CISSP Training Course

This Certified Information Systems Security Professional (CISSP) is a thorough course specifically designed to provide you with the currently prevalent information security tools used by professionals to tackle new challenges of this field. This course consists of 8 domains that will be taught to trainees in detail. The course covers the following topics:

Course Outline

Domain 1: Security and Risk Management

• Understand and Apply the Concepts of Confidentiality, Integrity, and Availability
• Evaluate and Apply Security Governance Principles
• Develop, Document, and Implement Security Policies, Standards, Procedures, and Guidelines
• Understand and Apply Threat Modelling Concepts and Methodologies
• Contribute to and Enforce Personnel Security Policies and Procedures
• Understand and Apply Risk Management Concepts
• Establish and Maintain a Security Awareness, Education, and Training Program
• Identify, Analyse and Prioritise Business Continuity Requirements
• Determine Compliance Requirements
• Understand legal and Regulatory Issues that Pertain to Information Security in a Global Context

Domain 2: Asset Security

• Identify and Classify Information and Assets
• Determining Ownership
• Using Security Baselines
• Protect Privacy

Domain 3: Security Architecture and Engineering

• Implement and Manage Engineering Processes Using Secure Design Principles
• Understand The Fundamental Concepts of Security Models
• Select Controls Based Upon Systems Security Requirements
• Understand Security Capabilities of Information Systems
• Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, And Solution Elements
• Assess and Mitigate Vulnerabilities in Web-Based System, Mobile Systems, and Embedded Devices
• Apply Cryptography
• Apply Security Principles to Site and Facility Design
• Implement Site and Facility Security Controls

Domain 4: Communication and Network Security

• Implement Secure Design Principles in Network Architectures
• Secure Network Components
• Implement Secure Communication Channels According to Design

Domain 5: Identity and Access Management (IAM)

• Managing Identity and Authentication
• Controlling and Monitoring Access

Domain 6: Security Assessment and Testing

• Security Audit
• Performing Vulnerability Assessments
• Penetration Testing
• Log Reviews
• Synthetic Transactions
• Code Review and Testing
• Interface Testing
• Misuse Case Testing
• Test Coverage Analysis
• Collect Security Process Data
• Analyse Test Output and Generate Report

Domain 7: Security Operations

• Understand and Support Investigations
• Conduct Logging and Monitoring Activities
• Securely Provisioning Resources
• Understand and Apply Foundational Security Operations Concepts
• Apply Resource Protection Techniques
• Conduct Incident Management
• Operate and Maintain Detective and Preventative Measures
• Implement and Support Patch and Vulnerability Management
• Understand and Participate in Change Management Processes
• Implement Recovery Strategies
• Implement Disaster Recovery Processes
• Test Disaster Recovery Plans
• Implement and Manage Physical Security
• Address Personnel Safety and Security Concerns

Domain 8: Software Development Security

• Introducing Systems Development Controls
• Lifecycle Models
• Change and Configuration Management
• DevOps Approach
• Application Programming Interfaces
• Software Testing
• Code Repositories
• Service-Level Agreements
• Establishing Databases and Data Warehousing
• Database Management System Architecture
• Understanding Knowledge-Based Systems

Trainees should get the book Official (ISC)² Guide to the CISSP CBK Reference, 5th Edition, by John Warsinske.

It might also be useful for trainees before starting the course to enhance their learning and prepare you for your CISSP training.