization, as two separate but related processes.
- Describe the different data states and their information security considerations.
- Describe the different roles involved in the use of information, and the security considerations for these roles.
- Describe the different types and categories of information security controls and their use.
- Select data security standards to meet organizational compliance requirements.
Module 3: Identity and Access Management (IAM)
- Explain the identity lifecycle as it applies to human and nonhuman users.
- Compare and contrast access control models, mechanisms, and concepts.
- Explain the role of authentication, authorization, and accounting in achieving information security goals and objectives.
- Explain how IAM implementations must protect physical and logical assets.
- Describe the role of credentials and the identity store in IAM systems.
Module 4: Security Architecture and Engineering
- Describe the major components of security engineering standards.
- Explain major architectural models for information security.
- Explain the security capabilities implemented in hardware and firmware.
- Apply security principles to different information systems architectures and their environments.
- Determine the best application of cryptographic approaches to solving organizational information security needs.
- Manage the use of certificates and digital signatures to meet organizational information security needs.
- Discover the implications of the failure to use cryptographic techniques to protect the supply chain.
- Apply different cryptographic management solutions to meet the organizational information security needs.
- Verify cryptographic solutions are working and meeting the evolving threat of the real world.
- Describe defenses against common cryptographic attacks.
- Develop a management checklist to determine the organization’s cryptologic state of health and readiness.
Module 5: Communication and Network Security
- Describe the architectural characteristics, relevant technologies, protocols and security considerations of each of the layers in the OSI model.
- Explain the application of secure design practices in developing network infrastructure.
- Describe the evolution of methods to secure IP communications protocols.
- Explain the security implications of bound (cable and fiber) and unbound (wireless) network environments.
- Describe the evolution of, and security implications for, key network devices.
- Evaluate and contrast the security issues with voice communications in traditional and VoIP infrastructures.
- Describe and contrast the security considerations for key remote access technologies.
- Explain the security implications of software-defined networking (SDN) and network virtualization technologies.
Module 6: Software Development Security
- Recognize the many software elements that can put information systems security at risk.
- Identify and illustrate major causes of security weaknesses in source code.
- Illustrate major causes of security weaknesses in database and data warehouse systems.
- Explain the applicability of the OWASP framework to various web architectures.
- Select malware mitigation strategies appropriate to organizational information security needs.
- Contrast the ways that different software development methodologies, frameworks, and guidelines contribute to systems security.
- Explain the implementation of security controls for software development ecosystems.
- Choose an appropriate mix of security testing, assessment, controls, and management methods for different systems and applications environments.
Module 7: Security Assessment and Testing
- Describe the purpose, process, and objectives of formal and informal security assessment and testing.
- Apply professional and organizational ethics to security assessment and testing.
- Explain internal, external, and third-party assessment and testing.
- Explain management and governance issues related to planning and conducting security assessments.
- Explain the role of assessment in data-driven security decision-making.
Module 8: Security Operation
- Show how to efficiently and effectively gather and assess security data.
- Explain the security benefits of effective change management and change control.
- Develop incident response policies and plans.
- Link incident response to needs for security controls and their operational use.
- Relate security controls to improving and achieving required availability of information assets and systems.
- Understand the security and safety ramifications of various facilities, systems, and infrastructure characteristics.
Module 9: Putting It All Together
- Explain how governance frameworks and processes relate to the operational use of information security controls.
- Relate the process of conducting forensic investigations to information security operations.
- Relate business continuity and disaster recovery preparedness to information security operations.
- Explain how to use education, training, awareness, and engagement with all members of the organization as a way to strengthen and enforce information security processes.
- Show how to operationalize information systems and IT supply chain risk management.
Certification
FAQs
Is the CISSP certification suitable for your needs and goals?
Before starting your certification journey, make sure you consider that the CISSP certification may not be the best fit for everyone seeking IT certifications. It’s important to avoid overlooking other credentials that may align more closely with your current career goals.
Who qualifies for the CISSP certification?
The CISSP certification is well-suited for individuals with extensive experience in security practices, as well as managers and executives who wish to validate their knowledge of a broad range of security principles. This includes professionals holding positions such as:
- Chief Information Security Officer
- Chief Information Officer
- Director of Security
- IT Director/Manager
- Security Systems Engineer
- Security Analyst
- Security Manager
- Security Auditor
- Security Architect
- Security Consultant
- Network Architect
How can I prepare for the exam?
You can join our face-to-face public or virtual. Just choose the right class type for your learning needs and goal.
As an alternative, you can join the Self-Pace Training. You need to create an account and submit your application form and select certified in cybersecurity you are interested in.
At this time, this course is available for private class and in-house training only. Please contact us for any inquiries.