CISSP Course Overview

 

Who is the course designed for?

Certified Information Systems Security Professional (CISSP) is an independent information security certification governed by the not-for-profit International Information Systems Security Certification Consortium, (ISC) 2.

The CISSP certification was the first credential in the field of information security, accredited by the ANSI (American National Standards Institute) to ISO (International Standards Organization) Standard 17024:2003. It is approved by the U.S. Department of Defense (DoD) in both their Information Assurance Technical (IAT) and Managerial (IAM) categories. CISSP certified professionals are considered authorities on key security issues including mobile security, risk management, application development security, cloud computing, among others.

CISSP certification is not only an objective measure of excellence, but a globally recognized standard of achievement for security training. Dot Com Systems provides comprehensive CISSP training for participants who wish to gain expertise in defining the design, architecture, management and controls leading to a secure business environment. Individuals possessing this vendor neutral credential are high in demand by corporations all over the world who want to protect their organizations from a growing spurt of sophisticated cyber attacks.

 

What are the course objectives?

Upon successful completion of this course, students will be able to:

  • Analyze information systems access control.
  • Analyze security architecture and design.
  • Analyze network security systems and telecommunications.
  • Analyze information security management goals.
  • Analyze information security classification and program development.
  • Analyze risk management criteria and ethical codes of conduct.
  • Analyze software development security.
  • Analyze cryptography characteristics and elements.
  • Analyze physical security.
  • Analyze operations security.
  • Apply Business Continuity and Disaster Recovery Plans.
  • Identify legal issues, regulations, compliance standards, and investigation practices relating to information systems security.

Audience:

This course is intended for experienced IT security-related practitioners, auditors, consultants, investigators, or instructors, including network or security analysts and engineers, network administrators, information security specialists, and risk management professionals, who are pursuing CISSP training and certification to acquire the credibility and mobility to advance within their current computer security careers or to migrate to a related career. Through the study of all 10 CISSP CBK domains, students will validate their knowledge by meeting the necessary preparation requirements to qualify to sit for the CISSP certification exam. The CISSP exam is intentionally difficult and should not be taken lightly. Even students with years of security experience should assume that they will have additional study time after class. Because the domains are so varied, it is unlikely that any one student will have experience in all 10 domains. Additional CISSP certification requirements include a minimum of five years of direct professional work experience in one or more fields related to the 10 CBK security domains, or a college degree and four years of experience.

Why should you attend this course?

If you're planning to appear for the CISSP exam, and need to undergo a training that will help cover up the gaps in your knowledge. Or if you're someone wanting to get a broad-based view of the key aspects of information security, then this is the course for you. Or if you're looking to build a career in information security, and wish to get all your key concepts in place.

 

Why CISSP ?

  • To expand your knowledge in security concepts and practices.
  • To show a dedication to the security discipline.
  • To meet a growing demands for security professionals, and to work in a thriving field.
  • To join a professional organization and to link up with like-minded individuals
  • It is the credential for professionals who develop policies and procedures in information security.
  • The CISSP certification confirms that you are capable of developing the information security policies, standards, and procedures, managing information security policies, standards and procedures
  • This certification is a measure of your capabilities.

 

 

Duration: 40 Hours

Course Details:

The course and examination covers the current, official (ISC) ², material in the following areas:

  • Security and Risk Management (Security, Risk, Compliance, Law, Regulations, and Business Continuity)
    • Confidentiality, integrity, and availability concepts 
    • Security governance principles
    • Compliance
    • Legal and regulatory issues
    • Professional ethic
    • Security policies, standards, procedures and guidelines
     
  • Asset Security (Protecting Security of Assets)
    • Information and asset classification
    • Ownership (e.g. data owners, system owners)
    • Protect privacy
    • Appropriate retention
    • Data security controls
    • Handling requirements (e.g. markings, labels, storage)
     
  • Security Engineering (Engineering and Management of Security)
    • Engineering processes using secure design principles
    • Security models fundamental concepts
    • Security evaluation models
    • Security capabilities of information systems
    • Security architectures, designs, and solution elements vulnerabilities
    • Web-based systems vulnerabilities
    • Mobile systems vulnerabilities
    • Embedded devices and cyber-physical systems vulnerabilities
    • Cryptography
    • Site and facility design secure principles
    • Physical security
        
  • Communication and Network Security (Designing and Protecting Network Security)
    • Secure network architecture design (e.g. IP & non-IP protocols, segmentation)
    • Secure network components
    • Secure communication channels
    • Network attacks
        
  • Identity and Access Management (Controlling Access and Managing Identity)
    • Physical and logical assets control
    • Identification and authentication of people and devices
    • Identity as a service (e.g. cloud identity)
    • Third-party identity services (e.g. on-premise)
    • Access control attacks
    • Identity and access provisioning lifecycle (e.g. provisioning review)
        
  • Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
    • Assessment and test strategies
    • Security process data (e.g. management and operational controls)
    • Security control testing
    • Test outputs (e.g. automated, manual)
    • Security architectures vulnerabilities
  • Security Operations (Foundational Concepts, Investigations, Incident Management, and Disaster Recovery)
    • Investigations support and requirements
    • Logging and monitoring activities
    • Provisioning of resources
    • Foundational security operations concepts
    • Resource protection techniques
    • Incident management
    • Preventative measures
    • Patch and vulnerability management
    • Change management processes
    • Recovery strategies
    • Disaster recovery processes and plans
    • Business continuity planning and exercises
    • Physical security
    • Personnel safety concerns
     
  • Software Development Security (Understanding, Applying, and Enforcing Software Security)
    • Security in the software development lifecycle
    • Development environment security controls
    • Software security effectiveness
    • Acquired software security impact

 

The CISSP logo, CISSP swirl logo and CISSP® are registered trademarks of (ISC) ²