Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
ISC2-CISSP-Certified Information Systems Security Professional
The CISSP is a globally recognized, advanced-level certification that validates an individual’s ability to design, implement, and manage a best-in-class cybersecurity program. Earning the CISSP demonstrates expertise across eight domains, including security and risk management, asset security, and security architecture.
Course Overview
Overall Proficiency Level
3 - Advanced
Course Catalog Number
CYBERPRO1-3
Course Prerequisites
N/A
Training Purpose
Skill Development
Functional Development
Management Development
Specific Audience
All
Delivery Method
Classroom
Online, Instructor-Led
Online, Self-Paced
Course Location
850 Ben Graves Dr
Huntsville, AL 35816
Learning Objectives
This course prepares the Information Systems professional to prepare for and pass the (ISC)² CISSP exam.
Module 1: Security and Risk Management
- Confidentiality, integrity, and availability concepts
- Security governance principles
- Compliance
- Regulatory and legal issues
- Professional ethics
- Security standards, policies, procedures and guidelines
Module 2: Asset Security
- Asset and information classification
- Ownership of data, systems, etc.
- Privacy protection
- Appropriate retention
- Data security controls
- Handling requirements
Module 3: security Engineering
- Secure design principles
- Security models fundamental concepts
- Evaluation models
- Security capabilities of information systems
- Security architectures, designs and solution elements vulnerabilities
- Web-based systems vulnerabilities
- Mobile systems vulnerabilities
- Embedded devices
- Cryptography
- Site and facility design secure principles
- Physical security
Module 4: Communication and Network Security
- Secure network architecture design
- IP and non-IP protocols
- Segmentation
- Secure network components
- Secure communication channels
- Network attacks
Module 5: Identity and Access Management
- Physical and logical assets control
- Identification and authentication of devices and people
- Identity as a service
- Cloud identity
- Third-party identity services
- Access control attacks
- Identity and access provisioning lifecycle
Module 6: Security Assessment and Testing
- Assessment and Test strategies
- Security process data
- Security control testing
- Test outputs, automated and manual
- Security architectures vulnerabilities
Module 7: Security Operations
- Investigations support and requirements
- Logging and monitoring activities
- Provisioning of resources
- Foundational security operations concepts
- Resource protection techniques
- Incident management
- Preventative measures and recovery strategies
- Disaster recovery processes and plans
- Patch and vulnerability management
- Change Management and business continuity
- Physical security and personnel safety concerns
Module 8: Software Development Security
- Security in the software development lifecycle
- Development environment security controls
- Software security effectiveness
- Acquired software security impact
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Competency Areas
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.
Last Published Date: