Certified Information Systems Security Professional CISSP

Introduction

The Certified Information Systems Security Professional (CISSP) course is a comprehensive and advanced program designed to equip participants with the knowledge and skills required to excel in the dynamic field of information security. This course is meticulously crafted to address the latest challenges and emerging threats faced by organizations in safeguarding their critical assets and information systems. Participants will delve into cutting-edge concepts, methodologies, and best practices, preparing them to achieve the globally recognized CISSP certification and become proficient information security professionals.

Objectives

• Provide participants with a deep understanding of the eight domains covered in the CISSP Common Body of Knowledge (CBK), including Security and Risk Management, Asset Security, Security Architecture and Engineering, Communication and Network Security, Identity and Access Management (IAM), Security Assessment and Testing, Security Operations, and Software Development Security.

• Equip participants with the expertise to develop, implement, and manage robust information security programs aligned with organizational objectives and compliance requirements.

• Enable participants to effectively identify, assess, and mitigate various types of security risks and vulnerabilities across diverse IT environments, from traditional to cloud-based infrastructures.

• Enhance participants' ability to design and deploy secure architectures, technologies, and solutions to protect against evolving cyber threats and attacks.

• Empower participants to apply industry-leading security frameworks, standards, and best practices to enhance the resilience and integrity of information systems and assets.

Course Outline

Day 1

 Introduction to CISSP and Security Governance

• Overview of CISSP certification and CBK domains
• Security and Risk Management principles and concepts
• Legal, regulatory, and ethical considerations
• Security policies, standards, procedures, and guidelines
• Governance, risk management, and compliance (GRC) frameworks

Day 2

 Asset Security and Security Architecture

• Asset classification and management
• Data privacy and protection mechanisms
• Security architecture principles and models
• Secure design principles for network and systems architecture
• Cryptography and encryption techniques

Day 3

 Communication and Network Security

• Secure communication channels and protocols
• Network architecture and design considerations
• Secure transmission media and technologies
• Network access control and perimeter security
• Wireless security and mobile device management

Day 4

 Identity and Access Management (IAM) and Security Assessment

• Identity management and access control models
• Authentication and authorization mechanisms
• Security assessment and testing methodologies
• Vulnerability assessment and penetration testing
• Security audits and compliance assessments

Day 5

 Security Operations and Software Development Security

• Incident response and management procedures
• Disaster recovery and business continuity planning
• Security operations management
• Secure software development lifecycle (SDLC) practices
• Code reviews, secure coding guidelines, and application security testing