This course has no confirmed dates in the future. Subscribe to be notified when it is offered.
About the course
In this course, participants will analyze a wide range of information systems security subjects that are organized into 8 domains for CISSP exam certification.
Upon successful completion of this course, students will be able to:
- Analyze information systems access control.
- Analyze security architecture and design.
- Analyze network security systems and telecommunications.
- Analyze information security management goals.
- Analyze information security classification and program development.
- Analyze risk management criteria and ethical codes of conduct.
- Analyze software development security.
- Analyze cryptography characteristics and elements.
- Analyze physical security.
- Analyze operations security.
- Apply Business Continuity and Disaster Recovery Plans.
- Identify legal issues, regulations, compliance standards, and investigation practices relating to information systems security.
Security & Risk Management
- Security & Risk Management
- Confidentiality, Integrity, and Availability
- Security Governance
- The Complete and Effective Security Program
- Global Legal and Regulatory Issues
- Understand Professional Ethics
- Develop and Implement Security Policy
- Business Continuity (BC) & Disaster Recovery (DR) Requirements
- Manage Personnel Security
- Risk Management Concepts
- Threat Modeling
- Acquisitions Strategy and Practice
- Security Education, Training, and Awareness
- Asset Security
- Data Management: Determine and Maintain Ownership
- Data Standards
- Longevity and Use
- Classify Information and Supporting Assets
- Asset Management
- Protect Privacy
- Ensure Appropriate Retention
- Determine Data Security Controls
- Standards Selection
- Security Engineering
- The Engineering Lifecycle Using Security Design Principles
- Fundamental Concepts of Security Models
- Information Systems Security Evaluation Models
- Security Capabilities of Information Systems
- Vulnerabilities of Security Architectures
- Database Security
- Software and System Vulnerabilities and Threats
- Vulnerabilities in Mobile Systems
- Vulnerabilities in Embedded Devices and Cyber-Physical Systems
- The Application and Use of Cryptography
- Site and Facility Design Considerations
- Site Planning
- Implementation and Operation of Facilities Security
Communications & Network Security
- Communications & Network Security
- Secure Network Architecture and Design
- Implications of Multi-Layer Protocols
- Converged Protocols
- Securing Network Components
- Secure Communication Channels
- Network Attacks
Identity & Access Management
- Identity & Access Management
- Physical and Logical Access to Assets
- Identification and Authentication of People and Devices
- Identity Management Implementation
- Identity as a Service (IDaaS)
- Integrate Third-Party Identity Services
- Implement and Manage Authorization Mechanisms
- Prevent or Mitigate Access Control Attacks
- Identity and Access Provisioning Lifecycle
Security Assessment & Testing
- Security Assessment & Testing
- Assessment and Test Strategies
- Collect Security Process Data
- Internal and Third-Party Audits
- Security Operations
- Provisioning of Resources through Configuration Management
- Resource Protection
- Incident Response
- Preventative Measures against Attacks
- Patch and Vulnerability Management
- Change and Configuration Management
- The Disaster Recovery Process
- Test Plan Review
- Business Continuity and Other Risk Areas
- Access Control
- Personnel Safety
Security in the Software Development Life Cycle
- Security in the Software Development Life Cycle
- Software Development Security Outline
- Environment and Security Controls
- Security of the Software Environment
- Software Protection Mechanisms
- Assess the Effectiveness of Software Security
- Assess Software Acquisition Security
A variety of methodologies will be used during the course that includes:
- (30%) Based on Case Studies
- (30%) Techniques
- (30%) Role Play
- (10%) Concepts
- Pre-test and Post-test
- Variety of Learning Methods
- Case Studies and Self Questionaires
- Group Work
Who should attend
This course is intended for experienced IT security-related practitioners, auditors, consultants, investigators, or instructors, including network or security analysts and engineers, network administrators, information security specialists, and risk management professionals, who are pursuing CISSP training and certification to acquire the credibility and mobility to advance within their current computer security careers or to migrate to a related career. Through the study of all 10 CISSP CBK domains, students will validate their knowledge by meeting the necessary preparation requirements to qualify to sit for the CISSP certification exam. The CISSP exam is intentionally difficult and should not be taken lightly. Even participants with years of security experience should assume that they will have additional study time after class. Because the domains are so varied, it is unlikely that any one student will have experience in all 10 domains.