ISC2 CISSP Certified Information Systems Security Professional Pearson Skilling Suite
Course description:
The Certified Information Systems Security Professional (CISSP) course is a perfect companion to preparing for the CISSP Exam. It focuses specifically on the objectives for the CISSP exam introduces by ISC2 in May 2021. The course will review asset retention, secure provisioning, crypto attacks, machine learning tools, threat hunting, risk-based access control, zero trust, SAML, SOAR, CASB, securing microservices, containers, managed services, and many other topics, while helping you identify areas of weakness and improving your conceptual knowledge and hands-on skills.
The goal of this course is to provide you with all the tools you need to prepare for the CISSP Exam — including preparation hints, test-taking tips, time-saving strategies, self-assessment questions, and practice exams — to increase your chances of passing the exam on your first try.
Duration: 5 days of training
Audience:
IT security professionals and security leaders who are interested in seeking certification or who need to maintain their certification.
Prerequisites:
- 1-2 years professional experience with IT security
- Experience working with IT security
- Fluency in security procedures such as business continuity planning, disaster planning, and risk assessment
Course objectives
Upon successful completion of this course, students should be able to:
- Understand security and risk management
- Classify information and assets
- Review security architecture and engineering for vulnerabilities and design flaws
- Improve communication and network security architectures, components, and channels
- Strengthen identity and access management (IAM) controls, services, and provisioning
- Enhance security assessment and testing designs to collect and process data to support audits
- Manage security operations
Lesson 1: The CISSP Certification Exam
- Assessing exam requirements
- Determining whether you’re ready for the exam
- Using practice questions
- Using your time wisely
Lesson 2: Understanding Asset Security
- Proper methods for data destruction
- Development of documents that can aid in compliance with local, state, and federal laws
- The implementation of encryption and its use for the protection of data
- How to use data security control
Lesson 3: Security and Risk Management
- Calculations used for risk management
- Approved approaches to good security management
- How to perform qualitative risk analysis
- How to perform quantitative risk analysis
- How to perform hybrid risk analysis
- Good resource protection
- The roles of security policies, procedures, guidelines and baselines
- Proper data classification
- Proper implementation of security roles
- How to perform risk calculation
Lesson 4: Security Architecture and Engineering
- How to select controls based on system security requirements
- Use of confidentiality models such as Bell-LaPadula
- How to identify integrity models such as Biba and Clark-Wilson
- Common flaws and security issues associated with security architecture designs
- Cryptography and how it is used to protect sensitive information
- The need for and placement of physical security control
Lesson 5: Communications and Network Security
- Secure network design
- The difference between LAN and WAN topologies
- The OSI model and its layers
- The four layers of the TCP/IP stack
- Convergence protocol
Lesson 6: Identity and Access Management
- Identity and access management
- How to control physical and logical control to assets
- Methods to integrate identity as a third-party service
- Difference between discretionary, mandatory attribute-based and role-based access control
- How to manage the identity and access provisioning lifecycle
- How to differentiate authorization types
Lesson 7: Security Assessment and Testing
- Security assessment and testing
- Assessment and test strategies
- How to identify attack methodologies
- Automated and manual testing techniques
- Examples and penetration test methodologies
- Log reviews
- Disaster recovery and business continuity
- How to perform security assessment and penetration tests
- Security metrics
- Incident response techniques
Lesson 8: Security Operations
- Disaster recovery processes and plans
- How to understand and support investigations
- Foundational security concepts
- Different types of RAID
- How to implement disaster recovery strategies and recovery strategies
- How to participate in business continuity planning and exercises
- Perimeter and internal physical controls
- How to implement disaster recovery processes
- Auditing and monitoring
Lesson 9: Software Development Security
- The role of security in the software development lifecycle
- Database design
- The Capability Maturity Model
- The steps of the development lifecycle
- How to determine the effectiveness of software security
- The impact of acquired software security
- Different types of application design techniques
- The role of change management
- The primary types of database
