Course Code: 853

CISSP Certified Information System Security Professional

Class Dates:
5 Days
Class Time:
Virtual Instructor-Led Training, Instructor-Led Training


  • Course Overview
  • This course provides the knowledge needed to implement security solutions within an enterprise policy framework, using a vendor-neutral format. This includes security and risk management programs, organizational policies and training, asset security, enterprise security architecture and engineering, network and communication security, identity and access management, security assessments and testing, operational security and secure software development. This course maps to the (ISC)² CISSP certification exam. Objective coverage is marked throughout the course.

    You will benefit most from this course if you are an experienced security professional who intends to take an (ISC)² CISSP exam.

    This course assumes that you have some applied knowledge of computers, networks, and cybersecurity principles in an enterprise environment.

  • Audience
  • This training course is intended for professionals who have at least 5 years of recent full-time professional work experience in 2 or more of the 8 domains of the CISSP CBK and are pursuing CISSP training and certification to acquire the credibility and mobility to advance within their current information security careers. The training seminar is ideal for those working in positions such as, but not limited to:

    Security Consultant
    Security Manager
    IT Director/Manager
    Security Auditor
    Security Architect
    Security Analyst
    Security Systems Engineer
    Chief Information Security Officer
    Chief Information Officer
    Director of Security
    Director of Security
    Network Architect


  • Candidates must have a minimum of five (5) years of cumulative paid full-time professional security work experience in two or more of the 8 domains of the CISSP CBK.

    Candidates may receive a one year experience waiver with a four-year college degree, or regional equivalent OR additional credential from the approved list, thus requiring four (4) years of direct full-time professional security work experience in two or more of the ten domains of the CISSP CBK.

    Candidates who have not completed the 5 years of experience to take the CISSP, can take an Associate CISSP exam. This will give them a credential showing their knowledge until they are able to meet the experience requirements for the CISSP

Course Details

  • Security and Risk Management
  • Understand, adhere to, and promote professional ethics
  • Understand and apply security concepts
  • Evaluate and apply security governance principles
  • Determine compliance and other requirements
  • Understand legal and regulatory issues that pertain to information security in a holistic context
  • Understand requirements for investigation types (i.e., administrative, criminal, civil, regulatory, industry standards)
  • Develop, document, and implement security policy, standards, procedures, and guidelines
  • Contribute to and enforce personnel security policies and procedures
  • Understand and apply risk management concepts
  • Establish and maintain a security awareness, education, and training program
  • Asset Security
  • Identify and classify information and assets
  • Establish information and asset handling rquirements
  • Provision resources securely
  • Manage data lifecycle
  • Ensure appropriate asset retention
  • Determine datasecurity controls and compliance requirements
  • Security Architecture and Engineering
  • Research, implement and manage engineering processes using secure design principles
  • Understand the fundamental concepts of security models (e.g., Biba, Star Model, Bell-LaPadula)
  • Select controls base upon system security requirements
  • Understand security capabilities of Information Systems
  • Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements
  • Select and determine cryptographic solutions
  • Understand methods of cryptanalytic attacks
  • Apply security principles to site and facility design
  • Design site and facility security controls
  • Communication and Network Security
  • Assess and implement secure design principles in network architectures
  • Secure network components
  • Implement secure communication channels according to design
  • Identity and Access Management (IAM)
  • Control physical and logical access to assets
  • Manage identification and authentication of people, devices, and services
  • Federated identity with a third-party service
  • Manage the identity and access provisioning lifecycle
  • Security Assessment and Testing
  • Design and validate assessment, test, and audit strategies
  • Conduct security control testing
  • Collect security process data (e.g., technical and administrative)
  • Analyze test output and generate report
  • Conduct or facilitate security audits
  • Security Operations
  • Understand and comply with investigations
  • Conduct logging and monitoring activities
  • Perform Configuration Management (CM) (e.g., provisioning, baselining, automation)
  • Apply foundational security operations concepts
  • Apply resource protection
  • Conduct incident management
  • Operate and maintain detective and preventative measures
  • Implement and support patch and vulnerability management
  • Understand and participate in change management processes
  • Implement recovery strategies, Implement Disaster Recovery (DR) processes
  • Test Disaster Recovery Plans (DRP), Participate in Business Continuity (BC) planning and exercises
  • Implement and manage physical security, Address personnel safety and security concerns
  • Software Development Security
  • Understand and integrate security in the Software Development Life Cycle (SDLC)
  • Identify and apply security controls in software development ecosystems
  • Assess the effectiveness of software security
  • Assess security impact of acquired softwareAssess security impact of acquired software
  • Define and apply secure coding guidelines and standards
  • 9: Secure system design
  • System hardware vulnerabilities
  • Securing hosts
  • Physical security and safety
  • 10: Specialized system security
  • Architecture elements
  • Databases
  • Mobile device security
  • Virtual and cloud systems
  • 11: Network fundamentals
  • Network models
  • Physical networking
  • Network infrastructure devices
  • 12: Network technologies
  • Local wireless networks
  • WAN technologies
  • Network convergence
  • 13: Network protocols
  • IP addressing
  • Core protocols
  • Network ports and applications
  • 14: Network security architecture
  • Network vulnerabilities
  • Packet flow
  • Network security systems
  • Network access technologies
  • 15: Secure network configuration
  • Hardening networks
  • Securing communications
  • 16: Identity management
  • Access control vulnerabilities
  • Identity systems
  • 17: Access control technologies
  • Access control components
  • Authentication technologies
  • 18: Vulnerability management
  • Security testing programs
  • Vulnerability assessment
  • Vulnerability management programs
  • 19: Scanning and monitoring
  • Reconnaissance techniques
  • Network Monitoring
  • Data analysis
  • 20: Incident response
  • Incident response planning
  • Incident response procedures
  • Investigation support
  • 21: Security operations
  • Secure asset management
  • Resilience and business continuity
  • Fault tolerance and recovery
  • 22: Software threats
  • Software Vulnerabilities
  • Malware
  • 23: Secure development
  • Software development
  • Secure programs
  • Learning Objectives
  • Understand and apply the concepts of risk assessment, risk analysis, data classification, and security awareness and Implement risk management and the principles used to support it .
  • Apply a comprehensive and rigorous method for describing a current and/or future structure and behavior for an organization’s security processes, information security systems, personnel, and organizat
  • Understand the structures, transmission methods, transport formats, and security measures used to provide confidentiality, integrity, and availability for transmissions over private and public communi
  • Offer greater visibility into determining who or what may have altered data or system information, potentially affecting the integrity of those asset and match an entity, such as a person or a compute
  • Plan for technology development, including risk, and evaluate the system design against mission requirements, and identify where competitive prototyping and other evaluation techniques fit in the
  • process
  • Protect and control information processing assets in centralized and distributed environments and execute the daily tasks required to keep security services operating reliably and efficiently.
  • Understand the Software Development Life Cycle (SDLC) and how to apply security to it, and identify which security control(s) are appropriate for the development environment, and assess the effectiven
  • of software security.