Certified Information Systems Security Professional

Course Title Course Language Est.Duration-days Est.Duration-Hours
CISSP English 5 40

Learning Objective

The CISSP validates an information security professional’s deep technical and managerial
knowledge and experience to effectively design,engineer and manage the overall security
posture of an organization.

Pre - Requisites

Basic knowledge of computer operating

Course Contents

Security and Risk Management

  • Understand and apply concepts of confidentiality, integrity, and availability
  • Apply security governance principles
  • Compliance
  • Understand legal and regulatory issues that pertain to information security in a global context
  • Understand professional ethics
  • Develop and implement documented security policy, standards, procedures, and guidelines
  • Understand business continuity requirements
  • Contribute to personnel security policies
  • Understand and apply risk management concepts
  • Understand and apply threat modeling
  • Integrate security risk considerations into acquisition strategy and practice
  • Establish and manage information security education, training, and awareness

Asset Security

  • Classify information and supporting assets
  • Determine and maintain ownership
  • Protect privacy
  • Ensure appropriate retention
  • Determine data security controls
  • Establish handling requirements

Security Engineering

  • Implement and manage engineering processes using secure design principles
  • Understand the fundamental concepts of security models
  • Select controls and countermeasures based upon systems security evaluation models
  • Understand the security capabilities of information systems
  • Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements
  • Assess and mitigate the vulnerabilities in web-based systems
  • Assess and mitigate vulnerabilities in mobile systems
  • Assess and mitigate vulnerabilities in embedded devices and cyber-physical systems
  • Apply cryptography
  • Apply secure principles to a site and facility design
  • Design and implement physical security

Communication & Network Security

  • Apply secure design principles to network architecture
  • Secure network components
  • Design and establish secure communication channels
  • Prevent or mitigate network attacks

Identity & Access Management

  • Control physical and logical access to assets
  • Manage the identification and authentication of people and devices
  • Integrate identity as a service
  • Integrate third-party identity services
  • Implement and manage authorization mechanisms
  • Prevent or mitigate access control attacks
  • Manage the identity and access provisioning lifecycle

Security Assessment & Testing

  • Design and validate assessment and test strategies
  • Conduct security control testing
  • Collect security process data
  • Analyze and report test outputs
  • Understand the vulnerabilities of security architectures

Security Operations

  • Understand and support investigations
  • Understand requirements for investigation types
  • Conduct logging and monitoring activities
  • Secure the provisioning of resources
  • Understand and apply foundational security operations concepts
  • Employ resource protection techniques
  • Conduct incident management
  • Operate and maintain preventative measures

Software Security Development

  • Understand and apply security in the software development lifecycle
  • Enforce security controls in development environments
  • Assess the effectiveness of software security
  • Assess the security impact of acquired software

Certificate

Attendees will get training certificate after the completion of the course