Description

Overview

This course will teach students about information systems risk. Topics covered include risk identification, assessment, evaluation, response, and monitoring, as well as information systems control design and implementation.

Series Taught By: John Glover

Available CEUs for Course Series Completion: 6
Students can earn up to 6 CEUs for fully completing this course series. This information will be displayed on the certificate of completion. Learn More

Course Details

  • 39:52:00 Hours
  • 12 Months Access
  • Presented by highly qualified, industry leading experts

About this Course

Certified Information Systems Security Professional (CISSP) is regarded as one of the most valuable certifications for IT security professionals – and companies. There’s a good explanation for it. The CISSP certification not only verifies that you have the abilities to create, execute, and manage your company’s cybersecurity initiatives. The CISSP also verifies that you have the necessary experience. For all of its certifications, (ISC)2 maintains a strict qualifying system that includes verifiable work experience and sponsorship. For the CISSP, you must have a minimum of five (5) years of paid job experience in two or more of the CISSP CBK’s eight domains.

The CISSP course is built on teaching the eight-core domains of information security, which give candidates all of the knowledge they need to get a thorough grasp of the subject and pass the CISSP test. This (ISC)2 training may be utilised for CISSP test preparation, onboarding new security professionals, individual or team training programmes, or as an (ISC)2 reference resource for anybody who manages an IT team. This study guide will help you pass the famous Certified Information Systems Security Professional (CISSP) certification exam

  • Security and Risk Management
  • Asset Security
  • Security Architecture and Engineering
  • Communication and Network Security
  • Identity and Access Management (IAM)
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security

Objectives

DOMAIN 1 – SECURITY AND RISK MANAGEMENT


Module 1:

An understanding of what confidentiality, integrity, and availability is and how it applies to information security and how to apply those concepts in the real world

How to apply security governance principles

An understanding of compliance, and how it plays a huge role within security and risk management

How legal and regulatory issues about cybersecurity within a global context

Module 2:

Understanding professional ethics

How to develop and implement documented security policies, standards, procedures, and guidelines and the differences between them

Understand the fundamentals of business continuity requirements How to contribute to personnel security policies

Understanding personnel security policies

Module 3:

An introduction to risk, including qualitative and quantitative risk assessments

How to identify threats and vulnerabilities

The risk assessment analysis process, including risk assignment or acceptance

The different security and audit frameworks and methodologies, and how to implement the program elements

Risk frameworks

Module 4:

Threat modelling and how to apply these modes within your environment

How to integrate security risk considerations into acquisitions strategy and practice

How to establish and manage security education, training, and awareness within your organization

DOMAIN 2 – ASSET SECURITY


Module 1:

Classifying Information and Supporting Assets

Determine and Maintain Ownership

Protect Privacy

Module 2:

Ensure Appropriate Retention

Determine Data Security Controls

Establish Handling Requirements

Module 3:

Conducting or facilitating internal and third-party audits

DOMAIN 3 – SECURITY ARCHITECTURE AND ENGINEERING


Module 1:

Implement and manage an engineering life cycle using security design principles

Understand fundamental concepts of security models

Security Frameworks

Module 2:

Capturing and assessing requirements

Select controls and countermeasures based upon information systems security standards

Understand the security capabilities of information systems

Module 3:

Vulnerabilities of system architectures

Cloud Computing

Key encryption and cyphers

Symmetric and asymmetric cryptography

Module 4:

The history of cryptography

Principles and life-cycles of cryptography

Public key infrastructure (PKI)

Digital signatures and digital rights management

Module 5:

Common attacks against cryptography

Assess and mitigate vulnerabilities in web-based systems

Assess and mitigate vulnerabilities in mobile systems

Module 6:

Assess and mitigate vulnerabilities in embedded devices and cyber-physical systems

Apply secure principles to site and facility design

Design and implement facility security

DOMAIN 4 – COMMUNICATION AND NETWORK SECURITY


Module 1:

Apply secure design principles and network architecture

IP Version 6, ports, protocols and network categories

Wireless networks, network scaling, security issues and network segmentation

Module 2:

Securing network components

Instant messaging, VPNs, In-transit encryption and remote access

Casting, network topologies, VLANs, SDN/SDS architecture

Module 3:

Prevent or mitigate network attacks

IDS/IPS, network scanning and network attacks

DOMAIN 5 – IDENTITY AND ACCESS MANAGEMENT


Module 1:

Identity and access management

Managing identification and authentication of people and devices

Module 2:

Managing systems features supporting and enforcing access control

Accountability

Module 3:

Identity as a Service

Integrating third-party identity services

Implementing and managing authorization mechanisms

Preventing or mitigating access control attacks

Managing the identity and access provisioning lifecycle

DOMAIN 6 – SECURITY ASSESSMENT AND TESTING


Module 1:

Security assessment and testing

Security control testing

Module 2:

Security throughout the development life-cycle

Maintenance tasks

Collecting security process data

Module 3:

Conducting or facilitating internal and third-party audits

DOMAIN 7 – SECURITY OPERATIONS


Module 1:

Understanding and supporting investigations

Understanding requirements for investigation types

Conducting logging and monitoring activities

Securing provisioning of resources through configuration management

Understanding and applying foundational security operations concepts

Module 2:

Employing resource protection techniques

Conducting incident response

Operating and maintaining preventative measures

Implementing and supporting patch and vulnerability management

Participating in and understanding change management processes

Module 3:

Implementing recovery strategies

Implementing disaster recovery processes

Testing the disaster recovery plan

Module 4:

Participating in business continuity planning

Implementing and managing physical security

Participating in personnel safety

DOMAIN 8 – SOFTWARE DEVELOPMENT SECURITY


Module 1:

Understanding and applying security in the software development life cycle

Enforcing security controls in the development environment

Module 2:

The Database environment

Software Development and the world of the web

Module 3:

Considerations or secure software development

Assessing the effectiveness of software security

Assessing software acquisition security

Audience

Security professionals that are new to the field or are in the process of becoming one. If you’re a new security professional, you’re undoubtedly starting to realise how vast and deep the pool of possible knowledge is in this industry. Risk management and asset security, architecture and engineering, communication and network security, and a variety of other skills will be required. This CISSP certification course is classified as professional-level (ISC)2, which implies it was created with security experts in mind. This CISSP methodology skills course is for security professionals with at least five years of experience managing and implementing a security policy.

You might not be able to get certified right now due to the CISSP’s experience criteria, but that doesn’t mean you won’t gain a lot from this course.

Prerequisites

You must have a least five years of full-time professional work experience in two or more of the CISSP – (ISC)2 CBK 2021 domains to get your CISSP certification. The (ISC)2 associate title is awarded to a qualified individual with fewer than five years of experience.

NOTE: (ISC)² has specific requirements that need to be fulfilled before candidates are allowed to sit exams. For detailed information on what these are, please visit the (ISC)² certification website.

Course Outline

SECURITY AND RISK MANAGEMENT

  • Overview
  • Understand Adhere, Promote Professional Ethics
  • Understand And Apply Security Concepts (CIA)
  • Evaluate And Apply Security Governance Principles
  • Determine Compliance And Other Requirements
  • Legal, Regulatory Issues For Information Security
  • Spotlight On The GDPR
  • Understand Requirements For Investigation Types
  • Security Policy, Standards, Procedures, Guidelines
  • Identify, Analyze, Prioritize BC Requirements
  • Personnel Security Policies And Procedures
  • Understand, Apply Risk Management Concepts
  • Spotlight On The Risk Management Framework
  • Threat Modeling Concepts And Methodologies
  • Apply Supply Chain Risk Management (SCRM) Concepts
  • Security Awareness, Education And Training Program
  • Security And Risk Management Key Points

ASSET SECURITY

  • Identify And Classify Information, Assets
  • Establish Information, Asset Handling Requirements
  • Provision Resources Securely
  • Manage Data Lifecycle
  • Ensure Appropriate Asset Retention
  • Data Security Controls And Compliance Requirements
  • Assets Security – Key Points

SECURITY ARCHITECTURE AND ENGINEERING

  • Engineering Process Using Secure Design Principles
  • Fundamental Concepts Of Security Models
  • Controls Based Upon System Security Requirements
  • Security Capabilities Of Information Systems–Vocab
  • Security Capabilities Of Information Systems – CPU
  • Security Capabilities Of Info Systems – Memory
  • Assess And Mitigate Vulnerabilities – The Basics
  • Assess And Mitigate Vulnerabilities – The Rest
  • Spotlight On Cryptographic Solutions – Symmetric
  • Spotlight On Cryptographic Solutions – Asymmetric
  • Spotlight On Cryptographic Solutions – PKI & Certs
  • Spotlight On Cryptographic Solutions – Hashing
  • Cryptographic Solutions – Digital Signing
  • Understand Methods Of Cryptanalytic Attacks
  • Security Principles For Site And Facility Design
  • Design Site And Facility Security Controls
  • Spotlight On Fire Control
  • Security Architecture & Engineering – Key Points

COMMUNICATION AND NETWORK SECURITY

  • Spotlight On The OSI Model
  • Spotlight On Internet Protocol (IP) Networking
  • Spotlight On IPsec
  • Spotlight On Secure Protocols
  • Implications Of Converged & Multilayer Protocols
  • Spotlight On Micro-Segmentation
  • Wireless, Cellular & Content Distribution Networks
  • Secure Network Components
  • Implement secure communication channels
  • Communications & Network Security – Key Points

IDENTITY AND ACCESS MANAGEMENT (IAM)

  • Control Physical And Logical Access To Assets
  • Manage Identification And Authentication
  • Federated Identity With A Third-Party Service
  • Implement, Manage Auth Mechanisms – Vocab
  • Implement, Manage Auth Mechanisms – Models
  • Manage the identity, access provisioning lifecycle
  • Implement Authentication Systems
  • Spotlight On Kerberos
  • Spotlight On Federated Identity Management (FIM)
  • Identity Access Management (IAM) – Key Points

SECURITY ASSESSMENT AND TESTING

  • Assessment, Test, & Security Audit Strategies
  • Spotlight On System And Org Controls Reports (SOC)
  • Conduct Security Control Testing – The Basics
  • Conduct Security Control Testing – The Rest
  • Collect Security Process Data
  • Analyze Test Output And Generate Reports
  • Security Assessment And Testing – Key Points

SECURITY OPERATIONS

  • Understand And Comply With Investigations
  • Conduct Logging & Monitoring Activities
  • Conduct logging & monitoring activities – threat
  • Perform Configuration Management (CM)
  • Apply Foundational Security Operations Concepts
  • Apply resource protection
  • Conduct Incident Management
  • Detective & Preventative Measures
  • Patch & Vulnerability Management
  • Understand & Participate In Change Management
  • Implement Recovery Strategies
  • Implement Disaster Recovery (DR) Processes
  • Test Disaster Recovery Plans (DRP)
  • Business Continuity (BC) Planning & Exercises
  • Implement And Manage Physical Security
  • Address Personnel Safety And Security Concerns
  • Security Operations – Key Points

SOFTWARE DEVELOPMENT SECURITY

  • Spotlight On The Software Development Life Cycle
  • Certs & Accreditation Verification & Validation
  • Security In The SDLC – Methodologies
  • Security In The SDLC – Maturity Models
  • Security In The SDLC – Odds & Ends
  • Apply Controls In Development Ecosystems – Basics
  • Apply Controls In Development Ecosystems – Rest
  • Spotlight On The OWASP TOP 10
  • Assess The Effectiveness Of Software Security
  • Assess Security Impact Of Acquired Software
  • Define, Apply Secure Coding Guidelines, Standards
  • Spotlight On Databases
  • Software Development Security – Key Points

THE CISSP TOOLBOX

  • What Is The CISSP Toolbox?
  • Who Are You?
  • What Does Your Study Plan Look Like?
  • What is your timeline?