(ISC)² Certified Information Systems Security Professional (CISSP)

It is highly recommended that students have IT certifications in Network+, Security+, or possess equivalent professional experience upon entering CISSP training.

It will be beneficial if students have one or more of the following security-related or technology-related certifications or equivalent industry experience: MCSE, MCTS, MCITP, SCNP, CCNP, RHCE, LCE, CNE, SSCP, GIAC, CISA, or CISM.

Additional CISSP certification requirements include:

• A minimum of five years of direct professional work experience in one or more fields related to the 8 CBK security domains -OR-
• A college degree and four years of experience.

Contact us anytime to request more information or a complete syllabus.

Course Objectives:

• Analyze information systems access control
• Analyze security architecture, design, network security systems and telecommunications
• Analyze information security management goals and classification and program development
• Analyze risk management criteria and ethical codes of conduct
• Analyze application security
• Analyze cryptography characteristics and elements
• Analyze physical and operations security
• Apply business continuity and disaster recovery plans
• Identify legal issues, regulations, compliance standards, and investigation practices relating to information systems security

Professional IT Career Tracks
CISSP training is intended for experienced IT security-related practitioners including auditors, consultants, investigators, instructors, or managers. More specific positions such as security and IT managers, network or security analysts and engineers, network administrators, information security specialists, and risk management professionals, who are pursuing CISSP training and CISSP certification to acquire the credibility and mobility to advance within their current cyber security careers or to migrate to a related career.

Through the study of all 8 CISSP CBK domains, students will validate their knowledge by meeting the necessary preparation requirements to qualify to sit for the CISSP certification exam.

• Lesson 1: Security and Risk Management
  • Confidentiality, integrity, and availability concepts
  • Security governance principles
  • Compliance
  • Legal and regulatory issues
  • Professional ethics
  • Security policies, standards, procedures, and guidelines
• Lesson 2: Asset Security
  • Information and asset classification
  • Ownership
  • Protect privacy
  • Appropriate retention
  • Data security controls
  • Handling requirements

• Lesson 3: Security Engineering
  • Engineering processes using secure design principles
  • Security models fundamental concepts
  • Security evaluation models
  • Security capabilities of information systems
  • Security architectures, designs, and solution elements vulnerabilities
  • Web-based systems vulnerabilities
  • Mobile systems vulnerabilities
  • Embedded devices and cyber-physical systems vulnerabilities
  • Cryptography
  • Site and facility design secure principles
  • Physical security
• Lesson 4:
  • Secure Network architecture design
  • Secure network components
  • Secure communication channels
  • Network attacks

• Lesson 5: Identity and Access Management
  • Physical and logical assets control
  • Identification and authentication of people and devices
  • Identity as a service
  • Third-party identity services
  • Access control attacks
  • Identity and access provisioning lifecycle
• Lesson 6: Security Assessment and Testing
  • Assessment and test strategies
  • Security process data
  • Security control testing
  • Test outputs
  • Security architectures vulnerabilities

• Lesson 7: Security Operations
  • Investigations support and requirements
  • Logging and monitoring activities
  • Provisioning of resources
  • Foundational security operations concepts
  • Resource protection techniques
  • Incident management
  • Preventative measures
  • Patch and vulnerability management
  • Change management processes
  • Recovery strategies
  • Disaster recovery processes and plans
  • Business continuity planning and exercises
  • Physical security
  • Personnel safety concerns
• Lesson 8: Software Development Security
  • Security in the software development lifecycle
  • Development environment security controls
  • Software security effectiveness
  • Acquired software security impact