This course is intended for experienced IT security-related practitioners, auditors, consultants, investigators, or instructors, including network or security analysts and engineers, network administrators, information security specialists, and risk management professionals, who are pursuing CISSP training and certification to acquire the credibility and mobility to advance within their current computer security careers or to migrate to a related career. Through the study of all eight CISSP CBK domains, students will validate their knowledge by meeting the necessary preparation requirements to qualify to sit for the CISSPcertification exam. Additional CISSP certification requirements include a minimum of five years of direct professional work experience in two or more fields related to the eight CBK security domains, or a college degree and four years of experience.

It is highly recommended that students have obtained CompTIA® Network+® or Security+® certifications, or possess equivalent professional experience upon entering CISSP training. It will be beneficial if students have one or more of the following security-related or technology-related certifications or equivalent industry experience:

• CyberSec First Responder (CFR)
• Microsoft Certified Solutions Expert (MCSE)
• CyberSec First Responder (CFR)
• Cisco Certified Network Professional (CCNP))
• Red Hat Certified Engineer (RHCE)
• Linux Foundation Certified Engineer (LFCE)
• Systems Security Certified Practitioner (SSCP®)
• GIAC Security Essentials (GSEC)
• GIAC Information Security Fundamentals (GISF)
• Certified Information Systems Auditor (CISA™)
• Certified Information Security Manager (CISM®)

Course Module

• Security Governance Principles
• Compliance
• Professional Ethics
• Security Documentation
• Risk Management
• Threat Modelling
• Business Continuity Plan Fundamentals
• Acquisition Strategy and Practice
• Personnel Security Policies
• Security Awareness and Training

• Asset Classification
• Privacy Protection
• Asset Retention
• Data Security Controls
• Secure Data Handling

• Security in the Engineering Lifecycle
• System Component Security
• Security Models
• Controls and Countermeasures in Enterprise Security
• Information System Security Capabilities
• Design and Architecture Vulnerability Mitigation
• Vulnerability Mitigation in Mobile, IoT, Embedded, and Web-Based Systems
• Cryptography Concepts
• Cryptography Techniques
• Site and Facility Design for Physical Security
• Physical Security Implementation in Sites and Facilities

• Network Protocol Security
• Network Components Security
• Communication Channel Security
• Network Attack Mitigation

• Physical and Logical Access Control
• Identification, Authentication, and Authorization
• Identity as a Service
• Authorization Mechanisms
• Access Control Attack Mitigation

• System Security Control Testing
• Software Security Control Testing
• Security Process Data Collection
• Audits

• Security Operations Concepts
• Physical Security
• Personnel Security
• Logging and Monitoring
• Preventative Measures
• Resource Provisioning and Protection
• Patch and Vulnerability Management
• Change Management
• Incident Response
• Investigations
• Disaster Recovery Planning
• Disaster Recovery Strategies
• Disaster Recovery Implementation

• Security Principles in the System Lifecycle
• Security Principles in the Software Development Lifecycle
• Database Security in Software Development
• Security Controls in the Development Environment
• Software Security Effectiveness Assessment

Comments