The Certified Information Systems Security Professional (CISSP)

Course Content

Course is aligned with ISC requirements and will prepare attendees to pass the official exam. It will train attendees to become an information security professional who defines all aspects of IT security, including architecture, design, management, and controls.

After completing this course, the student will be able to:

  • Understand and apply fundamental concepts and methods related to the fields of information technology and security
  • Align overall organizational operational goals with security functions and implementations
  • Understand how to protect assets of the organization as they go through their lifecycle
  • Understand the concepts, principles, structures and standards used to design, implement, monitor and secure operating systems, equipment, networks, applications and those controls used to enforce various levels of confidentiality, integrity and availability
  • Implement system security through the application of security design principles and application of appropriate security control mitigations for vulnerabilities present in common information system types and architectures
  • Understand the importance of cryptography and the security services it can provide in today’s digital and information age
  • Understand the impact of physical security elements on information system security and apply secure design principles to evaluate or recommend appropriate physical security protections
  • Understand the elements that comprise communication and network security coupled with a thorough description of how the communication and network systems function
  • List the concepts and architecture that define the associated technology and implementation systems and protocols at Open Systems Interconnection (OSI) model layers 1-7
  • Identify standard terms for applying physical and logical access controls to environments related to their security practice
  • Appraise various access control models to meet business security requirements
  • Name primary methods for designing and validating test and audit strategies that support business requirements
  • Enhance and optimize an organization’s operational function and capacity by applying and utilizing appropriate security controls and countermeasures
  • Recognize risks to an organization’s operational endeavours and assess specific threats, vulnerabilities and controls
  • Understand the System Lifecycle (SLC) and the Software Development Lifecycle (SDLC) and how to apply security to it; identify which security control(s) are appropriate for the development environment; and assess the effectiveness of software security

Course Duration

5 Days

Who is this course for?

The course is intended for professionals who have at least five years of recent full-time security professional work experience in two or more of the eight domains of the CISSP Common Body of Knowledge (CBK). The CISSP CBK is recommended for experienced IT security-related practitioners, auditors, consultants, investigators, or instructors, including network or security analysts and engineers, network administrators, information security specialists, and risk management professionals, who are pursuing CISSP training and certification to acquire the credibility and mobility to advance within their current computer security careers or to migrate to a related career. Through the study of all eight (8) CISSP CBK domains, students will validate their knowledge by meeting the necessary preparation requirements to sit the CISSP certification exam.

Course Syllabus

    • Confidentiality, integrity, and availability concepts
    • Security governance principles
    • Compliance
    • Attacker’s viewpoint
    • Legal and regulatory issues
    • Professional ethic
    • Security policies, standards, procedures and guidelines
    • Information and asset classification
    • Ownership (e.g. data owners, system owners)
    • Protect privacy
    • Appropriate retention
    • Data security controls
    • Handling requirements (e.g. markings, labels, storage)
    • Engineering processes using secure design principles
    • Security models fundamental concepts
    • Security evaluation models
    • Security capabilities of information systems
    • Security architectures, designs, and solution elements vulnerabilities
    • Web-based systems vulnerabilities
    • Mobile systems vulnerabilities
    • Embedded devices and cyber-physical systems vulnerabilities
    • Cryptography
    • Site and facility design secure principles
    • Physical security
    • Secure network architecture design (e.g. IP & non-IP protocols, segmentation)
    • Secure communication channels
    • Network attacks
    • Physical and logical assets control
    • Identification and authentication of people and devices
    • Identity as a service (e.g. cloud identity)
    • Third-party identity services (e.g. on- premise)
    • Access control attacks
    • Identity and access provisioning lifecycle (e.g. provisioning review)
    • How to plan for an incident
    • Measures to implement in order to recover from an incident
    • Assessment and test strategies
    • Security process data (e.g. management and operational controls)
    • Security control testing
    • Test outputs (e.g. automated, manual)
    • Security architectures vulnerabilities
    • Investigations support and requirements
    • Logging and monitoring activities
    • Provisioning of resources
    • Foundational security operations concepts
    • Resource protection techniques
    • Incident management
    • Preventative measures
    • Patch and vulnerability management
    • Change management processes
    • Recovery strategies
    • Disaster recovery processes and plans
    • Business continuity planning and exercises
    • Physical security
    • Personnel safety concerns
    • Security in the software development lifecycle
    • Development environment security controls
    • Software security effectiveness
    • Acquired software security impact