» CISSP Course
This course provides a comprehensive overview of information security concepts and industry best practices. It covers the eight (8) CISSP domains as outlined in the (ISC)2 CBK and addresses the latest information-system security issues. The CISSP Course consists of two classes a week over the course of 8 weeks. Each session lasts for 2.5 hours.
The 8 domains covered in the course are:
- Security and Risk Management (Security, Risk, Compliance, Law, Regulations, and Business Continuity)
- Confidentiality, integrity, and availability concepts
- Security governance principles
- Compliance
- Legal and regulatory issues
- Professional ethics
- Security policies, standards, procedures and guidelines
- Personnel security policies
- Risk management concepts
- Threat modeling
- Risk considerations Security education, training, and awareness
- Business continuity requirements
- Asset Security (Protecting Security of Assets)
- Information and asset classification
- Ownership (e.g. data owners, system owners)
- Protect privacy Appropriate retention
- Data security controls
- Handling requirements (e.g. markings, labels, storage)
- Security Engineering (Engineering and Management of Security)
- Engineering processes using secure design principles
- Security models fundamental concepts
- Security evaluation models
- Security capabilities of information systems
- Security architectures, designs, and solution elements vulnerabilities
- Web-based systems vulnerabilities
- Mobile systems vulnerabilities
- Embedded devices and cyber-physical systems vulnerabilities
- Cryptography
- Site and facility design secure principles
- Physical security
- Communication and Network Security (Designing and Protecting Network Security)
- Secure network architecture design (e.g. IP & non-IP protocols, segmentation)
- Secure network components
- Secure communication channels
- Network attacks
- Identity and Access Management (Controlling Access and Managing Identity)
- Physical and logical assets control
- Identification and authentication of people and devices
- Identity as service (e.g. cloud identity)
- Third-party identity services (e.g. on-premise)
- Access control attacks
- Identity and access provisioning lifecycle (e.g. provisioning review)
- Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
- Assessment and test strategies
- Security process data (e.g. management and operational controls)
- Security control testing
- Test outputs (e.g. automated, manual)
- Security architectures vulnerabilities
- Security Operations (Foundational Concepts ,Investigations, Incident Management, and Disaster Recovery)
- Investigations support and requirements
- Logging and monitoring activities
- Provisioning of resources
- Foundational security operations concepts
- Resource protection techniques
- Incident management
- Preventative measures
- Patch and vulnerability management
- Change management processes
- Recovery strategies
- Disaster recovery processes and plans
- Business continuity planning and exercises
- Physical security
- Personnel safety concerns
- Software Development Security (Understanding, Applying, and Enforcing Software Security)
- Security in the software development lifecycle
- Development environment security controls
- Software security effectiveness
- Acquired software security impact