Course description:

The Certified Information Systems Security Professional (CISSP) course is a perfect companion to preparing for the CISSP Exam. It focuses specifically on the objectives for the CISSP exam introduces by (ISC)2 in May 2021. The course will review asset retention, secure provisioning, crypto attacks, machine learning tools, threat hunting, risk-based access control, zero trust, SAML, SOAR, CASB, securing microservices, containers, managed services, and many other topics, while helping you identify areas of weakness and improving your conceptual knowledge and hands-on skills.

The goal of this course is to provide you with all the tools you need to prepare for the CISSP Exam — including preparation hints, test-taking tips, time-saving strategies, self-assessment questions, and practice exams — to increase your chances of passing the exam on your first try.

Duration: 5 days of training

Audience:

IT security professionals and security leaders who are interested in seeking certification or who need to maintain their certification.

Prerequisites:

• 1-2 years professional experience with IT security
• Experience working with IT security
• Fluency in security procedures such as business continuity planning, disaster planning, and risk assessment

Course objectives

Upon successful completion of this course, students should be able to:

• Understand security and risk management
• Classify information and assets
• Review security architecture and engineering for vulnerabilities and design flaws
• Improve communication and network security architectures, components, and channels
• Strengthen identity and access management (IAM) controls, services, and provisioning
• Enhance security assessment and testing designs to collect and process data to support audits
• Manage security operations

Required course materials: Pearson CertPREP CISSP Exam Cram Courseware

Training outline

Lesson 1: The CISSP Certification Exam

• Assessing exam requirements
• Determining whether you’re ready for the exam
• Using practice questions
• Using your time wisely

Lesson 2: Understanding Asset Security

• Proper methods for data destruction
• Development of documents that can aid in compliance with local, state, and federal laws
• The implementation of encryption and its use for the protection of data
• How to use data security control

Lesson 3: Security and Risk Management

• Calculations used for risk management
• Approved approaches to good security management
• How to perform qualitative risk analysis
• How to perform quantitative risk analysis
• How to perform hybrid risk analysis
• Good resource protection
• The roles of security policies, procedures, guidelines and baselines
• Proper data classification
• Proper implementation of security roles
• How to perform risk calculation

Lesson 4: Security Architecture and Engineering

• How to select controls based on system security requirements
• Use of confidentiality models such as Bell-LaPadula
• How to identify integrity models such as Biba and Clark-Wilson
• Common flaws and security issues associated with security architecture designs
• Cryptography and how it is used to protect sensitive information
• The need for and placement of physical security control

Lesson 5: Communications and Network Security

• Secure network design
• The difference between LAN and WAN topologies
• The OSI model and its layers
• The four layers of the TCP/IP stack
• Convergence protocol

Lesson 6: Identity and Access Management

• Identity and access management
• How to control physical and logical control to assets
• Methods to integrate identity as a third-party service
• Difference between discretionary, mandatory attribute-based and role-based access control
• How to manage the identity and access provisioning lifecycle
• How to differentiate authorization types

Lesson 7: Security Assessment and Testing

• Security assessment and testing
• Assessment and test strategies
• How to identify attack methodologies
• Automated and manual testing techniques
• Examples and penetration test methodologies
• Log reviews
• Disaster recovery and business continuity
• How to perform security assessment and penetration tests
• Security metrics
• Incident response techniques

Lesson 8: Security Operations

• Disaster recovery processes and plans
• How to understand and support investigations
• Foundational security concepts
• Different types of RAID
• How to implement disaster recovery strategies and recovery strategies
• How to participate in business continuity planning and exercises
• Perimeter and internal physical controls
• How to implement disaster recovery processes
• Auditing and monitoring

Lesson 9: Software Development Security

• The role of security in the software development lifecycle
• Database design
• The Capability Maturity Model
• The steps of the development lifecycle
• How to determine the effectiveness of software security
• The impact of acquired software security
• Different types of application design techniques
• The role of change management
• The primary types of database