Certified Information Systems Security Professional (CISSP)
The CISSP course covers all relevant concepts, case studies, and workshops for key technical areas across the eight domains. ISC2 has recently introduced the new ‘drag and drop’ questions; these form part of the course. If you do not pass first time, then attend our exam preparation again, free of charge. All our Trainers have extensive experience in delivering CISSP training around the world. They are Industry Certified Professionals who deliver our events with pride and passion.
Workshop activities include:
• Various Workshop/Labs allowing delegates to gain practical knowledge and reinforce understanding of the CISSP technical domains.
• Daily doubt clearing sessions and CISSP questions and discussions in evenings regarding discussed concepts
• Demonstrations and real world experience highlighting key points.
Upon successful completion of this course, students will have the skills necessary to:
• Use the knowledge gained in a practical manner beneficial to your organisation.
• Protect your organisational assets using access control techniques and strengthen confidentiality and integrity controls from the world of cryptography.
• Secure your network architecture and design (implement Cyber security).
• Achieve your organisational objectives such as legal & compliance, Information assurance, security and data governance.
• Enhance IT services secure delivery via Security operations, architecture and design principles.
• Implement business resiliency via Business Continuity Plan.
• You will gain a thorough understanding of the 8 domains as prescribed by (ISC)2®.
The Main Goal:
The ultimate goal is to pass your CISSP examination first time.
This is the course for you if you are aspiring to pass the CISSP examination!
Professionals needing to be CISSP Certified
Anyone who is required to develop a broad and deep knowledge and understanding of IT Security Principles and implementation
The 8 CISSP Domains:
Security and Risk Management
• Understand and apply concepts of confidentiality, integrity and availability
• Establish and manage information security education, training, and awareness
• Apply security governance principles
• Understand legal and regulatory issues that pertain to information security in a global context
• Understand professional ethics
• Develop and implement documented security policy, standards, procedures, and guidelines
• Understand business continuity requirements
• Contribute to personnel security policies
• Understand and apply risk management concepts
• Understand and apply threat modelling
• Integrate security risk considerations into acquisition strategy and practice
• Classify information and supporting assets (e.g., sensitivity, criticality)
• Determine and maintain ownership (e.g., data owners, system owners, business/mission owners)
• Protect privacy
• Ensure appropriate retention (e.g., media, hardware, personnel)
• Determine data security controls (e.g., data at rest, data in transit)
• Establish handling requirements (markings, labels, storage, destruction of sensitive information)
• Implement and manage engineering processes using secure design principles
• Understand the fundamental concepts of security models (e.g., Confidentiality, Integrity, and Multi-level Models)
• Select controls and countermeasures based upon systems security evaluation models
• Understand security capabilities of information systems (e.g., memory protection, virtualization, trusted platform module, interfaces, fault tolerance)
• Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements
Communications and Network Security
• Apply secure design principles to network architecture (e.g., IP & non-IP protocols, segmentation)
• Secure network components
• Design and establish secure communication channels
• Prevent or mitigate network attacks
Identity and Access Management
• Control physical and logical access to assets
• Manage identification and authentication of people and devices
• Integrate identity as a service (e.g., cloud identity)
• Integrate third-party identity services (e.g., on premise)
• Implement and manage authorization mechanisms
• Prevent or mitigate access control attacks
• Manage the identity and access provisioning lifecycle (e.g., provisioning, review)
Security Assessment and Testing
• Design and validate assessment and test strategies
• Conduct security control testing
• Collect security process data (e.g., management and operational controls)
• Analyse and report test outputs (e.g., automated, manual)
• Conduct or facilitate internal and third party audits
• Understand and support investigations
• Understand requirements for investigation types
• Conduct logging and monitoring activities
• Secure the provisioning of resources
• Understand and apply foundational security operations concepts
• Employ resource protection techniques
• Conduct incident management
Software Development Security
• Understand and apply security in the software development lifecycle
• Enforce security controls in development environments
• Assess the effectiveness of software security
• Assess security impact of acquired software
Duration: 5 Day
Cost: £2,145 + Vat
Information System Security Training Scotland, Glasgow, Edinburgh, Inverness, Aberdeen and onsite course available throughout the UK.