CISSP Certified Information Systems Security Professional

CISSP (Certified Information Systems Security Professional) draws from a comprehensive, up-to-date, global common body of knowledge that ensures security leaders have a deep knowledge and understanding of new threats, technologies, regulations, standards and practices.

This CISSP exam preparation course deals with the security concepts to be mastered in order to obtain CISSP certification. In an accelerated but rigorous manner, this training prepares the student for the CISSP examination, covering the entirety of the Common Body of Knowledge about security (CBK) as defined by the ISC2®.

Outline:

• CISSP Certified Information Systems Security Professional
• Module 1. Security and Risk Management
• Aligning security and risk to organisational objectives
• Evaluate and apply security governance principles
• Implement policies, standards and procedures
• Applying compliance
• Applying risk management concepts
• Assessing threats and vulnerabilities
• Performing risk analysis and control
• Defining qualitative and quantitative analysis
• Preserving the business
• Adhering to Business Continuity Management Code of Practise and Specifications
• Performing a business impact analysis
• Investigating legal measures and techniques
• Reviewing intellectual property, liability and law, and compliance
• Differentiating traditional computer crime
• Establish information and asset handling requirements
• Module 2. Asset Security
• Examining security models and frameworks
• The Information Security Triad and multi-level models
• Investigating industry standards: ISO 27001/27002
• Evaluating security model fundamental concepts
• Exploring system and component security concepts
• Certification and accreditation criteria and models
• Reviewing mobile system/cloud/IoT vulnerabilities
• Protecting information by applying cryptography
• Detailing symmetric and asymmetric encryption systems
• Ensuring message integrity through hashing
• Uncovering threats to cryptographic systems
• Safeguarding physical resources
• Designing environments to resist hostile acts and threats
• Designing environments to resist hostile acts and threats
• Module 3. Communication & Network Security
• Defining a secure network architecture
• TCP/IP and other protocol models
• Protecting from network attacks
• Reviewing secure network components and communication channels
• Examining secure networks and components
• Identifying wired and wireless technologies
• Implementing firewalls, secure communications, proxies, and tunnels
• Module 4. Identity & Access Management
• Controlling access to protect assets
• Defining administrative, technical and physical controls
• Implementing centralised and decentralised approaches
• Investigating biometric and multi-factor authentication
• Identifying common threats
• Manage the identity and access provisioning lifecyle
• Module 6. Security Assessment & Testing
• Designing and conducting security assessment strategies
• Leveraging the role of testing and auditing to analyse the effectiveness of security controls
• Differentiating detection and protection systems
• Conducting logging and monitoring activities
• Distinguishing between the roles of internal and external audits
• Conduct or facilitate security audits
• Module 7. Security Operations
• Maintaining operational resilience
• Managing security services effectively
• Leveraging and supporting investigations and incident response
• Differentiating detection and protection systems
• Securely provisioning resources
• Developing a recovery strategy
• Designing a disaster recovery plan
• Implementing test and maintenance processes
• Provisioning of resources
• Module 8. Software Security Development
• Securing the software development life cycle
• Applying software development methods and security controls
• Addressing database security concepts and issues
• Define and apply secure coding guidelines and standards
• Reviewing software security effectiveness and security impact