CISSP – Certified Information Systems Security Professional
Provided by NILC
About the course
Overview
CISSP (Certified Information Systems Security Professional) draws from a comprehensive, up-to-date, global common body of knowledge that ensures security leaders have a deep knowledge and understanding of new threats, technologies, regulations, standards and practices.
This CISSP exam preparation course deals with the security concepts to be mastered in order to obtain CISSP certification. In an accelerated but rigorous manner, this training prepares the student for the CISSP examination, covering the entirety of the Common Body of Knowledge about security (CBK) as defined by the ISC2®.
Module 1. Security and Risk Management
Aligning security and risk to organisational objectives
- Evaluate and apply security governance principles
- Implement policies, standards and procedures
- Applying compliance
- Applying risk management concepts
- Assessing threats and vulnerabilities
- Performing risk analysis and control
- Defining qualitative and quantitative analysis
- Preserving the business
- Adhering to Business Continuity Management Code of Practice and Specifications
- Performing a business impact analysis
- Investigating legal measures and techniques
- Reviewing intellectual property, liability and law, and compliance
- Differentiating traditional computer crime
- Establish information and asset handling requirements
Module 2. Asset Security
Examining security models and frameworks
The Information Security Triad and multi-level models
Investigating industry standards: ISO 27001/27002
Evaluating security model fundamental concepts
Exploring system and component security concepts
Certification and accreditation criteria and models
Reviewing mobile system/cloud/IoT vulnerabilities
Protecting information by applying cryptography
Detailing symmetric and asymmetric encryption systems
Ensuring message integrity through hashing
Uncovering threats to cryptographic systems
Safeguarding physical resources
Designing environments to resist hostile acts and threats
Designing environments to resist hostile acts and threats
Module 3. Communication & Network Security
Defining a secure network architecture
TCP/IP and other protocol models
Protecting from network attacks
Reviewing secure network components and communication channels
Examining secure networks and components
Identifying wired and wireless technologies
Implementing firewalls, secure communications, proxies, and tunnels
Module 4. Identity & Access Management
Controlling access to protect assets
Defining administrative, technical and physical controls
Implementing centralised and decentralised approaches
Investigating biometric and multi-factor authentication
Identifying common threats
Manage the identity and access provisioning lifecyle
Module 5. Security Assessment & Testing
Designing and conducting security assessment strategies
Leveraging the role of testing and auditing to analyse the effectiveness of security controls
Differentiating detection and protection systems
Conducting logging and monitoring activities
Distinguishing between the roles of internal and external audits
Conduct or facilitate security audits
Module 6. Security Operations
Maintaining operational resilience
Managing security services effectively
Leveraging and supporting investigations and incident response
Differentiating detection and protection systems
Securely provisioning resources
Developing a recovery strategy
Designing a disaster recovery plan
Implementing test and maintenance processes
Provisioning of resources
Module 7. Software Security Development
Securing the software development life cycle
Applying software development methods and security controls
Addressing database security concepts and issues
Define and apply secure coding guidelines and standards
Reviewing software security effectiveness and security impact
Audience
CISSP is ideal for experienced security practitioners, managers and executives interested in proving their knowledge across a wide array of security practices and principles, including those in the following positions:
- Chief Information Security Officer
- Chief Information Officer
- Director of Security
- IT Director/Manager
- Security Systems Engineer
- Security Analyst
- Security Manager
- Security Auditor
- Security Architect
- Security Consultant
- Network Architect
Please note CISSP candidates must meet specific requirements, as established by ISC² — see: ISC². Those without the required experience can take the exam to become an Associate of (ISC)² while working toward the experience needed for full certification
Assessment
To obtain the CISSP certification, the associated exam must be passed. The exam covers the eight domains of Information Systems Security. Please note that this exam is provided by (ISC)2 and is not included in this training course. This must be booked separately and can be sat at our Newport training and examination centre. The exam format is as follows:
- Multiple choice
- 6 hours
- 250 questions
- 70% required to pass
- Computer-based
To take the CISSP exam, you can register on this link: https://www.isc2.org/Register-for-Exam
Whats included
The following will be included in this CISSP (Certified Information Systems Security Professional) training course:
- CISSP training manual
- Accredited Instructor
- Certificate
- Refreshments