CISSP Training | CISSP Certification | Certified Information Systems Security Professional

CISSP Certification Training

Certified Information Systems Security Professional (CISSP) is an independent information security certification governed by the not-for-profit International Information Systems Security Certification Consortium, (ISC)2 .Individuals possessing this vendor neutral credential are high in demand by corporations all over the world who want to protect their organizations from a growing spurt of sophisticated cyber attacks. Enroll & Get Certified now!

  • 40 Hours Instructor­ led Online Training
  • Authorized Digital Learning Materials
  • Lifetime Free Content Access
  • Flexible Schedule Learn Anytime, Anywhere.
  • Training Completion Certificate
  • 24x7 After Course Support
Request More Information

Program Calendar

  • Available Dates
    Live Virtual Training
    • cal.png02 March, 2024
    • time.png19:00 - 23:00 IST
    • week.pngWeekend
    Live Virtual Training
    • cal.png09 March, 2024
    • time.png19:00 - 23:00 IST
    • week.pngWeekend
    Live Virtual Training
    • cal.png16 March, 2024
    • time.png19:00 - 23:00 IST
    • week.pngWeekend
Do you have any question?

Course Price At

INR 52,000

BOOK NOW

Course Overview

Certified Information Systems Security Professional (CISSP) is an independent information security certification governed by the not-for-profit International Information Systems Security Certification Consortium, (ISC)2 .Individuals possessing this vendor neutral credential are high in demand by corporations all over the world who want to protect their organizations from a growing spurt of sophisticated cyber attacks.

Led by an (ISC)² authorized instructor, CISSP training seminar provides a comprehensive review of information security concepts and industry best practices, covering the ” 8 domains “ of the CISSP Common Body of Knowledge:

  • Security and Risk Management
  • Asset Security
  • Security Engineering
  • Communications and Network Security
  • Identity and Access Management
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security

Several types of activities are used throughout the course to reinforce topics and increase knowledge retention. These activities include open ended questions from the instructor to the students, matching and poll questions, group activities, open/closed questions, and group discussions. This interactive learning technique is based on sound adult learning theories.

Learning Objectives

  • Understand the basics of telecommunication and network security concepts, required components for minimizing security risks, securing channels of communication, and techniques for preventing and detecting network-based attacks.
  • Identify the key terms and processes of security operations and how to protect and control information processing assets in a centralized or distributed environment in this CISSP training.
  • Define and apply information security governance and Risk Management Framework including the policies, concepts, principles, structures and standards that are established for the protection of information assets and how to assess the effectiveness of that protection
  • Gain the required skills to design the architecture and manage IT security in an enterprise environment through this authorized CISSP course

Prerequisites

This CISSP training is intended for professionals who want to acquire the credibility and mobility to advance within their current Information Security careers. To claim the CISSP certificate from ISC2 it is mandatory that you have at least 5 years of recent full-time professional work experience in 2 or more of the 8 domains of the CISSP – CBK 2018. Incase you do not have the required five years of experience, you will be awarded an ISC2 associate title which will be replaced with the CISSP certificate after you gain and submit proof of your experience.

Course Curriculum

  • Topic Covered:

    1.1 Understand and apply concepts of confidentiality, integrity and availability

    1.2 Apply security governance principles through:

    • Alignment of security function to strategy, goals, mission, and objectives (e.g., business case, budget and resources)
    • Organizational processes (e.g., acquisitions, divestitures, governance committees)
    • Security roles and responsibilities
    • Control frameworks
    • Due care
    • Due diligence

    1.3 Compliance

    • Legislative and regulatory compliance
    • Privacy requirements compliance

    1.4 Understand legal and regulatory issues that pertain to information security in a global context

    • Computer crimes
    • Trans-border data flow
    • Licensing and intellectual property (e.g., copyright, trademark, digital-rights management)
    • Privacy
    • Import/export controls
    • Data breaches

    1.5 Understand professional ethics

    • Exercise (ISC)² Code of Professional Ethics
    • Support organization’s code of ethics

    1.6 Develop and implement documented security policy, standards, procedures, and guidelines

    1.7 Understand business continuity requirements

    • Develop and document project scope and plan
    • Conduct business impact analysis

    1.8 Contribute to personnel security policies

    • Employment candidate screening (e.g., reference checks, education verification)
    • Vendor, consultant, and contractor controls
    • Employment agreements and policies
    • Compliance
    • Employment termination processes
    • Privacy

    1.9 Understand and apply risk management concepts

    • Identify threats and vulnerabilities
    • Control assessment
    • Risk assessment/analysis (qualitative, quantitative, hybrid)
    • Monitoring and measurement
    • Risk assignment/acceptance (e.g., system authorization)
    • Reporting
    • Countermeasure selection
    • Continuous improvement
    • Implementation
    • Risk frameworks
    • Types of controls (preventive, detective, corrective, etc.)

    1.10 Understand and apply threat modeling

    • Identifying threats (e.g., adversaries, contractors, employees, trusted partners)
    • Performing reduction analysis
    • Determining and diagramming potential attacks (e.g., social engineering, spoofing)
    • Technologies and processes to remediate threats (e.g., software architecture and operations)

    1.11 Integrate security risk considerations into acquisition strategy and practice

    • Hardware, software, and services
    • Minimum security requirements
    • Third-party assessment and monitoring (e.g., onsite assessment, document exchange and review, process/policy review)
    • Service-level requirements

    1.12 Establish and manage information security education, training, and awareness

    • Appropriate levels of awareness, training, and education required within organization
    • Periodic reviews for content relevancy
  • Topic Covered:

    2.1 Classify information and supporting assets (e.g., sensitivity, criticality)

    2.2 Determine and maintain ownership (e.g., data owners, system owners, business/mission owners)

    2.3 Protect privacy

    • Data owners
    • Data remanence
    • Data processers
    • Collection limitation

    2.4 Ensure appropriate retention (e.g., media, hardware, personnel)

    2.5 Determine data security controls (e.g., data at rest, data in transit)

    • Baselines
    • Standards selection
    • Scoping and tailoring
    • Cryptography

    2.6 Establish handling requirements (markings, labels, storage, destruction of sensitive information)

  • Topic Covered:

    3.1 Implement and manage engineering processes using secure design principles

    3.2 Understand the fundamental concepts of security models (e.g., Confidentiality, Integrity, and Multi-level Models)

    3.3 Select controls and countermeasures based upon systems security evaluation models

    3.4 Understand security capabilities of information systems (e.g., memory protection, virtualization, trusted platform module, interfaces, fault tolerance)

    3.5 Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements

    • Client-based (e.g., applets, local caches)
    • Distributed systems (e.g., cloud computing, grid computing, peer to peer
    • Server-based (e.g., data flow control)
    • Database security (e.g., inference, aggregation, data mining, data analytics, warehousing)
    • Cryptographic systems
    • Industrial control systems (e.g., SCADA)
    • Large-scale parallel data systems

    3.6 Assess and mitigate vulnerabilities in web-based systems (e.g., XML, OWASP)

    3.7 Assess and mitigate vulnerabilities in mobile systems

    3.8 Assess and mitigate vulnerabilities in embedded devices and cyber-physical systems (e.g., network-enabled devices, Internet of things (loT))

    3.9 Apply cryptography

    • Cryptographic life cycle (e.g., cryptographic limitations, algorithm/protocol governance)
    • Digital signatures
    • Cryptographic types (e.g., symmetric, asymmetric, elliptic curves)
    • Digital rights management
    • Non-repudiation
    • Public Key Infrastructure (PKI)
    • Integrity (hashing and salting)
    • Key management practices
    • Methods of cryptanalytic attacks (e.g., brute force, cipher-text only, known plaintext)

    3.10 Apply secure principles to site and facility design

    3.11 Design and implement physical security

  • Topic Covered:

    4.1 Apply secure design principles to network architecture (e.g., IP & non-IP protocols, segmentation)

    • OSI and TCP/IP models
    • Software-defined networks
    • IP networking
    • Wireless networks
    • Implications of multilayer protocols (e.g., DNP3)
    • Cryptography used to maintain communication security
    • Converged protocols (e.g., FCoE, MPLS, VoIP, iSCSI)

    4.2 Secure network components

    • Operation of hardware (e.g., modems, switches, routers, wireless access points, mobile devices)
    • Endpoint security
    • Transmission media (e.g., wired, wireless, fiber)
    • Content-distribution networks
    • Network access control devices (e.g., firewalls, proxies)
    • Physical devices

    4.3 Design and establish secure communication channels

    • Voice
    • Data communications (e.g., VLAN, TLS/SSL)
    • Multimedia collaboration (e.g., remote meeting technology, instant messaging)
    • Virtualized networks (e.g., SDN, virtual SAN, guest operating systems, port isolation)
    • Remote access (e.g., VPN, screen scraper, virtual application/desktop, telecommuting)

    4.4 Prevent or mitigate network attacks

    • Exercise (ISC)² Code of Professional Ethics
    • Support organization’s code of ethics

    1.6 Develop and implement documented security policy, standards, procedures, and guidelines

    1.7 Understand business continuity requirements

    • Develop and document project scope and plan
    • Conduct business impact analysis

    1.8 Contribute to personnel security policies

    • Employment candidate screening (e.g., reference checks, education verification)
    • Vendor, consultant, and contractor controls
    • Employment agreements and policies
    • Compliance
    • Employment termination processes
    • Privacy

    1.9 Understand and apply risk management concepts

    • Identify threats and vulnerabilities
    • Control assessment
    • Risk assessment/analysis (qualitative, quantitative, hybrid)
    • Monitoring and measurement
    • Risk assignment/acceptance (e.g., system authorization)
    • Reporting
    • Countermeasure selection
    • Continuous improvement
    • Implementation
    • Risk frameworks
    • Types of controls (preventive, detective, corrective, etc.)

    1.10 Understand and apply threat modeling

    • Identifying threats (e.g., adversaries, contractors, employees, trusted partners)
    • Performing reduction analysis
    • Determining and diagramming potential attacks (e.g., social engineering, spoofing)
    • Technologies and processes to remediate threats (e.g., software architecture and operations)

    1.11 Integrate security risk considerations into acquisition strategy and practice

    • Hardware, software, and services
    • Minimum security requirements
    • Third-party assessment and monitoring (e.g., onsite assessment, document exchange and review, process/policy review)
    • Service-level requirements

    1.12 Establish and manage information security education, training, and awareness

    • Appropriate levels of awareness, training, and education required within organization
    • Periodic reviews for content relevancy
  • Topic Covered:

    5.1 Control physical and logical access to assets

    • Information
    • Systems
    • Devices
    • Facilities

    5.2 Manage identification and authentication of people and devices

    • Identity management implementation (e.g., SSO, LDAP)
    • Session management (e.g., timeouts, screensavers)
    • Single/multi-factor authentication (e.g., factors, strength, errors)
    • Registration and proofing of identity
    • Accountability
    • Federated identity management (e.g., SAML)
    • Credential management systems

    5.3 Integrate identity as a service (e.g., cloud identity)

    5.4 Integrate third-party identity services (e.g., on-premise)

    5.5 Implement and manage authorization mechanisms

    • Role-Based Access Control (RBAC) methods
    • Rule-based access control methods
    • Mandatory Access Control (MAC)
    • Discretionary Access Control (DAC)

    5.6 Prevent or mitigate access control attacks

    5.7 Manage the identity and access provisioning life cycle (e.g., provisioning, review)

  • Topic Covered:

    6.1 Design and validate assessment and test strategies

    6.2 Conduct security control testing

    • Vulnerability assessment
    • Misuse case testing
    • Penetration testing
    • Test coverage analysis
    • Log reviews
    • Interface testing (e.g., API, UI, physical)
    • Synthetic transactions
    • Code review and testing (e.g., manual, dynamic, static, fuzz)

    6.3 Collect security process data (e.g., management and operational controls)

    • Account management (e.g., escalation, revocation)
    • Backup verification data
    • Management review
    • Disaster recovery and business continuity
    • Key performance and risk indicators

    6.4 Analyze and report test outputs (e.g., automated, manual)

    6.5 Conduct or facilitate internal and third party audits

  • Topic Covered:

    7.1 Understand and support investigations

    • Evidence collection and handling (e.g., chain of custody, interviewing)
    • Investigative techniques (e.g., root-cause analysis, incident handling)
    • Reporting and documenting
    • Digital forensics (e.g., media, network, software and embedded devices)

    7.2 Understand requirements for investigation types

    • Operational
    • Regulatory
    • Criminal
    • Electronic discovery (eDiscovery)
    • Civil

    7.3 Conduct logging and monitoring activities

    • Intrusion detection and prevention
    • Egress monitoring (e.g., data loss prevention, steganography, watermarking)
    • Security information and event management
    • Continuous monitoring

    7.4 Secure the provisioning of resources

    • Asset inventory (e.g., hardware, software)
    • Cloud assets (e.g., services, VMs, storage, networks)
    • Configuration management
    • Physical assets
    • Applications (e.g., workloads or private clouds, web services, software as a service)
    • Virtual assets (e.g., software-defined network, virtual SAN, guest operating systems)

    7.5 Understand and apply foundational security operations concepts

    • Need-to-know/least privilege (e.g., entitlement, aggregation, transitive trust)
    • Job rotation
    • Separation of duties and responsibilities
    • Information lifecycle
    • Monitor special privileges (e.g., operators, administrators)
    • Service-level agreements

    7.6 Employ resource protection techniques

    • Media management
    • Hardware and software asset management

    7.7 Conduct incident management

    • Detection
    • Recovery
    • Response
    • Remediation
    • Mitigation
    • Lessons learned
    • Reporting

    7.8 Operate and maintain preventative measures

    • Firewalls
    • Sandboxing
    • Intrusion detection and prevention systems
    • Honeypots/Honeynets
    • Whitelisting/Blacklisting
    • Anti-malware
    • Third-party security services

    7.9 Implement and support patch and vulnerability management

    7.10 Participate in and understand change management processes (e.g., versioning, baselining, security impact analysis)

    7.11 Implement recovery strategies

    • Backup storage strategies (e.g., offsite storage, electronic vaulting, tape rotation)
    • Multiple processing sites (e.g., operationally redundant systems)
    • Recovery site strategies
    • System resilience, high availability, quality of service, and fault tolerance

    7.12 Implement disaster recovery processes

    • Response
    • Assessment
    • Personnel
    • Restoration
    • Communications
    • Training and awareness

    7.13 Test disaster recovery plans

    • Read-through
    • Parallel
    • Walkthrough
    • Full interruption
    • Simulation

    7.14 Participate in business continuity planning and exercises

    7.15 Implement and manage physical security

    • Perimeter (e.g., access control and monitoring)
    • Internal security (e.g., escort requirements/visitor control, keys and locks)

    7.16 Participate in addressing personnel safety concerns (e.g., duress, travel, monitoring)

  • Topic Covered:

    8.1 Understand and apply security in the software development lifecycle

    • Development methodologies (e.g., Agile, Waterfall)
    • Organizational processes (e.g., acquisitions, divestitures, governance committees)
    • Operation and maintenance
    • Maturity models
    • Change management
    • Integrated product team (e.g., DevOps)

    8.2 Enforce security controls in development environments

    • Security of the software environments
    • Configuration management as an aspect of secure coding
    • Security weaknesses and vulnerabilities at the source-code level (e.g., buffer overflow, escalation of privilege, input/output validation)
    • Security of code repositories
    • Security of application programming interfaces

    8.3 Assess the effectiveness of software security

    • Auditing and logging of changes
    • Risk analysis and mitigation
    • Acceptance testing

    8.4 Assess security impact of acquired software

DOWNLOAD SYLLABUS
lorem
Call us At

+91 8447121833

Available 24x7 for your queries
call
Request More Information

FAQs

You can enroll for this classroom training online. Payments can be made using any of the following options and receipt of the same will be issued to the candidate automatically via email. 1. Online ,By deposit the mildain bank account 2. Pay by cash team training center location
Highly qualified and certified instructors with 20+ years of experience deliver more than 200+ classroom training.
Contact us using the form on the right of any page on the mildaintrainings website, or select the Live Chat link. Our customer service representatives will be able to give you more details.
You will never miss a lecture at Mildaintrainigs! You can choose either of the two options: View the recorded session of the class available in your LMS. You can attend the missed session, in any other live batch.
We have a limited number of participants in a live session to maintain the Quality Standards. So, unfortunately, participation in a live class without enrollment is not possible. However, you can go through the sample class recording and it would give you a clear insight about how are the classes conducted, quality of instructors and the level of interaction in a class.
Yes, you can cancel your enrollment if necessary prior to 3rd session i.e first two sessions will be for your evaluation. We will refund the full amount without deducting any fee for more details check our Refund Policy
Yes, the access to the course material will be available for lifetime once you have enrolled into the course.

Training Features

experiential.png
Experiential Workshops

Top-rated instructors imparting in-depth training, hands-on exercises with high energy workshop

icon
Certificate Exam Application Assistance

The training program includes several lab assignments, developed as per real industry scenarios.

icon
Certificate Exam Success Formula

Training begins taking a fresh approach from basic, unique modules, flexible, and enjoyable.

icon
Certificate Journey Support

Basic to intermediate and eventually advanced practicing full hands-on lab exercises till you master.

icon
Free Refresh Course

Refresh training for experts for mastering and enhancing the skills on the subjects with fresh course modules.

icon
Exclusive Post-Training Sessions

Includes evaluation, feedback, and tips to handle critical issues in live setup after you are placed in a job.

Mildain's Master Certificate

Earn your certificate

This certificate proves that you have taken a big leap in mastering the domain comprehensively.

Differentiate yourself with a Masters Certificate

Now you are equipped with real-industry knowledge, required skills, and hands-on experience to stay ahead of the competition.

Share your achievement

Post the certificate on LinkedIn and job sites to boost your profile. Notify your friends and colleagues by sharing it on Twitter and Facebook.

certificate.jpg
whatsapp arrow
Loading...
Corporate // load third party scripts onload