• Classroom
  • Online, Instructor-Led
  • Online, Self-Paced
Course Description

This course prepares participants to take and pass the (ISC)² CISSP exam, a top level certification in the cyber security field.

Learning Objectives

This course prepares the Information Systems professional to prepare for and pass the (ISC)² CISSP exam.

Module 1: Security and Risk Management

  • Confidentiality, integrity, and availability concepts
  • Security governance principles
  • Compliance
  • Regulatory and legal issues
  • Professional ethics
  • Security standards, policies, procedures and guidelines

Module 2: Asset Security

  • Asset and information classification
  • Ownership of data, systems, etc.
  • Privacy protection
  • Appropriate retention
  • Data security controls
  • Handling requirements

Module 3: security Engineering

  • Secure design principles
  • Security models fundamental concepts
  • Evaluation models
  • Security capabilities of information systems
  • Security architectures, designs and solution elements vulnerabilities
  • Web-based systems vulnerabilities
  • Mobile systems vulnerabilities
  • Embedded devices
  • Cryptography
  • Site and facility design secure principles
  • Physical security

Module 4: Communication and Network Security

  • Secure network architecture design
    • IP and non-IP protocols
    • Segmentation
  • Secure network components
  • Secure communication channels
  • Network attacks

Module 5: Identity and Access Management

  • Physical and logical assets control
  • Identification and authentication of devices and people
  • Identity as a service
  • Cloud identity
  • Third-party identity services
  • Access control attacks
  • Identity and access provisioning lifecycle

Module 6: Security Assessment and Testing

  • Assessment and Test strategies
  • Security process data
  • Security control testing
  • Test outputs, automated and manual
  • Security architectures vulnerabilities

Module 7: Security Operations

  • Investigations support and requirements
  • Logging and monitoring activities
  • Provisioning of resources
  • Foundational security operations concepts
  • Resource protection techniques
  • Incident management
  • Preventative measures and recovery strategies
  • Disaster recovery processes and plans
  • Patch and vulnerability management
  • Change Management and business continuity
  • Physical security and personnel safety concerns

Module 8: Software Development Security

  • Security in the software development lifecycle
  • Development environment security controls
  • Software security effectiveness
  • Acquired software security impact

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Risk Management
  • Systems Analysis
  • Vulnerability Assessment and Management
  • Cybersecurity Management
  • Program/Project Management and Acquisition