DURATION: 5 days (~40 hours)
COURSE INTRODUCTION
Certified Information Systems Security Professional (CISSP) is the most globally recognized certification in the information security market. Required buy some of the world’s most security-conscious organization, the CISSP is considered the gold standard credential that assures information security leaders posses the breadth of knowledge, skills and experience required tp credibly build and manage the security posture of an organization.
Backed by (ISC)², the global leader in information security certfication, CISSPs have earned their place as trusted advisors. Their expertise plays a critical role in helping organizations integrate stronger security protocols and protect against threats in an increasingly complex cyber security landscape.
CISSP was the first credential in the field of information to meet the stringent requirements of IOS/IEC Standard 17024. Not only is the CISSP an objective measure of excellence, but also a globally recognized standard of achievement.
AUDIENCE
- Security Consultant
- Security Analyst
- Security Manager
- Security Systems Engineer
- IT Director/Manager
- Chief Information Security Officer
- Security Auditor
- Director of Security
- Security Architect
- Network Architect
- Anyone who is preparing for the CISSP certification
Prerequisites
- Security Principles or equivalent knowledge
- At least 2 years of working experience in the security field
COMPLETION CERTIFICATE
After finish the course, student will receive completion certificate issued by SmartPro.
COURSE CONTENT
1. Access Control
- A collection of mechanisms that work together to create security architecture to protect the assets of the information system
- Concepts/Methodologies/Techniques
- Effectiveness
- Attacks
2. Telecommunications and Network Security
- Discusses network structures, transmission methods, transport formats and security measures used to provide availability, integrity, and confidentiality
- Network Architecture and Design
- Communication Channels
- Network Components
- Network Attacks
3. Information Security Governance and Risk Management
- The identification of an organization’s information assets and the development, documentation and implementation of policies, standards, procedures, and guidelines
- Security Governance and Policy
- Information Classification/Ownership
- Contractual Agreements and Procurement Processes
- Risk Management Concepts
- Personnel Security
- Security Education, Training and Awareness
- Certification and Accreditation
4. Software Development Security
- Refers to the controls that are included within systems and applications software and the steps used in their development
- Systems Development Life Cycle (SDLC)
- Application Environment and Security Controls
- Effectiveness of Application Security
5. Cryptography
- The principles, means and methods of disguising information to ensure its integrity, confidentiality, and authenticity
- Encryption Concepts
- Digital Signatures
- Cryptanalytic Attacks
- Public Key Infrastructure (PKI)
- Information Hiding Alternatives
6. Security Architecture and Design
- Contains the concepts, principles, structures and standards used to design, implement, monitor, and secure, operating systems, equipment, networks, applications, and those controls used to enforce various levels of confidentiality, integrity, and availability
- Fundamental Concepts of Security Models
- Capabilities of Information Systems (e.g. memory protection, virtualization)
- Countermeasure Principles
- Vulnerabilities and Threats (e.g. cloud computing, aggregation, data flow control)
7. Operations Security
- Used to identify the controls over hardware, media and the operators with access privileges to any of these resources
- Resource Protection
- Incident Response
- Attack Prevention and Response
- Patch and Vulnerability Management
8. Business Continuity and Disaster Recovery Planning
- Addresses the preservation of the business in the face of major disruptions to normal business operations
- Business Impact Analysis
- Recovery Strategy
- Disaster Recovery Process
- Provide Training
9. Legal, Regulations, Investigations and Compliance
- Addresses computer crime laws and regulations, the investigative measures and techniques that can be used to determine if a crime has been committed, and methods to gather evidence
- Legal issues
- Investigations
- Forensic procedures
- Compliance Requirements/Procedures
10. Physical (Environmental) Security
- Addresses the threats, vulnerabilities, and countermeasures that can be utilized to physically protect an enterprise’s resources and sensitive information
- Site/Facility Design Considerations
- Perimeter Security
- Internal Security
- Facilities Security
11. Test-Taking Tips and Study Techniques
- Preparation for the CISSP Exam
- Submitting Required Paperwork
- Resources and Study Aids
- Passing the Exam the First Time
12. Q&A/Final test