CISSP Training Course (5 days) 

Why Learn CISSP?

Certified Information Systems Security Professional certification is recognised as a key qualification for developing a senior career in information security, audit and IT governance management. Held by over 30,000 qualified professionals worldwide, the Certified Information Systems Security Professional qualification shows proven knowledge and is the key to a higher earning potential in roles that include CISO, CSO and senior security manager.

 

Course details

You will learn to:

  • Use the knowledge gained in a practical manner beneficial to your organisation

  • Protect your organisational assets using access control techniques and strengthen confidentiality and integrity controls from the world of cryptography

  • Secure your network architecture and design (implement Cyber security)

  • Achieve your organisational objectives such as legal & compliance, Information assurance, security and data governance

  • Enhance IT services secure delivery via Security operations, architecture and design principles

  • Implement business resiliency via Business Continuity Plan

  • You will gain a thorough understanding of the 8 domains as prescribed by (ISC)2®.

 

Audience

This training is intended for individuals preparing for the CISSP certification exam.

 

Course Outline

 

Module 1: Principles and Policies

 

Security Governance Through Principles and Policies

 

  • Understand and Apply Concepts of Confidentiality, Integrity, and Availability

  • Apply Security Governance Principles

  • Develop and Implement Documented Security Policy, Standards, Procedures, and Guidelines

  • Understand and Apply Threat Modeling

  • Integrate Security Risk Considerations into Acquisition

 

Module 2: Security and Risk Management

 

Personnel Security and Risk Management Concepts

 

  • Contribute to Personnel Security Policies 

  • Security Governance 

  • Understand and Apply Risk Management Concepts 

  • Establish and Manage Information Security Education, Training, and Awareness 

  • Manage the Security Functions

 

Module 3: Business Continuity Planning

 

Business Continuity Planning

 

  • Planning for Business Continuity

  • Project Scope and Planning

  • Business Impact Assessment

  • Continuity Planning

  • BCP Documentation

 

Module 4: Laws and Regulation

 

Laws, Regulations, and Compliance

 

  • Categories of Laws

  • Laws

  • Compliance

  • Contracting and Procurement

 

Module 5: Security and Assets

 

Protecting Security of Assets

 

  • Classifying and Labeling Assets

  • ID Data Roles

  • Protecting Privacy

 

Module 6: Cryptography

 

Cryptography and Symmetric Key Algorithms

 

  • Historical Milestones in Cryptography

  • Cryptographic Basics

  • Modern Cryptography

  • Symmetric Cryptography

  • Cryptographic Life Cycle

 

PKI and Cryptographic Application

 

  • Asymmetric Cryptography

  • Hash Functions

  • Digital Signatures

  • Public Key Infrastructure

  • Asymmetric Key Management

  • Applied Cryptography

  • Cryptography Attacks

 

Module 7: Principles of Security Models

 

Principles of Security Models, Design, and Capabilities 

 

  • Implement and Manage Engineering Processes Using Secure Design Principles 

  • Understand the Fundamental Concepts of Security Models  

  • Select Controls and Countermeasures Based on Systems Security Evaluation Models 

  • Understand Security Capabilities of Information Systems

 

Module 8: Security Vulnerabilities

 

Security Vulnerabilities, Threats, and Countermeasures

 

  • Assess and Mitigate Security Vulnerabilities

  • Client Based

  • Server Based

  • Database Security

  • Distributed Systems

  • Industrial Control Systems

  • Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical Systems

  • Essential Security Protection Mechanisms

  • Common Architecture Flaws and Security Issues

 

Module 9: Physical Security

 

Physical Security Requirements

 

  • Apply Secure Principles to Site and Facility Design

  • Design and Implement Physical Security

  • Implement and Manage Physical Security

 

Module 10: Network Architecture and Components

 

Secure Network Architecture and Securing Network Components

 

  • OSI Model

  • TCP/IP Model

  • Converged Protocols

  • Wireless Networks

  • General Wi-Fi Security Procedure

  • Cabling, Wireless, Topology, and Communications Technology

 

Module 11: Communications and Attacks

 

Secure Communications and Network Attacks

 

  • Network and Protocol Security Mechanisms

  • Secure Voice Communications

  • Multimedia Collaboration

  • Manage Email Security Remote Access Security Management

  • Virtual Private Network

  • Virtualization

  • Network Address Translation

  • Switching Technologies

  • WAN Technologies

  • Miscellaneous Security Control Characteristics

  • Security Boundaries

  • Prevent or Mitigate Network Attacks

 

Module 12: Identity and Authentication

 

Managing Identity and Authentication

 

  • Controlling Access to Assets 

  • Comparing Identification and Authentication 

  • Implementing Identity Management 

  • Managing the Identity and Access Provisioning Life Cycle

Module 13: Access

 

Controlling and Monitoring Access

 

  • Comparing Access Control Models 

  • Understanding Access Control Attacks

 

Module 14: Security Assessment

 

Security Assessment and Testing

 

  • Building a Security Assessment and Testing Program  

  • Performing Vulnerability Assessments 

  • Testing Your Software 

  • Implementing Security Management Processes

 

Module 15: Security Operations

 

Managing Security Operations

 

  • Applying Security Operations Concepts

  • Provisioning and Managing Resources

  • Managing Configuration

  • Managing Change

  • Managing Patches and reducing Vulnerabilities

 

Module 16: Incidents

 

Preventing and Responding to Incidents

 

  • Managing Incident Response

  • Implementing Preventative Measures

  • Logging, Monitoring, and Auditing

 

Module 17: Disaster Recovery Planning

 

Disaster Recovery Planning

 

  • The Nature of Disaster

  • Understand System Resiliencies and Fault tolerance

  • Recovery Strategy

  • Recovery Plan Development

  • Training, Awareness, and Documentation

  • Testing and Maintenance

 

Module 18: Incidents and Ethics

 

Incidents and Ethics

 

  • Investigations

  • Major Categories of Computer Crime

  • Incident Handling

  • Ethics

 

Module 19: Software Development Security

 

Software Development Security

 

  • Introducing Systems Development Controls

  • Establishing Databases and Data Warehouses

  • Storing Data and Information

  • Understanding Knowledge Based Systems

 

Module 20: Security and Attacks

 

Malicious Code and Application Attacks

 

  • Malicious Code Password Attacks

  • Application Attacks

  • Web Application Security

  • Reconnaissance Attacks

  • Masquerade Attacks