Certified Information Specialist Security Professional (CISSP) – Outline

Detailed Course Outline

Module 1. Security and Risk Management

Aligning security and risk to organisational objectives

  • Evaluate and apply security governance principles
  • Implement policies, standards and procedures
  • Applying compliance

Applying risk management concepts

  • Assessing threats and vulnerabilities
  • Performing risk analysis and control
  • Defining qualitative and quantitative analysis

Preserving the business

  • Adhering to Business Continuity Management Code of Practise and Specifications
  • Performing a business impact analysis

Investigating legal measures and techniques

  • Reviewing intellectual property, liability and law, and compliance
  • Differentiating traditional computer crime
  • Establish information and asset handling requirements

Module 2. Asset Security

Examining security models and frameworks

  • The Information Security Triad and multi-level models
  • Investigating industry standards: ISO 27001/27002
  • Evaluating security model fundamental concepts

Exploring system and component security concepts

  • Certification and accreditation criteria and models
  • Reviewing mobile system/cloud/IoT vulnerabilities

Protecting information by applying cryptography

  • Detailing symmetric and asymmetric encryption systems
  • Ensuring message integrity through hashing
  • Uncovering threats to cryptographic systems

Safeguarding physical resources

  • Designing environments to resist hostile acts and threats
  • Designing environments to resist hostile acts and threats

Module 3. Communication & Network Security

Defining a secure network architecture

  • TCP/IP and other protocol models
  • Protecting from network attacks
  • Reviewing secure network components and communication channels

Examining secure networks and components

  • Identifying wired and wireless technologies
  • Implementing firewalls, secure communications, proxies, and tunnels

Module 4. Identity & Access Management

Controlling access to protect assets

  • Defining administrative, technical and physical controls
  • Implementing centralised and decentralised approaches
  • Investigating biometric and multi-factor authentication
  • Identifying common threats
  • Manage the identity and access provisioning lifecyle

Module 6. Security Assessment & Testing

Designing and conducting security assessment strategies

  • Leveraging the role of testing and auditing to analyse the effectiveness of security controls
  • Differentiating detection and protection systems

Conducting logging and monitoring activities

  • Distinguishing between the roles of internal and external audits
  • Conduct or facilitate security audits

Module 7. Security Operations

Maintaining operational resilience

  • Managing security services effectively
  • Leveraging and supporting investigations and incident response
  • Differentiating detection and protection systems
  • Securely provisioning resources

Developing a recovery strategy

  • Designing a disaster recovery plan
  • Implementing test and maintenance processes
  • Provisioning of resources

Module 8. Software Security Development

Securing the software development life cycle

  • Applying software development methods and security controls
  • Addressing database security concepts and issues
  • Define and apply secure coding guidelines and standards
  • Reviewing software security effectiveness and security impact