fbpx
+91 8447121833 info@mildaintrainings.com

CISSP Training

“CISSP Training Information” | Security experts are in demand stand out with this CISSP course aligned to the ISC² latest release. With 1,000 questions, you’ll be ready to certify on your first attempt

5 Days/ 40hrs

For Corporate/Online Training

+91-8447121833
info@mildaintrainings.com

cissp training  Reviews 

For Online Price INR 25486 24449/-

GET IN TOUCH

 

KEY FEATURES

ideaidea 40 Hours of Training ideaidea Immersive hands-on learning and practical Training
ideaidea •5 simulation exams (250 questions each) ideaidea •8 domain-specific test papers (10 questions each

DESCRIPTION

 

CISSP Training

Led by an (ISC)² authorized instructor, CISSP training seminar provides a comprehensive review of information security concepts and industry best practices, covering the ” 8 domains “ of the CISSP Common Body of Knowledge:

  • Security and Risk Management
  • Asset Security
  • Security Engineering
  • Communications and Network Security
  • Identity and Access Management
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security

Several types of activities are used throughout the course to reinforce topics and increase knowledge retention. These activities include open ended questions from the instructor to the students, matching and poll questions, group activities, open/closed questions, and group discussions. This interactive learning technique is based on sound adult learning theories.

Experience Requirements

Candidates must have a minimum of 5 years cumulative paid full-time work experience in 2 or more of the 8 domains of the CISSP CBK. Earning a 4-year college degree or regional equivalent or an additional credential from the (ISC)² approved list will waive 1 year of the required experience. Only a 1 year experience exemption is granted for education.

A candidate that doesn’t have the required experience to become a CISSP may become an Associate of (ISC)² by successfully passing the CISSP Training examination. The Associate of (ISC)² will then have 6 years to earn the 5 years required experience.

CISSP Examination Information

Length of exam 6 hours
Number of questions 250
Question format Multiple choice and advanced innovative questions
Passing grade 700 out of 1000 points
Exam availability English, French, German,Brazilian Portuguese, Spanish,Japanese, Simplified Chinese, Korean, Visually impaired
Testing center Pearson VUE Testing Center

CISSP Examination Weights

Domains Weight
1. Security and Risk Management 16%
2. Asset Security 10%
3. Security Engineering 12%
4. Communications and Network Security 12%
5. Identity and Access Management 13%
6. Security Assessment and Testing 11%
7. Security Operations 16%
8. Software Development Security 10%
Total: 100%

CURRICULUM

Domain 1: Security and Risk Management

1.1 Understand and apply concepts of confidentiality, integrity and availability

1.2 Apply security governance principles through:

 

  • Alignment of security function to strategy, goals, mission, and objectives (e.g., business case, budget and resources)
  • Organizational processes (e.g., acquisitions, divestitures, governance committees)
  • Security roles and responsibilities
  • Control frameworks
  • Due care
  • Due diligence

1.3 Compliance

  • Legislative and regulatory compliance
  • Privacy requirements compliance

1.4 Understand legal and regulatory issues that pertain to information security in a global context

  • Computer crimes
  • Trans-border data flow
  • Licensing and intellectual property (e.g., copyright, trademark, digital-rights management)
  • Privacy
  • Import/export controls
  • Data breaches

1.5 Understand professional ethics

  • Exercise (ISC)² Code of Professional Ethics
  • Support organization’s code of ethics

1.6 Develop and implement documented security policy, standards, procedures, and guidelines

1.7 Understand business continuity requirements

  • Develop and document project scope and plan
  • Conduct business impact analysis

1.8 Contribute to personnel security policies

  • Employment candidate screening (e.g., reference checks, education verification)
  • Vendor, consultant, and contractor controls
  • Employment agreements and policies
  • Compliance
  • Employment termination processes
  • Privacy

1.9 Understand and apply risk management concepts

  • Identify threats and vulnerabilities
  • Control assessment
  • Risk assessment/analysis (qualitative, quantitative, hybrid)
  • Monitoring and measurement
  • Risk assignment/acceptance (e.g., system authorization)
  • Reporting
  • Countermeasure selection
  • Continuous improvement
  • Implementation
  • Risk frameworks
  • Types of controls (preventive, detective, corrective, etc.)

1.10 Understand and apply threat modeling

  • Identifying threats (e.g., adversaries, contractors, employees, trusted partners)
  • Performing reduction analysis
  • Determining and diagramming potential attacks (e.g., social engineering, spoofing)
  • Technologies and processes to remediate threats (e.g., software architecture and operations)

1.11 Integrate security risk considerations into acquisition strategy and practice

  • Hardware, software, and services
  • Minimum security requirements
  • Third-party assessment and monitoring (e.g., onsite assessment, document exchange and review, process/policy review)
  • Service-level requirements

1.12 Establish and manage information security education, training, and awareness

  • Appropriate levels of awareness, training, and education required within organization
  • Periodic reviews for content relevancy
Domain 2: Asset Security

2.1 Classify information and supporting assets (e.g., sensitivity, criticality)

2.2 Determine and maintain ownership (e.g., data owners, system owners, business/mission owners)

2.3 Protect privacy

  • Data owners
  • Data remanence
  • Data processers
  • Collection limitation

2.4 Ensure appropriate retention (e.g., media, hardware, personnel)

2.5 Determine data security controls (e.g., data at rest, data in transit)

  • Baselines
  • Standards selection
  • Scoping and tailoring
  • Cryptography

2.6 Establish handling requirements (markings, labels, storage, destruction of sensitive information)

Domain 3: Security Engineering

3.1 Implement and manage engineering processes using secure design principles

3.2 Understand the fundamental concepts of security models (e.g., Confidentiality, Integrity, and Multi-level Models)

3.3 Select controls and countermeasures based upon systems security evaluation models

3.4 Understand security capabilities of information systems (e.g., memory protection, virtualization, trusted platform module, interfaces, fault tolerance)

3.5 Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements

  • Client-based (e.g., applets, local caches)
  • Distributed systems (e.g., cloud computing, grid computing, peer to peer
  • Server-based (e.g., data flow control)
  • Database security (e.g., inference, aggregation, data mining, data analytics, warehousing)
  • Cryptographic systems
  • Industrial control systems (e.g., SCADA)
  • Large-scale parallel data systems

3.6 Assess and mitigate vulnerabilities in web-based systems (e.g., XML, OWASP)

3.7 Assess and mitigate vulnerabilities in mobile systems

3.8 Assess and mitigate vulnerabilities in embedded devices and cyber-physical systems (e.g., network-enabled devices, Internet of things (loT))

3.9 Apply cryptography

  • Cryptographic life cycle (e.g., cryptographic limitations, algorithm/protocol governance)
  • Digital signatures
  • Cryptographic types (e.g., symmetric, asymmetric, elliptic curves)
  • Digital rights management
  • Non-repudiation
  • Public Key Infrastructure (PKI)
  • Integrity (hashing and salting)
  • Key management practices
  • Methods of cryptanalytic attacks (e.g., brute force, cipher-text only, known plaintext)

3.10 Apply secure principles to site and facility design

3.11 Design and implement physical security

Domain 4: Communications and Network Security

4.1 Apply secure design principles to network architecture (e.g., IP & non-IP protocols, segmentation)

  • OSI and TCP/IP models
  • Software-defined networks
  • IP networking
  • Wireless networks
  • Implications of multilayer protocols (e.g., DNP3)
  • Cryptography used to maintain communication security
  • Converged protocols (e.g., FCoE, MPLS, VoIP, iSCSI)

4.2 Secure network components

  • Operation of hardware (e.g., modems, switches, routers, wireless access points, mobile devices)
  • Endpoint security
  • Transmission media (e.g., wired, wireless, fiber)
  • Content-distribution networks
  • Network access control devices (e.g., firewalls, proxies)
  • Physical devices

4.3 Design and establish secure communication channels

  • Voice
  • Data communications (e.g., VLAN, TLS/SSL)
  • Multimedia collaboration (e.g., remote meeting technology, instant messaging)
  • Virtualized networks (e.g., SDN, virtual SAN, guest operating systems, port isolation)
  • Remote access (e.g., VPN, screen scraper, virtual application/desktop, telecommuting)

4.4 Prevent or mitigate network attacks

  • Exercise (ISC)² Code of Professional Ethics
  • Support organization’s code of ethics

1.6 Develop and implement documented security policy, standards, procedures, and guidelines

1.7 Understand business continuity requirements

  • Develop and document project scope and plan
  • Conduct business impact analysis

1.8 Contribute to personnel security policies

  • Employment candidate screening (e.g., reference checks, education verification)
  • Vendor, consultant, and contractor controls
  • Employment agreements and policies
  • Compliance
  • Employment termination processes
  • Privacy

1.9 Understand and apply risk management concepts

  • Identify threats and vulnerabilities
  • Control assessment
  • Risk assessment/analysis (qualitative, quantitative, hybrid)
  • Monitoring and measurement
  • Risk assignment/acceptance (e.g., system authorization)
  • Reporting
  • Countermeasure selection
  • Continuous improvement
  • Implementation
  • Risk frameworks
  • Types of controls (preventive, detective, corrective, etc.)

1.10 Understand and apply threat modeling

  • Identifying threats (e.g., adversaries, contractors, employees, trusted partners)
  • Performing reduction analysis
  • Determining and diagramming potential attacks (e.g., social engineering, spoofing)
  • Technologies and processes to remediate threats (e.g., software architecture and operations)

1.11 Integrate security risk considerations into acquisition strategy and practice

  • Hardware, software, and services
  • Minimum security requirements
  • Third-party assessment and monitoring (e.g., onsite assessment, document exchange and review, process/policy review)
  • Service-level requirements

1.12 Establish and manage information security education, training, and awareness

  • Appropriate levels of awareness, training, and education required within organization
  • Periodic reviews for content relevancy
Domain 5: Identity and Access Management

5.1 Control physical and logical access to assets

  • Information
  • Systems
  • Devices
  • Facilities

5.2 Manage identification and authentication of people and devices

  • Identity management implementation (e.g., SSO, LDAP)
  • Session management (e.g., timeouts, screensavers)
  • Single/multi-factor authentication (e.g., factors, strength, errors)
  • Registration and proofing of identity
  • Accountability
  • Federated identity management (e.g., SAML)
  • Credential management systems

5.3 Integrate identity as a service (e.g., cloud identity)

5.4 Integrate third-party identity services (e.g., on-premise)

5.5 Implement and manage authorization mechanisms

  • Role-Based Access Control (RBAC) methods
  • Rule-based access control methods
  • Mandatory Access Control (MAC)
  • Discretionary Access Control (DAC)

5.6 Prevent or mitigate access control attacks

5.7 Manage the identity and access provisioning life cycle (e.g., provisioning, review)

Domain 6: Security Assessment and Testing

6.1 Design and validate assessment and test strategies

6.2 Conduct security control testing

  • Vulnerability assessment
  • Misuse case testing
  • Penetration testing
  • Test coverage analysis
  • Log reviews
  • Interface testing (e.g., API, UI, physical)
  • Synthetic transactions
  • Code review and testing (e.g., manual, dynamic, static, fuzz)

6.3 Collect security process data (e.g., management and operational controls)

  • Account management (e.g., escalation, revocation)
  • Backup verification data
  • Management review
  • Disaster recovery and business continuity
  • Key performance and risk indicators

6.4 Analyze and report test outputs (e.g., automated, manual)

6.5 Conduct or facilitate internal and third party audits

Domain 7: Security Operations

7.1 Understand and support investigations

  • » Evidence collection and handling (e.g., chain of custody, interviewing)
  • Investigative techniques (e.g., root-cause analysis, incident handling)
  • Reporting and documenting
  • Digital forensics (e.g., media, network, software and embedded devices)

7.2 Understand requirements for investigation types

  • Operational
  • Regulatory
  • Criminal
  • Electronic discovery (eDiscovery)
  • Civil

7.3 Conduct logging and monitoring activities

  • Intrusion detection and prevention
  • Egress monitoring (e.g., data loss prevention, steganography, watermarking)
  • Security information and event management
  • Continuous monitoring

7.4 Secure the provisioning of resources

  • Asset inventory (e.g., hardware, software)
  • Cloud assets (e.g., services, VMs, storage, networks)
  • Configuration management
  • Physical assets
  • Applications (e.g., workloads or private clouds, web services, software as a service)
  • Virtual assets (e.g., software-defined network, virtual SAN, guest operating systems)

7.5 Understand and apply foundational security operations concepts

  • Need-to-know/least privilege (e.g., entitlement, aggregation, transitive trust)
  • Job rotation
  • Separation of duties and responsibilities
  • Information lifecycle
  • Monitor special privileges (e.g., operators, administrators)
  • Service-level agreements

7.6 Employ resource protection techniques

  • Media management
  • Hardware and software asset management

7.7 Conduct incident management

  • Detection
  • Recovery
  • Response
  • Remediation
  • Mitigation
  • Lessons learned
  • Reporting

7.8 Operate and maintain preventative measures

  • Firewalls
  • Sandboxing
  • Intrusion detection and prevention systems
  • Honeypots/Honeynets
  • Whitelisting/Blacklisting
  • Anti-malware
  • Third-party security services

7.9 Implement and support patch and vulnerability management

7.10 Participate in and understand change management processes (e.g., versioning, baselining, security impact analysis)

7.11 Implement recovery strategies

  • Backup storage strategies (e.g., offsite storage, electronic vaulting, tape rotation)
  • Multiple processing sites (e.g., operationally redundant systems)
  • Recovery site strategies
  • System resilience, high availability, quality of service, and fault tolerance

7.12 Implement disaster recovery processes

  • Response
  • Assessment
  • Personnel
  • Restoration
  • Communications
  • Training and awareness

7.13 Test disaster recovery plans

  • Read-through
  • Parallel
  • Walkthrough
  • Full interruption
  • Simulation

7.14 Participate in business continuity planning and exercises

7.15 Implement and manage physical security

  • Perimeter (e.g., access control and monitoring)
  • Internal security (e.g., escort requirements/visitor control, keys and locks)

7.16 Participate in addressing personnel safety concerns (e.g., duress, travel, monitoring)

Domain 8: Software Development Security

8.1 Understand and apply security in the software development lifecycle

  • Development methodologies (e.g., Agile, Waterfall)
  • Organizational processes (e.g., acquisitions, divestitures, governance committees)
  • Operation and maintenance
  • Maturity models
  • Change management
  • Integrated product team (e.g., DevOps)

8.2 Enforce security controls in development environments

  • Security of the software environments
  • Configuration management as an aspect of secure coding
  • Security weaknesses and vulnerabilities at the source-code level (e.g., buffer overflow, escalation of privilege, input/output validation)
  • Security of code repositories
  • Security of application programming interfaces

8.3 Assess the effectiveness of software security

  • Auditing and logging of changes
  • Risk analysis and mitigation
  • Acceptance testing

8.4 Assess security impact of acquired software

Get In Touch

GET IN TOUCH

4 + 15 =

FAQ | CISSP Online Training

Why should I take coaching from Mildaintrainings?

One must take CISSP Training from Mildaintrainings because our trainers are having more than 10 years of industry practical training experience & also we at Mildaintrainings providing six (6) months technical support and try to solve all the quarries.

 

 

Why CISSP Training?

 

CISSP Training is one of the most important tools. it is cost effective and minimized errors.

 

Who will provide the certificate?

 

At Mildaintrainings you will be provided participation certificate after completion of CISSP Training, assistance for certification

 

When the classes be held?

 

Classes will hold in weekend & weekdays accordingly.

 

What if I miss the class?

 

If one misses the class, in that case, you can take classes by attending next live session. You can also request for recorded videos

 

Who can do CISSP Training?

 

Anyone can do CISSP Training just basic knowledge of computer and even you do not have coding knowledge even in that case you are eligible to take coaching of CISSP Training.

 

What is the course duration?

 

CISSP Training course at Mildaintrainings will be for 32-40 Hrs/4 Days.

 

What are the objectives of CISSP Training?

 

Mildaintraining is one of the best training company which provides the CISSP Training classes through our industry experience Instructor. Our CISSP Training course material is prepared by our industry expert having 10+ years of practical experience which will be very easy for everyone.

 

Select a city from the list below to view the schedule.

If you have any questions, please call us at +91-8447121833 between 9:00 am – 6:00 pm IST.

 

+91-8447121833

Mildain Solutions

Plot no 17 C-Block,Sec 36,Noida(UP)201301

GET IN TOUCH

Corporate
close slider

Your Name (required)

Your Email (required)

Contact Number

Course

Location

Company

No Of Participant

Query