CISSP®- Certified Information Systems Security Professional

1. Security and Risk Management (e.g., Security, Risk, Compliance, Law, Regulations, Business Continuity)

• Understand and Apply Concepts of Confidentiality, Integrity, and Availability • Apply Security Governance Principles • Compliance • Understand Legal and Regulatory Issues that Pertain to Information Security in a Global Context • Develop and Implement Documented Security Policy, Standards, Procedures, and Guidelines • Understand Business Continuity Requirements • Contribute to Personnel Security Policies • Understand and Apply Risk Management Concepts • Understand and Apply Threat Modeling • Integrate Security Risk Considerations into Acquisitions Strategy and Practice • Establish and Manage Security Education, Training, and Awareness

2. Asset Security (Protecting Security of Assets) • Classify Information and Supporting Assets

• Determine and Maintain Ownership • Protect Privacy • Ensure Appropriate Retention • Determine Data Security Controls • Establish Handling Requirements

3. Security Engineering (Engineering and Management of Security)

• Implement and Manage an Engineering Life Cycle Using Security Design Principles • Understand Fundamental Concepts of Security Models • Select Controls and Countermeasures Based Upon Information Systems Security Standards • Understand the Security Capabilities of Information Systems • Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements • Assess and Mitigate Vulnerabilities in Web-based Systems • Assess and Mitigate Vulnerabilities in Mobile Systems • Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical Systems • Apply Cryptography • Apply Secure Principles to Site and Facility Design • Design and Implement Facility Security

4. Communications and Network Security (Designing and Protecting Network Security)

• Apply Secure Design Principles to Network Architecture • Securing Network Components • Design and Establish Secure Communication Channels • Prevent or Mitigate Network Attacks

5. Identity and Access Management (Controlling Access and Managing Identity)

• Control Physical and Logical Access to Assets • Manage Identification and Authentication of People and Devices • Integrate Identity as a Service (IDaaS) • Integrate Third-Party Identity Services • Implement and Manage Authorization Mechanisms • Prevent or Mitigate Access Control Attacks • Manage the Identity and Access Provisioning Life Cycle

6. Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)

• Design and Validate Assessment and Test Strategies • Conduct Security Control Testing • Collect Security Process Data • Conduct or Facilitate Internal and Third-Party Audits

7. Security Operations (e.g., Foundational Concepts, Investigations, Incident Management, Disaster Recovery)

• Understand and Support Investigations • Understand Requirements for Investigation Types • Conduct Logging and Monitoring Activities • Secure the Provisioning of Resources through Configuration Management • Understand and Apply Foundational Security Operations Concepts • Employ Resource Protection Techniques • Conduct Incident Response • Operate and Maintain Preventative Measures • Implement and Support Patch and Vulnerability Management • Participate in and Understand Change Management Processes • Implement Recovery Strategies • Implement Disaster Recovery Processes • Test Disaster Recovery Plan • Participate in Business Continuity Planning • Implement and Manage Physical Security • Participate in Personnel Safety

8. Software Development Security (Understanding, Applying, and Enforcing Software Security)

• Understand and Apply Security in the Software Development Life Cycle • Enforce Security Controls in the Development Environment • Assess the Effectiveness of Software Security • Assess Software Acquisition Security



PRICE: $2,499 per participant