> > > CISSP Detailed outline

Certified Information Specialist Security Professional (CISSP)

Course Description Schedule Course Outline

Detailed Course Outline

Module 1. Security and Risk Management

Aligning security and risk to organisational objectives

  • Evaluate and apply security governance principles
  • Implement policies, standards and procedures
  • Applying compliance

Applying risk management concepts

  • Assessing threats and vulnerabilities
  • Performing risk analysis and control
  • Defining qualitative and quantitative analysis

Preserving the business

  • Adhering to Business Continuity Management Code of Practise and Specifications
  • Performing a business impact analysis

Investigating legal measures and techniques

  • Reviewing intellectual property, liability and law, and compliance
  • Differentiating traditional computer crime
  • Establish information and asset handling requirements

Module 2. Asset Security

Examining security models and frameworks

  • The Information Security Triad and multi-level models
  • Investigating industry standards: ISO 27001/27002
  • Evaluating security model fundamental concepts

Exploring system and component security concepts

  • Certification and accreditation criteria and models
  • Reviewing mobile system/cloud/IoT vulnerabilities

Protecting information by applying cryptography

  • Detailing symmetric and asymmetric encryption systems
  • Ensuring message integrity through hashing
  • Uncovering threats to cryptographic systems

Safeguarding physical resources

  • Designing environments to resist hostile acts and threats
  • Designing environments to resist hostile acts and threats

Module 3. Communication & Network Security

Defining a secure network architecture

  • TCP/IP and other protocol models
  • Protecting from network attacks
  • Reviewing secure network components and communication channels

Examining secure networks and components

  • Identifying wired and wireless technologies
  • Implementing firewalls, secure communications, proxies, and tunnels

Module 4. Identity & Access Management

Controlling access to protect assets

  • Defining administrative, technical and physical controls
  • Implementing centralised and decentralised approaches
  • Investigating biometric and multi-factor authentication
  • Identifying common threats
  • Manage the identity and access provisioning lifecyle

Module 6. Security Assessment & Testing

Designing and conducting security assessment strategies

  • Leveraging the role of testing and auditing to analyse the effectiveness of security controls
  • Differentiating detection and protection systems

Conducting logging and monitoring activities

  • Distinguishing between the roles of internal and external audits
  • Conduct or facilitate security audits

Module 7. Security Operations

Maintaining operational resilience

  • Managing security services effectively
  • Leveraging and supporting investigations and incident response
  • Differentiating detection and protection systems
  • Securely provisioning resources

Developing a recovery strategy

  • Designing a disaster recovery plan
  • Implementing test and maintenance processes
  • Provisioning of resources

Module 8. Software Security Development

Securing the software development life cycle

  • Applying software development methods and security controls
  • Addressing database security concepts and issues
  • Define and apply secure coding guidelines and standards
  • Reviewing software security effectiveness and security impact
 

Accessing our website tells us you are happy to receive all our cookies. However you can change your cookie settings at any time. Find out more.   Got it!