CISSP Certification

Certified Information Systems Security Professional (CISSP) is an independent information security certification governed by the International Information System Security Certification Consortium, also known as (ISC)².

The CISSP exam is rigorous, covering eight security domains essential for the protection of information systems, corporations and national infrastructures. Understanding that security is an enterprise wide problem, these domains provide the candidate with a broad understanding of the technical, managerial and human factors that must coordinate effectively to keep information and systems secure.

The vendor-neutral CISSP certification is the ideal credential for those with proven deep technical and managerial competence, skills, experience, and credibility to design, engineer, implement, and manage their overall information security program to protect organizations from growing sophisticated attacks. 

Learning Objectives:

• Understand and apply the concepts of risk assessment, risk analysis, data classification, and security awareness and Implement risk management and the principles used to support it (Risk avoidance, Risk acceptance, Risk mitigation, Risk transference)  
• Understand the structures, transmission methods, transport formats, and security measures used to provide confidentiality, integrity, and availability for transmissions over private and public communications networks and media and identify risks that can be quantitatively and qualitatively measured to support the building of business cases to drive proactive security in the enterprise.
• Offer greater visibility into determining who or what may have altered data or system information, potentially affecting the integrity of those asset and match an entity, such as a person or a computer system, with the actions that entity takes against valuable assets, allowing organizations to have a better understanding of the state of their security posture.
• Plan for technology development, including risk, and evaluate the system design against mission requirements, and identify where competitive prototyping and other evaluation techniques fit in the process
• Protect and control information processing assets in centralized and distributed environments and execute the daily tasks required to keep security services operating reliably and efficiently.
• Understand the Software Development Life Cycle (SDLC) and how to apply security to it, and identify which security control(s) are appropriate for the development environment, and assess the effectiveness of software security.

Outline:

• Domain 1: Security and Risk Management
• 1.1 Understand and apply concepts of confidentiality, integrity and availability
• 1.2 Evaluate and apply security governance principles
• 1.3 Determine compliance requirements
• 1.4 Understand legal and regulatory issues that pertain to information security in a global context
• 1.5 Understand, adhere to, and promote professional ethics 
• 1.6 Develop, document, and implement security policy, standards, procedures, and guidelines
• 1.7 Identify, analyze, and prioritize Business Continuity (BC) requirements 
• 1.8 Contribute to and enforce personnel security policies and procedures 
• 1.9 Understand and apply risk management concepts
• 1.10 Understand and apply threat modeling concepts and methodologies
• 1.11 Apply risk-based management concepts to the supply chain
• 1.12 Establish and maintain a security awareness, education, and training program
• Domain 2: Asset Security
• 2.1 Identify and classify information and assets
• 2.2 Determine and maintain information and asset ownership
• 2.3 Protect privacy
• 2.4 Ensure appropriate asset retention
• 2.5 Determine data security controls
• 2.6 Establish information and asset handling requirements
• Domain 3: Security Architecture and Engineering
• 3.1 Implement and manage engineering processes using secure design principles
• 3.2 Understand the fundamental concepts of security models
• 3.3 Select controls based upon systems security requirements
• 3.4 Understand security capabilities of information systems (e.g., memory protection, Trusted Platform Module (TPM), encryption/decryption)
• 3.5 Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements
• 3.6 Assess and mitigate vulnerabilities in web-based systems
• 3.7 Assess and mitigate vulnerabilities in mobile systems
• 3.8 Assess and mitigate vulnerabilities in embedded devices
• 3.9 Apply cryptography
• 3.10 Apply security principles to site and facility design
• 3.11 Implement site and facility security controls
• Domain 4: Communication and Network Security
• 4.1 Implement secure design principles in network architectures
• 4.2 Secure network components
• 4.3 Implement secure communication channels according to design
• Domain 5: Identity and Access Management (IAM)
• 5.1 Control physical and logical access to assets
• 5.2 Manage identification and authentication of people, devices, and services
• 5.3 Integrate identity as a third-party service
• 5.4 Implement and manage authorization mechanisms
• 5.5 Manage the identity and access provisioning lifecycle
• Domain 6: Security Assessment and Testing
• 6.1 Design and validate assessment, test, and audit strategies
• 6.2 Conduct security control testing
• 6.3 Collect security process data (e.g., technical and administrative)
• 6.4 Analyze test output and generate report
• 6.5 Conduct or facilitate security audits
• and more

Benefits:

• Industry Recognition: Demonstrates a working knowledge of information security 
• Difficulty Level: Confirms passing a rigorous examination
• Dedication: Confirms commitment to the profession
• Career differentiator, with enhanced credibility and marketability
• Get exclusive benefits: As an (ISC)² member, including valuable resources such as peer networking and idea exchange
• Earning Potential: According to the Global Information Security Workforce Study CISSPs earn a worldwide average of 25% more than their non-certified counterparts.
• Universally Recognized: Fulfills government and organization requirements for information security certification mandates