CISSP - Certified Information Systems Security Professional

Certified Information Systems Security Professional (CISSP) is one of the world's premier cybersecurity certifications offered for professionals worldwide. This CISSP certification course is ideal for professionals who are looking to demonstrate their knowledge across different security practices and principles. This 5-day Certified Information Systems Security Professional (CISSP) certification is governed by the not-for-profit International Information Systems Security Certification Consortium (ISC)2.

Training Logo
Overview

The Certified Information Systems Security Professional (CISSP) is the most globally recognized certification in the information security market. CISSP validates an information security professional’s deep technical and managerial knowledge and experience to effectively design, engineer, and manage the overall security posture of an organization. The broad spectrum of topics included in the CISSP Common Body of Knowledge (CBK) ensures its relevance across all disciplines in the field of information security. Successful candidates are competent in the following 8 domains:

  • Duration
    40 hours
  • Batches
    Customizable as per your need
  • Suitable for
    Security professionals and information security students etc.
  • Course Details
    Download PDF
What you will learn
  • A holistic understanding of information security aspects in an organization
  • Defining the architecture, design, and management of IT security
  • Necessary skills required to become a CISSP certified professional
  • Gain a thorough understanding of all the 8 domains prescribed in the ISC2 CISSP Common Body of Knowledge (CBK)
  • Optimizing security operations in an enterprise
  • Access control systems and various methodologies that complement IT Security and governance for an enterprise
background

Course Agenda

01

Security and Risk Management

  • Understand and apply concepts of confidentiality, integrity and availability
  • Evaluate and apply security governance principles => Alignment of security function to business strategy, goals, mission, and objectives, Organizational processes (e.g., acquisitions, divestitures, governance committees), Organizational roles and responsibilities, Security control frameworks, Due care/due diligence
  • Determine compliance requirements => Contractual, legal, industry standards, and regulatory requirements, Privacy requirements
  • Understand legal and regulatory issues that pertain to information security in a global -context. => Cybercrimes and data breaches, Licensing and intellectual property requirements, Import/export controls Trans-border data flow, Privacy
  • Understand, adhere to, and promote professional ethics => (ISC)² Code of Professional Ethics, Organizational code of ethics
  • Develop, document, and implement security policy, standards, procedures, and guidelines
  • Identify, analyse, and prioritize Business Continuity (BC) requirements => Develop and document scope and plan, Business Impact Analysis (BIA)
  • Contribute to and enforce personnel security policies and procedures => Candidate screening and hiring, Employment agreements and policies, on boarding and termination processes, Vendor, consultant, and contractor agreements and controls, Compliance policy requirements, Privacy policy requirements
  • Understand and apply risk management concepts => Identify threats and vulnerabilities, Risk assessment/analysis, Risk response, Countermeasure selection and implementation, Applicable types of controls (e.g., preventive, detective, corrective), Security Control Assessment (SCA), Monitoring and measurement, Asset valuation, Reporting, Continuous improvement, Risk frameworks
  • Understand and apply threat modelling concepts and methodologies => Threat modelling methodologies, Threat modelling concepts
  • Apply risk-based management concepts to the supply chain => Risks associated with hardware, software, and service, Third-party assessment and monitoring, Minimum security requirements, Service-level requirements
  • Establish and maintain a security awareness, education, and training program => Methods and techniques to present awareness and training, Periodic content reviews, Program effectiveness evaluation

02

Asset Security

  • Identify and classify information and assets => Data classification, Asset Classification
  • Determine and maintain information and asset ownership
  • Protect privacy => Data owners, Data processors, Data reminisce, Collection limitation
  • Ensure appropriate asset retention
  • Determine data security controls => Understand data states, Scoping and tailoring, Standards selection, Data protection methods
  • Establish information and asset handling requirements

03

Security Architecture and Engineering

  • Implement and manage engineering processes using secure design principles
  • Understand the fundamental concepts of security models
  • Select controls based upon systems security requirements
  • Understand security capabilities of information systems (e.g., memory protection, Trusted Platform Module (TPM), encryption/decryption)
  • Assess and mitigate the vulnerabilities of security architectures, designs, and solution => Client-based systems, Server-based systems, Database systems, Cryptographic systems, Industrial Control Systems (ICS), Cloud-based systems, Distributed systems, Internet of Things (IOT)
  • Assess and mitigate vulnerabilities in web-based systems.
  • Assess and mitigate vulnerabilities in mobile systems.
  • Assess and mitigate vulnerabilities in embedded devices
  • Apply cryptography => Cryptographic life cycle (e.g., key management, algorithm selection), Cryptographic methods (e.g., symmetric, asymmetric, elliptic curves), Public Key Infrastructure (PKI), Key management practices, Digital signatures, Non-repudiation, Integrity (e.g., hashing), Understand methods of cryptanalytic attacks
  • Digital Rights Management (DRM
  • Apply security principles to site and facility design
  • Implement site and facility security controls => Wiring closets/intermediate distribution facilities, Server rooms/data centres, Media storage facilities, Evidence storage, Restricted and work area security, Utilities and Heating, Ventilation, and Air Conditioning (HVAC), Environmental issues, Fire prevention, detection, and suppression

04

Communication and Network Security

  • Implement secure design principles in network architectures => Open System Interconnection (OSI) and Transmission Control Protocol/Internet Protocol (TCP/IP) models, Internet Protocol (IP) networking, Implications of multilayer protocols, converged protocols, Software-defined networks, Wireless networks
  • Secure network components => Operation of hardware, Transmission media, Network Access Control (NAC) devices, Endpoint security, Content-distribution networks
  • Implement secure communication channels according to design => Voice, Multimedia, Remote access, Data communications, Virtualized networks

05

Identity and Access Management (IAM)

06

Security Assessment and Testing

07

Security Operations

08

Software Development Security

background

Why Choose us?

Over 200 classes are scheduled conveniently every year with small training groups and industry experienced faculties that provides:

  • One-Stop shop for IT Training
  • Companywide IT Training Solutions
  • Interactive Teaching Methodology
  • Job Oriented Training Solutions
  • Flexible modes of training
  • Recorded sessions are available
  • Live Project Experience

In a hurry? Let's chat!

Contact us on Whatsapp
logo
Our Locations
Quick Contact