Mid Month offer - Upto 25% off | OFFER ENDING IN:

  • Home
  • info@mildaintrainings.com
  • +91 8447121833 / 0120 4326873
  • Thanks for Contacting us Our representative will be in touch with you shortly

    This website uses cookies

    CISSP Certification Training in San Jose CA US

    Certified Information Systems Security Professional (CISSP) is an independent information security certification governed by the not-for-profit International Information Systems Security Certification Consortium, (ISC)2 .Individuals possessing this vendor neutral credential are high in demand by corporations all over the world who want to protect their organizations from a growing spurt of sophisticated cyber attacks. Enroll & Get Certified now!

    • ✔ Course Duration : 40 hrs
    • ✔ Training Options : Live Online / Self-Paced / Classroom
    • ✔ Certification Pass : Guaranteed

    CISSP Certification Training in San Jose CA US

    Certified Information Systems Security Professional (CISSP) is an independent information security certification governed by the not-for-profit International Information Systems Security Certification Consortium, (ISC)2 .Individuals possessing this vendor neutral credential are high in demand by corporations all over the world who want to protect their organizations from a growing spurt of sophisticated cyber attacks.
    Led by an (ISC)² authorized instructor, CISSP training seminar provides a comprehensive review of information security concepts and industry best practices, covering the ” 8 domains “ of the CISSP Common Body of Knowledge:

    • Security and Risk Management
    • Asset Security
    • Security Engineering
    • Communications and Network Security
    • Identity and Access Management
    • Security Assessment and Testing
    • Security Operations
    • Software Development Security

    Several types of activities are used throughout the course to reinforce topics and increase knowledge retention. These activities include open ended questions from the instructor to the students, matching and poll questions, group activities, open/closed questions, and group discussions. This interactive learning technique is based on sound adult learning theories.

    What you will Learn

    • Understand the basics of telecommunication and network security concepts, required components for minimizing security risks, securing channels of communication, and techniques for preventing and detecting network-based attacks.
    • Identify the key terms and processes of security operations and how to protect and control information processing assets in a centralized or distributed environment in this CISSP training.
    • Define and apply information security governance and Risk Management Framework including the policies, concepts, principles, structures and standards that are established for the protection of information assets and how to assess the effectiveness of that protection
    • Gain the required skills to design the architecture and manage IT security in an enterprise environment through this authorized CISSP course

    PREREQUISITES

    This CISSP training is intended for professionals who want to acquire the credibility and mobility to advance within their current Information Security careers. To claim the CISSP certificate from ISC2 it is mandatory that you have at least 5 years of recent full-time professional work experience in 2 or more of the 8 domains of the CISSP – CBK 2018. Incase you do not have the required five years of experience, you will be awarded an ISC2 associate title which will be replaced with the CISSP certificate after you gain and submit proof of your experience.

    CURRICULUM

    Learning Objectives:

    1.1 Understand and apply concepts of confidentiality, integrity and availability

    1.2 Apply security governance principles through:

    • Alignment of security function to strategy, goals, mission, and objectives (e.g., business case, budget and resources)
    • Organizational processes (e.g., acquisitions, divestitures, governance committees)
    • Security roles and responsibilities
    • Control frameworks
    • Due care
    • Due diligence

    1.3 Compliance

    • Legislative and regulatory compliance
    • Privacy requirements compliance

    1.4 Understand legal and regulatory issues that pertain to information security in a global context

    • Computer crimes
    • Trans-border data flow
    • Licensing and intellectual property (e.g., copyright, trademark, digital-rights management)
    • Privacy
    • Import/export controls
    • Data breaches

    1.5 Understand professional ethics

    • Exercise (ISC)² Code of Professional Ethics
    • Support organization’s code of ethics

    1.6 Develop and implement documented security policy, standards, procedures, and guidelines

    1.7 Understand business continuity requirements

    • Develop and document project scope and plan
    • Conduct business impact analysis

    1.8 Contribute to personnel security policies

    • Employment candidate screening (e.g., reference checks, education verification)
    • Vendor, consultant, and contractor controls
    • Employment agreements and policies
    • Compliance
    • Employment termination processes
    • Privacy

    1.9 Understand and apply risk management concepts

    • Identify threats and vulnerabilities
    • Control assessment
    • Risk assessment/analysis (qualitative, quantitative, hybrid)
    • Monitoring and measurement
    • Risk assignment/acceptance (e.g., system authorization)
    • Reporting
    • Countermeasure selection
    • Continuous improvement
    • Implementation
    • Risk frameworks
    • Types of controls (preventive, detective, corrective, etc.)

    1.10 Understand and apply threat modeling

    • Identifying threats (e.g., adversaries, contractors, employees, trusted partners)
    • Performing reduction analysis
    • Determining and diagramming potential attacks (e.g., social engineering, spoofing)
    • Technologies and processes to remediate threats (e.g., software architecture and operations)

    1.11 Integrate security risk considerations into acquisition strategy and practice

    • Hardware, software, and services
    • Minimum security requirements
    • Third-party assessment and monitoring (e.g., onsite assessment, document exchange and review, process/policy review)
    • Service-level requirements

    1.12 Establish and manage information security education, training, and awareness

    • Appropriate levels of awareness, training, and education required within organization
    • Periodic reviews for content relevancy
    Learning Objectives:

    2.1 Classify information and supporting assets (e.g., sensitivity, criticality)

    2.2 Determine and maintain ownership (e.g., data owners, system owners, business/mission owners)

    2.3 Protect privacy

    • Data owners
    • Data remanence
    • Data processers
    • Collection limitation

    2.4 Ensure appropriate retention (e.g., media, hardware, personnel)

    2.5 Determine data security controls (e.g., data at rest, data in transit)

    • Baselines
    • Standards selection
    • Scoping and tailoring
    • Cryptography

    2.6 Establish handling requirements (markings, labels, storage, destruction of sensitive information)

    Learning Objectives:

    3.1 Implement and manage engineering processes using secure design principles

    3.2 Understand the fundamental concepts of security models (e.g., Confidentiality, Integrity, and Multi-level Models)

    3.3 Select controls and countermeasures based upon systems security evaluation models

    3.4 Understand security capabilities of information systems (e.g., memory protection, virtualization, trusted platform module, interfaces, fault tolerance)

    3.5 Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements

    • Client-based (e.g., applets, local caches)
    • Distributed systems (e.g., cloud computing, grid computing, peer to peer
    • Server-based (e.g., data flow control)
    • Database security (e.g., inference, aggregation, data mining, data analytics, warehousing)
    • Cryptographic systems
    • Industrial control systems (e.g., SCADA)
    • Large-scale parallel data systems

    3.6 Assess and mitigate vulnerabilities in web-based systems (e.g., XML, OWASP)

    3.7 Assess and mitigate vulnerabilities in mobile systems

    3.8 Assess and mitigate vulnerabilities in embedded devices and cyber-physical systems (e.g., network-enabled devices, Internet of things (loT))

    3.9 Apply cryptography

    • Cryptographic life cycle (e.g., cryptographic limitations, algorithm/protocol governance)
    • Digital signatures
    • Cryptographic types (e.g., symmetric, asymmetric, elliptic curves)
    • Digital rights management
    • Non-repudiation
    • Public Key Infrastructure (PKI)
    • Integrity (hashing and salting)
    • Key management practices
    • Methods of cryptanalytic attacks (e.g., brute force, cipher-text only, known plaintext)

    3.10 Apply secure principles to site and facility design

    3.11 Design and implement physical security

    Learning Objectives:

    4.1 Apply secure design principles to network architecture (e.g., IP & non-IP protocols, segmentation)

    • OSI and TCP/IP models
    • Software-defined networks
    • IP networking
    • Wireless networks
    • Implications of multilayer protocols (e.g., DNP3)
    • Cryptography used to maintain communication security
    • Converged protocols (e.g., FCoE, MPLS, VoIP, iSCSI)

    4.2 Secure network components

    • Operation of hardware (e.g., modems, switches, routers, wireless access points, mobile devices)
    • Endpoint security
    • Transmission media (e.g., wired, wireless, fiber)
    • Content-distribution networks
    • Network access control devices (e.g., firewalls, proxies)
    • Physical devices

    4.3 Design and establish secure communication channels

    • Voice
    • Data communications (e.g., VLAN, TLS/SSL)
    • Multimedia collaboration (e.g., remote meeting technology, instant messaging)
    • Virtualized networks (e.g., SDN, virtual SAN, guest operating systems, port isolation)
    • Remote access (e.g., VPN, screen scraper, virtual application/desktop, telecommuting)

    4.4 Prevent or mitigate network attacks

    • Exercise (ISC)² Code of Professional Ethics
    • Support organization’s code of ethics

    1.6 Develop and implement documented security policy, standards, procedures, and guidelines

    1.7 Understand business continuity requirements

    • Develop and document project scope and plan
    • Conduct business impact analysis

    1.8 Contribute to personnel security policies

    • Employment candidate screening (e.g., reference checks, education verification)
    • Vendor, consultant, and contractor controls
    • Employment agreements and policies
    • Compliance
    • Employment termination processes
    • Privacy

    1.9 Understand and apply risk management concepts

    • Identify threats and vulnerabilities
    • Control assessment
    • Risk assessment/analysis (qualitative, quantitative, hybrid)
    • Monitoring and measurement
    • Risk assignment/acceptance (e.g., system authorization)
    • Reporting
    • Countermeasure selection
    • Continuous improvement
    • Implementation
    • Risk frameworks
    • Types of controls (preventive, detective, corrective, etc.)

    1.10 Understand and apply threat modeling

    • Identifying threats (e.g., adversaries, contractors, employees, trusted partners)
    • Performing reduction analysis
    • Determining and diagramming potential attacks (e.g., social engineering, spoofing)
    • Technologies and processes to remediate threats (e.g., software architecture and operations)

    1.11 Integrate security risk considerations into acquisition strategy and practice

    • Hardware, software, and services
    • Minimum security requirements
    • Third-party assessment and monitoring (e.g., onsite assessment, document exchange and review, process/policy review)
    • Service-level requirements

    1.12 Establish and manage information security education, training, and awareness

    • Appropriate levels of awareness, training, and education required within organization
    • Periodic reviews for content relevancy
    Learning Objectives:

    5.1 Control physical and logical access to assets

    • Information
    • Systems
    • Devices
    • Facilities

    5.2 Manage identification and authentication of people and devices

    • Identity management implementation (e.g., SSO, LDAP)
    • Session management (e.g., timeouts, screensavers)
    • Single/multi-factor authentication (e.g., factors, strength, errors)
    • Registration and proofing of identity
    • Accountability
    • Federated identity management (e.g., SAML)
    • Credential management systems

    5.3 Integrate identity as a service (e.g., cloud identity)

    5.4 Integrate third-party identity services (e.g., on-premise)

    5.5 Implement and manage authorization mechanisms

    • Role-Based Access Control (RBAC) methods
    • Rule-based access control methods
    • Mandatory Access Control (MAC)
    • Discretionary Access Control (DAC)

    5.6 Prevent or mitigate access control attacks

    5.7 Manage the identity and access provisioning life cycle (e.g., provisioning, review)

    Learning Objectives:

    6.1 Design and validate assessment and test strategies

    6.2 Conduct security control testing

    • Vulnerability assessment
    • Misuse case testing
    • Penetration testing
    • Test coverage analysis
    • Log reviews
    • Interface testing (e.g., API, UI, physical)
    • Synthetic transactions
    • Code review and testing (e.g., manual, dynamic, static, fuzz)

    6.3 Collect security process data (e.g., management and operational controls)

    • Account management (e.g., escalation, revocation)
    • Backup verification data
    • Management review
    • Disaster recovery and business continuity
    • Key performance and risk indicators

    6.4 Analyze and report test outputs (e.g., automated, manual)

    6.5 Conduct or facilitate internal and third party audits

    Learning Objectives:

    7.1 Understand and support investigations

    • Evidence collection and handling (e.g., chain of custody, interviewing)
    • Investigative techniques (e.g., root-cause analysis, incident handling)
    • Reporting and documenting
    • Digital forensics (e.g., media, network, software and embedded devices)

    7.2 Understand requirements for investigation types

    • Operational
    • Regulatory
    • Criminal
    • Electronic discovery (eDiscovery)
    • Civil

    7.3 Conduct logging and monitoring activities

    • Intrusion detection and prevention
    • Egress monitoring (e.g., data loss prevention, steganography, watermarking)
    • Security information and event management
    • Continuous monitoring

    7.4 Secure the provisioning of resources

    • Asset inventory (e.g., hardware, software)
    • Cloud assets (e.g., services, VMs, storage, networks)
    • Configuration management
    • Physical assets
    • Applications (e.g., workloads or private clouds, web services, software as a service)
    • Virtual assets (e.g., software-defined network, virtual SAN, guest operating systems)

    7.5 Understand and apply foundational security operations concepts

    • Need-to-know/least privilege (e.g., entitlement, aggregation, transitive trust)
    • Job rotation
    • Separation of duties and responsibilities
    • Information lifecycle
    • Monitor special privileges (e.g., operators, administrators)
    • Service-level agreements

    7.6 Employ resource protection techniques

    • Media management
    • Hardware and software asset management

    7.7 Conduct incident management

    • Detection
    • Recovery
    • Response
    • Remediation
    • Mitigation
    • Lessons learned
    • Reporting

    7.8 Operate and maintain preventative measures

    • Firewalls
    • Sandboxing
    • Intrusion detection and prevention systems
    • Honeypots/Honeynets
    • Whitelisting/Blacklisting
    • Anti-malware
    • Third-party security services

    7.9 Implement and support patch and vulnerability management

    7.10 Participate in and understand change management processes (e.g., versioning, baselining, security impact analysis)

    7.11 Implement recovery strategies

    • Backup storage strategies (e.g., offsite storage, electronic vaulting, tape rotation)
    • Multiple processing sites (e.g., operationally redundant systems)
    • Recovery site strategies
    • System resilience, high availability, quality of service, and fault tolerance

    7.12 Implement disaster recovery processes

    • Response
    • Assessment
    • Personnel
    • Restoration
    • Communications
    • Training and awareness

    7.13 Test disaster recovery plans

    • Read-through
    • Parallel
    • Walkthrough
    • Full interruption
    • Simulation

    7.14 Participate in business continuity planning and exercises

    7.15 Implement and manage physical security

    • Perimeter (e.g., access control and monitoring)
    • Internal security (e.g., escort requirements/visitor control, keys and locks)

    7.16 Participate in addressing personnel safety concerns (e.g., duress, travel, monitoring)

    Learning Objectives:

    8.1 Understand and apply security in the software development lifecycle

    • Development methodologies (e.g., Agile, Waterfall)
    • Organizational processes (e.g., acquisitions, divestitures, governance committees)
    • Operation and maintenance
    • Maturity models
    • Change management
    • Integrated product team (e.g., DevOps)

    8.2 Enforce security controls in development environments

    • Security of the software environments
    • Configuration management as an aspect of secure coding
    • Security weaknesses and vulnerabilities at the source-code level (e.g., buffer overflow, escalation of privilege, input/output validation)
    • Security of code repositories
    • Security of application programming interfaces

    8.3 Assess the effectiveness of software security

    • Auditing and logging of changes
    • Risk analysis and mitigation
    • Acceptance testing

    8.4 Assess security impact of acquired software

    FAQs

    You can enroll for this classroom training online. Payments can be made using any of the following options and receipt of the same will be issued to the candidate automatically via email.
    1. Online ,By deposit the mildain bank account
    2. Pay by cash team training center location

    Highly qualified and certified instructors with 20+ years of experience deliver more than 200+ classroom training.

    Contact us using the form on the right of any page on the mildaintrainings website, or select the Live Chat link. Our customer service representatives will be able to give you more details.

    You will never miss a lecture at Mildaintrainigs! You can choose either of the two options: View the recorded session of the class available in your LMS. You can attend the missed session, in any other live batch.

    We have a limited number of participants in a live session to maintain the Quality Standards. So, unfortunately, participation in a live class without enrollment is not possible. However, you can go through the sample class recording and it would give you a clear insight about how are the classes conducted, quality of instructors and the level of interaction in a class.

    Yes, the access to the course material will be available for lifetime once you have enrolled into the course.

    Just give us a CALL at +91 8447121833 OR email at info@mildaintrainings.com

    CERTIFICATE OF ACHIEVEMENT

    Training features

  • Instructor-led Sessions
    Online Live Instructor-Led Classes.
    Classroom Classes at our/your premises.
    Corporate Training
  • Real-life Case Studies
    Live project based on any of the selected use cases, involving implementation of the various Course concepts.
  • Assignments
    Each class will be followed by practical assignments.
  • Lifetime Access
    You get lifetime access to presentations, quizzes, installation guide & class recordings.
  • 24 x 7 Expert Support
    We have 24x7 online support team to resolve all your technical queries, through ticket based tracking system, for the lifetime.
  • Certification
    Sucessfully complete your final course project and Mildaintrainings will give you Course completion certificate.
  • More Courses

    Modes of Training

  • Most
    Preffered

    Online Classroom


    Instructor Led Trainings
    Live Online Classroom

    View Schedules
  • One to One


    Instructor Led Training
    Live Online Classroom

    Request a Session
  • Team/Corporate


    Train your Team
    and Up-skill them

    Request a Quote
  • Demo Videos

    Our Corporate Clients

    Inquiry: Call | Whats App: +91-8447121833 | Email: info@mildaintrainings.com

    ENROLL NOW