Certified Information Systems Security Professional (CISSP)
CISSP is a globally recognised Information Security standard. It reviews the entire information security landscape and the technologies involved, addressing the eight knowledge domains that comprise the common body of knowledge (CBK) for information systems security professionals.
Book your virtual training
- More info
- Date and time to suit you
- VenueWe will train your team
wherever they are based
- CostContact us for price
- Fill in the form and we'll be in touch
within a working day.
Book your place
The course uses a theory based approach via instructor led discussion of security processes with the opportunity to discuss the immediate application of concepts and techniques described in the CBK to the real world. It can be considered as providing a good introduction to security management, architecture and engineering.
Security professionals, anyone with a need for formal Information Security training.
- Protect assets using access control techniques
- Strengthen confidentiality and integrity controls using the world of cryptography
- Secure your network architecture and design (implement Cyber security)
- Achieve organisational objectives such as legal & compliance, Information assurance, security and data governance
- Enhance IT services secure delivery via Security operations, architecture and design principles
- Implement business resiliency via Business Continuity Plan
- You will gain a thorough understanding of the domains as prescribed by (ISC)2®
CISSP establishes a standard Information Security best practice, offering a broad understanding of the (ISC)² CBK. CISSP permits access to a global network of industry, subject matter and domain experts. CISSP will add credibility to your organisations approach to Information Security with the rigor and regimen of the certification examinations.
This course demonstrates a working knowledge of information security and will confirm your dedication to the security industry. The CISSP qualification acts as a differentiator within the marketplace and will enhance your credibility. In addition it will provide you with access to valuable resources, such as networking with security peers.
- Confidentiality, integrity, and availability concepts
- Security governance principles
- Legal and regulatory issues
- Professional ethics
- Security policies, standards, procedures and guidelines
- Information and asset classification
- Protect privacy
- Appropriate retention
- Data security controls
- Handling requirements
- Engineering processes using secure design principles
- Security models fundamental concepts
- Security evaluation models
- Security capabilities of information systems
- Security architectures, designs, and solution elements vulnerabilities
- Web-based systems vulnerabilities
- Mobile systems vulnerabilities
- Embedded devices and cyber-physical systems vulnerabilities
- Site and facility design secure principles
- Physical security
- Secure network architecture design (e.g. IP & non-IP protocols, segmentation)
- Secure network components
- Secure communication channels
- Network attacks
- Physical and logical assets control
- Identification and authentication of people and devices
- Identity as a service including cloud identity
- Third-party identity and on-premise services
- Access control attacks
- Identity and access provisioning life-cycle
- Assessment and test strategies
- Security process data
- Security control testing
- Test outputs
- Security architectures vulnerabilities
- Investigations support and requirements
- Logging and monitoring activities
- Provisioning of resources
- Foundational security operations concepts
- Resource protection techniques
- Incident management
- Preventative measures
- Patch and vulnerability management
- Change management processes
- Recovery strategies
- Disaster recovery processes and plans
- Business continuity planning and exercises
- Physical security
- Personnel safety concerns
- Security in the software development life-cycle
- Development environment security controls
- Software security effectiveness
- Acquired software security impact
Delegates should have experience in at least two of the domains as laid out in the CBK, for 5 years or more (4 years if they have achieved relevant industry or degree level certifications) to achieve full certification. Associate status can be achieved without the full 4/5 years’ experience; full certification will be assigned when the correct amount of experience is obtained.
We recommend delegates have some knowledge of all CBK domains and are encouraged to read one or two of the recommended books which can be found on the ISC2.org Reading List.
Delegates will receive the CISSP guide book as pre-reading. It is expected that delegates read the guide to gain familiarity of the key concepts within the 8 CISSP domains.
Our course is a ‘theory based’ guide through the 8 domains of CISSP. The course should be taken many months before you plan on booking your Certified Information Systems Security Professional exam, as a considerable amount of self-study is needed.
When ready delegates can acquire a Pearson VUE testing voucher by following the guide on the ISC2 website.