(ISC)² CISSP – 2021

Overview

Certified Information Systems Security Professional (CISSP) is regarded as one of the most valuable certifications for IT security professionals and companies. There's a good reason for this. The CISSP certification verifies that you have the ability to create, execute, and manage your company's cybersecurity initiatives, along with your experience. For all of its certifications, (ISC)2 maintains a strict qualifying system that includes verifiable work experience and sponsorship. For the CISSP, you must have a minimum of five (5) years of paid job experience in two or more of the CISSP CBK's eight domains.

The CISSP course is built on teaching the eight-core domains of information security, which gives candidates all of the knowledge they need to get a thorough grasp of the subject and pass the CISSP test. This (ISC)2 training may be utilized for CISSP test preparation, onboarding new security professionals, individual or team training programs, or as an (ISC)2 reference resource for anybody who manages an IT team. 

• Security and Risk Management

• Asset Security

• Security Architecture and Engineering

• Communication and Network Security

• Identity and Access Management (IAM)

• Security Assessment and Testing

• Security Operations

• Software Development Security

Objectives

DOMAIN 1 - SECURITY AND RISK MANAGEMENT
Module 1:

• An understanding of what confidentiality, integrity, and availability is and how it applies to information security and how to apply those concepts in the real world
• How to apply security governance principles
• An understanding of compliance, and how it plays a huge role within security and risk management
• How legal and regulatory issues about cybersecurity within a global context

Module 2:

• Understanding professional ethics 
• How to develop and implement documented security policies, standards, procedures, and guidelines and the differences between them 
• Understand the fundamentals of business continuity requirements How to contribute to personnel security policies 
• Understanding personnel security policies

Module 3:

• An introduction to risk, including qualitative and quantitative risk assessments
• How to identify threats and vulnerabilities
• The risk assessment analysis process, including risk assignment or acceptance
• The different security and audit frameworks and methodologies, and how to implement the program elements
• Risk frameworks

Module 4:

• Threat modelling and how to apply these modes within your environment
• How to integrate security risk considerations into acquisitions strategy and practice
• How to establish and manage security education, training, and awareness within your organization

DOMAIN 2 - ASSET SECURITY
Module 1:

• Classifying Information and Supporting Assets
• Determine and Maintain Ownership
• Protect Privacy
• Module 2:
• Ensure Appropriate Retention
• Determine Data Security Controls
• Establish Handling Requirements

Module 3:

• Conducting or facilitating internal and third-party audits

DOMAIN 3 - SECURITY ARCHITECTURE AND ENGINEERING
Module 1:

• Implement and manage an engineering life cycle using security design principles
• Understand fundamental concepts of security models
• Security Frameworks

Module 2:

• Capturing and assessing requirements
• Select controls and countermeasures based upon information systems security standards
• Understand the security capabilities of information systems

Module 3:

• Vulnerabilities of system architectures
• Cloud Computing
• Key encryption and cyphers
• Symmetric and asymmetric cryptography

Module 4:

• The history of cryptography
• Principles and life-cycles of cryptography
• Public key infrastructure (PKI)
• Digital signatures and digital rights management

Module 5:

• Common attacks against cryptography
• Assess and mitigate vulnerabilities in web-based systems
• Assess and mitigate vulnerabilities in mobile systems

Module 6:

• Assess and mitigate vulnerabilities in embedded devices and cyber-physical systems
• Apply secure principles to site and facility design
• Design and implement facility security

DOMAIN 4 - COMMUNICATION AND NETWORK SECURITY
Module 1:

• Apply secure design principles and network architecture
• IP Version 6, ports, protocols and network categories
• Wireless networks, network scaling, security issues and network segmentation

Module 2:

• Securing network components
• Instant messaging, VPNs, In-transit encryption and remote access
• Casting, network topologies, VLANs, SDN/SDS architecture

Module 3:

• Prevent or mitigate network attacks
• IDS/IPS, network scanning and network attacks

DOMAIN 5 - IDENTITY AND ACCESS MANAGEMENT
Module 1:

• Identity and access management
• Managing identification and authentication of people and devices

Module 2:

• Managing systems features supporting and enforcing access control
• Accountability

Module 3:

• Identity as a Service 
• Integrating third-party identity services
• Implementing and managing authorization mechanisms
• Preventing or mitigating access control attacks
• Managing the identity and access provisioning lifecycle

 
DOMAIN 6 - SECURITY ASSESSMENT AND TESTING
Module 1:

• Security assessment and testing
• Security control testing

Module 2:

• Security throughout the development life-cycle
• Maintenance tasks
• Collecting security process data

Module 3:

• Conducting or facilitating internal and third-party audits

DOMAIN 7 - SECURITY OPERATIONS 
Module 1:

• Understanding and supporting investigations
• Understanding requirements for investigation types
• Conducting logging and monitoring activities
• Securing provisioning of resources through configuration management
• Understanding and applying foundational security operations concepts

Module 2:

• Employing resource protection techniques
• Conducting incident response
• Operating and maintaining preventative measures
• Implementing and supporting patch and vulnerability management
• Participating in and understanding change management processes

Module 3:

• Implementing recovery strategies
• Implementing disaster recovery processes
• Testing the disaster recovery plan

Module 4:

• Participating in business continuity planning
• Implementing and managing physical security
• Participating in personnel safety

DOMAIN 8 - SOFTWARE DEVELOPMENT SECURITY
Module 1:

• Understanding and applying security in the software development life cycle
• Enforcing security controls in the development environment

Module 2:

• The Database environment
• Software Development and the world of the web

Module 3:

• Considerations or secure software development
• Assessing the effectiveness of software security
• Assessing software acquisition security

Prerequisites

You must have a least five years of full-time professional work experience in two or more of the CISSP – (ISC)2 CBK 2021 domains to get your CISSP certification. The (ISC)2 associate title is awarded to a qualified individual with fewer than five years of experience.

NOTE: (ISC)²  has specific requirements that need to be fulfilled before candidates are allowed to sit exams. For detailed information on what these are, please visit the (ISC)²  certification website.

Target Audience

Security professionals that are new to the field or are in the process of becoming one. If you're a new security professional, you're undoubtedly starting to realize how vast and deep the pool of knowledge is in this industry. Risk management and asset security, architecture and engineering, communication and network security, and a variety of other skills will be required.  This CISSP certification course is classified as professional-level (ISC)2, which implies it was created with security experts in mind. This CISSP methodology skills course is for security professionals with at least five years of experience managing and implementing a security policy.

You might not be able to get certified right now due to the CISSP's experience criteria, but that doesn't mean you won't gain a lot from this course.