Businesses make substantial investments in information assets, including technology, architecture, and processes. These assets are protected on the strengths of the professionals in charge.
Industry standards, ethics and certification of IS professionals becomes critical to ensuring that higher standards for security are achieved. Training for the CISSP exam covers all ten domains of the Common Body of Knowledge.
This course should be attended by network and firewall administrators, information security officers, and anyone interested in understanding the principles, best practices, and core concepts of information systems security.
Our CISSP training is an advanced course designed to meet the high demands of the information security industry by preparing students for the Certified Information Systems Security Professional (CISSP) exam. This certification is managed by the internationally recognized and highly prestigious International Information Systems Security Certifications Consortium ISC².
This 5-day course can be delivered onsite with exceptional pricing to audiences of at least six students. Please call for a location-specific quote.
The exam covers ISC²'s ten domains from the Common Body of Knowledge (CBK), encompassing the whole of information security. The exam consists of 250 multiple-choice questions. Candidates have up to 6 hours to complete the examination.
- Discusses all ten domains of Common Body of Knowledge (CBK), helping to prepare for the CISSP exam.
- The CBK is the compilation and distillation of all information systems security material collected internationally of relevance to information system security professionals.
- Ensures information system security professionals have an opportunity to review the CBK in-depth, in preparation for the certification examination and to stay current on the ever-evolving domains within the information system security field.
- Presents a high-level review of the main topics
- Identifies specific areas students should study for exam preparation
- Provides an overview of the scope of the field
1. Security Management Practices
Security management concepts
Policies, standards, guidelines, and procedures
Security awareness concepts
Risk management practices
Basic information on classification levels
Security management entails the identification of an organization's information assets and the development, documentation, and implementation of policies, standards, procedures, and guidelines.
Management tools such as data classification and risk assessment and analysis are used to identify threats, classify assets, and to rate system vulnerabilities so that effective controls can be implemented.
2. Access Control Systems
Access controls are a collection of administrative, physical, and technical mechanisms that work together within a security architecture to protect the assets of an information system. Coverage of the threats, vulnerabilities, and risks associated with an information system's infrastructure, and the available preventive and detective measures to counter them.
3. Telecommunications, Network, and Internet Security|
Security measures providing availability, integrity, and confidentiality
Authentication for transmissions over public and private communications networks
Addresses the principles, means, and methods of disguising information to ensure its integrity, confidentiality and authenticity.
Symmetric Key Cryptosystem Fundamentals
Asymmetric Key Cryptosystem Fundamentals
Key Distribution and Management Issues
Public Key Infrastructure Definitions and Concepts
5. Security Architecture and Models
Concepts, principles, structures, and standards used to design, monitor, and secure operating systems, equipment, networks, applications and those controls used to enforce various levels of confidentiality, availability, and integrity.
Certification and accreditation
Formal security models
Information flow models
6. Operations Security
Identifies the controls over hardware and media, and the operators and administrators with access privileges to any of these resources. Auditing and monitoring provide the mechanisms, tools, and facilities that permit the identification of security events. Subsequent actions identify key elements and report pertinent information to the appropriate individual, group, or process.
7. Applications and Systems Development Security
Addresses the important security concepts that apply to application software development. Outlines the environment where software is designed and developed and explains the critical role software plays in providing information system security.
The software development life cycle
Artificial intelligence systems
Database security issues
8. Business Continuity Planning and Disaster Recovery Planning
Addresses the preservation and recovery of business operations in the event of outages. Differences between business continuity planning and disaster recovery.
Project scope and planning, business impact analysis
Recovery plan development
Recovery plan development, implementation and restoration
9. Law, Investigations, and Ethics
Computer crime laws and regulations
The measures and technologies used to investigate computer crime incidents
Laws applying to computer crimes
How to determine if a crime has occurred
The basic of conducting an investigation
Liabilities under the law
10. Physical Security
Provides protection techniques for the entire facility, from the outside perimeter to inside office space, including all information system resources.
Elements involved in choosing a secure site, its design and configuration
Methods for securing a facility against unauthorized access
Methods for securing the equipment against theft of the equipment or its contained information
Environmental and safety measures needed to protect personnel, the facility and its resources