Certified Information Systems Security Professional (CISSP)

The Certified Information Systems Security Professional (CISSP) is the most globally recognized certification in the information security market. CISSP validates an information security professional’s deep technical and managerial knowledge and experience to effectively design, engineer, and manage the overall security posture of an organization.

Security and Risk Management (e.g., Security, Risk, Compliance, Law, Regulations, Business Continuity)

• Understand and Apply Concepts of Confidentiality, Integrity, and Availability

• Apply Security Governance Principles

• Compliance

• Understand Legal and Regulatory Issues that Pertain to Information Security in a Global Context

• Develop and Implement Documented Security policies, Standards, Procedures, and Guidelines

• Understand Business Continuity Requirements

• Contribute to Personnel Security Policies

• Understand and Apply Risk Management Concepts

• Understand and Apply Threat Modeling

• Integrate Security Risk Considerations into Acquisitions Strategy and Practice

• Establish and Manage Security Education, Training, and Awareness

Asset Security (Protecting Security of Assets)

• Classify Information and Supporting Assets

• Determine and Maintain Ownership

• Protect Privacy

• Ensure Appropriate Retention

• Determine Data Security Controls

• Establish Handling Requirements

Security Engineering (Engineering and Management of Security)

• Implement and Manage an Engineering Life Cycle Using Security Design Principles

• Understand Fundamental Concepts of Security Models

• Select Controls and Countermeasures Based Upon Information Systems Security Standards

• Understand the Security Capabilities of Information Systems

• Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements

• Assess and Mitigate Vulnerabilities in Web-based Systems

• Assess and Mitigate Vulnerabilities in Mobile Systems

• Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical Systems

• Apply Cryptography

• Apply Secure Principles to Site and Facility Design

• Design and Implement Facility Security

Communications and Network Security (Designing and Protecting Network Security)

• Apply Secure Design Principles to Network Architecture

• Securing Network Components

• Design and Establish Secure Communication Channels

• Prevent or Mitigate Network Attacks