Certified Information System Security Professional

Certified Information System Security Professional (5 Days)

The CISSP certification is arguably more important than ever for cyber security professionals. This certification is critical because it provides a necessary overall grasp of IT security. Subjects covered range from how you build a lock, to securing access, to understanding the legal ramifications of security.

Requirement:

Possess a minimum of five years of direct full-time security work experience in two or more of the (ISC)² information security domains (CBK). One year may be waived for having either a four-year college degree, a master’s degree in Information Security, or for possessing one of a number of other certifications. A candidate without the five years of experience may earn the Associate of (ISC)² designation by passing the required CISSP examination, valid for a maximum of six years. During those six years a candidate will need to obtain the required experience and submit the required endorsement form for certification as a CISSP

Benefits of CISSP:

  • CISSP certification is recognized across the globe in more than 160 countries and this is a highly respected credential ever for security professionals.
  • Over three decades it has been gaining attention of most security specialist.
  • According to a survey CISSP certified professionals earn 26% more salary than the IT- Professionals.

CISSP certification is the ideal credential for those with proven deep technical and managerial competence, skills, experience, and credibility to design, engineer, implement, and manage their overall information security program to protect organizations from growing sophisticated attacks

CISSP Exam Weight:

                    Domains                                                                                                                        Weight
1. Security and Risk Management                                                                                                   15%
2. Asset Security                                                                                                                                  10%
3. Security Architecture and Engineering                                                                                       13%
4. Communication and Network Security                                                                                       14%
5. Identity and Access Management (IAM)                                                                                    13%
6. Security Assessment and Testing                                                                                                 12%
7. Security Operations                                                                                                                        13%
8. Software Development Security                                                                                                   10%

CISSP Training Outline

The fundamental eight domains of Information Security are taught during this certification, providing delegates with all the information they require to pass the exam.

The following subjects will be taught during the CISSP Certification:

  1. Security and Risk Management:
  • Confidentiality, Integrity, and Availability Concepts
  • Security Governance Principles
  • Compliance
  • Legal and Regulatory Issues
  • Professional Ethics
  • Security Policies, Standards, Procedures, and Guidelines

 

  1. Asset Security:
  • Information and Asset Classification
  • Ownership
  • Protect Privacy
  • Appropriate Retention
  • Data Security Controls
  • Handling Requirements

 

  1. Security Architecture and Engineering
  • Engineering Processes using Secure Design Principles
  • Security Models Fundamental Concepts
  • Security Evaluation Models
  • Security Capabilities of Information Systems
  • Security Architectures, Designs, and Solution Elements Vulnerabilities
  • Web-based Systems Vulnerabilities
  • Mobile Systems Vulnerabilities
  • Embedded Devices and Cyber-Physical Systems Vulnerabilities
  • Cryptography
  • Site and Facility Design Secure Principles
  • Physical Security

 

  1. Communication and Network Security:
  • Secure Network Architecture Design
  • Secure Network Components
  • Secure Communication Channels
  • Network Attacks

 

  1. Identity and Access Management (IAM):
  • Physical and Logical Assets Control
  • Identification and Authentication of People and Devices
  • Identity as a Service
  • Third-party Identity Services
  • Access Control Attacks
  • Identity and Access Provisioning Lifecycle

 

  1. Security Assessment and Testing:
  • Assessment and Test Strategies
  • Security Process Data
  • Security Control Testing
  • Test Outputs
  • Security Architectures Vulnerabilities

 

  1. Security Operations:
  • Investigations Support and Requirements
  • Logging and Monitoring Activities
  • Provisioning of Resources
  • Foundational Security Operations Concepts
  • Resource Protection Techniques
  • Incident Management
  • Preventative Measures
  • Patch and Vulnerability Management
  • Change Management Processes
  • Recovery Strategies
  • Disaster Recovery Processes and Plans
  • Business Continuity Planning and Exercises
  • Physical Security
  • Personnel Safety Concerns

 

  1. Software Development Security:
  • Security in the Software Development Lifecycle
  • Development Environment Security Controls
  • Software Security Effectiveness
  • Acquired Software Security Impact