CISSP Certified Information Systems Security Professional

CISSP Certified Information Systems Security Professional provides expertise to fully prepare for the Certified Information Systems Security Professional exam with a complete knowledge of the 8 Common Body Knowledge (CBK) domains.

An overview of Security and Risk Management

• Describing terminologies of confidentiality, integrity, and availability
• Execution of security governance principles
• Identify legal and managerial matters that affect to information security in a global context
• Identify professional philosophies
• Develop and implement recognised Security Policy, Morals, Activities, and Approaches
• Understand business continuity needs
• Donate to workers security rules
• Classify risk management concepts
• Understand and relate threat modelling
• Integrate security risk discussions into attainment plan and practice
• Create and access information security education, exercise, and awareness
• Supporting security and risk to organisational purposes
• Retaining confidentiality, integrity, and obtainability security principles
• Handling security policies, standards and events
• Applying obedience
• Applying risk management ideas

• Assessing threats and susceptibilities
• Performing risk analysis and control
• Describing qualitative and quantitative analysis

• Conserving the business
  • Following to Business Continuity Management Code of Repetition and Stipulations
  • Acting a business impact analysis

• Examining legal events and methods

• Studying intelligent property, obligation and law, and obedience
• Distinguishing traditional and computer crime

• Speaking ethical behaviour and obedience

Asset Security

• Classify information and supporting properties
• Control and maintain possession
• Applying Protect privacy
• Guarantee appropriate retention
• Describe data safety controls
• Handling launch requirements
• Identifying, categorising and prioritising assets
• Protective data through proper treatment, patterns, classification, and storage
• Addressing PII, privacy, and suitable retention

Security Engineering

• Implement and manage manufacturing procedures using secure design principles
• Comprehend the vital concepts of security models
• Comprehend security abilities of info systems
• Measure and lessen the vulnerabilities of security architectures
• Assess and mitigate weaknesses in mobile systems
• Assess and mitigate susceptibilities in embedded devices and cyber-physical systems
• Apply cryptography
• Observing security models and frameworks
• An overview of Information Security Triad and multi-level models
• Examining industry morals: ISO 27001/27002
• Assessing security model essential concepts
• Exploring system and component security concepts
• System design philosophies, competencies, and boundaries
• Guarantee and authorization standards and models
• Studying mobile systems susceptibilities
• Defensive information by relating cryptography
• Specifying symmetric and asymmetric encryption systems
• Confirming message integrity through hashing
• Revealing threats to cryptographic systems
• Safeguarding physical resources
• Planning environments to resist hostile acts and threats
• Repudiating unauthorised access

Network Security and Communication

• Purpose secure design values to network architecture
• Examining Secure network works
• Plan and start secure communication positions
• Prevent or reduce network spasms

Access & Identify Management

• Control logical and physical access to properties
• Manage documentation and confirmation of people and devices
• Integrate individuality as a service
• Integrate third-party identity facilities
• Apply and achieve authorization tools
• Evade or ease access control attacks
• Manage the individuality and access provisioning lifecycle
• Supervisory access to protect assets
• Describing administrative, technical and physical controls
• Applying centralised and decentralised methods
• Examining biometric and multi-factor verification
• Classifying common dangers
• Studying cloud services and architecture

Security Assessment & Testing

• Plan and validate evaluation and test plans
• Conduct security control testing
• Collect security process data
• Inspect and report test outputs
• Understand the weaknesses of security architectures
• Planning and showing security assessment methods
• Benefitting the role of testing and checking to examine the efficiency of security controls
• Distinguishing detection and protection systems
• Conducting logging and monitoring methods
• Differentiating between the roles of internal and external reviews
• Describing secure account management

 Security Operations

• Understand and support inquiries
• Comprehend supplies for investigation types
• Conduct logging and observing actions
• Secure the provisioning of resources
• Understand and apply foundational security processes ideas
• An overview of Service resource protection methods
• Introducing Conduct incident management
• Understanding Function and sustain preventative measures

Software Security Development

• Comprehend and using security in the software development lifecycle
• using security controls in development environments
• Measure the efficiency of software security
• Estimate security effect of assimilated software