top of page
Dot Waves

CISSP

Certification Prep Course
CISSP Exam Preparation Course

Course code: CISSP-CPC
Duration: 5 days
Type: Teacher-led instruction

About this course

This course was updated in 2022 and provides a comprehensive review of data security concepts and best practices in the industry. It focuses on the eight domains of the CISSP-CBK (Common Body of Knowledge) covered in the CISSP exam. Learners will gain knowledge in data security, enhancing their ability to implement and manage security programs in organizations or government agencies effectively.

What You Will Receive

  • Textbook

  • Practice questions with complete answer explanations

  • Flashcards

Target Audience
  • Professionals seeking CISSP certification

  • Individuals looking to enhance their skills to work in the field of information security or to transition to related careers

 

Upon completion of this course, learners will be able to:

  • Manage security and risk

  • Ensure asset security

  • Perform security engineering

  • Communicate and secure networks

  • Manage identity and access

  • Conduct security assessments and testing

  • Operate security measures

  • Ensure security in software development

Course Outline
  • Security Governance through Principles and Policies

    • Security 101

    • Understanding and applying security concepts.

    • Security Scope

    • Evaluating and applying security governance principles.

    • Security Functions Management

    • Policies, standards, procedures, and security guidelines.

    • Threat Modeling

    • Supply chain risk management.

  • Personnel Security and Risk Management Concepts

    • Personnel security policies and procedures.

    • Understanding and Applying Risk Management Concepts

    • Social engineering.

    • Establishing and Maintaining Security Awareness Programs

    • Security education and training.

  • Business Continuity Planning

    • Scope

    • project planning

    • business impact analysis

    • continuity planning

    • plan approval, and execution.

  • Laws, Regulations, and Compliance

    • Categories of laws

    • privacy laws

    • compliance

    • contracts

    • procurement

  • Asset Security

    • Identifying and classifying information and assets.

    • Establishing asset management requirements

    • methods for data protection.

    • Understanding the Role of Information

    • Applying security criteria

  • Encryption, and symmetric key algorithms.

    • Cryptography Foundations

    • Modern encryption

    • symmetric encryption

    • encryption lifecycle

  • PKI

    • asymmetric encryption

    • hash functions

    • digital signatures

    • key management

    • Asymmetric Key Management

    • Hybrid Encryption

    • Cryptography Applications

    • Cryptographic Attacks

  • Principles of Security Models, Design, and Capabilities

    • Security Design Principles

    • Techniques for Ensuring CIA (Confidentiality, Integrity, Availability)

    • Understanding Basic Concepts of Security Models

    • Selecting Controls Based on System Security Requirements

    • Understanding Information System Security Capabilities

  • Vulnerabilities, Threats, and Security Measures

    • Shared Responsibility

    • Assessing and Mitigating Vulnerabilities in Security Architecture, Design, and Solution Components

    • Client Systems

    • Server Systems

    • Industrial Control Systems

    • Distributed Systems

    • High-Performance Computing (HPC)

    • Internet of Things (IoT)

    • Edge and Fog Computing

    • Embedded Devices and Cyber-Physical Systems

    • Specialized Devices

    • Microservices

    • Infrastructure as Code

    • Virtual Systems

    • Data Storage

    • Serverless Architecture

    • Mobile Devices

    • Essential Security Protection Mechanisms

    • Common Defects and Issues in Security Architecture

  • Physical Security Requirements

    • Applying Security Principles in Facility Design

    • Implementing Security Controls for Facilities and Sites

    • Managing Physical Security

  • Secure Network Architecture and Components

    • OSI Model

    • TCP/IP Model

    • Network Traffic Analysis

    • Common Application Layer Protocols

    • Transport Layer Protocols

    • Domain Name System (DNS)

    • Building Internet Protocol (IP) Networks

    • ARP Concerns

    • Secure Communication Protocols

    • Impact of Multi-layer Protocols

    • Subnetting

    • Wireless Networks

    • Other Communication Protocols

    • Cellular Networks

    • Content Delivery Networks (CDN)

    • Secure Network Components

  • Secure Communication and Network Attacks

    • Security Protocol Mechanisms

    • Secure Voice Communication

    • Remote Access Security Management

    • Multimedia Collaboration Security

    • Secure Email Management

    • Virtual Private Networks (VPN)

    • Switching and Virtual LAN (VLAN)

    • Network Address Translation (NAT)

    • Third-party Connections

    • Switching Technology

    • WAN Technology

    • Fiber Optic Links

    • Security Control Characteristics

    • Preventing or Mitigating Network Attacks

  • Identity and Authentication Management

    • Access Control of Assets

    • Identity and Authentication Management

    • Implementing Identity Management

    • Managing Identity and Access Lifecycle

  • Access Control and Monitoring

    • Comparing Access Control Models

    • Implementing Authentication Systems

    • Understanding Access Control Attacks

  • Security Assessment and Testing

    • Creating Security Assessment and Testing Programs

    • Conducting Vulnerability Assessments

    • Testing Your Software

    • Implementing Security Management Processes

  • Security Operations Management

    • Applying Basic Security Operations Concepts

    • Troubleshooting Personnel and Security Issues

    • Securing Resource Allocation

    • Resource Protection

    • Cloud Managed Services

    • Configuration Management (CM)

    • Change Management

    • Patch Management and Vulnerability Mitigation

  • Incident Prevention and Response

    • Incident Management

    • Implementing Preventative and Protective Measures

    • Logging and Monitoring

    • Automated Incident Response

  • Disaster Recovery Planning

    • Nature of Disasters

    • Understanding System Resilience, High Availability, and Fault Tolerance

    • Recovery Strategies

    • Developing Recovery Plans

    • Training, Awareness, and Documentation

    • Testing and Maintenance

  • Investigations and Ethics

    • Investigations

    • Major Categories of Cybercrime

    • Ethics

  • Software Development Security

    • Introducing System Development Controls

    • Establishing Databases and Data Storage

    • Data Storage Threats

    • Understanding Knowledge Base Systems

  • Malicious Code and Application Attacks

    • Malware

    • Malware Protection

    • Application Attacks

    • Injection Vulnerabilities

    • Exploiting Authorization Vulnerabilities

    • Exploiting Web Application Vulnerabilities

    • Application Security Controls

    • Secure Coding Practices

bottom of page