ISC2 CISSP
Description:
The CISSP (Certified Information Systems Security Professional) course is one of the essential certifications for security professionals who manage IT security processes and who wish to improve/update their skills in the area of IT Security. Course that prepares IT Security managers to perform their role. This course covers the topics of Security and Risk Management, Asset Security, Security Engineering, Communications and Network Security, Identity and Access Management, Security Assessment and Testing, Security Operations and Security in Software Development, allowing - you will also acquire knowledge through discussion, carrying out exercises per domain, and the simulation exam, ensuring your preparation for the (ISC)2 CISSP certification exam. The course program and manual were updated in May 2021, with the launch of the new CBK2021.
Domains
Domain 1: Security and Risk Management
Domain 2: Asset Security
Domain 3: Security Architecture and Engineering
Domain 4: Communication and Network Security
Domain 5: Identity and Access Management (IAM)
Domain 6: Security Assessment Testing
Domain 7: Security Operations
Domain 8: Software Development Security
Who Would Benefit?
Professionals managing security processes or those aspiring to deepen their knowledge in cybersecurity.
Prerequisites:
5 years of experience in 2 or more of the 8 CISSP domains.
Exam Info:
• Certification Exam: (ISC)² CISSP
• Format: Multiple Choice
• Questions: 100-150
• Duration: 3 hours
• Passing score: 700/1000
Course Length:
10 Days | 40 Hours
Course Objectives:
By the end of this course, learners will be able to apply core information technology and security principles, align security functions with organizational goals, and protect assets through their lifecycle. They will also learn to implement security controls, cryptography, and access control models, while evaluating risks and applying appropriate mitigations to secure systems and networks.
Domains:
1. Security and Risk Management
This domain focuses on establishing and governing security policies, risk management, and compliance. It includes the following key areas:
-
Confidentiality, Integrity, and Availability (CIA Triad): The three key principles of information security.
-
Security Governance Principles: Ensuring that security aligns with business objectives.
-
Legal and Regulatory Issues: Understanding laws and regulations affecting information security (e.g., GDPR, HIPAA).
-
Risk Management: Identifying, assessing, and mitigating risks through risk analysis (quantitative and qualitative).
-
Business Continuity (BC) and Disaster Recovery (DR): Strategies and plans to continue operations during and after disruptions.
-
Security Policies, Standards, Procedures, and Guidelines: Defining security requirements.
-
Ethics in Information Security: Adherence to a code of professional conduct.
2. Asset Security
This domain addresses securing and managing physical and digital assets, including:
-
Information and Asset Classification: Defining sensitivity levels (e.g., public, private, confidential).
-
Data Ownership and Responsibilities: Defining roles such as data owners, custodians, and users.
-
Protecting Privacy: Implementing controls to protect personally identifiable information (PII) and sensitive data.
-
Data Retention and Disposal: Guidelines on data lifecycle management, ensuring secure data destruction.
-
Handling Data Remnants: Addressing data left over on storage media after deletion.
3. Security Architecture and Engineering
This domain covers secure design principles and concepts necessary for building and managing secure systems:
-
Secure System Design: Adherence to principles like defense in depth, least privilege, and security by design.
-
Cryptography: Basics of encryption, digital signatures, key management, and cryptographic protocols.
-
Security Models and Frameworks: Implementing access control models (e.g., Bell-LaPadula, Biba).
-
Secure System Components: Addressing hardware, software, and network security.
-
Vulnerability Management: Identifying and addressing weaknesses in systems.
4. Communication and Network Security
This domain focuses on designing and securing network infrastructure, communications, and associated technologies:
-
Secure Network Architecture: Protecting networks using firewalls, segmentation, and zoning.
-
Network Protocols: Understanding TCP/IP, SSL/TLS, and other networking protocols for secure communication.
-
Secure Communication Channels: Implementing VPNs, encryption protocols, and secure tunneling.
-
Wireless Security: Addressing vulnerabilities and threats associated with wireless networks.
-
Network Attacks and Defenses: Understanding common network attacks (e.g., DDoS, man-in-the-middle) and mitigating them.
5. Identity and Access Management (IAM)
IAM is concerned with controlling access to information systems, including the following aspects:
-
Identification, Authentication, and Authorization: Ensuring proper user verification and access control.
-
Access Control Models: Implementing models such as Role-Based Access Control (RBAC), Mandatory Access Control (MAC), and Discretionary Access Control (DAC).
-
Access Provisioning and De-Provisioning: Managing user accounts and access rights.
-
Federated Identity Management: Using single sign-on (SSO) and identity federation across systems.
-
Access Reviews and Audits: Regularly reviewing access rights to ensure least privilege and compliance.
6. Security Assessment and Testing
This domain deals with evaluating the effectiveness of security controls through audits and tests:
-
Vulnerability Assessment and Penetration Testing: Scanning and testing systems for vulnerabilities.
-
Security Audits: Reviewing and assessing security measures and policies.
-
Log and Monitoring Analysis: Continuously reviewing logs and network activity for anomalies.
-
Testing Security Controls: Regularly testing firewalls, IDS/IPS, and other controls for proper functioning.
-
Code Reviews and Security Testing: Reviewing software code for vulnerabilities and security issues.
-
Third-Party Assessments: Auditing external partners or service providers for security compliance.
7. Security Operations
Security Operations focuses on managing and maintaining the day-to-day security of an organization:
-
Incident Response: Handling and managing security breaches, including detection, containment, and recovery.
-
Disaster Recovery (DR) and Business Continuity Planning (BCP): Preparing for and recovering from disasters and ensuring continuous business operations.
-
Logging and Monitoring: Continuously monitoring systems for suspicious activities.
-
Resource Protection: Safeguarding critical assets through access control and monitoring.
-
Patch Management: Ensuring that systems are up-to-date with the latest patches to mitigate vulnerabilities.
-
Forensics: Investigating and analyzing security incidents to determine cause and impact.
-
Physical Security: Implementing physical controls like locks, cameras, and security personnel to protect facilities.
8. Software Development Security
This domain emphasizes the importance of integrating security into the software development lifecycle (SDLC):
-
Secure Software Development Practices: Embedding security requirements into design, coding, and testing.
-
Security Testing of Software: Regularly testing for vulnerabilities, such as SQL injection, XSS, and buffer overflows.
-
Code Security Reviews: Identifying security flaws in code through static and dynamic code analysis.
-
Secure Coding Standards: Adopting standards like OWASP Top Ten to guide secure coding practices.
-
Application Security: Implementing security in application architecture, such as input validation, access control, and secure session management.
-
Software Configuration Management: Controlling and tracking changes to software throughout its lifecycle.
-
Software Vulnerability Management: Managing and addressing vulnerabilities in software applications.
Course Brochures (click the icon)
