Certified Information System Security Professional (CISSP 2015)

Course Overview

The Certified Information System Security Professional (CISSP 2015) is designed to expand upon the student’s existing knowledge, and is intended for experienced IT professionals. THe course covers the essential elements of the eight domains that comprise a Common Body of Knowledge (CBK)® for information systems security professionals.

Course Outline

Security & Risk Management

Security Governance Principles
Compliance
Professional Ethics
Security Documentation
Risk Management
Threat Modeling
Business Continuity Plan Fundamentals
Acquisition Strategy and Practice
Personnel Security Policies
Security Awareness and Training

Asset Security

Asset Security
Privacy Protection
Asset Retention
Data Security Controls
Secure Data Handling

Security Engineering

Security in the Engineering Lifecycle
System Component Security
Security Models
Controls and Countermeasures in Enterprise Security
Information System Security Capabilities
Design and Architecture Vulnerability Mitigation
Vulnerability Mitigation in Embedded, Mobile, and Web-Based Systems
Cryptography Concepts
Cryptography Techniques
Site and Facility Design for Physical Security
Physical Security Implementation in Sites and Facilities

Communications and Network Security

Network Protocol Security
Network Components Security
Communication Channel Security
Network Attack Mitigation

Identity and Access Management

Physical and Logical Access Control
Identification, Authentication, and Authorization
Identity as a Service
Authorization Mechanisms
Access Control Attack Mitigation

Security Assessment and Testing

System Security Control Test
Software Security Control Testing
Security Process Data Collection
Audits

Security Operations

Security Operations Concepts
Physical Security
Personnel Security
Logging and Monitoring
Preventative Measures
Resource Provisioning and Protection
Patch and Vulnerability Management
Change Management
Incident Response
Investigations
Disaster Recovery Planning
Disaster Recovery Strategies
Disaster Recovery Implementation

Software Development Security

Security Principles in the System Lifecycle
Security Principles in the Software Development Lifecycle
Database Security in Software Development
Security Controls in the Development Environment
Software Security Effectiveness Assessment

Who Benefits

Typical students of this course include:

IT security-related practitioners, auditors, consultants, investigators, or instructors
Network or security analysts and engineers
Network administrators
Information security specialists
Risk management professionals
Those looking to sit the CISSP certification exam

Prerequisites

Direct security work experience is recommended, but not required.