Course Outline
Domain 01 - Security and Risk Management
- Introduction
- Introduction to Security and Risk Management Understand, Adhere to, and Promote Professional Ethics
- Knowledge Check
- Understand and Apply Security Concepts
- Evaluate and Apply Security Governance Principles Goals, Mission, and Objectives
- Control Frameworks, Due Care, and Due Diligence
- Knowledge Check
- Determine Compliance and Other Requirements
- Understand Legal and Regulatory Issues that Pertain to Information Security in a Holistic Context
- Types of Intellectual Properties (IP) Law
- OECD Principles, GDPR, and Data Protection principles Data Protection Principles
- Understand Requirements for Investigation Types
- Knowledge Check
- Develop, Document, and Implement Security Policy, Standards,Procedures, and Guidelines
- Knowledge Check
- Need for Business Continuity Planning (BCP) Business Continuity Planning Phases Business Impact Analysis
- Identify Preventive Controls
- Knowledge Check
- Contribute to and Enforce Personnel Security Policies and Procedures
- Introduction to Risk Management Concepts
- Risk Analysis
- Risk Analysis and Assessment Countermeasure Selection
- Risk Handling and Security Control Assessment Security Control Assessment (SCA)
- Risk Monitoring and Continuous Improvement
- Knowledge Check
- Understand and Apply Threat Modeling Concepts and Methodologies Threat Modeling Steps
- DREAD Rating Knowledge Check
- Apply Supply Chain Risk Management (SCRM) Concepts Third-Party Management and Risks
- Third-Party Risk Management Life Cycle
- Knowledge Check
- Establish and Maintain a Security Awareness, Education, and Training Program
- Program Effectiveness: Evaluation
- Knowledge Check
- Quick Recap
- Knowledge Check
Domain 02 - Asset Security
- Introduction
- Introduction to Asset Security
- Identify and Classify Information and Assets Information Classification Objectives
- Knowledge Check
- Establish Information and Asset Handling Requirements Provision Resources Securely
- Manage Data Life Cycle
- Data Life Cycle: Create, Store, and Use
- Data Life Cycle: Share, Archive, and Destroy Data Remanence and Data Destruction
- Knowledge Check
- Ensure Appropriate Asset Retention Data and Data Security Controls How to Select Controls
- Digital Rights Management (DRM) Data Loss Prevention (DLP)
- Quick Recap
- Knowledge Check
Domain 03 - Security Architecture and Engineering
- Introduction
- Introduction to Security Engineering
- Research, Implement, and Manage Engineering Processes Using Trust but Verify and Zero Trust
- Privacy by Design
- Knowledge Check
- Understand the Fundamental Concepts of Security Models
- State Machine Model, Multilevel Lattice Model, Non-Interference Model, and Information Flow Model
- Types of Security Models
- Composition Theories, Covert Channels, and Open and Closed Systems
- Knowledge Check
- Select Controls Based on System Security Requirements Security Capabilities of Information Systems
- Knowledge Check
- Assess and Mitigate the Vulnerabilities of Security Architectures SCADA
- Security Concerns of ICS Cloud Computing Categorization of Cloud
- Internet of Things
- Fog and Edge Computing
- Knowledge Check
- Select and Determine Cryptographic Solutions Cryptosystem Elements
- Encryption Methods
- Data Encryption Standards
- Output Feedback, Counter, and Triple DES Advanced Encryption Standards Asymmetric Cryptography
- Public Key Infrastructure
- PKI Certificate and Processes PKI Process: Steps
- Hashing, MAC, and Digital Signatures Key Management Principles
- Knowledge Check
- Methods of Cryptanalytic Attacks
- Knowledge Check
- Apply Security Principles to Site and Facility Design Design Site and Facility Security Controls
- Personnel Access Controls Environmental Security Controls Classes of Fires
- Other Security Controls
- HVAC, Power Supply, and Training
- Knowledge Check
- Quick Recap
- Knowledge Check
Domain 04 - Communications and Network Security
- Introduction
- Introduction to Communications and Network Security Assess and Implement Secure Design Principles Physical Layer and Data Link Layer
- Network Layer Transport Layer
- Session Layer and Presentation Layer Application Layer and Protocols
- Knowledge Check
- IP Addressing
- IPv6 and Its Address Structures
- Knowledge Check
- Internet Security Protocol(IPsec) IPsec Security Protocols
- Secure Access Protocols
- Implementation of Multilayer Protocol, Fiber Channels, and Micro-Segmentation SDN and Wireless Technologies
- Cellular Network and CDN
- Knowledge Check
- Understand Network Access Control (NAC) and Endpoint Security
- Knowledge Check
- Implement Secure Communication Channels
- Application-Level Gateway, Circuit-Level Gateway, and Network Security Terms Remote Access Technologies
- VPN Protocols
- VPN Protocols: Comparison
- Multimedia Collaboration, Network Function Virtualization, and Network Attacks
- Quick Recap
- Knowledge Check
Domain 05 - Identity and Access Management (IAM)
- Introduction
- Introduction to Identity and Access Management (IAM) Control Physical and Logical Access to Assets
- Manage Identification and Authentication of People, Devices, and Services
- Biometrics and Accuracy Measurement Passwords and Its Types
- Tokens, Token Devices, and Authorization
- Federated Identity Management (FIM) and Credential Management System
- Single Sign-On (SSO) and Just-In-Time (JIT)
- Knowledge Check
- Federated Identity with a Third-Party Service Implement and Manage Authorization Mechanisms
- Attribute-Based Access Control (ABAC) and Risk-Based Access Control
- Knowledge Check
- Manage the Identity and Access Provisioning Life Cycle Privilege Escalation
- Implement Authentication Systems
- Kerberos and Its Steps, RADIUS, TACACS, and TACACS Plus
- Quick Recap
- Knowledge Check
Domain 06 - Security Assessment and Testing
- Introduction
- Introduction to Security Assessment and Testing
- Design and Validate Assessment, Test, and Audit Strategies SOC Reports and Security Assessments
- Internal Audit and Assessment External Audit and Assessment Third-Party Audit and Assessment Vulnerability Assessment
- Network Discovery Scan
- Network Vulnerability Scan and Web Vulnerability Scan Penetration Testing
- Penetration Testing Process and Testing Types Log Management and Review
- Security Testing in SDLC Code Review and Testing Testing Methods
- Interface Testing
- Knowledge Check
- Collect Security Process Data KPI Process
- Knowledge Check
- Analyze Test Output and Generate Report
- Quick Recap
- Knowledge Check
Domain 07 - Security Operations
- Introduction
- Introduction to Security Operations Understand and Comply with Investigations Digital Forensics
- Understand the Digital Evidences
- Knowledge Check
- Conduct Logging and Monitoring Activities
- Knowledge Check
- Continuous Monitoring
- Digital Forensics Tools, Tactics, Procedures, Artifacts, and UEBA
- Knowledge Check
- Perform Configuration Management
- Apply Foundational Security Operation Concepts
- Identity and Access Management with Various Types of Accounts Apply Resource Protection
- Controls for Protecting Assets Conduct Incident Management
- Understand Incident Response Life Cycle
- Knowledge Check
- Operate and Maintain Detective and Preventive Measures
- Understand Anti-Malware Systems, AI, Machine Learning, and Deep Learning Implement and Support Patch and Vulnerability Management
- Understand and Participate in Change Management Processes Implement Recovery Strategies
- Types of Recoveries Operational Recovery Recovery Pattern Strategies
- Redundancy and Fault Tolerance Knowledge Check
- Implement Disaster Recovery (DR) Processes Knowledge Check
- Test Disaster Recovery Plans (DRP)
- Knowledge Check
- Participate in Business Continuity (BC) Planning and Exercises Implement and Manage Physical Security
- Importance of Lighting in Security Management Access Control
- Knowledge Check
- Address Personnel Safety and Security Concerns
- Quick Recap
- Knowledge Check
Domain 08 - Software Development Security
- Introduction
- Introduction to Software Development Security
- Integrate Security in the Software Development Life Cycle
- Software Development Models
- Extreme Programming Model
- DevOps and DevSecOps
- CMM and SAMM
- Change Management and Integrated Product Team (IPT)
- Knowledge Check
- Security Controls in Software Development Ecosystems
- Other Security Controls in Software Development Ecosystems
- Software Configuration Management (SCM)
- Database and Data Warehousing Environments
- Knowledge Check
- Assess the Effectiveness of Software Security
- Software Security and Assurance: Granularity of Controls and Separation of Environments
- Software Security and Assurance: TOC or TOU, Prevention of Social Engineering, Backup, Software Forensics, Cryptography
- Software Security and Assurance: Password Protection, Mobile Mode Controls, and Sandbox Software Security and Assurance Strong Language Support, XML, and SAML
- Assessing the Effectiveness of Software Security Free and Open Source Software
- Knowledge Check
- Define and Apply Secure Coding Guidelines and Standards
- Web Application Environment
- Knowledge Check
- Quick Recap
- Knowledge Check
Requirements
To obtain a CISSP certification, you must have five years or more of full-time professional experience in two or more of the eight domains of the CISSP – (ISC)² CBK 2018. Students enrolled in CISSP training with less than five years of experience will receive an (ISC)² associate title.
Testimonials (5)
The trainer was very knowledgable and took time to give a very good insight into cyber security issues. A lot of these examples could be used or modified for our learners and create some very engaging lesson activities.
Jenna - Merthyr College
Course - Fundamentals of Corporate Cyber Warfare
All is satisfy
Motaz Abdallat - شركة الشرق الأدنى للتواصل الإجتماعي
Course - Open Source Intelligence (OSINT) Advanced
Questions, that helps me a lot to understand the characteristics of CRISC examination.
Masakazu Yoshijima - Bank of Yokohama, Ltd.
Course - CRISC - Certified in Risk and Information Systems Control
Piotr was incredibly knowledgeable and very patient. He was great at explaining things and I'd strongly recommend this course to others
Victoria Harper
Course - Open Source Cyber Intelligence - Introduction
Instructor delivery of information; At the end of the day it was Gaurav who pulled off this topic focusing on building strong fundamentals and devising a methodology to be retained with us