CISSP Certification Training

Security Governance Through Principles and Policies

• Understand and apply concepts of confidentiality, integrity and availability
• Evaluate and apply security governance principles
• Develop, document, and implement security policy, standards, procedures, and guidelines
• Understand and apply threat modeling concepts and methodologies
• Apply risk-based management concepts

Personnel Security and Risk Management Concepts

• Personnel security policies and procedures
• Security governance
• Understand and apply risk management concepts
• Establish and maintain a security awareness, education and training program
• Manage the security function

Business Continuity Planning

• Planning for business continuity
• Project scope and planning
• Business impact assessment
• Continuity planning
• Plan approval and implementation

Laws Regulations and Compliance

• Categories of laws
• Laws
• Compliance
• Contracting and procurement

Protecting Security of Assets

• Identify and classify assets
• Determining ownership
• Using security baselines

Cryptography and Symmetric Key Algorithms

• Historical milestones in cryptography
• Cryptographic basics
• Modern cryptography
• Symmetric cryptography
• Cryptographic lifecycle

PKI and Cryptogrpahic Applications

• Asymmetric cryptography
• Hash functions
• Digital signatures
• Public Key Infrastructure
• Asymmetric key management
• Applied cryptography
• Cryptographic attacks

Principles of Secrity Models, Design and Capabilities

• Implement and manage engineering processes using secure design principles
• Understand the fundamental concepts of security models
• Select controls based on systems security requirements
• Understand security capabilities of information systems

Security Vulnerabilities, Threats, and Countermeasures

• Assess and mitigate security vulnerabilities
• Client-based systems
• Sever-based systems
• Database systems security
• Distributed systems and endpoint security
• Internet of Things
• Industrial control systems
• Assess and mitigate vulnerabilities in web-based systems
• Assess and mitigate vulnerabilities in mobile systems
• Assess and mitigate vulnerabilities in embedded devices and cyber-physical systems
• Essential security protection mechanisms
• Common architecture flaws and security issues

Physical Security Requirements

• Apply security principles to site and facility design
• Implement site and facility security controls
• Implement and manage physical security

Secure Network Architecture and Securing Network Components

• OSI model
• TCP/IP model
• Converged protocols
• Wireless networks
• Secure network components
• Cabling, wireless, topology, communications and transmission media technology

Secure Communications and Network Attacks

• Network and protocol security mechanisms
• Secure voice communications
• Multimedia collaboration
• Manage email security
• Remote access security management
• Virtual private network
• Virtualization
• Network address translation
• Switching technologies
• WAN technologies
• Miscellaneous security control characteristics
• Security boundaries
• Prevent or mitigate network attacks

Managing Identity and Authentication

• Controlling access to assets
• Comparing identification and authentication
• Implementing identity management
• Managing the identity and access provisioning lifecycle provisioning

Controlling and Monitoring Access

• Comparing access control models
• Understanding access control attacks

Security Assessment and Testing

• Building a security assessment and testing program
• Performing vulnerability assessments
• Testing your software
• Implementing security management processes

Managing Security Operations

• Applying security operations concepts
• Securely provisioning resources
• Managing configuration
• Managing change
• Managing patches and reducing vulnerabilities

Preventing and Responding to Incidents

• Managing incident response
• Implementing detective and preventative measures
• Logging, monitoring and auditing

Disaster Recovery Planning

• The nature of disaster
• Understand system resilience and fault tolerance
• Recovery strategy
• Recovery plan development
• Training, awareness and documentation
• Testing and maintenance

Investigations and Ethics

• Investigations
• Major categories of computer crime
• Ethics

Software Development Security

• Introducing systems development controls
• Establishing databases and data warehousing
• Storing data and information
• Understanding knowledge-based systems

Malicious Code and Application Attacks

• Malicious code
• Password attacks
• Application attacks
• Web application security
• Reconnaissance attacks
• Masquerading attacks

CISSP Certification Exam Details:

In order to take the CISSP certification exam, candidates must register with (ISC)².

CISSP Exam Details

• Number of Questions: 100-150
• Test Duration: 3 Hours
• Passing Score: 700 out of 1000 points
• Test Format: Multiple choice
• Test Delivery: (ISC)²

CISSP Certification Measures a Candidate’s Knowledge in Each of these 8 Domains:

1. Security and Risk Management
2. Asset Security
3. Security Architecture and Engineering
4. Communication and Network Security
5. Identity and Access Management (IAM)
6. Security Assessment and Testing
7. Security Operations
8. Software Development Security