Certified Information Systems Security Professional (CISSP)

Session Detail:    Virtual 5 Day

CISSP training is an advanced course designed to meet the high demands of the information security industry by preparing students for the Certified Information Systems Security Professional (CISSP) exam.

About this Course

CISSP is a five day, instructor led training designed to help students prepare for the Certified Information Systems Security Professional (CISSP) Certification. CISSP training is an advanced course designed to meet the high demands of the information security industry by preparing students for the Certified Information Systems Security Professional (CISSP) exam.

Audience Profile

This course is designed for professionals who have at least 5 years of recent full-time professional work experience in 2 or more of the 8 domains of the CISSP CBK and are pursuing CISSP training and certification to acquire the credibility and mobility to advance within their current information security careers. The training session is ideal for those working in positions such as, but not limited to:

  • Security Consultant
  • Security Manager
  • IT DIrector/Manager
  • Security Auditor
  • Security Architect
  • Security Analyst
  • Security Systems Engineer
  • Chief Information Security Officer
  • Director of Security
  • Network Architect

At Course Completion

After completion of this course, students should be able to…

  • Understand and apply the concepts of risk assessment, risk analysis, data classification, and security awareness and Implementation risk management and the principles used to support it (Risk avoidance, Risk acceptance, Risk mitigation, Risk transference)
  • Apply a comprehensive and rigorous method for describing a current and/or future structure and behavior for an organization’s security processes, information security systems, personnel, and organizational sub-units so that these practices and processes align with the organization’s core goals and strategic direction and address the frameworks and policies, concepts, principles, structures, and standards used to establish criteria for the protection of information assets, as well as to assess the effectiveness of that protection and establish the foundation of a comprehensive and proactive security program to ensure the protection of an organization’s informations assets.
  • Apply a comprehensive and rigorous method for describing a current and/or future structure and behavior for an organization’s security processes, information security systems, personnel, and organizational sub-units so that these practices and processes align with the organization’s core goals and strategic direction and examine the principles, means, and methods of applying mathematical algorithms and data transformations to information to ensure its integrity, confidentiality, and authenticity
  • Understand the structures, transmission methods, transport formats, and security measures used to provide confidentiality, integrity, and availability for transmissions over private and public communications networks and media and identify risks that can be quantitatively and qualitatively measured to support the building of business cases to drive proactive security in the enterprise.
  • Offer greater visibility into determining who or what may have altered data or system information, potentially affecting the integrity of those asset and match an entity, such as a person or a computer system, with the actions that entity takes against valuable assets, allowing organizations to have a better understanding of the state of their security posture.
  • Plan for technology development, including risk, and evaluate the system design against mission requirements, and identify where competitive prototyping and other evaluation techniques fit in the process
  • Protect and control information processing assets in centralized and distributed environments and execute the daily tasks required to keep security services operating reliably and efficiently.
  • Understand the Software Development Life Cycle (SDLC) and how to apply security to it, and identify which security control(s) are appropriate for the development environment, and assess the effectiveness of software security

Prerequisites

Candidates must have a minimum of five (5) years of cumulative paid full-time professional security work experience in two or more of the 8 domains of the CISSP CBK.

Candidates may receive a one year experience waiver with a four-year college degree, or regional equivalent OR additional credential from the approved list, thus requiring four (4) years of direct full-time professional security work experience in two or more of the ten domains of the CISSP CBK.

Candidates who have not completed the 5 years of experience to take the CISSP, can take an Associate CISSP exam. This will give them a credential showing their knowledge until they are able to meet the experience requirements for the CISSP.

Session Outline

Class Outline

Module 1: Security and Risk Management

  • Lesson 1: Security Governance Principles
  • Lesson 2: Compliance
  • Lesson 3: Legal and Regulatory Issues
  • Lesson 4: Professional Ethics
  • Lesson 5: Security Policies, Standards, Procedures and Guidelines

Module 2: Asset Security

  • Lesson 1: Information and Asset Classification
  • Lesson 2: Ownership (e.g. data owners, system owners)
  • Lesson 3: Protect Privacy
  • Lesson 4: Appropriate Retention
  • Lesson 5: Data Security Controls
  • Lesson 6: Handling Requirements (e.g. markings, labels, storage)

Module 3: Security Engineering

  • Lesson 1: Engineering Processes using Secure Design Principles
  • Lesson 2: Security Models Fundamental Concepts
  • Lesson 3: Security Evaluation Models
  • Lesson 4: Security Capabilities of Information Systems
  • Lesson 5: Security Architectures, Designs, and Solution Elements Vulnerabilities
  • Lesson 6: Web-based Systems Vulnerabilities
  • Lesson 7: Mobile System Vulnerabilities
  • Lesson 8: Embedded Devices and Cyber-physical Systems Vulnerabilities
  • Lesson 9: Cryptography
  • Lesson 10: Site and Facility Design Secure Principles
  • Lesson 11: Physical Security

Module 4: Communication and Network Security

  • Lesson 1: Secure Network Architecture Design (e.g. IP & non-IP protocols, segmentation)
  • Lesson 2: Secure Network Components
  • Lesson 3: Secure Communication Channels
  • Lesson 4: Network Attacks

Module 5: Identity and Access Management

  • Lesson 1: Physical and Logical Assets Control
  • Lesson 2: Identification and Authentication of People and Devices
  • Lesson 3: Identity as a Service (e.g. cloud identity)
  • Lesson 4: Third-party Identity Services (e.g. on-premise)
  • Lesson 5: Access Control Attacks
  • Lesson 6: Identity and Access Provisioning Lifecycle (e.g. provisioning review)

Module 6: Security Assessment and Testing

  • Lesson 1: Assessment and Test Strategies
  • Lesson 2: Security Process Data (e.g. management and operational controls)
  • Lesson 3: Security Control Testing
  • Lesson 4: Test Outputs (e.g. automated, manual)
  • Lesson 5: Security Architectures Vulnerabilities

Module 7: Security Operations

  • Lesson 1: Investigations Support and Requirements
  • Lesson 2: Logging and Monitoring Activities
  • Lesson 3: Provisioning of Resources
  • Lesson 4: Foundational Security Operations Concepts
  • Lesson 5: Resource Protection Techniques
  • Lesson 6: Incident Management
  • Lesson 7: Preventative Measures
  • Lesson 8: Patch and Vulnerability management
  • Lesson 9: Change Management Processes
  • Lesson 10: Recovery Strategies
  • Lesson 11: Disaster Recovery Processes and Plans
  • Lesson 12: Business Continuity Planning and Exercises
  • Lesson 13: Physical Security
  • Lesson 14: Personnel Safety Concerns

Module 8: Software Development Security

  • Lesson 1: Security in the Software Development Lifecycle
  • Lesson 2: Development Environment Security Controls
  • Lesson 3: Software Security Effectiveness
  • Lesson 4: Acquired Software Security Impact

Need to train your team?

All of our sessions can be customized to meet your team’s specific need. Build the perfect program by picking and choosing topics from any of the courses in our catalog. A personalized private session gives you the ultimate flexibility and helps maximize your team’s valuable time!

Requesting Team Training
DateTimeTypePriceAdd To Cart
Mar 1 - Mar 5, 202110:00AM-6:00PM ESTVirtual$2,995.00
Apr 19 - Apr 23, 202110:00AM-6:00PM ESTVirtual$2,995.00

Certified Information Systems Security Professional (CISSP)

5 Day
Virtual

$2,995.00

Clear

Chat with a Coach

Chat with a Coach

Have a more immediate need? Why spend the next hour searching online for answers when you can spend just 15 minutes with one of our experts and get accurate and personalized answers to all of your questions. 

$9.99 | 15 Minutes

Book Now