CISSP - Certified Information Systems Security Professional (CISSP)

This training seminar provides a comprehensive review of information security concepts and industry best practices, covering the 8 domains of the CISSP CBK (Common Body of Knowledge):
Security and Risk Management, Asset Security, Security Engineering, Communications and Network Security, Identity and Access Management, Security Assessment and Testing, Security Operations, and Software Development Security

Student Testimonials

Instructor did a great job, from experience this subject can be a bit dry to teach but he was able to keep it very engaging and made it much easier to focus. Student
Excellent presentation skills, subject matter knowledge, and command of the environment. Student
Instructor was outstanding. Knowledgeable, presented well, and class timing was perfect. Student

Click here to print this page »


Professionals with at least five years of experience and who demonstrate a globally recognized level of competence, as defined in the CISSP Common Body of Knowledge (CBK) in two or more of the eight security domains

Detailed Class Syllabus

Module 1: Security and Risk Management (e.g., Security, Risk, Compliance, Law, Regulations, Business Continuity)

Understand and Apply Concepts of Confidentiality, Integrity, and Availability
Apply Security Governance Principles
Understand Legal and Regulatory Issues that Pertain to Information Security in a Global Context
Develop and Implement Documented Security Policy, Standards, Procedures, and Guidelines
Understand Business Continuity Requirements
Contribute to Personnel Security Policies
Understand and Apply Risk Management Concepts
Understand and Apply Threat Modeling
Integrate Security Risk Considerations into Acquisitions Strategy and Practice
Establish and Manage Security Education, Training, and Awareness

Module 2: Asset Security (Protecting Security of Assets)

Classify Information and Supporting Assets
Determine and Maintain Ownership
Protect Privacy
Ensure Appropriate Retention
Determine Data Security Controls
Establish Handling Requirements•

Module 3: Security Engineering (Engineering and Management of Security)

Implement and Manage an Engineering Life Cycle Using Security Design Principles
Understand Fundamental Concepts of Security Models
Select Controls and Countermeasures Based Upon Information Systems Security Standards
Understand the Security Capabilities of Information Systems
Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements
Assess and Mitigate Vulnerabilities in Web-based Systems
Assess and Mitigate Vulnerabilities in Mobile Systems
Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical Systems
Apply Cryptography
Apply Secure Principles to Site and Facility Design
Design and Implement Facility Security

Module 4: Communications and Network Security (Designing and Protecting Network Security)

Apply Secure Design Principles to Network Architecture
Securing Network Components
Design and Establish Secure Communication Channels
Prevent or Mitigate Network Attacks

Module 5: Identity and Access Management (Controlling Access and Managing Identity)

Control Physical and Logical Access to Assets
Manage Identification and Authentication of People and Devices
Integrate Identity as a Service (IDaaS)
Integrate Third-Party Identity Services
Implement and Manage Authorization Mechanisms
Prevent or Mitigate Access Control Attacks
Manage the Identity and Access Provisioning Life Cycle

Module 6: Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)

Design and Validate Assessment and Test Strategies
Conduct Security Control Testing
Collect Security Process Data
Conduct or Facilitate Internal and Third-Party Audits

Module 7: Security Operations (e.g., Foundational Concepts, Investigations, Incident Management, Disaster Recovery)

Understand and Support Investigations
Understand Requirements for Investigation Types
Conduct Logging and Monitoring Activities
Secure the Provisioning of Resources through Configuration Management
Understand and Apply Foundational Security Operations Concepts
Employ Resource Protection Techniques
Conduct Incident Response
Operate and Maintain Preventative Measures
Implement and Support Patch and Vulnerability Management
Participate in and Understand Change Management Processes
Implement Recovery Strategies
Implement Disaster Recovery Processes
Test Disaster Recovery Plan
Participate in Business Continuity Planning
Implement and Manage Physical Security
Participate in Personnel Safety

Module 8: Software Development Security (Understanding, Applying, and Enforcing Software Security)

Understand and Apply Security in the Software Development Life Cycle
Enforce Security Controls in the Development Environment
Assess the Effectiveness of Software Security
Assess Software Acquisition Security