Training

Certified Information Systems Security Professional (CISSP)

The International Information System Security Certification Consortium or (ISC)² is the world's leading cybersecurity professional organisation. (ISC)² is a global community of information system professionals who define the architecture, design, management and/or security controls that assure the security of business environments.

This 9 week (ISC)² authorised instructor-led course explores the Certified Information Systems Security Professional (CISSP) Common Body of Knowledge. It provides information system managers, executives and leaders with an awareness and deep understanding of current global threats, technologies, regulations, standards and best practices.

Course completion affirms an experienced information system professional's knowledge in the field of information security. It provides a comprehensive analysis of the knowledge required to effectively design, engineer and manage the overall security posture of an organisation.

view certificate

CISSP Common Body of Knowledge

The Certified Information Systems Security Professional (CISSP) Common Body of Knowledge defines global industry standards and best practices in information security. (ISC)² develops and maintains the CISSP Common Body of Knowledge through ongoing peer review by subject matter experts.

(ISC)² Certified Information Systems Security Professional (CISSP) training provides a comprehensive review of information system security concepts and global best practices covering the 8 domains of the CISSP Common Body of Knowledge:

Security and Risk Management
Asset Security
Security Architecture and Engineering
Communications and Network Security
Identity and Access Management (IAM)
Security Assessment and Testing
Security Operations
Software Development Security

Domain 1: Security and Risk Management

Domain 1 lays the foundation of the CISSP Common Body of Knowledge, particularly focusing on the CIA Triad - confidentiality, integrity, and availability. It explores skills required related to implement security policies and procedures and risk management in relation to the safe acquisition of software, hardware and services. Domain 1 is comprised of the following modules:

Module 1: Concepts of Confidentiality, Integrity and Availability
Module 2: Organizational/Corporate Governance
Module 3: Risk Management Concepts
Module 4: Compliance Requirements
Module 5: Legal and Regulatory Issues that Pertain to Information Security in a Global Context
Module 6: Security Policy, Standards, Procedures and Guidelines
Module 7: Personnel Security Policies and Procedures
Module 8: Security Awareness, Education and Training Programs
Module 9: Business Continuity Requirements
Module 10: Professional Ethics

2. Asset Security

Domain 2 explores the protection of an organisation's assets via application of baselines, scoping, tailoring and standards selection. It examines the handling requirements and security controls required to protect an asset throughout its lifecycle. Privacy protection is covered through the exploration of legal and regulatory requirements, and concepts of ownership, accountability, remanence, collection, storage and retention. Domain 2 is comprised of the following modules:

Module 1: Information and Assets
Module 2: Asset Lifecycle
Module 3: Information and Asset Ownership
Module 4: Protect Privacy
Module 5: Asset Retention
Module 6: Data Security Controls
Module 7: Information and Asset Handling Requirements
Module 8: Data Remanence

3. Security Architecture and Engineering

Domain 3 examines the principles and standards used to design, implement, secure and monitor operating systems, equipment, networks and applications. This includes the controls used to enforce various levels of confidentiality, integrity and availability. Domain 3 is comprised of the following modules:

Module 1: Processes Using Secure Design Principles
Module 2: Fundamental Concepts of Security Models
Module 3: Select Controls Based upon System Security Requirements
Module 4: Security Capabilities of Information Systems
Module 5: Vulnerabilities of Security Architectures, Designs and Solution Elements
Module 6: Cryptography
Module 7: Physical Security

4. Communications and Network Security

Domain 4 analyses different aspects of network architecture, communication protocols, segmentations, routing and wireless transmissions. It examines the mechanisms to design and protect network security to manage vulnerabilities, and respond to threats and countermeasures to avoid communication and network system interruption or service degradation. Domain 4 is comprised of the following modules:

Module 1: Secure Design Principles in Network Architectures
Module 2: OSI Layer 1: Physical Layer
Module 3: OSI Layer 2: Data-Link Layer
Module 4: OSI Layer 3: Network Layer
Module 5: OSI Layer 4: Transport Layer
Module 6: OSI Layer 5: Session Layer
Module 7: OSI Layer 6: Presentation Layer
Module 8: OSI Layer 7: Application Layer
Module 9: Service Considerations
Module 10: Secure Network Components
Module 11: Secure Communications Channels According to Design

5. Identity and Access Management (IAM)

Domain 5 examines the critical elements required to maintain confidentiality, integrity, and availability of assets through the procedures utilised to identify, name, associate and apply appropriately scoped access controls that meet tailored organisational needs. It explores concepts such as sessions, multi-factor authentication, proofing, credentials, role-based and rule-based access control. Domain 5 is comprised of the following modules:

Module 1: Control Physical and Logical Access to Assets
Module 2: Identity and Access Provisioning Lifecycle
Module 3: Identification and Authentication of People, Devices, and Services
Module 4: Identity Management Implementation
Module 5: Implement and Manage Authorization Mechanisms
Module 6: Accountability

6. Security Assessment and Testing

Domain 6 examines security testing and assessment activities that serves to mitigate risk for an organisation. It explores the tools and techniques used to assess the security of systems to find vulnerabilities, weaknesses and errors in coding and design. In addition to testing, auditing, disaster recovery, business continuity plans and awareness training are also covered. Domain 6 is comprised of the following modules:

Module 1: Design and Validate Assessment, Test and Audit Strategies
Module 2: Security Control Testing
Module 3: Security Process Data
Module 4: Test Output and Generate Report
Module 5: Conduct or Facilitate Security Audits

7. Security Operations

Domain 7 explores aspects of security related to the organisation’s operational environment such as asset protection, sandboxing, intrusion prevention, forensic investigations, incident management and response, business continuity and disaster recovery, and personnel security. Domain 7 is comprised of the following modules:

Module 1: Foundational Security Operations Concepts
Module 2: Securely Provisioning Resources
Module 3: Resource Protection Techniques
Module 4: Detective and Preventative Measures
Module 5: Incident Management
Module 6: Requirements for Investigation Types
Module 7: Investigations
Module 8: Logging and Monitoring Activities
Module 9: Recovery Strategies
Module 10: Disaster Recovery Processes
Module 11: Business Continuity Planning and Exercises
Module 12: Test Disaster Recovery Plans
Module 13: Personnel Safety and Security Concerns

8. Software Development Security

Domain 8 examines the involvement and design of security into the application from inception to decommission, and throughout both the software development lifecycle (SDLC) and system lifecycle (SLC). It explores the implementation of security controls on software and the data they process, including the environment in which systems exists. Domain 8 is comprised of the following modules:

Module 1: Security in the Software Development Lifecycle (SDLC)
Module 2: Secure Coding Guidelines and Standards
Module 3: Security Controls in Development Environments
Module 4: The Effectiveness of Software Security

About (ISC)²

The International Information System Security Certification Consortium or (ISC)² is a non-profit global organisation which specialises in training and certifications for cybersecurity professionals.

It is certified by ANSI that (ISC)² meets the requirements of ANSI/ISO/IEC Standard 17024, a personnel certification accreditation program.

(ISC)² develops and maintains the Certified Information Systems Security Professional (CISSP) Common Body of Knowledge. The CISSP Common Body of Knowledge establishes a common framework of information security terms and principles that allow information security professionals worldwide to address matters pertaining to the profession with a common understanding.

www.isc2.org

Thanks for taking the time to learn about my CISSP training about information system security

return to the top