International Institute for Learning, Inc. PM for IT Professionals

© 2014-2015 International Institute for Learning, Inc.

Prep Course for the (ISC)2® Certified Information Systems Security Professional (CISSP®) Exam| 1 of 3

Prep Course for the (ISC)2® Certified Information Systems Security Professional (CISSP®) Exam The Gold Standard in Information Security Certification Traditional Classroom Course No. 8889 Duration: 5 days Credits: 35 PDUs/ 3.5 CEUs Virtual Classroom Course No. 1077 Duration: Ten 3-hour sessions Credits: 30 hours Prerequisites

• Possess a minimum of five years of direct full-time work experience in two or more of the ten (ISC)2 information security domains. One year may be waived under certain conditions

• Have the qualifications endorsed by another CISSP in good standing Course Level Advanced About the Program The CISSP certification is a globally recognized standard of achievement that confirms an individual’s knowledge in the field of information security. CISSPs are information assurance professionals who define the architecture, design, management, and/or implement controls that assure the security of business environments. It is the first certification in the field of Information Security to meet the stringent requirements of the SO/IEC Standard 17024:2003. It is also formally approved by the U.S. Department of Defense for their DoDD 8570 certification requirement. Now amended to reflect the latest version update – CISSP 2015. Who Should Attend

• CTOs • IT Directors • Managers • Security Directors • Auditors • Architects

What You Will Learn The CISSP taxonomy encompassed in its Common Body of Knowledge covers the following eight domains: Security and Risk Management (Security, Risk, Compliance, Law, Regulations, and Business Continuity)

• Confidentiality, integrity, and availability concepts • Security governance principles

International Institute for Learning, Inc. PM for IT Professionals

© 2014-2015 International Institute for Learning, Inc.

Prep Course for the (ISC)2® Certified Information Systems Security Professional (CISSP®) Exam| 2 of 3

• Compliance • Legal and regulatory issues • Professional ethics • Security policies, standards, procedures, and guidelines

Asset Security (Protecting Security of Assets) • Information and asset classification • Ownership (e.g., data owners, system owners) • Protect privacy • Appropriate retention • Data security controls • Handling requirements (e.g., markings, labels, storage)

Security Engineering (Engineering and Management of Security) • Engineering processes using secure design principles • Security models – fundamental concepts • Security evaluation models • Security capabilities of information systems • Security architectures, designs, and solution elements vulnerabilities • Web-based systems vulnerabilities • Mobile systems vulnerabilities • Embedded devices and cyber-physical systems vulnerabilities • Cryptography • Site and facility design secure principles • Physical security

Communication and Network Security (Designing and Protecting Network Security) • Secure network architecture design (e.g., IP & non-IP protocols, segmentation) • Secure network components • Secure communication channels • Network attacks

Identity and Access Management (Controlling Access and Managing Identity) • Physical and logical assets control • Identification and authentication of people and devices • Identity as a service (e.g., Cloud identity) • Third-party identity services (e.g., on-premise) • Access control attacks • Identity and access provisioning lifecycle (e.g., provisioning review)

Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing) • Assessment and test strategies • Security process data (e.g., management and operational controls) • Security control testing • Test outputs (e.g., automated, manual) • Security architectures vulnerabilities

International Institute for Learning, Inc. PM for IT Professionals

© 2014-2015 International Institute for Learning, Inc.

Prep Course for the (ISC)2® Certified Information Systems Security Professional (CISSP®) Exam| 3 of 3

Security Operations (Foundational Concepts, Investigations, Incident Management, and Disaster Recovery)

• Investigations support and requirements • Logging and monitoring activities • Provisioning of resources • Foundational security operations concepts • Resource protection techniques • Incident management • Preventative measures • Patch and vulnerability management • Change management processes • Recovery strategies • Disaster recovery processes and plans • Business continuity planning and exercises • Physical security • Personnel safety concerns

Software Development Security (Understanding, Applying, and Enforcing Software Security) • Security in the software development lifecycle • Development environment security controls • Software security effectiveness • Acquired software security impact

CISSP Certification Qualifications Apart from the requirements detailed above, the candidate must submit an application directly with (ISC)2, pay the requisite fees, and pass the six-hour, computer-based, 250-question exam.