Certified Information Systems Security Professional

Overview:

The CISSP course covers all relevant concepts, case studies, and workshops for key technical areas across the eight domains. ISC2 has recently introduced the new ‘drag and drop’ questions; these form part of the course. All of our instructors have extensive experience in delivering CISSP training around the world. They are Industry Certified Professionals who deliver our events with pride and passion.

Course Contents

The 8 CISSP Domains:

Security and Risk Management
•   Understand and apply concepts of confidentiality, integrity and availability
•   Establish and manage information security education, training, and awareness
•   Apply security governance principles
•   Understand legal and regulatory issues that pertain to information security in a global context
•   Understand professional ethics
•   Develop and implement documented security policy, standards, procedures, and guidelines
•   Understand business continuity requirements
•   Contribute to personnel security policies
•   Understand and apply risk management concepts
•   Understand and apply threat modelling
•   Integrate security risk considerations into acquisition strategy and practice

Asset Security
•   Classify information and supporting assets (e.g., sensitivity, criticality)
•   Determine and maintain ownership (e.g., data owners, system owners, business/mission owners)
•   Protect privacy
•   Ensure appropriate retention (e.g., media, hardware, personnel)
•   Determine data security controls (e.g., data at rest, data in transit)
•   Establish handling requirements (markings, labels, storage, destruction of sensitive information)

Security Engineering
•   Implement and manage engineering processes using secure design principles
•   Understand the fundamental concepts of security models (e.g., Confidentiality, Integrity, and Multi-level Models)
•   Select controls and countermeasures based upon systems security evaluation models
•   Understand security capabilities of information systems (e.g., memory protection, virtualization, trusted platform module, interfaces, fault tolerance)
•   Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements

Communications and Network Security
•   Apply secure design principles to network architecture (e.g., IP & non-IP protocols, segmentation)
•   Secure network components
•   Design and establish secure communication channels
•   Prevent or mitigate network attacks

Identity and Access Management
•   Control physical and logical access to assets
•   Manage identification and authentication of people and devices
•   Integrate identity as a service (e.g., cloud identity)
•   Integrate third-party identity services (e.g., on premise)
•   Implement and manage authorization mechanisms
•   Prevent or mitigate access control attacks
•   Manage the identity and access provisioning lifecycle (e.g., provisioning, review)

Security Assessment and Testing
•   Design and validate assessment and test strategies
•   Conduct security control testing
•   Collect security process data (e.g., management and operational controls)
•   Analyse and report test outputs (e.g., automated, manual)
•   Conduct or facilitate internal and third party audits

Security Operations
•   Understand and support investigations
•   Understand requirements for investigation types
•   Conduct logging and monitoring activities
•   Secure the provisioning of resources
•   Understand and apply foundational security operations concepts
•   Employ resource protection techniques
•   Conduct incident management

Software Development Security
•   Understand and apply security in the software development lifecycle
•   Enforce security controls in development environments
•   Assess the effectiveness of software security
•   Assess security impact of acquired software