CISSP – Certified Information Systems Security Professional


Course Length: 5 days

Course Description:

This course is designed for students who need to learn the skills and knowledge necessary for certification in the CBKs (Common Books of Knowledge) for ISC2's certification for the Certified Information Systems Security Professional (CISSP) exam. The course is designed for information security professionals or interns who plan to work with some or all of CBKs related to the information systems security profession.

Preparation for these exams should include this course, self-study, further reading and hands-on experience. There are three text references to assure a comprehensive coverage of the knowledge required to take the 250-question/6-hour certification exam. The key to passing this exam is by obtaining an understanding and knowledge of all of the material presented during the class, so that you can answer the questions on the exam that are usually based on several CBKs per cert exam question.

The best way to prepare for this is to organize and summarize your learning from the PowerPoint presentations used during the class as you review the three text references. For each item that you are having difficulty with understanding or retaining, it is suggested that you do further reading from the resource materials and research the subject matter on the internet.

Course Objectives:

  • Access Control
  • Application Security
  • Business Continuity and Disaster Recovery Planning
  • Cryptography
  • Information Security and Risk Management
  • Legal, Regulations, Compliance and Investigations
  • Operations Security
  • Physical (Environmental) Security
  • Security Architecture and Design
  • Telecommunications and Network Security
  • Target Student:
    This course is intended for experienced IT security-related practitioners, auditors, consultants, investigators, or instructors, including network or security analysts and engineers, network administrators, information security specialists, and risk management professionals, who are pursuing CISSP training and certification to acquire the credibility and mobility to advance within their current computer security careers or to migrate to a related career. Through the study of all 10 CISSP CBK domains, students will validate their knowledge by meeting the necessary preparation requirements to qualify to sit for the CISSP certification exam. Additional CISSP certification requirements include a minimum of five years of direct professional work experience in one or more fields related to the 10 CBK security domains, or a college degree and four years of experience.

    It is highly recommended that students have certifications in Network+ or Security+, or possess equivalent professional experience upon entering CISSP training. It will be beneficial if students have one or more of the following security-related or technology-related certifications or equivalent industry experience: MCSE, MCTS, MCITP, SCNP, CCNP, RHCE, LCE, CNE, SSCP®, GIAC, CISA™, or CISM®.

    Delivery Method:
    Instructor led, group-paced, classroom-delivery learning model with structured hands-on activities.

    Performance-Based Objectives :
    Upon successful completion of this course, students will be able to:

    • analyze security architecture and design.
    • analyze network security systems and telecommunications.
    • analyze information security management goals.
    • analyze information security classification and program development.
    • analyze risk management criteria and ethical codes of conduct.
    • analyze software development security.
    • analyze cryptography characteristics and elements.
    • analyze physical security.
    • analyze operations security.
    • apply Business Continuity and Disaster Recovery Plans..
    • identify legal issues, regulations, compliance standards, and investigation practices relating to information systems security.

    Text and Materials
    ISC2 The Official Guide to the CISSP CBK, 2nd Edition (ISBN 978-1-4398-0959-4)
    CISSP All-I-One Exam Guide, Fifth Edition, Shon Harris (ISBN-10: > 0071602178)

    Course Content

    Lesson 1: Information Systems Access Control
    Topic 1A: Data Access Principles
    Topic 1B: System Access and Authentication
    Topic 1C: Attacks and Penetration Tests

    Lesson 2: Security Architecture and Design
    Topic 2A: Security Architecture Frameworks and Security Models
    Topic 2B: Security Modes
    Topic 2C: System Assurance

    Lesson 3: Network and Telecommunications Security
    Topic 3A: Data Network Design
    Topic 3B: Remote Data Access
    Topic 3C: Data Network Security
    Topic 3D: Data Network Management

    Lesson 4: Information Security Management Goals
    Topic 4A: Organizational Security
    Topic 4B: The Application of Security Concepts

    Lesson 5: Information Security Classification and Program Development
    Topic 5A: Information Classification
    Topic 5B: Security Program Development

    Lesson 6: Risk Management and Ethics
    Topic 6A: Risk Management
    Topic 6B: Ethics

    Lesson 7: Software Development Security
    Topic 7A: Software Configuration Management
    Topic 7B: Software Controls
    Topic 7C: Database System Security

    Lesson 8: Cryptography
    Topic 8A: Ciphers and Cryptography
    Topic 8B: Symmetric-Key Cryptography
    Topic 8C: Asymmetric-Key Cryptography
    Topic 8D: Hashing and Message Digests
    Topic 8E: Email, Internet, and Wireless Security
    Topic 8F: Cryptographic Weaknesses

    Lesson 9: Physical Security
    Topic 9A: Physical Access Control
    Topic 9B: Physical Access Monitoring
    Topic 9C: Physical Security Methods
    Topic 9D: Facilities Security

    Lesson 10: Operations Security
    Topic 10A: Operations Security Control
    Topic 10B: Operations Security Auditing and Monitoring
    Topic 10C: Operational Threats and Violations

    Lesson 11: Business Continuity and Disaster Recovery Planning
    Topic 11A: Business Continuity Plan Fundamentals
    Topic 11B: Business Continuity Plan Implementation
    Topic 11C: Disaster Recovery Plan Fundamentals
    Topic 11D: Disaster Recovery Plan Implementation

    Lesson 12: Legal, Regulations, Compliance, and Investigations
    Topic 12A: Computer Crime Laws and Regulations
    Topic 12B: Computer Crime Incident Response

    Appendix A: Mapping CISSP® Course Content to the (ISC)² CISSP Exam Objectives