Course Code: 853

CISSP Certified Information System Security Professional

Class Dates:
5 Days
Class Time:
Virtual Instructor-Led Training, Instructor-Led Training


  • Course Overview
  • This course provides the knowledge needed to implement security solutions within an enterprise policy framework, using a vendor-neutral format. This includes security and risk management programs, organizational policies and training, asset security, enterprise security architecture and engineering, network and communication security, identity and access management, security assessments and testing, operational security and secure software development. This course maps to the (ISC)² CISSP certification exam. Objective coverage is marked throughout the course.

    You will benefit most from this course if you are an experienced security professional who intends to take an (ISC)² CISSP exam.

    This course assumes that you have some applied knowledge of computers, networks, and cybersecurity principles in an enterprise environment.

  • Audience
  • This training course is intended for professionals who have at least 5 years of recent full-time professional work experience in 2 or more of the 8 domains of the CISSP CBK and are pursuing CISSP training and certification to acquire the credibility and mobility to advance within their current information security careers. The training seminar is ideal for those working in positions such as, but not limited to:

    Security Consultant
    Security Manager
    IT Director/Manager
    Security Auditor
    Security Architect
    Security Analyst
    Security Systems Engineer
    Chief Information Security Officer
    Director of Security
    Network Architect


  • Candidates must have a minimum of five (5) years of cumulative paid full-time professional security work experience in two or more of the 8 domains of the CISSP CBK.

    Candidates may receive a one year experience waiver with a four-year college degree, or regional equivalent OR additional credential from the approved list, thus requiring four (4) years of direct full-time professional security work experience in two or more of the ten domains of the CISSP CBK.

    Candidates who have not completed the 5 years of experience to take the CISSP, can take an Associate CISSP exam. This will give them a credential showing their knowledge until they are able to meet the experience requirements for the CISSP

Course Details

  • 1: Cybersecurity principles
  • Security concepts
  • Security governance
  • 2: Law and ethics
  • Legal principles
  • Cybersecurity regulations
  • 3: Risk management
  • Threats and vulnerabilities
  • Risk Assessment
  • Risk management
  • 4: Security policies
  • Security frameworks
  • Security policies
  • Controls and procedures
  • Training and coordination
  • 5: Information assets
  • Classification
  • Securing data
  • 6: Cryptographic techniques
  • Cryptographic principles
  • Ciphers and hashes
  • 7: Applied cryptography
  • Public key infrastructure
  • Cryptographic protocols
  • 8: Secure enterprise architecture
  • Security models
  • Trusted systems
  • Architecture integration
  • 9: Secure system design
  • System hardware vulnerabilities
  • Securing hosts
  • Physical security and safety
  • 10: Specialized system security
  • Architecture elements
  • Databases
  • Mobile device security
  • Virtual and cloud systems
  • 11: Network fundamentals
  • Network models
  • Physical networking
  • Network infrastructure devices
  • 12: Network technologies
  • Local wireless networks
  • WAN technologies
  • Network convergence
  • 13: Network protocols
  • IP addressing
  • Core protocols
  • Network ports and applications
  • 14: Network security architecture
  • Network vulnerabilities
  • Packet flow
  • Network security systems
  • Network access technologies
  • 15: Secure network configuration
  • Hardening networks
  • Securing communications
  • 16: Identity management
  • Access control vulnerabilities
  • Identity systems
  • 17: Access control technologies
  • Access control components
  • Authentication technologies
  • 18: Vulnerability management
  • Security testing programs
  • Vulnerability assessment
  • Vulnerability management programs
  • 19: Scanning and monitoring
  • Reconnaissance techniques
  • Network Monitoring
  • Data analysis
  • 20: Incident response
  • Incident response planning
  • Incident response procedures
  • Investigation support
  • 21: Security operations
  • Secure asset management
  • Resilience and business continuity
  • Fault tolerance and recovery
  • 22: Software threats
  • Software Vulnerabilities
  • Malware
  • 23: Secure development
  • Software development
  • Secure programs
  • Learning Objectives
  • Understand and apply the concepts of risk assessment, risk analysis, data classification, and security awareness and Implement risk management and the principles used to support it .
  • Apply a comprehensive and rigorous method for describing a current and/or future structure and behavior for an organization’s security processes, information security systems, personnel, and organizat
  • Understand the structures, transmission methods, transport formats, and security measures used to provide confidentiality, integrity, and availability for transmissions over private and public communi
  • Offer greater visibility into determining who or what may have altered data or system information, potentially affecting the integrity of those asset and match an entity, such as a person or a compute
  • Plan for technology development, including risk, and evaluate the system design against mission requirements, and identify where competitive prototyping and other evaluation techniques fit in the
  • process
  • Protect and control information processing assets in centralized and distributed environments and execute the daily tasks required to keep security services operating reliably and efficiently.
  • Understand the Software Development Life Cycle (SDLC) and how to apply security to it, and identify which security control(s) are appropriate for the development environment, and assess the effectiven
  • of software security.