CISSP Certified Information Systems Security Professional

CISSP Certified Information Systems Security Professional course provides complete knowledge to the delegates about the basics of telecommunication, network security concepts, components for reducing the security risks, securing channels of communication, and detecting network-based attacks. With the help of this training, the delegates will understand how to describe and apply Risk Management Framework and information security governance.

CISSP Certified Information Systems Security Professional course is designed to provide complete knowledge and skills to design, organise and manage IT security programs. With the help of the training, the delegates will able to define the architecture, design and management of the security of an organisation. The delegates will learn about the components, principles and system security techniques.

CISSP Exam

To be CISSP certified, the delegates need to pass the CISSP exam. The exam includes the following:

• Multiple Choice Questions
• Duration: 3 hours
• No. of Questions: 100-150
• Pass Percentage: 70%
• Type of Exam: Computer-based

Security and Risk Management

• Understand and Implement Concepts of Confidentiality, Availability and Integrity
• Implement Security Governance Principles
• Introduction to Compliance
• Understand Legal and Regulatory Issues that Pertain to Information Security in a Global Context
• Understand Professional Ethics and Business Continuity Requirements
• Contribute to Personnel Security Policies
• Understand and Apply Risk Management and Threat Modelling Concepts
• Develop and Implement Documented Security Policy, Standards, Guidelines and Procedures
• Establish and Manage Information Security Education, Training, and Awareness
• Integrate Security Risk Considerations into Acquisition Strategy and Practice

Security Engineering

• Essential Concepts of Security Models
• Implement and Manage Engineering Processes using Secure Design Principles
• Select Controls and Countermeasures Based Upon Systems Security Evaluation Models
• Understand Security Capabilities of Information Systems
• Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements
• Assess and Mitigate the Vulnerabilities in Mobile Systems and Web-Based Systems
• Assess and Reduce Vulnerabilities in Embedded Devices and Cyber-Physical Systems
• Apply Cryptography
• Design and Implement Physical Security
• Apply Secure Principles to the Site and Facility Design

Overview of Asset Security

• Classify Supporting Assets and Information
• Understand about Protect Privacy
• Determine and Maintain Ownership
• Ensure Appropriate Retention
• Determine Data Security Controls
• Establish Handling Requirements

Identity and Access Management

• Control Physical and Logical Access To Assets
• Manage Identification and Authentication of People and Devices
• Integrate Identity as a Service
• Integrate Third-Party Identity Services
• Implement and Manage Authorisation Mechanisms
• Manage the Identity and Access Provisioning Lifecycle
• Prevent or Mitigate Access Control Attacks

Overview of Communication and Network Security

• Apply Secure Design Principles to Network Architecture
• Secure Network Components
• Design and Establish Secure Communication Channels
• Prevent or Reduce Network Attacks

Security Operations

• Understand and Support Investigations
• Understand Requirements for Investigation Types
• Conduct Logging and Monitoring Activities
• Secure the Provisioning of Resources
• Understand and Apply Foundational Security Operations Concepts
• Employ Resource Protection Techniques
• Conduct Incident Management
• Operate and Maintain Preventative Measures

Security Assessment & Testing

• Design and Validate Assessment and Test Strategies
• Conduct Security Control Testing
• Collect Security Process Data
• Analyse and Report Test Outputs
• Understand the Vulnerabilities of Security Architectures

Software Security Development

• Understand and Implement Security in the Software Development Lifecycle
• Enforce Security Controls in Development Environments
• Assess the Effectiveness of Software Security
• Assess Security Impact of Acquired Software