CISSP Certified Information Systems Security Professional

Duration: 
5 days
Codes: 
CISSP

Overview

Aimed at security professionals, this course surveys the entire information security landscape and the technologies involved. The course addresses the eight knowledge domains that comprise the common body of knowledge (CBK) for information systems security professionals and will help delegates prepare for CISSP certification.

The course offers a theory based approach to the security process, with opportunities to discuss the immediate application of concepts and techniques described in the CBK to the real world. It can be considered as providing a good introduction to security management, architecture and engineering.

The course comprises of eight sessions that map directly to the (CBK), each one is theory based with instructor led discussions; there are no hands on labs.

Examinations:

  • To book the CBT exam requires the candidate to acquire a Pearson VUE testing voucher. Please note, the price of the voucher is not included in the RRP of this course
  • https://www.isc2.org/certification-register-now.aspx
  • Delivery Method - Computer Adaptive Testing (CAT)
  • Length of exam – Up to 3 hours
  • Number of questions – 100 – 150
  • Question format – Multiple choice and advanced innovative questions
  • Passing grade – A passing score is 700 out of 1000 points

Q. If I have been studying for the CISSP exam with material that focuses on the current domains, will I be sufficiently prepared to take the new exam without additional study?

A. (ISC)² exams are experience-based that include experience-based questions that cannot be learned by studying alone. If you already have the experience in the domains covered in CISSP and believe that you have sufficiently studied those domains, you should feel confident that you are qualified to take the new exam and pass it. (ISC)² cannot guarantee you will pass the exam.

Audience

The CISSP is designed for experienced security professionals who want to expand their knowledge and gain an internationally recognised accreditation. It is is ideal for those working in positions such as:

  • Security Consultant
  • Security Manager
  • IT Director/Manager
  • Security Auditor
  • Security Architect
  • Security Analyst
  • Security Systems Engineer
  • Chief Information Security Officer
  • Director of Security
  • Network Architect

Whilst anyone can attend the course, please note that the CISSP accreditation is only available to those who meet the (ISC)2 entry requirements. Refer to the EXAMS section below for more information .

"Very thorough course. Expert trainer with great communication skills. Overall very happy."

Skills Gained

This 5-day training program is designed to fully prepare you for the CISSP exam. It focuses on the 8 Common Body of Knowledge areas designated by (ISC)2:

  • Security and Risk Management
  • Security Engineering
  • Security Assessment and Testing
  • Asset Security
  • Communications and Network Security
  • Identity and Access Management
  • Security in the Software Development Life Cycle
  • Security Operations

Prerequisites

Delegates should have experience in at least two of the domains in the (CBK), for 5 years or more (4 years if they have achieved relevant industry or degree level certifications) to achieve full certification. Associate status can be achieved without the full 4/5 years experience; full certification will be assigned when the correct amount of experience is obtained.

  • We recommend delegates have some knowledge of all CBK domains and are encouraged to read one or two of the books on the Reading List at ISC2.org.

We recommend that work completed in the classroom is complemented by extra reading to ensure success in the exam. The amount of extra reading required will depend on the amount of experience the delegate has. The 'mile wide, inch deep' description indicates the challenge to most delegates, not all will have 'hands on' experience spanning all 8 domains of the CBK.

Course Outline

This course covers the 8 domains of the CISSP Common Body of Knowledge as reorganised and updated in early 2015. The order of some topics has been altered to provide a better structure and a more consistent conceptual model. All topics of the new CBK are fully covered and the course provides full prep for the CISSP exam.

1. Introduction
  • Welcome and Administrivia
  • Course Overview
  • Review and Revision Techniques
  • References
  • Specialised References and Additional Reading
  • Other Resources
  • The “CISSP World-View”
  • The Exam
  • On the Day of the Exam
  • Exam Technique
  • After the Exam
  • CISSP Concentrations
  • Blended Learning Follow-up
2. Security and Risk Management
  • Security Properties of Information and Systems – The CIA Triad
  • Security Governance
    • Organizational Structure and Processes
    • Security Roles and Responsibilities
    • Reporting Relationships
    • Governance of Third Parties
  • Compliance, Legal and Regulatory Requirements
    • Privacy Requirements
      • Transborder Data Flows
      • Data Breaches
    • Intellectual Property
    • Computer Ethics and Professional Ethics
  • Risk Management Concepts
    • Definitions of Risk
    • Risk Management Processes (SP800-30, ISO27005)
    • Information Risk Analysis, Audit Frameworks and Methodologies
    • Countermeasures and Controls
      • Control Assessment, Testing and Monitoring
    • Threat Modeling
    • Business Continuity Requirements
      • Development of Business Continuity and Disaster Recovery Plans
    • Security Policies, Standards, Procedures, Guidelines
      • Personnel Security
    • Acquisitions Policy and Strategies
    • Security Education, Awareness and Training
3. Security Engineering
  • Security Engineering Lifecycle
  • Systems Architecture
  • Enterprise Security Architecture
  • Security Models
    • Mandatory Access Control Models
    • Discretionary Access Control
  • Evaluation, Certification and Accreditation
    • Evaluation Schemes
  • Security Implementation Guidelines, Frameworks and Standards
  • Database Security
  • Vulnerabilities
    • Architectural Vulnerabilities
    • Distributed Computing
    • Remote and Mobile Computing
    • Process Control and SCADA
    • Embedded Systems and the Internet of Things
  • Cryptology
    • Types of Cryptoprimitives
    • Classical Cryptography
    • Symmetric Cryptoprimitives
    • Unkeyed and Keyed Hashes
    • Public Key Cryptosystems
      • Authentication & Digital Signatures
      • Public Key Infrastructure
    • Key Management
    • Advanced Concepts – Quantum computing, etc.
    • Cryptanalysis and Attacks
  • Site Planning and Design
    • Security Survey
    • Crime Prevention Through Environmental Design
  • Facility Security
    • Physical Security Principles
    • Data Centers, Server Rooms and Wiring Closets
    • Secure Work Areas
4. Security Assessment and Testing
  • Security Audit, Assessment and Testing Concepts
    • First-Person and Third-Party Audits
  • Software Security Assessment
    • Unit Testing
    • Integration Testing
    • Regression Testing
    • Advanced Techniques and Tools – Fuzzers, Model Checkers, Automated Theorem Provers
  • Systems Security Assessment
  • Network Security Assessment
  • Networking Principles
    • Protocol Layers
    • ISO/OSI vs TCP/IP
  • Physical Layer
    • Local Area Network Protocols
    • Wide Area Network Protocols
    • Physical Layer Attacks
  • Network Layer
    • IP Addressing and Routing
    • IP Protocol Operation
    • ICMP Protocol
    • Dynamic Routing Protocols
    • Software Defined Networking
    • Network Layer Attacks
  • Transport Layer
    • Transport Layer Concepts
    • UDP
    • TCP
    • Other Transport Layer Protocols
    • Transport Layer Attacks
  • Application Layer
    • Application Layer Protocols
      • Directory Services – BIND, LDAP, etc.
      • Remote Access and File Transfer
      • Email
      • Web – HTTP
      • VoiP, Instant Messaging and Collaboration
    • Application Layer Vulnerabilities and Attacks
  • Network Security Testing and Assurance
  • Continuous Security Monitoring
5. Asset Security
  • Information Assets – Identification, Ownership
  • Data Standards and Policy
  • Information Classification
  • Handling Requirements
  • Data Retention Policy, Destruction and Disposal
6. Communications and Network Security
7. Identity and Access Management
  • Basic Concepts: Trust, Identity, Authentication and Access Control
  • Authentication Techniques
    • Password Management
    • Tokens, Badges, Smartcards and Other Devices
    • Biometric Techniques
  • Authorization and Access Control
    • Mandatory Access Control
      • Multi-Level Systems
      • Role-Based Access Control
      • Rule-Based Access Control
    • Discretionary Access Control
    • Capability-Based Systems
  • Federated Identity Management Systems
  • Identity Management Lifecycle
8. Security in the Software Development Life Cycle
  • Application Development Concepts
    • Programming Languages
    • Development Tools
    • Object-Oriented Concepts and Security
    • Third-Party Libraries and Frameworks
  • Vulnerabilities Introduced During Development
    • Buffer Overflows
    • Format String Vulnerabilities
    • Input /Output Sanitization
    • Citizen Programmers
    • Covert Channels
    • Time-of-Check/Time-of-Use Vulnerabilities
    • Object Reuse
    • Trapdoors and Backdoors
    • Executable Content and Mobile Code
  • Software Development Methodologies
    • Software Development Life Cycle
      • Security Activities in the SDLC
    • Prototyping, Iterative and Agile Techniques
    • Cleanroom and Formal Methods
    • Continuous Delivery and DevOps
    • Maturity Models
  • Databases and Data Warehouses
    • Database Concepts
    • Database Vulnerabilities and Controls
    • Unstructured Data and Knowledge Management
  • Web Application Security
    • Web Application Architectures and Languages
    • Common Vulnerabilities
      • SQL and Command Injection
      • Cross-Site Scripting (XSS)
      • Cross-Site Request Forgery
      • Insecure Direct Object Access
      • Incorrect Session Management
      • Insecure Configuration
      • Inadequate Use of TLS
    • Software Acquisition
9. Security Operations
  • Security Operations and Operations Security
    • Segregation of Roles, Job Rotation
    • Dealing with Privileged Accounts and Users
    • Information Lifecycle
  • Threats and Vulnerabilities
    • Malware
      • Viruses, Worms, Trojans, etc.
      • Rootkits
      • Remote-Access Trojans
      • Spyware and Adware
    • Logic Bombs
    • Social Engineering
    • Phishing, Spear-Phishing, Pharming and Botnets
    • Hoaxes and Pranks
  • Configuration and Change Management
  • Patch Management and Vulnerabilities
  • Security Metrics, Monitoring and Reporting
    • Network Monitoring and Logging
    • Systems Monitoring and Logging
  • Incident Response
    • First Response
      • Containment
      • Investigation
      • Recovery
    • Crime Investigation
      • Evidence Collection and Handling
      • Evidence Processing and Forensics
      • Presentation in Court
    • Business Continuity and Disaster Recovery
      • Plan Development
        • Recovery Strategies
      • Plan Documentation
      • Training
      • Testing
    • Physical Security
    • Personnel Safety
10. Summary and Wrap-up

Thinking about Onsite?

If you need training for 3 or more people, you should ask us about onsite training. Putting aside the obvious location benefit, content can be customised to better meet your business objectives and more can be covered than in a public classroom. It's a cost effective option.

Submit an enquiry from any page on this site, and let us know you are interested in the requirements box, or simply mention it when we contact you.

ITILv3, RESILIA, PRINCE2, PRINCE2 Agile, AgileSHIFT, MSP, M_o_R, P3M3, P3O, MoP, MoV courses on this page are offered by QA Affiliate of AXELOS Limited. ITIL, RESILIA, PRINCE2, PRINCE2 Agile, AgileSHIFT, MSP, M_o_R, P3M3, P3O,MoP, MoV are registered trademarks of AXELOS Limited. All rights reserved.

Upcoming Dates

  • GREEN This class is Guaranteed To Run.
  • SPVC - Self-Paced Virtual Class.
  • Click a Date to Enroll.
Course Location Days Cost Date
Tyne and Wear Newcastle5 3750 £3750 2019-12-09
Midlands Birmingham5 3750 £3750 2019-12-09
Midlands Birmingham5 3750 £3750 2019-12-09
Manchester Manchester5 3750 £3750 2019-12-09
Manchester Manchester5 3750 £3750 2019-12-09
London London5 3750 £3750 2019-12-09
London London5 3750 £3750 2019-12-09
London London5 3750 £3750 2019-12-09
London London5 3750 £3750 2019-12-09
Virtual Virtual5 3750 £3750 2019-12-16
Dublin Dublin5 3750 £3750 2019-12-16
Dublin Dublin5 3750 £3750 2019-12-16
Virtual Virtual5 3750 £3750 2019-12-16
Manchester Manchester5 3750 £3750 2019-12-16
Hampshire Eastleigh5 3750 £3750 2020-01-02
Kent Canterbury5 3750 £3750 2020-01-02
London London5 3750 £3750 2020-01-13
London London5 3750 £3750 2020-01-13
Hampshire Southampton5 3750 £3750 2020-01-13
Yorkshire Leeds5 3750 £3750 2020-01-20
London London5 3750 £3750 2020-01-20
London London5 3750 £3750 2020-01-27
London London5 3750 £3750 2020-01-27
Bristol Bristol5 3750 £3750 2020-01-27
Virtual Virtual5 3750 £3750 2020-02-03
Bristol Bristol5 3750 £3750 2020-02-03
London London5 3750 £3750 2020-02-10
London London5 3750 £3750 2020-02-10
Edinburgh Edinburgh5 3750 £3750 2020-02-10
London London5 3750 £3750 2020-02-17
London London5 3750 £3750 2020-02-17
London London5 3750 £3750 2020-02-17
London London5 3750 £3750 2020-02-24
London London5 3750 £3750 2020-02-24
Virtual Virtual5 3750 £3750 2020-03-02
Manchester Manchester5 3750 £3750 2020-03-02
London London5 3750 £3750 2020-03-09
London London5 3750 £3750 2020-03-09
Tyne and Wear Newcastle5 3750 £3750 2020-03-16
London London5 3750 £3750 2020-03-16
London London5 3750 £3750 2020-03-16
Midlands Birmingham5 3750 £3750 2020-03-23
London London5 3750 £3750 2020-03-23
Edinburgh Edinburgh5 3750 £3750 2020-03-30
London London5 3750 £3750 2020-03-30
Yorkshire Leeds5 3750 £3750 2020-03-30
London London5 3750 £3750 2020-03-30
London London5 3750 £3750 2020-03-30
London London5 3750 £3750 2020-04-20
Bristol Bristol5 3750 £3750 2020-04-20
Virtual Virtual5 3750 £3750 2020-04-20
Manchester Manchester5 3750 £3750 2020-04-27
London London5 3750 £3750 2020-04-27
London London5 3750 £3750 2020-04-27
London London5 3750 £3750 2020-05-11
Edinburgh Edinburgh5 3750 £3750 2020-05-11
London London5 3750 £3750 2020-05-11
Virtual Virtual5 3750 £3750 2020-05-18
Bristol Bristol5 3750 £3750 2020-05-18