Course Outline

Domain 01 - Security and Risk Management

  • Introduction
  • Introduction to Security and Risk Management Understand, Adhere to, and Promote Professional Ethics
  • Knowledge Check
  • Understand and Apply Security Concepts
  • Evaluate and Apply Security Governance Principles Goals, Mission, and Objectives
  • Control Frameworks, Due Care, and Due Diligence
  • Knowledge Check
  • Determine Compliance and Other Requirements
  • Understand Legal and Regulatory Issues that Pertain to Information Security in a Holistic Context
  • Types of Intellectual Properties (IP) Law
  • OECD Principles, GDPR, and Data Protection principles Data Protection Principles
  • Understand Requirements for Investigation Types
  • Knowledge Check
  • Develop, Document, and Implement Security Policy, Standards,Procedures, and Guidelines
  • Knowledge Check
  • Need for Business Continuity Planning (BCP) Business Continuity Planning Phases Business Impact Analysis
  • Identify Preventive Controls
  • Knowledge Check
  • Contribute to and Enforce Personnel Security Policies and Procedures
  • Introduction to Risk Management Concepts
  • Risk Analysis
  • Risk Analysis and Assessment Countermeasure Selection
  • Risk Handling and Security Control Assessment Security Control Assessment (SCA)
  • Risk Monitoring and Continuous Improvement
  • Knowledge Check
  • Understand and Apply Threat Modeling Concepts and Methodologies Threat Modeling Steps
  • DREAD Rating Knowledge Check
  • Apply Supply Chain Risk Management (SCRM) Concepts Third-Party Management and Risks
  • Third-Party Risk Management Life Cycle
  • Knowledge Check
  • Establish and Maintain a Security Awareness, Education, and Training Program
  • Program Effectiveness: Evaluation
  • Knowledge Check
  • Quick Recap
  • Knowledge Check

Domain 02 - Asset Security

  • Introduction
  • Introduction to Asset Security
  • Identify and Classify Information and Assets Information Classification Objectives
  • Knowledge Check
  • Establish Information and Asset Handling Requirements Provision Resources Securely
  • Manage Data Life Cycle
  • Data Life Cycle: Create, Store, and Use
  • Data Life Cycle: Share, Archive, and Destroy Data Remanence and Data Destruction
  • Knowledge Check
  • Ensure Appropriate Asset Retention Data and Data Security Controls How to Select Controls
  • Digital Rights Management (DRM) Data Loss Prevention (DLP)
  • Quick Recap
  • Knowledge Check

Domain 03 - Security Architecture and Engineering

  • Introduction
  • Introduction to Security Engineering
  • Research, Implement, and Manage Engineering Processes Using Trust but Verify and Zero Trust
  • Privacy by Design
  • Knowledge Check
  • Understand the Fundamental Concepts of Security Models
  • State Machine Model, Multilevel Lattice Model, Non-Interference Model, and Information Flow Model
  • Types of Security Models
  • Composition Theories, Covert Channels, and Open and Closed Systems
  • Knowledge Check
  • Select Controls Based on System Security Requirements Security Capabilities of Information Systems
  • Knowledge Check
  • Assess and Mitigate the Vulnerabilities of Security Architectures SCADA
  • Security Concerns of ICS Cloud Computing Categorization of Cloud
  • Internet of Things
  • Fog and Edge Computing
  • Knowledge Check
  • Select and Determine Cryptographic Solutions Cryptosystem Elements
  • Encryption Methods
  • Data Encryption Standards
  • Output Feedback, Counter, and Triple DES Advanced Encryption Standards Asymmetric Cryptography
  • Public Key Infrastructure
  • PKI Certificate and Processes PKI Process: Steps
  • Hashing, MAC, and Digital Signatures Key Management Principles
  • Knowledge Check
  • Methods of Cryptanalytic Attacks
  • Knowledge Check
  • Apply Security Principles to Site and Facility Design Design Site and Facility Security Controls
  • Personnel Access Controls Environmental Security Controls Classes of Fires
  • Other Security Controls
  • HVAC, Power Supply, and Training
  • Knowledge Check
  • Quick Recap
  • Knowledge Check

Domain 04 - Communications and Network Security

  • Introduction
  • Introduction to Communications and Network Security Assess and Implement Secure Design Principles Physical Layer and Data Link Layer
  • Network Layer Transport Layer
  • Session Layer and Presentation Layer Application Layer and Protocols
  • Knowledge Check
  • IP Addressing
  • IPv6 and Its Address Structures
  • Knowledge Check
  • Internet Security Protocol(IPsec) IPsec Security Protocols
  • Secure Access Protocols
  • Implementation of Multilayer Protocol, Fiber Channels, and Micro-Segmentation SDN and Wireless Technologies
  • Cellular Network and CDN
  • Knowledge Check
  • Understand Network Access Control (NAC) and Endpoint Security
  • Knowledge Check
  • Implement Secure Communication Channels
  • Application-Level Gateway, Circuit-Level Gateway, and Network Security Terms Remote Access Technologies
  • VPN Protocols
  • VPN Protocols: Comparison
  • Multimedia Collaboration, Network Function Virtualization, and Network Attacks
  • Quick Recap
  • Knowledge Check

Domain 05 - Identity and Access Management (IAM)

  • Introduction
  • Introduction to Identity and Access Management (IAM) Control Physical and Logical Access to Assets
  • Manage Identification and Authentication of People, Devices, and Services
  • Biometrics and Accuracy Measurement Passwords and Its Types
  • Tokens, Token Devices, and Authorization
  • Federated Identity Management (FIM) and Credential Management System
  • Single Sign-On (SSO) and Just-In-Time (JIT)
  • Knowledge Check
  • Federated Identity with a Third-Party Service Implement and Manage Authorization Mechanisms
  • Attribute-Based Access Control (ABAC) and Risk-Based Access Control
  • Knowledge Check
  • Manage the Identity and Access Provisioning Life Cycle Privilege Escalation
  • Implement Authentication Systems
  • Kerberos and Its Steps, RADIUS, TACACS, and TACACS Plus
  • Quick Recap
  • Knowledge Check

Domain 06 - Security Assessment and Testing

  • Introduction
  • Introduction to Security Assessment and Testing
  • Design and Validate Assessment, Test, and Audit Strategies SOC Reports and Security Assessments
  • Internal Audit and Assessment External Audit and Assessment Third-Party Audit and Assessment Vulnerability Assessment
  • Network Discovery Scan
  • Network Vulnerability Scan and Web Vulnerability Scan Penetration Testing
  • Penetration Testing Process and Testing Types Log Management and Review
  • Security Testing in SDLC Code Review and Testing Testing Methods
  • Interface Testing
  • Knowledge Check
  • Collect Security Process Data KPI Process
  • Knowledge Check
  • Analyze Test Output and Generate Report
  • Quick Recap
  • Knowledge Check

Domain 07 - Security Operations

  • Introduction
  • Introduction to Security Operations Understand and Comply with Investigations Digital Forensics
  • Understand the Digital Evidences
  • Knowledge Check
  • Conduct Logging and Monitoring Activities
  • Knowledge Check
  • Continuous Monitoring
  • Digital Forensics Tools, Tactics, Procedures, Artifacts, and UEBA
  • Knowledge Check
  • Perform Configuration Management
  • Apply Foundational Security Operation Concepts
  • Identity and Access Management with Various Types of Accounts Apply Resource Protection
  • Controls for Protecting Assets Conduct Incident Management
  • Understand Incident Response Life Cycle
  • Knowledge Check
  • Operate and Maintain Detective and Preventive Measures
  • Understand Anti-Malware Systems, AI, Machine Learning, and Deep Learning Implement and Support Patch and Vulnerability Management
  • Understand and Participate in Change Management Processes Implement Recovery Strategies
  • Types of Recoveries Operational Recovery Recovery Pattern Strategies
  • Redundancy and Fault Tolerance Knowledge Check
  • Implement Disaster Recovery (DR) Processes Knowledge Check
  • Test Disaster Recovery Plans (DRP)
  • Knowledge Check
  • Participate in Business Continuity (BC) Planning and Exercises Implement and Manage Physical Security
  • Importance of Lighting in Security Management Access Control
  • Knowledge Check
  • Address Personnel Safety and Security Concerns
  • Quick Recap
  • Knowledge Check

Domain 08 - Software Development Security

  • Introduction
  • Introduction to Software Development Security
  • Integrate Security in the Software Development Life Cycle
  • Software Development Models
  • Extreme Programming Model
  • DevOps and DevSecOps
  • CMM and SAMM
  • Change Management and Integrated Product Team (IPT)
  • Knowledge Check
  • Security Controls in Software Development Ecosystems
  • Other Security Controls in Software Development Ecosystems
  • Software Configuration Management (SCM)
  • Database and Data Warehousing Environments
  • Knowledge Check
  • Assess the Effectiveness of Software Security
  • Software Security and Assurance: Granularity of Controls and Separation of Environments
  • Software Security and Assurance: TOC or TOU, Prevention of Social Engineering, Backup, Software Forensics, Cryptography
  • Software Security and Assurance: Password Protection, Mobile Mode Controls, and Sandbox Software Security and Assurance Strong Language Support, XML, and SAML
  • Assessing the Effectiveness of Software Security Free and Open Source Software
  • Knowledge Check
  • Define and Apply Secure Coding Guidelines and Standards
  • Web Application Environment
  • Knowledge Check
  • Quick Recap
  • Knowledge Check

 

Requirements

To obtain a CISSP certification, you must have five years or more of full-time professional experience in two or more of the eight domains of the CISSP – (ISC)² CBK 2018. Students enrolled in CISSP training with less than five years of experience will receive an (ISC)² associate title.

 35 Hours

Testimonials (5)

Upcoming Courses