Description
Overview
This course will teach students about information systems risk. Topics covered include risk identification, assessment, evaluation, response, and monitoring, as well as information systems control design and implementation.
Series Taught By: John Glover
Available CEUs for Course Series Completion: 6
Students can earn up to 6 CEUs for fully completing this course series. This information will be displayed on the certificate of completion. Learn More
Course Details
- 39:52:00 Hours
- 12 Months Access
- Presented by highly qualified, industry leading experts
About this Course
Certified Information Systems Security Professional (CISSP) is regarded as one of the most valuable certifications for IT security professionals – and companies. There’s a good explanation for it. The CISSP certification not only verifies that you have the abilities to create, execute, and manage your company’s cybersecurity initiatives. The CISSP also verifies that you have the necessary experience. For all of its certifications, (ISC)2 maintains a strict qualifying system that includes verifiable work experience and sponsorship. For the CISSP, you must have a minimum of five (5) years of paid job experience in two or more of the CISSP CBK’s eight domains.
The CISSP course is built on teaching the eight-core domains of information security, which give candidates all of the knowledge they need to get a thorough grasp of the subject and pass the CISSP test. This (ISC)2 training may be utilised for CISSP test preparation, onboarding new security professionals, individual or team training programmes, or as an (ISC)2 reference resource for anybody who manages an IT team. This study guide will help you pass the famous Certified Information Systems Security Professional (CISSP) certification exam
- Security and Risk Management
- Asset Security
- Security Architecture and Engineering
- Communication and Network Security
- Identity and Access Management (IAM)
- Security Assessment and Testing
- Security Operations
- Software Development Security
Objectives
DOMAIN 1 – SECURITY AND RISK MANAGEMENT
Module 1:
An understanding of what confidentiality, integrity, and availability is and how it applies to information security and how to apply those concepts in the real world
How to apply security governance principles
An understanding of compliance, and how it plays a huge role within security and risk management
How legal and regulatory issues about cybersecurity within a global context
Module 2:
Understanding professional ethics
How to develop and implement documented security policies, standards, procedures, and guidelines and the differences between them
Understand the fundamentals of business continuity requirements How to contribute to personnel security policies
Understanding personnel security policies
Module 3:
An introduction to risk, including qualitative and quantitative risk assessments
How to identify threats and vulnerabilities
The risk assessment analysis process, including risk assignment or acceptance
The different security and audit frameworks and methodologies, and how to implement the program elements
Risk frameworks
Module 4:
Threat modelling and how to apply these modes within your environment
How to integrate security risk considerations into acquisitions strategy and practice
How to establish and manage security education, training, and awareness within your organization
DOMAIN 2 – ASSET SECURITY
Module 1:
Classifying Information and Supporting Assets
Determine and Maintain Ownership
Protect Privacy
Module 2:
Ensure Appropriate Retention
Determine Data Security Controls
Establish Handling Requirements
Module 3:
Conducting or facilitating internal and third-party audits
DOMAIN 3 – SECURITY ARCHITECTURE AND ENGINEERING
Module 1:
Implement and manage an engineering life cycle using security design principles
Understand fundamental concepts of security models
Security Frameworks
Module 2:
Capturing and assessing requirements
Select controls and countermeasures based upon information systems security standards
Understand the security capabilities of information systems
Module 3:
Vulnerabilities of system architectures
Cloud Computing
Key encryption and cyphers
Symmetric and asymmetric cryptography
Module 4:
The history of cryptography
Principles and life-cycles of cryptography
Public key infrastructure (PKI)
Digital signatures and digital rights management
Module 5:
Common attacks against cryptography
Assess and mitigate vulnerabilities in web-based systems
Assess and mitigate vulnerabilities in mobile systems
Module 6:
Assess and mitigate vulnerabilities in embedded devices and cyber-physical systems
Apply secure principles to site and facility design
Design and implement facility security
DOMAIN 4 – COMMUNICATION AND NETWORK SECURITY
Module 1:
Apply secure design principles and network architecture
IP Version 6, ports, protocols and network categories
Wireless networks, network scaling, security issues and network segmentation
Module 2:
Securing network components
Instant messaging, VPNs, In-transit encryption and remote access
Casting, network topologies, VLANs, SDN/SDS architecture
Module 3:
Prevent or mitigate network attacks
IDS/IPS, network scanning and network attacks
DOMAIN 5 – IDENTITY AND ACCESS MANAGEMENT
Module 1:
Identity and access management
Managing identification and authentication of people and devices
Module 2:
Managing systems features supporting and enforcing access control
Accountability
Module 3:
Identity as a Service
Integrating third-party identity services
Implementing and managing authorization mechanisms
Preventing or mitigating access control attacks
Managing the identity and access provisioning lifecycle
DOMAIN 6 – SECURITY ASSESSMENT AND TESTING
Module 1:
Security assessment and testing
Security control testing
Module 2:
Security throughout the development life-cycle
Maintenance tasks
Collecting security process data
Module 3:
Conducting or facilitating internal and third-party audits
DOMAIN 7 – SECURITY OPERATIONS
Module 1:
Understanding and supporting investigations
Understanding requirements for investigation types
Conducting logging and monitoring activities
Securing provisioning of resources through configuration management
Understanding and applying foundational security operations concepts
Module 2:
Employing resource protection techniques
Conducting incident response
Operating and maintaining preventative measures
Implementing and supporting patch and vulnerability management
Participating in and understanding change management processes
Module 3:
Implementing recovery strategies
Implementing disaster recovery processes
Testing the disaster recovery plan
Module 4:
Participating in business continuity planning
Implementing and managing physical security
Participating in personnel safety
DOMAIN 8 – SOFTWARE DEVELOPMENT SECURITY
Module 1:
Understanding and applying security in the software development life cycle
Enforcing security controls in the development environment
Module 2:
The Database environment
Software Development and the world of the web
Module 3:
Considerations or secure software development
Assessing the effectiveness of software security
Assessing software acquisition security
Audience
Security professionals that are new to the field or are in the process of becoming one. If you’re a new security professional, you’re undoubtedly starting to realise how vast and deep the pool of possible knowledge is in this industry. Risk management and asset security, architecture and engineering, communication and network security, and a variety of other skills will be required. This CISSP certification course is classified as professional-level (ISC)2, which implies it was created with security experts in mind. This CISSP methodology skills course is for security professionals with at least five years of experience managing and implementing a security policy.
You might not be able to get certified right now due to the CISSP’s experience criteria, but that doesn’t mean you won’t gain a lot from this course.
Prerequisites
You must have a least five years of full-time professional work experience in two or more of the CISSP – (ISC)2 CBK 2021 domains to get your CISSP certification. The (ISC)2 associate title is awarded to a qualified individual with fewer than five years of experience.
NOTE: (ISC)² has specific requirements that need to be fulfilled before candidates are allowed to sit exams. For detailed information on what these are, please visit the (ISC)² certification website.
Course Outline
SECURITY AND RISK MANAGEMENT
- Overview
- Understand Adhere, Promote Professional Ethics
- Understand And Apply Security Concepts (CIA)
- Evaluate And Apply Security Governance Principles
- Determine Compliance And Other Requirements
- Legal, Regulatory Issues For Information Security
- Spotlight On The GDPR
- Understand Requirements For Investigation Types
- Security Policy, Standards, Procedures, Guidelines
- Identify, Analyze, Prioritize BC Requirements
- Personnel Security Policies And Procedures
- Understand, Apply Risk Management Concepts
- Spotlight On The Risk Management Framework
- Threat Modeling Concepts And Methodologies
- Apply Supply Chain Risk Management (SCRM) Concepts
- Security Awareness, Education And Training Program
- Security And Risk Management Key Points
ASSET SECURITY
- Identify And Classify Information, Assets
- Establish Information, Asset Handling Requirements
- Provision Resources Securely
- Manage Data Lifecycle
- Ensure Appropriate Asset Retention
- Data Security Controls And Compliance Requirements
- Assets Security – Key Points
SECURITY ARCHITECTURE AND ENGINEERING
- Engineering Process Using Secure Design Principles
- Fundamental Concepts Of Security Models
- Controls Based Upon System Security Requirements
- Security Capabilities Of Information Systems–Vocab
- Security Capabilities Of Information Systems – CPU
- Security Capabilities Of Info Systems – Memory
- Assess And Mitigate Vulnerabilities – The Basics
- Assess And Mitigate Vulnerabilities – The Rest
- Spotlight On Cryptographic Solutions – Symmetric
- Spotlight On Cryptographic Solutions – Asymmetric
- Spotlight On Cryptographic Solutions – PKI & Certs
- Spotlight On Cryptographic Solutions – Hashing
- Cryptographic Solutions – Digital Signing
- Understand Methods Of Cryptanalytic Attacks
- Security Principles For Site And Facility Design
- Design Site And Facility Security Controls
- Spotlight On Fire Control
- Security Architecture & Engineering – Key Points
COMMUNICATION AND NETWORK SECURITY
- Spotlight On The OSI Model
- Spotlight On Internet Protocol (IP) Networking
- Spotlight On IPsec
- Spotlight On Secure Protocols
- Implications Of Converged & Multilayer Protocols
- Spotlight On Micro-Segmentation
- Wireless, Cellular & Content Distribution Networks
- Secure Network Components
- Implement secure communication channels
- Communications & Network Security – Key Points
IDENTITY AND ACCESS MANAGEMENT (IAM)
- Control Physical And Logical Access To Assets
- Manage Identification And Authentication
- Federated Identity With A Third-Party Service
- Implement, Manage Auth Mechanisms – Vocab
- Implement, Manage Auth Mechanisms – Models
- Manage the identity, access provisioning lifecycle
- Implement Authentication Systems
- Spotlight On Kerberos
- Spotlight On Federated Identity Management (FIM)
- Identity Access Management (IAM) – Key Points
SECURITY ASSESSMENT AND TESTING
- Assessment, Test, & Security Audit Strategies
- Spotlight On System And Org Controls Reports (SOC)
- Conduct Security Control Testing – The Basics
- Conduct Security Control Testing – The Rest
- Collect Security Process Data
- Analyze Test Output And Generate Reports
- Security Assessment And Testing – Key Points
SECURITY OPERATIONS
- Understand And Comply With Investigations
- Conduct Logging & Monitoring Activities
- Conduct logging & monitoring activities – threat
- Perform Configuration Management (CM)
- Apply Foundational Security Operations Concepts
- Apply resource protection
- Conduct Incident Management
- Detective & Preventative Measures
- Patch & Vulnerability Management
- Understand & Participate In Change Management
- Implement Recovery Strategies
- Implement Disaster Recovery (DR) Processes
- Test Disaster Recovery Plans (DRP)
- Business Continuity (BC) Planning & Exercises
- Implement And Manage Physical Security
- Address Personnel Safety And Security Concerns
- Security Operations – Key Points
SOFTWARE DEVELOPMENT SECURITY
- Spotlight On The Software Development Life Cycle
- Certs & Accreditation Verification & Validation
- Security In The SDLC – Methodologies
- Security In The SDLC – Maturity Models
- Security In The SDLC – Odds & Ends
- Apply Controls In Development Ecosystems – Basics
- Apply Controls In Development Ecosystems – Rest
- Spotlight On The OWASP TOP 10
- Assess The Effectiveness Of Software Security
- Assess Security Impact Of Acquired Software
- Define, Apply Secure Coding Guidelines, Standards
- Spotlight On Databases
- Software Development Security – Key Points
THE CISSP TOOLBOX
- What Is The CISSP Toolbox?
- Who Are You?
- What Does Your Study Plan Look Like?
- What is your timeline?