CISSP Certified Information Systems Security Professional

Course Overview

CISSP (Certified Information Systems Security Professional) draws from a comprehensive, up-to-date, global common body of knowledge that ensures security leaders have a deep knowledge and understanding of new threats, technologies, regulations, standards and practices.

This CISSP exam preparation course deals with the security concepts to be mastered in order to obtain CISSP certification. In an accelerated but rigorous manner, this training prepares the student for the CISSP examination, covering the entirety of the Common Body of Knowledge about security (CBK) as defined by the ISC2®.

CISSP Certified Information Systems Security Professional

Module 1. Security and Risk Management

Aligning security and risk to organisational objectives

• Evaluate and apply security governance principles
• Implement policies, standards and procedures
• Applying compliance

Applying risk management concepts

• Assessing threats and vulnerabilities
• Performing risk analysis and control
• Defining qualitative and quantitative analysis

Preserving the business

• Adhering to Business Continuity Management Code of Practise and Specifications
• Performing a business impact analysis

Investigating legal measures and techniques

• Reviewing intellectual property, liability and law, and compliance
• Differentiating traditional computer crime
• Establish information and asset handling requirements

Module 2. Asset Security

Examining security models and frameworks

• The Information Security Triad and multi-level models
• Investigating industry standards: ISO 27001/27002
• Evaluating security model fundamental concepts

Exploring system and component security concepts

• Certification and accreditation criteria and models
• Reviewing mobile system/cloud/IoT vulnerabilities

Protecting information by applying cryptography

• Detailing symmetric and asymmetric encryption systems
• Ensuring message integrity through hashing
• Uncovering threats to cryptographic systems

Safeguarding physical resources

• Designing environments to resist hostile acts and threats
• Designing environments to resist hostile acts and threats

Module 3. Communication & Network Security

Defining a secure network architecture

• TCP/IP and other protocol models
• Protecting from network attacks
• Reviewing secure network components and communication channels

Examining secure networks and components

• Identifying wired and wireless technologies
• Implementing firewalls, secure communications, proxies, and tunnels

Module 4. Identity & Access Management

Controlling access to protect assets

• Defining administrative, technical and physical controls
• Implementing centralised and decentralised approaches
• Investigating biometric and multi-factor authentication
• Identifying common threats
• Manage the identity and access provisioning lifecyle

Module 6. Security Assessment & Testing

Designing and conducting security assessment strategies

• Leveraging the role of testing and auditing to analyse the effectiveness of security controls
• Differentiating detection and protection systems

Conducting logging and monitoring activities

• Distinguishing between the roles of internal and external audits
• Conduct or facilitate security audits

Module 7. Security Operations

Maintaining operational resilience

• Managing security services effectively
• Leveraging and supporting investigations and incident response
• Differentiating detection and protection systems
• Securely provisioning resources

Developing a recovery strategy

• Designing a disaster recovery plan
• Implementing test and maintenance processes
• Provisioning of resources

Module 8. Software Security Development

Securing the software development life cycle

• Applying software development methods and security controls
• Addressing database security concepts and issues
• Define and apply secure coding guidelines and standards
• Reviewing software security effectiveness and security impact