Course description

The CISSP training provides the knowledge and skills required to effectively design, plan, deliver and manage the overall security posture of an organisation. The training is designed to also help delegates to review their knowledge and focus their study on areas that require more attention for their CISSP exam.

Course content

The CISSP course comprises eight broad domains as listed below: Domain 1 – Security and Risk Management
  • Security governance principles
  • Compliance
  • Professional ethics
  • Security documentation
  • Risk management
  • Threat modelling
  • Business continuity planning fundamentals
  • Acquisition strategy and practice
  • Personnel security policies
  • Security awareness and training
Domain 2 – Asset Security
  • Asset classification
  • Privacy protection
  • Asset retention
  • Data security controls
  • Secure data handling
Domain 3 – Security Architecture and Engineering
  • Security in the engineering lifecycle
  • System component security
  • Security models
  • Controls and countermeasures in enterprise security
  • Information system security capabilities
  • Design and architecture vulnerabilities mitigation
  • Vulnerability mitigation in Mobile, IoT, Embedded and Web-based systems
  • Cryptography concepts
  • Cryptography techniques
  • Site and facility design for physical security
  • Physical security implementation in sites and facilities
Domain 4 – Communication and Network Security
  • Network protocol security
  • Network components security
  • Communication channel security
  • Network attack mitigation
Domain 5 – Identity and Access Management
  • Physical and logical access control
  • Identification. Authentication and Authorisation
  • Identity as a Service
  • Authorisation mechanisms
  • Access control attack mitigation
Domain 6 – Security Assessment and Testing
  • System security control testing
  • Software security control testing
  • Security process data collection
  • Audits
Domain 7 – Security Operations
  • Security operations concepts
  • Physical security
  • Personnel security
  • Logging and monitoring
  • Preventative measures
  • Resource provisioning and protection
  • Patch and vulnerability management
  • Change management
  • Incident response
  • Incident investigations
  • Disaster recovery planning
  • Disaster recovery strategies
  • Disaster recovery implementation
Domain 8 – Software Development Security
  • Security principles in system lifecycle
  • Security principles in software development lifecycle
  • Database security in software development
  • Security controls in the development environment
  • Software security effectiveness assessment

Course Objectives

Upon completion of CISSP training, delegates will be able to:

  • Understand and apply basic concepts and methods relating to the fields of information technology and security;
  • Align overall business operational goals with security functions and implementations;
  • Understand how to protect business assets throughout their lifecycle;
  • Understand the concepts, principles, structures and standards used to design, implement, monitor and secure operating systems, networks, applications, databases and equipment and those controls used to enforce various levels of confidentiality, integrity and availability;
  • Implement system security through the application of security design principles and application of appropriate security control mitigations for vulnerabilities present in common information system types and architecture;
  • Understand the importance of cryptography and the security services it can provide in today’s digital and information age;
  • Understand the impact of physical security elements on information system security and apply secure design principles to evaluate or recommend appropriate physical security protections;
  • Understand the elements of communication and network security coupled with adequate description of how the communication and network systems function as well as the implementation system and protocols of open system interconnection (OSI) model;
  • Identify standard terms for applying physical and logical access controls to environments related to their security practice;
  •  Appraise various access control models to meet business security requirements;
  • Name primary methods for designing and validating test and audit strategies that support business requirements;
  • Enhance and optimize a business operational function and capacity by applying and using appropriate security controls and countermeasures;
  • Identify risks to an organisation’s activities and assess specific threats, vulnerabilities and controls;
  • Understand the system lifecycle (SLC) and software development lifecycle (SDLC) and how to apply security to it; identify which security controls are appropriate for the development environment; and assess the effectiveness of software security.

Target audience

  • This course is suitable for mid-level to advanced professionals involved with IT architecture, web and cloud security engineering, information security governance, risk and compliance and IT auditing.

Location / Delivery

  • Classroom

Start date

  • October 7, 2019

Duration

  • 5 Days

Price

  • On request