Training Introduction

The CISSP® (Certified Information Systems Security Professional) Training Prep Course is a premier educational program designed for information security professionals seeking to deepen their technical and managerial expertise. This comprehensive curriculum is structured to provide an in-depth exploration of the complex multi-disciplinary fields of cybersecurity, ensuring that participants are equipped with the knowledge required to protect critical organizational assets.

The course encompasses a broad spectrum of information security domains, ranging from security governance and risk management to asset security and systems engineering. Participants will engage with advanced concepts such as the ISC2 Code of Ethics, the CIA Triad (Confidentiality, Integrity, and Availability), and the implementation of Trusted Platform Modules (TPM) 2.0. By integrating theoretical frameworks with practical insights, this program offers a robust foundation for professionals aiming to excel in the evolving landscape of global information security.

General Objectives

• The primary objectives of this training program are to enable participants to:
• Master the fundamental principles of security and risk management within complex IT environments.
• Develop and implement sophisticated strategies for asset protection and lifecycle management.
• Design and engineer resilient security architectures based on internationally recognized standards.
• Establish robust identity and access management (IAM) frameworks to ensure precise authorization controls.
• Conduct comprehensive security assessments and audits to identify and mitigate systemic vulnerabilities.
• Manage day-to-day security operations and incident response protocols with high efficiency.
• Integrate security protocols into the Software Development Life Cycle (SDLC) to foster secure application environments.

Course Benefits and Learning Outcomes

• Risk Management
• Asset Security
• Architecture
• Network Security
• Identity Management

Course Outline : 

Day 1 & 2: Security and Risk Management

• Legal and regulatory issues in a holistic information security context.
• Requirements for various investigation types (administrative, criminal, civil, and regulatory).
• Development and implementation of security policies, standards, and procedures.
• Business Continuity (BC) requirements and personnel security policies.
• Risk management concepts, threat modeling, and Supply Chain Risk Management (SCRM).
• Establishment of security awareness and education programs.

Day 3: Asset Security

This session is dedicated to the protection of organizational data and physical assets. The curriculum covers:

• Identification and classification of information and assets.
• Establishment of handling requirements and secure resource provisioning.
• Management of the data lifecycle and asset retention (EOL/EOS).
• Determination of data security controls and compliance requirements.

Day 4 & 5: Security Architecture and Engineering

These days delve into the technical design of secure systems. Participants will study:

• Secure design principles and security models (e.g., Defense in Depth, Least Privilege).
• Cryptographic systems, including symmetric/asymmetric keys, hashing, and digital signatures.
• Security of database systems, operating systems, and cloud environments.
• Physical security controls and environmental safety measures.

Day 6: Communication and Network Security

This module focuses on the integrity of data transmission and network infrastructure. Topics include:

• Secure design principles in network architectures.
• Securing network components such as routers, switches, and firewalls.
• Implementation of secure communication channels (IPSec, SSL/TLS).
• Wireless security and Virtual Private Networks (VPNs).

Day 7: Identity and Access Management (IAM)

• Participants will learn to manage the human and device elements of security through:
• Physical and logical access control mechanisms.
• Identification and authentication of people, devices, and services.
• Federated identity services and multi-factor authentication (MFA).
• Authorization mechanisms and the identity provisioning lifecycle.

Day 8: Security Assessment and Testing

This day emphasizes the validation of security controls. The curriculum includes:

Design and validation of assessment, test, and audit strategies.

Conducting security control testing and collecting process data.

Analyzing test outputs and generating comprehensive security reports.

Facilitating internal and external security audits.

Day 9: Security Operations

The focus shifts to the operational aspects of maintaining a secure environment:

• Incident management, logging, and monitoring activities.
• Configuration management, baselining, and automation.
• Patch and vulnerability management and change management processes.
• Disaster Recovery (DR) processes and Business Continuity (BC) exercises.
• Personnel safety and physical security management.

Day 10: Software Development Security

The final day addresses the security of the applications that drive the business:

• Integration of security within the Software Development Life Cycle (SDLC).
• Security controls in software development ecosystems.
• Assessing the effectiveness of software security and secure coding practices.
• Evaluating the security impact of acquired or third-party software.