CISSP Training and Certification Exam Preparation

Important CISSP Certification Course Outline

Security and Risk Management

Aligning security and risk to organizational objectives

• Evaluate and apply security governance principles
• Implement policies, standards and procedures
• Applying compliance

Applying risk management concepts

• Assessing threats and vulnerabilities
• Performing risk analysis and control
• Defining qualitative and quantitative analysis

Preserving the business

• Adhering to Business Continuity Management Code of Practice and Specifications
• Performing a business impact analysis

Investigating legal measures and techniques

• Reviewing intellectual property, liability and law, and compliance
• Differentiating traditional computer crime
• Establish information and asset handling requirements

Asset Security

Examining security models and frameworks

• The Information Security Triad and multi-level models
• Investigating industry standards: ISO 27001/27002
• Evaluating security model fundamental concepts

Exploring system and component security concepts

• Certification and accreditation criteria and models
• Reviewing mobile system/cloud/IoT vulnerabilities

Protecting information by applying cryptography

• Detailing symmetric and asymmetric encryption systems
• Ensuring message integrity through hashing
• Uncovering threats to cryptographic systems

Safeguarding physical resources

• Designing environments to resist hostile acts and threats

Communication and Network Security

Defining a secure network architecture

• TCP/IP and other protocol models
• Protecting from network attacks
• Reviewing secure network components and communication channels

Examining secure networks and components

• Identifying wired and wireless technologies
• Implementing firewalls, secure communications, proxies, and tunnels

Identity and Access Management (IAM)

Controlling access to protect assets

• Defining administrative, technical and physical controls
• Implementing centralized and decentralized approaches
• Investigating biometric and multi-factor authentication
• Identifying common threats
• Manage the identity and access provisioning lifecyle

Security Assessment and Testing

Designing and conducting security assessment strategies

• Leveraging the role of testing and auditing to analyze the effectiveness of security controls
• Differentiating detection and protection systems

Conducting logging and monitoring activities

• Distinguishing between the roles of internal and external audits
• Conduct or facilitate security audits

Security Operations

Maintaining operational resilience

• Managing security services effectively
• Leveraging and supporting investigations and incident response
• Differentiating detection and protection systems
• Securely provisioning resources

Developing a recovery strategy

• Designing a disaster recovery plan
• Implementing test and maintenance processes
• Provisioning of resources

Software Development Security

Securing the software development life cycle

• Applying software development methods and security controls
• Addressing database security concepts and issues
• Define and apply secure coding guidelines and standards
• Reviewing software security effectiveness and security impact