Introduction:

If you're building a career in information security then Certified Information Systems Security Professional (CISSP) is the must-have qualification to help you progress. It is a globally recognized standard (ISO/IEC 17024) that demonstrates your competence as an IT professional. Covering topics including cloud computing, mobile security, application development security, and risk management, you will gain the knowledge to best manage information security issues back in your organization. This course will prepare the candidates to successfully pass the CISSP exam. By participating in this course, IT professionals aspiring for CISSP status will have the opportunity to learn the required skills and interact. The course is oriented towards passing the exam. You will complete the course with solid and practical knowledge regarding, security and risk management in context, asset security, security engineering, communications and network security, identity and access management, security assessment and testing, security operations and software development security. CISSP certification is the ideal credential for those with proven deep technical and managerial competence, skills, experience, and credibility to design, engineer, implement, and manage their overall information security program to protect organizations from growing sophisticated attacks. The course will cover:

• Strategically focus your preparation for CISSP Certification
• Protect resources using access control methods and cryptography
• Plan a secure environment aligned with organizational objectives, compliance requirements, and industry-standard architectures
• Develop operational security and continuity through preventive and recovery mechanisms

Course Objectives:

By the end of this course, delegates will be able to:

• Understand and apply the concepts of risk assessment, risk analysis, data classification, and security awareness and Implement risk management and the principles used to support it (risk avoidance, risk acceptance, risk mitigation, risk transference)
• Apply a comprehensive and rigorous method for describing a current and/or future structure and behavior for an organization's security processes, information security systems, personnel, and organizational sub-units so that these practices and processes align with the organization's core goals and strategic direction and address the frameworks and policies, concepts, principles, structures, and standards used to establish criteria for the protection of information assets, as well as to assess the effectiveness of that protection and establish the foundation of a comprehensive and proactive security program to ensure the protection of an organization’s information assets
• Apply a comprehensive and rigorous method for describing a current and/or future structure and behavior for an organization's security processes, information security systems, personnel, and organizational sub-units so that these practices and processes align with the organization's core goals and strategic direction and examine the principles, means, and methods of applying mathematical algorithms and data transformations to information to ensure its integrity, confidentiality, and authenticity
• Understand the structures, transmission methods, transport formats, and security measures used to provide confidentiality, integrity, and availability for transmissions over private and public communications networks and media and identify risks that can be quantitatively and qualitatively measured to support the building of business cases to drive proactive security in the enterprise
• Offer greater visibility into determining who or what may have altered data or system information, potentially affecting the integrity of those asset and match an entity, such as a person or a computer system, with the actions that entity takes against valuable assets, allowing organizations to have a better understanding of the state of their security posture
• Plan for technology development, including risk, and evaluate the system design against mission requirements, and identify where competitive prototyping and other evaluation techniques fit in the process
• Protect and control information processing assets in centralized and distributed environments and execute the daily tasks required to keep security services operating reliably and efficiently
• Understand the Software Development Life Cycle (SDLC) and how to apply security to it, and identify which security control(s) are appropriate for the development environment, and assess the effectiveness of software security

Who Should Attend?

IT Engineers, IT Professionals, IT Directors, Engineers, IT Project Managers, IT Auditors, IT Compliance Managers, IT Coordinators, IT Support Managers, IT Officers, IT Support Specialists, IT System Administration, Technical Support Professionals, Chief Information Officers, Chief Risk Officers, Information Assurance Officers, Program Managers, Network Systems Analysts, Government Program Managers, R&D Project Managers, Software and System Developers, Chief Security Officers, Security Specialists, Chief Information Security Officers, Directors of Security, Security Architects, Security Operation Center Managers, Security Consultants, Security Managers, Security Auditors, Security Directors, Systems Administrators, Incident Response Analysts, Business Owners, Security Analysts, Security Systems Engineer, Network Architect, Operations Managers, Risk Management Professionals, Network Administration Professionals, Application Developers, Application Support Analysts, Application Engineers, Associate Developers, Technology Officers, Information Officers, Help Desk Specialist, Help Desk Technician, Database Administrators, Network Architects, Network Engineers, Network System Administrators, System Analysts, System Architects, System Designers

Course Outline:

Security and Risk Management

• Aligning security and risk to organizational objectives
• Employing confidentiality, integrity, and availability security principles
• Managing security policies, standards and procedures
• Applying compliance

Applying Risk Management Concepts

• Assessing threats and vulnerabilities
• Performing risk analysis and control
• Defining qualitative and quantitative analysis

Preserving the Business

• Adhering to Business Continuity Management Code of Practice and Specifications
• Performing a business impact analysis

Investigating Legal Measures and Techniques

• Reviewing intellectual property, liability and law, and compliance
• Differentiating traditional and computer crime
• Addressing ethical behavior and compliance

Security Engineering: Examining security Models and Frameworks

• The Information Security Triad and multi-level models
• Investigating industry standards: ISO 27001/27002
• Evaluating security model fundamental concepts

Exploring System and Component Security Concepts

• System design principles, capabilities, and limitations
• Certification and accreditation criteria and models
• Reviewing mobile systems vulnerabilities

Protecting Information by Applying Cryptography

• Detailing symmetric and asymmetric encryption systems
• Ensuring message integrity through hashing
• Uncovering threats to cryptographic systems

Safeguarding Physical Resources

• Designing environments to resist hostile acts and threats
• Denying unauthorized access

Asset Security: Identifying, Categorizing and Prioritizing Assets

• Applying security controls and asset classification
• Protecting data through proper handling, markings, labeling, and storage
• Addressing PII, privacy, and appropriate retention

Communication and Network Security: Defining a Secure Network Architecture

• TCP/IP and other protocol models
• Protecting from network attacks
• Reviewing secure network components and communication channels

Examining Secure Networks and Components

• Identifying wired and wireless technologies
• Implementing firewalls, secure communications, proxies, and tunnels

Identity and Access Management: Controlling Access to Protect Assets

• Defining administrative, technical and physical controls
• Implementing centralized and decentralized approaches
• Investigating biometric and multi-factor authentication
• Identifying common threats
• Reviewing cloud services and architecture

Security Assessment and Testing: Designing and Conducting Security Assessment Strategies

• Leveraging the role of testing and auditing to analyze the effectiveness of security controls
• Differentiating detection and protection systems

Conducting Logging and Monitoring Activities

• Distinguishing between the roles of internal and external audits
• Defining secure account management

Security Operations: Maintaining Operational Resilience

• Managing security services effectively
• Leveraging and supporting investigations and incident response
• Differentiating detection and protection systems
• Implementing logging and monitoring

Developing a Recovery Strategy

• Designing a disaster recovery plan
• Implementing test and maintenance processes
• Provisioning of resources

Software Development Security: Securing the Software Development Life Cycle

• Applying software development methods and security controls
• Highlighting threats: Cross-Site Scripting (XSS), XCRF, JavaScript attacks, and Buffer Overflow
• Addressing database security concepts and issues
• Reviewing software security effectiveness and security impact

COURSE LOCATIONS