CISSP Training | Certified Information Systems Security Professional

What is CISSP?

Certified Informations System Security Professional also known as CISSP is a course which aim to teach security professionals about the all aspects of information security and the technology involved.  The courses overall purpose is to give security professionals more knowledge and information on information security. The CISSP course further provides in sights into other domains in which average information security personnel won’t have extensive knowledge in. There are 8 CISSP topics which are:

• Security and risk management Software Operation Security Engineering involves security evaluation models and fundamental concepts.

• Communications and Network Security and communication channels involves network attacks, secure communication management and secure network design.

• Identity and access management includes access to controls attacks, third party identity services, physical and logical asset control and cloud identity.

• Protection Operations Software development security covers acquired software impact, software security effectiveness, security in the software development lifecycle and development environment security controls.

• Asset Defence includes information and asset classification, protect privacy, ownership, appropriate retention,data security controls and handling requirements.

• Security assessment and testing

Seven of the eight activities are infused throughout the CISSP course to increase the level of knowledge retention. These activities consist of group discussion, open ended questions and other participate type based activities. These interactive activities are based on sound adult theories. The CISSP course is for professionals who recently have 5 years of experience in more than one domain and are currently in the process of acquiring more experience in order to advance their careers. The CISSP course is ideal to people in such professions as IT Manager, security analyst and protection auditor. These professions are perfect for the CISSP course but the CISSP course isn't exclusive to those professions for other professions may require extensive knowledge in information technology. The CISSP course lasts 5 days. The examination is computer based, multiple choice, 6 hours, 250 questions and the pass mark is 700/1000 or 70%. Even Though the pass mark is quite high, the pass rate is also very high. But what are the benefits of the course? Well, the CISSP course helps employees stand out of the competitive information security market, may increase salary by 1.5, ignites crucial knowledge and information and it shows a strong commitment to the field of information security.

In addition CISSP is beneficial for employers because it allows them to be experts in the field of information protection so they can build and maintain a security program, employees have up to date information so they can deal with recent and new threats and gives other clients security as the organization's reputation, in terms of information security, is good. Therefore they will be more likely to become the organization's client and or partner. As you can see CISSP has a lot of benefits for all parties involved. This is because the CISSP course is a development tool that increases employees knowledge and how they applicate the knowledge in a realistic scenario. This helps increase productivity and efficiency within any information protection department. It is clear that it is the best course for fairly new information security careers.

Exam Structure

• The exam is booked separately and is taken at a Pearson Vue Test Centre
• Multiple choice
• 6 hours
• 250 questions
• Computer-based
• Pass mark  700/1000

What will you learn?                                          

• How to apply appropriate retention and security controls
• How to handle requirements with markings and labels
• How to use the correct protection principles
• How to evaluate security models
• How to manage web-based and mobile system vulnerable
• How to embed system vulnerabilities

Course Outline

Introduction

Security and Risk Management

• Availability concepts
• Governance principles
• Compliance
• Legal issues
• Regulatory issues
• Professional ethic
• Security policies
• Standards
• Procedures
• Guidelines

Asset Security

• Information classification
• Asset classification
• Ownership
• Privacy protecting
• Retention
• Data security controls
• Handling requirements

Security Engineering

• Engineering processes
• Design principles
• Fundamental concepts
• Evaluation models
• Information systems
• Security capabilities
• Security architecture
• Mobile systems
• Embedded devices
• System vulnerabilities
• Cryptography
• Site design
• Facility design
• Physical security

Communication and network security

• Secure network architecture
• Network components
• Communication channels
• Network attacks

Identity and access management

• Logical asset control
• Identification
• Authentication
• Service identity
• Third-party identity services
• Control attacks
• Identity lifecycle
• Access lifecycle

Security assessment

• Assessment strategies
• Test strategies
• Process data
• Control testing
• Test outputs
• Security architectures

Security Operations

• Investigating support and requirements
• Logging and monitoring activities
• Provisioning of resources
• Foundational security concepts
• Resource protection techniques
• Incident management
• Preventative measures
• Vulnerability management
• Change management processes
• Recovery strategies
• Disaster recovery processes
• Business continuity planning
• Physical security
• Personnel safety concerns

Software Development Security

• Security in the software development lifecycle
• Development environment security controls
• Software security effectiveness
• Acquired software security impact

Conclusion