• Classroom
  • Online, Instructor-Led
  • Online, Self-Paced

This course prepares participants to take and pass the (ISC)² CISSP exam, a top level certification in the cyber security field.

Learning Objectives

This course prepares the Information Systems professional to prepare for and pass the (ISC)² CISSP exam.

Module 1: Security and Risk Management

  • Confidentiality, integrity, and availability concepts
  • Security governance principles
  • Compliance
  • Regulatory and legal issues
  • Professional ethics
  • Security standards, policies, procedures and guidelines

Module 2: Asset Security

  • Asset and information classification
  • Ownership of data, systems, etc.
  • Privacy protection
  • Appropriate retention
  • Data security controls
  • Handling requirements

Module 3: security Engineering

  • Secure design principles
  • Security models fundamental concepts
  • Evaluation models
  • Security capabilities of information systems
  • Security architectures, designs and solution elements vulnerabilities
  • Web-based systems vulnerabilities
  • Mobile systems vulnerabilities
  • Embedded devices
  • Cryptography
  • Site and facility design secure principles
  • Physical security

Module 4: Communication and Network Security

  • Secure network architecture design
    • IP and non-IP protocols
    • Segmentation
  • Secure network components
  • Secure communication channels
  • Network attacks

Module 5: Identity and Access Management

  • Physical and logical assets control
  • Identification and authentication of devices and people
  • Identity as a service
  • Cloud identity
  • Third-party identity services
  • Access control attacks
  • Identity and access provisioning lifecycle

Module 6: Security Assessment and Testing

  • Assessment and Test strategies
  • Security process data
  • Security control testing
  • Test outputs, automated and manual
  • Security architectures vulnerabilities

Module 7: Security Operations

  • Investigations support and requirements
  • Logging and monitoring activities
  • Provisioning of resources
  • Foundational security operations concepts
  • Resource protection techniques
  • Incident management
  • Preventative measures and recovery strategies
  • Disaster recovery processes and plans
  • Patch and vulnerability management
  • Change Management and business continuity
  • Physical security and personnel safety concerns

Module 8: Software Development Security

  • Security in the software development lifecycle
  • Development environment security controls
  • Software security effectiveness
  • Acquired software security impact

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Risk Management
  • Systems Analysis
  • Vulnerability Assessment and Management
  • Cybersecurity Management
  • Program/Project Management and Acquisition

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.