Course Outline
Access Control
Security architecture that protects the assets of your systems:
- Concepts, methodologies and techniques
- Effectiveness
- Attacks
Telecommunications & Network Security
Network structures, transmission methods, transport formats and security measures that provide availability, integrity and confidentiality:
- Network architecture and design
- Communication channels
- Network components
- Network attacks
Information Security Governance & Risk Management
Identifying an organisation’s information assets, and the development, documentation and implementation of policies, standards, procedures and guidelines:
- Security governance and policy
- Information classification and ownership
- Contractual agreements and procurement processes
- Risk management concepts
- Personnel security
- Security education, training and awareness
- Certification and accreditation
Software Development Security
The controls found in systems and applications software, and their development:
- Systems Development Life Cycle (SDLC)
- Application environment and security controls
- Effectiveness of application security
Cryptography
The principles, means and methods of disguising information; to ensure its integrity, confidentiality and authenticity:
- Encryption concepts
- Digital signatures
- Cryptanalytic attacks
- Public Key Infrastructure (PKI)
- Information hiding alternatives
Security Architecture & Design
The concepts, principles, structures and standards used to design, implement, monitor, and secure, operating systems, equipment, networks and applications:
- Fundamental concepts of security models
- Capabilities of information systems (e.g. memory protection, virtualization)
- Countermeasure principles
- Vulnerabilities and threats (e.g. cloud computing, aggregation, data flow control)
Security Operations (formerly 'Operations Security')
Controls over hardware, media and operators with access privileges:
- Resource protection
- Incident response
- Attack prevention and response
- Patch and vulnerability management
Business Continuity & Disaster Recovery Planning
How to maintain business in the face of major disruptions:
- Business impact analysis
- Recovery strategy
- Disaster recovery process
- Provide training
Legal, Regulations, Investigations and Compliance
Computer crime laws, investigation and how to gather evidence:
- Legal issues
- Investigations
- Forensic procedures
- Compliance requirements/procedures
Physical (Environmental) Security
How to protect your business's resources and sensitive information:
- Site / facility design considerations
- Perimeter security
- Internal security
- Facilities security
Requirements
To attend the CISSP CBK Review you do not need to have the prerequisite experience for the examination. It is available to anyone working in the field of IT and Information Security and aims to give you a thorough understanding of Information Security even if you do not intend to sit the examination.
If you intend to go on to the examination:
CISSP candidates:
Must have a minimum of five years of direct full-time security professional work experience in two or more of the ten domains of the (ISC)2® CISSP CBK®, or four years of direct full-time security professional work experience in two or more of the ten domains of the CISSP CBK with a college degree.
Associate of (ISC)2 for CISSP:
Associate of (ISC)2 status is available to those knowledgeable in key areas of industry concepts but lacking the work experience. As a candidate, you may take the CISSP examination and subscribe to the (ISC)2 Code of Ethics, however to earn the CISSP credential you will have to acquire the necessary years of professional experience required, provide proof and be endorsed by a member of (ISC)2 in good standing. If you are working towards this credential, you will have a maximum of six years from your exam pass date to acquire the necessary five years of professional experience. For more information please refer to: www.isc2.org
Testimonials (4)
Hazem has a very recent experience passing the exam and knows the gotchas and the way how ISC structures their questions.
Ivan - EY GLOBAL SERVICES (POLAND) SP Z O O
Course - Certified Information System Security Professional (CISSP) CBK Review
Everything - thank you
Akram Amin - Injazat
Course - Certified Information System Security Professional (CISSP) CBK Review
Instructor Hany, was fantastic, very accommodating on questions and getting back to us with answers when he didn't have them at time of the question.
Levon Petrosyan - Crunchyroll
Course - Certified Information System Security Professional (CISSP) CBK Review
I liked the in-depth knowledge about the subject of the trainer, good explanation, highlighting important things!.