CISSP – Certified Information Systems Security Professional

Provided by

About the course

Overview 

CISSP (Certified Information Systems Security Professional) draws from a comprehensive, up-to-date, global common body of knowledge that ensures security leaders have a deep knowledge and understanding of new threats, technologies, regulations, standards and practices.

This CISSP exam preparation course deals with the security concepts to be mastered in order to obtain CISSP certification. In an accelerated but rigorous manner, this training prepares the student for the CISSP examination, covering the entirety of the Common Body of Knowledge about security (CBK) as defined by the ISC2®.

Module 1. Security and Risk Management

Aligning security and risk to organisational objectives

  • Evaluate and apply security governance principles
  • Implement policies, standards and procedures
  • Applying compliance
  • Applying risk management concepts
  • Assessing threats and vulnerabilities
  • Performing risk analysis and control
  • Defining qualitative and quantitative analysis
  • Preserving the business
  • Adhering to Business Continuity Management Code of Practice and Specifications
  • Performing a business impact analysis
  • Investigating legal measures and techniques
  • Reviewing intellectual property, liability and law, and compliance
  • Differentiating traditional computer crime
  • Establish information and asset handling requirements

Module 2. Asset Security

Examining security models and frameworks

The Information Security Triad and multi-level models
Investigating industry standards: ISO 27001/27002
Evaluating security model fundamental concepts
Exploring system and component security concepts

Certification and accreditation criteria and models
Reviewing mobile system/cloud/IoT vulnerabilities
Protecting information by applying cryptography

Detailing symmetric and asymmetric encryption systems
Ensuring message integrity through hashing
Uncovering threats to cryptographic systems
Safeguarding physical resources

Designing environments to resist hostile acts and threats
Designing environments to resist hostile acts and threats

Module 3. Communication & Network Security

Defining a secure network architecture

TCP/IP and other protocol models
Protecting from network attacks
Reviewing secure network components and communication channels
Examining secure networks and components

Identifying wired and wireless technologies
Implementing firewalls, secure communications, proxies, and tunnels

Module 4. Identity & Access Management

Controlling access to protect assets

Defining administrative, technical and physical controls
Implementing centralised and decentralised approaches
Investigating biometric and multi-factor authentication
Identifying common threats
Manage the identity and access provisioning lifecyle

Module 5. Security Assessment & Testing

Designing and conducting security assessment strategies

Leveraging the role of testing and auditing to analyse the effectiveness of security controls
Differentiating detection and protection systems
Conducting logging and monitoring activities

Distinguishing between the roles of internal and external audits
Conduct or facilitate security audits

Module 6. Security Operations

Maintaining operational resilience

Managing security services effectively
Leveraging and supporting investigations and incident response
Differentiating detection and protection systems
Securely provisioning resources
Developing a recovery strategy

Designing a disaster recovery plan
Implementing test and maintenance processes
Provisioning of resources

Module 7. Software Security Development

Securing the software development life cycle

Applying software development methods and security controls
Addressing database security concepts and issues
Define and apply secure coding guidelines and standards
Reviewing software security effectiveness and security impact

Audience 

CISSP is ideal for experienced security practitioners, managers and executives interested in proving their knowledge across a wide array of security practices and principles, including those in the following positions:

  • Chief Information Security Officer
  • Chief Information Officer
  • Director of Security
  • IT Director/Manager
  • Security Systems Engineer
  • Security Analyst
  • Security Manager
  • Security Auditor
  • Security Architect
  • Security Consultant
  • Network Architect

Please note CISSP candidates must meet specific requirements, as established by ISC² — see: ISC². Those without the required experience can take the exam to become an Associate of (ISC)² while working toward the experience needed for full certification


Assessment 

To obtain the CISSP certification, the associated exam must be passed. The exam covers the eight domains of Information Systems Security. Please note that this exam is provided by (ISC)2 and is not included in this training course. This must be booked separately and can be sat at our Newport training and examination centre. The exam format is as follows:

  • Multiple choice
  • 6 hours
  • 250 questions
  • 70% required to pass
  • Computer-based

To take the CISSP exam, you can register on this link: https://www.isc2.org/Register-for-Exam


Whats included 

The following will be included in this CISSP (Certified Information Systems Security Professional) training course:

  • CISSP training manual
  • Accredited Instructor
  • Certificate
  • Refreshments

Related article

Is the online Cyber Security MSc from the University of Liverpool the right path for you? If you are looking to take the next step in your IT caree...