Certified Information Systems Security Professional (CISSP)®

The World's Premier Cybersecurity Certification

Earning the CISSP proves you have what it takes to effectively design, implement and manage a best-in-class cybersecurity program.

With a CISSP, you validate your expertise and become an (ISC)² member, unlocking a broad array of exclusive resources, educational tools, and peer-to-peer networking opportunities.

Managed by the International Information System Security Certification Consortium (ISC)2 develops & maintains the CISSP Domains and conducts examinations for professionals globally.

What You'll Learn - CISSP Domains

The largest domain and has the highest percentage (15%) of marks in the certification. 

Key aspects: 

  • Concepts of integrity, confidentiality, and availability
  • Applying security governance principles
  • Evaluation of compliance requirements
  • Integration of professional ethics
  • Legal and regulatory issues relevant to information security on a global perspective
  • Develop scope, plan, and impact for business continuity requirements
  • Establishing personnel security policies and procedures
  • Understand and applying fundamentals of risk managements
  • Concepts of threat modeling and methodologies
  • Building risk-based management concepts in the supply chain 
  • Conduct security awareness, training, and educational programs 

This domain covers the security information and requirements for assets within an organization. The main topic in Asset Security are:

  • Identification, classification, and ownership of information and assets
  • Protecting privacy
  • Assets retention
  • Establishing data security controls
  • Handling

This domain includes various aspects of design principles, models, and secure capabilities assessment in organizational security architecture. The main topic focussed on this domain are:

  • Engineering implementations using secure design principles
  • Fundamental concepts used in security models
  • Concepts for security capabilities of information systems
  • Cryptography
  • Asset and mitigate vulnerabilities in security architects, designs, mobile systems, web-based systems, and embedded system
  • Applying and implementing security principles and controls to site

This domain learning consists of secure network components, principles, and implementing communications. Main topics covered under this domain are:

  • Implementing and securing design principles in network architecture
  • Establishing secure network components
  • Securing communication channels as per design

This domain section covers user accessibility features within an organization. Main topics in this section are:

  • Controlling physical and logical access to the assets
  • Controlling and manage authentication and identification of devices, people, and services
  • Understanding and integrating identity as a third-party service
  • Implementing Authorization mechanism
  • Identity and access lifecycle 

This section deals with the design, performance, testing, and Information System auditing. The main topics that come under this domain are:

  • Building internal, external and third-party audit strategies
  • Assessing security control testing
  • Collecting secure data
  • Analyzing test outputs and generating a report
  • Facilitating security audits

This domain offers insight into the plan of operations with investigations, monitoring, and protection techniques for security. Main topics that follow in this domain are:

  • Understanding Investigations (Techniques, collection, handling, and digital forensic tools)
  • International requirements for investigation types
  • Establishing logging and monitoring activities
  • Assets inventory, configurations, and management
  • Concepts for foundational security operations
  • Understanding resource protection techniques
  • Incident management
  • Implementing and Testing disaster recovery plans
  • Process and testing for Disaster Recovery (DR)
  • Evaluating physical security
  • Business Continuity planning and exercises
  • Managing physical security
  • Managing personnel security and safety

This domain provides concepts, applications, and implementations for software security. Here are the main topics under this section:

  • Understand and implement security throughout the Software Development Life Cycle (SDLC)
  • Executing security controls in development environments
  • Effectiveness of software security (Auditing, logging, risk analysis, and mitigation)
  • Evaluation of security impact
  • Setting and applying secure coding standards and guidelines

Prerequisite

Applicants need to possess an undergraduate degree and should have a minimum of five years of work experience in at least two or more of the CISSP Domains to qualify for this certification.

The candidate needs to score at least 700 out of a maximum of 1000 points from this CISSP eight domains examination.

CISSP Certification
A CISSP certification validates your skills in IT Security management.

Who Needs to Attend

Duration
5 Days