Certified Information Systems Security Professional (CISSP)

About the Course

The Certified Information Systems Security Professional (CISSP) training course is designed to equip professionals with the knowledge and skills necessary to excel in information security. As the digital landscape continues evolving, the importance of robust security measures cannot be overstated. The course is aligned with the standards of the International Information System Security Certification Consortium (ISC)², which provides delegates with a deep understanding of critical security concepts and practices, ensuring they are well-prepared to protect organisational assets in an increasingly complex and interconnected world.

Delegates will gain expertise in the various domains of information security, enabling them to design, implement, and manage effective security strategies across a wide range of environments, covering the essential principles and practices vital for ensuring information systems' confidentiality, integrity, and availability. Through a combination of theoretical instruction and practical application, they will develop the capability to identify and mitigate potential security threats, manage risks, and respond to incidents to minimize impact on operations and data.

Furthermore, this preparatory examination program is particularly valuable for professionals aiming to achieve the CISSP certification, a globally recognised credential demonstrating proficiency in information security. It provides the foundational and advanced knowledge required to meet the demands of today's cybersecurity challenges. Delegates will be prepared to pass the CISSP exam and equipped to lead and manage security initiatives that safeguard critical information assets in any organisation.

Core Objectives

By the end of the training course, delegates will be able to:

• Understand the fundamental concepts and principles of information security, including confidentiality, integrity, and availability
• Identify potential security threats and vulnerabilities within an organisation's information systems
• Analyse various security incidents and breaches to determine their causes and impacts on the organisation
• Evaluate the effectiveness of different security controls and measures in mitigating risks and protecting information assets
• Design comprehensive security policies and frameworks that align with organisational goals and industry standards
• Implement security strategies and technologies to protect information systems from unauthorised access and cyber threats
• Assess the overall security posture of an organisation, identifying areas for improvement and recommending solutions to enhance protection

Training Approach

This exam preparatory training program combines interactive lectures, hands-on labs, and group discussions to facilitate comprehensive learning. Delegates will engage in practical exercises that simulate real-world scenarios, allowing them to apply their knowledge and develop critical thinking skills. Assessments and Mock Examination will be integrated throughout the program to evaluate understanding and reinforce key concepts.

The Attendees

This exam preparatory training program is designed for professionals responsible for managing and protecting an organisation's information systems and data. These professionals must come from diverse backgrounds in IT and security and seek to enhance their skills and knowledge in accordance with the (ISC)² standards to effectively address the challenges of modern cybersecurity.

But, it will be valuable to the professionals but not limited to the following:

• Information Security Analysts
• IT Security Managers
• Network Security Engineers
• Systems Administrators
• Compliance Officers
• Risk Management Professionals
• Security Consultants
• Software Developers with a Security Focus
• Chief Information Security Officers (CISOs)
• Auditors with IT Security Expertise

Daily Discussion

DAY ONE: SECURITY AND RISK MANAGEMENT 

• Security Governance Principles
• Compliance and Legal Regulations
• Risk Management Strategies
• Business Continuity and Disaster Recovery Planning
• Security Policies, Standards, Procedures, and Guidelines
• Ethics and Professional Conduct in Information Security
• Third-Party Security Management

DAY TWO: ASSET SECURITY

• Information and Asset Classification
• Data Lifecycle Management
• Privacy Protection Principles
• Data Security Controls
• Asset Retention and Handling Requirements
• Secure Data Storage Solutions
• Secure Disposal and Data Destruction Methods
• Handling Sensitive Information

DAY THREE: SECURITY ENGINEERING

• Security Architecture Design
• Cryptography Fundamentals
• Secure System Development Life Cycle (SDLC)
• Physical Security Controls
• Security Models and Frameworks
• Vulnerability Assessment and Penetration Testing
• Security Engineering Practices for IoT and Embedded Systems
• Secure Hardware and Software Design

DAY FOUR: COMMUNICATION AND NETWORK SECURITY

• Network Architecture and Design Principles
• Secure Network Components and Protocols
• Network Security Controls and Devices
• Virtualisation and Cloud Security
• Wireless Security Protocols and Best Practices
• Intrusion Detection and Prevention Systems (IDPS)
• Firewalls and Secure Network Configuration
• Network Monitoring and Logging

DAY FIVE: IDENTITY AND ACCESS MANAGEMENT

• Identity and Access Management (IAM) Concepts
• Authentication, Authorisation, and Accounting (AAA)
• Identity as a Service (IDaaS)
• Single Sign-On (SSO) and Federated Identity Management
• Privileged Access Management (PAM)
• Access Control Models and Techniques
• Identity Governance and Administration (IGA)
• User Access Review and Audit Processes
• Mock Examination