For the Next Generation of Information Security Leaders

The vendor-neutral CISSP certification is the ideal credential for those with proven deep technical and managerial competence, skills, experience, and credibility to design, engineer, implement, and manage their overall information security program to protect organizations from growing sophisticated attacks.

Aimed at security professionals, this course surveys the entire information security landscape and the technologies involved. The course addresses the eight knowledge domains that comprise the common body of knowledge (CBK) for information systems security professionals and will help delegates prepare for CISSP certification.

The course offers a theory based approach to the security process, with opportunities to discuss the immediate application of concepts and techniques described in the CBK to the real world. It can be considered as providing a good introduction to security management, architecture and engineering.

The course comprises of eight sessions that map directly to the (CBK), each one is theory based with instructor led discussions; there are no hands on labs.

Examinations:

This course will assist delegates preparing for the following exam: CISSP Certified Information Systems Security Professional.

To book the CBT exam requires the candidate to acquire a Pearson VUE testing voucher. Please note, the price of the voucher is not included in the RRP of this course

The CISSP is ideal for those working in positions such as, but not limited to:

• Security Consultant
• Security Manager
• IT Director/Manager
• Security Auditor
• Security Architect
• Security Analyst
• Security Systems Engineer
• Chief Information Security Officer
• Director of Security

Lesson 1: Security and Risk Management

• Topic A: Security Governance Principles
• Topic B: Compliance
• Topic C: Professional Ethics
• Topic D: Security Documentation
• Topic E: Risk Management
• Topic F: Threat Modeling
• Topic G: Business Continuity Plan Fundamentals
• Topic H: Acquisition Strategy and Practice
• Topic I: Personnel Security Policies
• Topic J: Security Awareness and Training

Lesson 2: Asset Security

• Topic A: Asset Classification
• Topic B: Privacy Protection
• Topic C: Asset Retention
• Topic D: Data Security Controls
• Topic E: Secure Data Handling

Lesson 3: Security Engineering

• Topic A: Security in the Engineering Lifecycle
• Topic B: System Component Security
• Topic C: Security Models
• Topic D: Controls and Countermeasures in Enterprise Security
• Topic E: Information System Security Capabilities
• Topic F: Design and Architecture Vulnerability Mitigation
• Topic G: Vulnerability Mitigation in Embedded, Mobile, and Web-Based Systems
• Topic H: Cryptography Concepts
• Topic I: Cryptography Techniques
• Topic J: Site and Facility Design for Physical Security
• Topic K: Physical Security Implementation in Sites and Facilities

Lesson 4: Communications and Network Security

• Topic A: Network Protocol Security
• Topic B: Network Components Security
• Topic C: Communication Channel Security
• Topic D: Network Attack Mitigation

Lesson 5: Identity and Access Management

• Topic A: Physical and Logical Access Control
• Topic B: Identification, Authentication, and Authorization
• Topic C: Identity as a Service
• Topic D: Authorization Mechanisms
• Topic E: Access Control Attack Mitigation

Lesson 6: Security Assessment and Testing

• Topic A: System Security Control Testing
• Topic B: Software Security Control Testing
• Topic C: Security Process Data Collection
• Topic D: Audits

Lesson 7: Security Operations

• Topic A: Security Operations Concepts
• Topic B: Physical Security
• Topic C: Personnel Security
• Topic D: Logging and Monitoring
• Topic E: Preventative Measures
• Topic F: Resource Provisioning and Protection
• Topic G: Patch and Vulnerability Management
• Topic H: Change Management
• Topic I: Incident Response
• Topic J: Investigations
• Topic K: Disaster Recovery Planning
• Topic L: Disaster Recovery Strategies
• Topic M: Disaster Recovery Implementation

Lesson 8: Software Development Security

• Topic A: Security Principles in the System Lifecycle
• Topic B: Security Principles in the Software Development Lifecycle
• Topic C: Database Security in Software Development
• Topic D: Security Controls in the Development Environment
• Topic E: Software Security Effectiveness Assessment

If you plan to build a career in information security CISSP is the gold standard certification to attain.

• The course can run in two formats, the standard public event or as a boot camp. The boot camp allows the customer to specify longer working hours which allows a deeper and more detailed discussion of the technologies involved.
• A public event would typically run 9.30 till 5 pm.
• Boot camps can run 9 am to 5.30 pm or 9 am to 8 pm, depending on your preference.
• A boot camp also traditionally finishes with a test prep exam, which takes place after lunch on the last day. This allows the delegates to approach the topics covered in a question and answer format, and then discuss their answers with the trainer and class.

Candidates must have a minimum of five years of work experience in two or more of the eight domains indicated in the CISSP Common Body of Knowledge® (CBK).

• Security and Risk Management
• Asset Security
• Security Engineering
• Communications and Network Security
• Identity and Access Management
• Security Assessment and Testing
• Security Operations
• Software Development Security