Course Description

Course Overview

The ICS2 Certified Information Systems Security Professional (CISSP) course is a comprehensive training program designed to equip participants with the knowledge and skills required to become proficient information security professionals. The CISSP certification is globally recognized and validates the expertise necessary to design, implement, and manage a secure information security program within an organization. This globally recognized certification demonstrates their expertise and commitment to maintaining a high standard of professionalism in the field of information security by:

• Identify and mitigate security-related risks
• Operate in accordance with applicable laws, regulations, and ethics
• Apply secure design principles to all aspects of information security
• Develop and implement security policies, standards, procedures, and guidelines
• Identify, assess, and mitigate vulnerabilities in enterprise systems and networks
• Conduct security assessments and testing
• Monitor and respond to security incidents
• Develop and implement secure software and system development lifecycles

Prerequisites

To be eligible for the CISSP certification program, candidates must have at least five cumulative years of paid, full-time work experience in at least two of the eight domains of the CISSP Common Body of Knowledge. If the candidate holds a four-year college degree or equivalent, the experience requirement can be reduced to four years. Candidates must also agree to the CISSP Code of Ethics.

Methodology

The CISSP course employs a combination of theoretical instruction, hands-on practical exercises, and interactive discussions to ensure a comprehensive learning experience. Experienced instructors guide participants through the eight domains of the CISSP Common Body of Knowledge (CBK), covering topics such as security and risk management, asset security, cryptography, and security operations. Participants are encouraged to engage in group activities, case studies, and real-world simulations to reinforce their understanding and application of information security principles.

Course Outline

SECURITY AND RISK MANAGEMENT

Understand, adhere to, and promote professional ethics

Understand and apply security concepts

Evaluate and apply security governance principles

Determine compliance and other requirements

Understand legal and regulatory issues that pertain to information security in a holistic context

Understand requirements for investigation types (i.e., administrative, criminal, civil, regulatory, industry standards)

Develop, document, and implement security policy, standards, procedures, and guidelines

Identify, analyze, and prioritize Business Continuity (BC) requirements

Contribute to and enforce personnel security policies and procedures

Understand and apply risk management concepts

Understand and apply threat modeling concepts and methodologies

Apply Supply Chain Risk Management (SCRM) concepts

Establish and maintain a security awareness, education, and training program

ASSET SECURITY

Identify and classify information and assets

Establish information and asset handling requirements

Provision resources securely

Manage data lifecycle

Ensure appropriate asset retention (e.g., End-of-Life (EOL), End-of-Support (EOS))

Determine data security controls and compliance requirements

COMMUNICATION AND NETWORK SECURITY

Assess and implement secure design principles in network architectures

Secure network components

Implement secure communication channels according to design

SECURITY ARCHITECTURE AND ENGINEERING

Research, implement and manage engineering processes using secure design principles

Understand the fundamental concepts of security models (e.g., Biba, Star Model, Bell- LaPadula)

Select controls based upon systems security requirements

Understand security capabilities of Information Systems (IS) (e.g., memory protection, Trusted Platform Module (TPM), encryption/decryption)

Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements

Select and determine cryptographic solutions

Understand methods of cryptanalytic attacks

Apply security principles to site and facility design

Design site and facility security controls

IDENTITY AND ACCESS MANAGEMENT (IAM)

Control physical and logical access to assets

Manage identification and authentication of people, devices, and services

Federated identity with a third-party service

Implement and manage authorization mechanisms

Manage the identity and access provisioning lifecycle

Implement authentication systems

SECURITY ASSESSMENT AND TESTING

Design and validate assessment, test, and audit strategies

Conduct security control testing

Collect security process data (e.g., technical and administrative)

Analyze test output and generate report

Conduct or facilitate security audits

SECURITY OPERATIONS

Understand and comply with investigations

Conduct logging and monitoring activities

Perform Configuration Management (CM) (e.g., provisioning, baselining, automation)

Apply foundational security operations concepts

Apply resource protection

Conduct incident management

Operate and maintain detective and preventative measures

Implement and support patch and vulnerability management

Understand and participate in change management processes

Implement recovery strategies

Implement Disaster Recovery (DR) processes

Test Disaster Recovery Plans (DRP)

Participate in Business Continuity (BC) planning and exercises

Implement and manage physical security

Address personnel safety and security concerns

SOFTWARE DEVELOPMENT SECURITY

Understand and integrate security in the Software Development Life Cycle (SDLC)

Identify and apply security controls in software development ecosystems

Assess the effectiveness of software security

Assess security impact of acquired software

Define and apply secure code

Outcome

The CISSP certification ensures that the certified professionals have the necessary knowledge and skills to design, implement, and manage the overall security posture of an organization. The certification verifies that the certified professionals can identify, assess, and mitigate security-related risks, comply with applicable laws, regulations, and ethics, and apply secure design principles to all aspects of information security. 

Labs

The CISSP course includes practical labs that provide participants with hands-on experience in applying the knowledge gained throughout the training. These labs are designed to simulate real-world scenarios and allow participants to practice implementing security controls, conducting risk assessments, analyzing security incidents, and developing security policies. Participants will have the opportunity to work with industry-standard tools and technologies, gaining valuable practical skills that can be directly applied in their professional roles.

Exam Requirements

• Passing the CISSP exam is a requirement to receive CISSP certification. The exam consists of 250 multiple-choice questions and is based on the eight domains of the CISSP Common Body of Knowledge.
• The minimum passing score is 700/1000 points, and the exam duration is 6 hours.
• Candidates must also agree to the CISSP Code of Ethics and have at least five years of cumulative, paid, full-time work experience in at least two of the eight domains of the CISSP Common Body of Knowledge.

By completing the CISSP course and passing the certification exam, participants will join an elite group of information security professionals and earn the prestigious CISSP certification. This globally recognized certification demonstrates their expertise and commitment to maintaining a high standard of professionalism in the field of information security.