(ISC)2 Certified Information Systems Security Professional (CISSP) 2015


    The CISSP (Certified Information Systems Security Professional Certification) course covers topics such as Access Control Systems, Cryptography, and Security Management Practices, teaching students the eight domains of information system security knowledge.

    The new eight domains are:

    Security and Risk Management
    Asset Security
    Security Engineering
    Communications and Network Security
    Identity and Access Management
    Security Assessment and Testing
    Security Operations
    Software Development Security

    The CISSP Certification is administered by the International Information Systems Security Certification Consortium or (ISC)². (ISC)² promotes the CISSP exam as an aid to evaluating personnel performing information security functions.  Candidates for this exam are typically network security professionals and system administrators with at least four years of direct work experience in two or more of the ten test domains.  As the first ANSI ISO accredited credential in the field of information security, the Certified Information Systems Security Professional (CISSP) certification provides information security professionals with not only an objective measure of competence, but a globally recognized standard of achievement.

    Module 1 – The CISSP Exam

    Course Introduction
    CISSP Certification Goals
    Security Professional Certification Value
    Exam Common Body of Knowledge
    Becoming a CISSP

    Module 2 – Cryptography

    Cryptography Concepts
    History of Cryptography
    Cryptosystem Features
    Encryption Systems
    Substitution Ciphers
    Symmetric Algorithms
    Asymmetric Algorithms
    Message Integrity
    Digital Signatures
    Public Key Infrastructure
    Trusted Platform Module
    Encryption Communication Levels
    E-Mail Security
    Internet Security
    Cryptography Attacks

    Module 3 – Physical (Environmental) Security

    Threat Mitigation Techniques
    Geographical-Man Made and Political Threats
    Site and Facility Design
    Perimeter Security
    Building and Internal Security
    Secure Data Centers and Fire Detection Systems
    Types of Power Issues
    HVAC Guidelines
    Equipment Security and Personal Security

    Module 4 – Security Architecture and Design

    Security Model Concepts
    System Architecture
    Computing Platforms
    Virtual Computing and Security Services
    System Components
    Memory Concepts
    Enforcing Process Security and Multitasking
    System Security Architecture
    Security Models and Modes
    System Evaluation and Assurance Levels
    Certification and Accreditation
    Security Architecture Threats
    Database Security and Distributed Systems Security

    Module 5 – Access Control

    Access Control Concepts
    Identification and Authentication
    Password Types and Management
    Ownership-Character-Physiological-Behavioral Factors
    Biometric Considerations
    Authorization Concepts
    User Accountability
    Vulnerability Assessment
    Penetration Testing and Threat Modeling
    Access Control Categories-Types-Models and Administration
    Provisioning Life Cycle and Access Control Monitoring
    Access Control Threats

    Module 6 – Software Development Security

    System Development Life Cycle
    Software Testing and Validation
    Software Development Security Best Practices
    Software Development Methods
    Programming Languages
    Database Architecture and Models
    Database Interface Languages
    Data Warehouse-Mining and Threats
    Database and Application Access Control
    Monitoring for Problems
    Software Threats and Security

    Module 7 – Information Security Governance and Risk Management

    Principles and Terms
    Security Frameworks and Methodologies
    Risk Assessment
    Asset Values-Vulnerabilities and Threats
    Quantitative Risk Analysis
    Safeguard Selection
    Risk Management
    Security Governance Components
    Security Policies
    Classification Life Cycle
    Responsibilities and Roles
    Personnel Security
    Security Awareness Training

    Module 8 – Telecommunications and Network Security

    OSI and TCIP Models
    IP Addressing
    Transmission Methods
    Types of Cabling
    Network Topologies
    Network Protocols and Services
    Network Routing and Devices
    Network Connection Types
    Network Authentication
    Wireless Technologies
    WLAN Security Methods
    Network Threats and Cabling Behaviors

    Module 9 – Operation Security

    Operation Security Concepts
    Protecting Tangible and Intangible Assets
    Asset and Media Management
    Storage Options
    Network and Resource Management
    Incident Response and Change Management
    Patch Management-Audit and Review
    Threats and Preventative Measures
    Trusted Paths-Trusted Recovery and System Hardening
    Monitoring and Reporting

    Module 10 – Business Continuity and Disaster Recovery

    Business Continuity and Disaster Recovery Concepts
    BIA Development
    Business Continuity Planning
    Preventive Controls
    Recovery Strategies
    Data Backup Types
    Data Recovery Terms
    Critical Teams and Duties
    BCP Testing

    Module 11 – Legal, Regulations and Investigations and Compliance

    Digital Crime
    Computer Crime Concepts
    Major Legal Systems
    Intellectual Property Law
    Incident Response
    Forensic and Digital Investigations
    Security Professional Ethics

    Course Access Period: 12 months
    Course Delivery: online