This course provides in-depth coverage of the eight domains required to pass the CISSP exam:
- Security and Risk Management
- Asset Security
- Security Engineering
- Communications and Network Security
- Identity and Access Management
- Security Assessment and Testing
- Security Operations
- Software Development Security
Certified Information Systems Security Professional Course Outline
The following subjects will be taught during this five-day CISSP course:
Security and Risk Management:
- Confidentiality, Integrity, and Availability Concepts
- Security Governance Principles
- Compliance
- Legal and Regulatory Issues
- Professional Ethics
- Security Policies, Standards, Procedures, and Guidelines
Asset Security:
- Information and Asset Classification
- Ownership
- Protect Privacy
- Appropriate Retention
- Data Security Controls
- Handling Requirements
Security Architecture and Engineering:
- Engineering Processes using Secure Design Principles
- Security Models Fundamental Concepts
- Security Evaluation Models
- Security Capabilities of Information Systems
- Security Architectures, Designs, and Solution Elements Vulnerabilities
- Web-based Systems Vulnerabilities
- Mobile Systems Vulnerabilities
- Embedded Devices and Cyber-Physical Systems Vulnerabilities
- Cryptography
- The site and Facility Design Secure Principles
- Physical Security
Communication and Network Security:
- Secure Network Architecture Design
- Secure Network Components
- Secure Communication Channels
- Network Attacks
Identity and Access Management (IAM):
- Physical and Logical Assets Control
- Identification and Authentication of People and Devices
- Identity as a Service
- Third-party Identity Services
- Access Control Attacks
- Identity and Access Provisioning Lifecycle
Security Assessment and Testing:
- Assessment and Test Strategies
- Security Process Data
- Security Control Testing
- Test Outputs
- Security Architectures Vulnerabilities
Security Operations:
- Investigations Support and Requirements
- Logging and Monitoring Activities
- Provisioning of Resources
- Foundational Security Operations Concepts
- Resource Protection Techniques
- Incident Management
- Preventative Measures
- Patch and Vulnerability Management
- Change Management Processes
- Recovery Strategies
- Disaster Recovery Processes and Plans
- Business Continuity Planning and Exercises
- Physical Security
- Personnel Safety Concerns
Software Development Security:
- Security in the Software Development Lifecycle
- Development Environment Security Controls
- Software Security Effectiveness
- Acquired Software Security Impact