Introduction

To obtain the CISSP certification, candidates need to pass an exam that consists of mostly multiple-choice questions. The purpose of this course is to prepare you for the certification exam by introducing you to the concepts and terminology you need to know to pass.

This course is designed to provide you with extensive knowledge, learning strategies, and instructor support along the way. In addition to the exam, you must meet a few other requirements in order to become a Certified Information Systems Security Professional. You must demonstrate that you follow the CISSP Code of Ethics, have a minimum of five years full-time paid work experience in the systems security field, and hold an IS or IT degree. At the end of this course  you will be equipped with everything you need to successfully pass the exam and earn your CISSP certification.

Course Objectives of Certified Information Systems Security Professional (CISSP)

Throughout this course, you will learn about:

• Basics of Security Governance, asset security, cryptography
• Basics of security and risk management, various threats and attacks.
• Understanding of the regulations, laws, policies, standards, and encryption protocols.
• Explore the different security models & designs, Thereats & Attacks
• The terminology for Network Architecture & Traffic

prerequisites for Certified Information Systems Security Professional (CISSP)

Basic knowledge in networking and some knowledge of systems operations

Target Audience for Certified Information Systems Security Professional (CISSP)

• Chief Information Security Officer
• Chief Information Officer
• Director of Security
• IT Director/Manager
• Security Systems Engineer
• Security Analyst
• Security Manager
• Security Auditor
• Security Architect
• Security Consultant
• Network Architect

Course Outline for Certified Information Systems Security Professional (CISSP)

Day 1

Security Governance

• CIA Triad: Confidentiality, Integrity & Availability

• Identification, Authentication, Authorization, Auditing, and Accounting

• Threat Modeling

• Security Policies

• Risk Management

Laws, Standards and Regulations

• Professional Ethics

Day 2

Data and Asset Security

Classifying Data and Assets

• Data Ownership

• Storing and Disposing of Data

Cryptography

• Introduction to Cryptography

• Asymmetric and Symmetric Encryption

• Ciphers

• Public Key Infrastructure (PKI)

• Hashing Algorithms

• Cryptographic Attacks

Day 3

Security Models and Design

• Security Design Principles

• Security Models

• System Security Requirements

• Physical Security

Threats and Attacks

• Motives

• Attack Vectors

• Threat Classification

• Attack Classification

Day 4

Network Architecture

• OSI vs. TCP/IP

• TCP/IP

• Wireless Access Point

• Wireless Network Attacks

• Firewalls

• Network Hardware

• Network Topologies

Network Traffic

• Network Security Mechanisms

• Email Security

• VPN and Virtualization

• Network Address Translation (NAT)

• Wide-Area Networks (WANs)

• Network Attack Mitigation

Identification and Authentication

• Access Control

Day 5

Security Assessments

• Security Assessments and Audits

• Penetration Testing

• Vulnerability Assessments

• Software Testing

Disaster Prevention, Response, and Recovery

• Security Operations

• Responding to Incidents

• Log - Monitor - Audit

• Software Development Security Principles

• The Software Development Lifecycle (SDLC)

• Data and Information Storage

• Malicious Code

How to Prepare for the Exam