CISSP Training – Five-Day Course

Domain 1 – Security and Risk

• Confidentiality, integrity, and availability concepts
• Security governance principles
• Compliance
• Legal and regulatory issues
• Professional ethic
• Security policies, standards, procedures and guidelines

Domain 2 – Asset Security

• Information and asset classification
• Ownership (e.g. data owners, system owners)
• Protect privacy
• Appropriate retention
• Data security controls
• Handling requirements (e.g. markings, labels, storage)

Domain 3 – Security Engineering

• Engineering processes using secure design principles
• Security models fundamental concepts
• Security evaluation models
• Security capabilities of information systems
• Security architectures, designs, and solution elements vulnerabilities
• Web-based systems vulnerabilities
• Mobile systems vulnerabilities
• Embedded devices and cyber-physical systems vulnerabilities
• Cryptography
• Site and facility design secure principles
• Physical security

Domain 4 – Communication & Network Security

• Secure network architecture design (e.g. IP & non-IP protocols, segmentation)
• Secure network components
• Secure communication channels
• Network attacks

Domain 5 – Identity and Access Management

• Physical and logical assets control
• Identification and authentication of people and devices
• Identity as a service (e.g. cloud identity)
• Third-party identity services (e.g. on-premise)
• Access control attacks
• Identity and access provisioning lifecycle (e.g. provisioning review)

Domain 6 – Security Assessment and Testing

• Assessment and test strategies
• Security process data (e.g. management and operational controls) •
• Security control testing
• Test outputs (e.g. automated, manual)
• Security architectures vulnerabilities

Domain 7 – Security Operations

• Investigations support and requirements
• Logging and monitoring activities
• Provisioning of resources
• Foundational security operations concepts
• Resource protection techniques
• Incident management
• Preventative measures
• Patch and vulnerability management
• Change management processes
• Recovery strategies
• Disaster recovery processes and plans
• Business continuity planning and exercises
• Physical security
• Personnel safety concerns

Domain 8 – Software Development Security

• Security in the software development lifecycle
• Development environment security controls
• Software security effectiveness
• Acquired software security impact

Practical “how to” guidance and sample questions are provided to enhance the students’ exam readiness.
Note: BAI provides training and test preparation. The exam itself is administered by ISC2.