Certified Information Systems Security Professional (CISSP)

In this course, students will expand upon their knowledge by addressing the essential elements of the 8 domains that comprise a Common Body of Knowledge (CBK)® for information systems security professionals.

Who Should Attend

This course is intended for experienced IT security-related practitioners, auditors, consultants, investigators, or instructors, including network or security analysts and engineers, network administrators, information security specialists, and risk management professionals, who are pursuing CISSP training and certification to acquire the credibility and mobility to advance within their current computer security careers or to migrate to a related career. Through the study of all eight CISSP Common Body of Knowledge (CBK) domains, students will validate their knowledge by meeting the necessary preparation requirements to qualify to sit for the CISSP certification exam. Additional CISSP certification requirements include a minimum of five years of direct professional work experience in two or more fields related to the eight CBK security domains, or a college degree and four years of experience.

Prerequisite Courses Recommended

• CompTIA Network+ Certification
• CompTIA Security+ Certification

Course Objectives

• Analyze components of the Security and Risk Management domain.
• Analyze components of the Asset Security domain.
• Analyze components of the Security Engineering domain.
• Analyze components of the Communications and Network Security domain.
• Analyze components of the Identity and Access Management domain.
• Analyze components of the Security Assessment and Testing domain.
• Analyze components of the Security Operations domain.
• Analyze components of the Software Development Security domain.

Agenda

1. Security and Risk Management
2. Security Governance Principles
3. Compliance
4. Professional Ethics
5. Security Documentation
6. Risk Management
7. Threat Modeling
8. Business Continuity Plan Fundamentals
9. Acquisition Strategy and Practice
10. Personnel Security Policies
11. Security Awareness and Training
12. Asset Security
13. Asset Classification
14. Privacy Protection
15. Asset Retention
16. Data Security Controls
17. Secure Data Handling
18. Security Engineering
19. Security in the Engineering Lifecycle
20. System Component Security
21. Security Models
22. Controls and Countermeasures in Enterprise Security
23. Information System Security Capabilities
24. Design and Architecture Vulnerability Mitigation
25. Vulnerability Mitigation in Embedded, Mobile, and Web-Based Systems
26. Cryptography Concepts
27. Cryptography Techniques
28. Site and Facility Design for Physical Security
29. Physical Security Implementation in Sites and Facilities
30. Information Security Management Goals
31. Organizational Security
32. The Application of Security Concepts
33. Information Security Classification and Program Development
34. Information Classification
35. Security Program Development
36. Risk Management and Ethics
37. Risk Management
38. Ethics
39. Software Development Security
40. Software Configuration Management
41. Software Controls
42. Database System Security
43. Cryptography
44. Ciphers and Cryptography
45. Symmetric-Key Cryptography
46. Asymmetric-Key Cryptography
47. Hashing and Message Digests
48. Email, Internet, and Wireless Security
49. Cryptographic Weaknesses
50. Physical Security
51. Physical Access Control
52. Physical Access Monitoring
53. Physical Security Methods
54. Facilities Security