CISSP Certified Information Systems Security Professional

CISSP Overview

A decrease in the number of domains, from ten to eight, was introduced in April 2015. A reviewed and efficient content comprising the most current and best practice topics for today's safety landscape.

From 15 April 2015 the CISSP Courses domains changed:

• Security and Risk Management.
• Security Engineering.
• Communications and Network Security.
• Asset Security.
• Security Assessment and Testing.
• Security Operations.
• Software Development Security.
• Identity and Access Management.

Course Content

Security and Risk Management

• Defining concepts of confidentiality, integrity, and availability.
• Implementation of security governance principles.
• Recognise legal and supervisory issues that affect to information security in a global context.
• Recognise professional principles.
• Develop and implement documented Security Policy, Morales, Actions, and Strategies.
• Comprehend business continuity necessities.
• Contribute to personnel security rules.
• Recognise risk management concepts.
• Understand and apply threat modelling.
• Assimilate security risk deliberations into attainment strategy and practice.
• Create and access information security education, exercise, and consciousness.

Asset Security

• Categorise information and supporting effects.
• Regulate and maintain possession.
• Protect privacy.
• Guarantee suitable retention.
• Define data safety controls.
• Launch handling necessities.

Security Engineering

• Implement and manage manufacturing procedures using secure design principles.
• Comprehend the vital concepts of security models.
• Select controls and countermeasures based upon systems security evaluation models.
• Comprehend security abilities of info systems.
• Measure and lessen the vulnerabilities of security architectures.
• Assess and mitigate the vulnerabilities in web-based systems.
• Assess and mitigate weaknesses in mobile systems.
• Assess and mitigate susceptibilities in embedded devices and cyber-physical systems.
• Apply cryptography.

Network Security and Communication

• Appliance secure design philosophies to network architecture.
• Analysing Secure network components.
• Design and establish secure communication stations.
• Avert or diminish network spasms.

Access & Identity Management

• Control logical and physical access to possessions.
• Manage identification and verification of people and devices.
• Incorporate uniqueness as a service.
• Assimilate third-party identity amenities.
• Apply and manage authorization tools.
• Avoid or alleviate access control attacks.
• Manage the identity and access provisioning lifecycle.

Security Assessment & Testing

• Plan and authenticate assessment and test plans.
• Conduct security control testing.
• Gather security process data.
• Examine and report test outputs.
• Comprehend the weaknesses of security architectures.

Security Operations

• Comprehend and support inquiries.
• Understand necessities for investigation types.
• Conduct logging and monitoring actions.
• Secure the provisioning of resources.
• Understand and apply foundational security processes concepts.
• Service resource protection methods.
• Conduct incident management.
• Function and sustain preventative measures.

Software Security Development

• Understand and apply security in the software development lifecycle.
• Apply security controls in development environments.
• Measure the effectiveness of software security.
• Evaluate security influence of acquired software.