CISSP Training – Five-Day Course
Domain 1 – Security and Risk
• Confidentiality, integrity, and availability concepts
• Security governance principles
• Compliance
• Legal and regulatory issues
• Professional ethic
• Security policies, standards, procedures and guidelines
Domain 2 – Asset Security
• Information and asset classification
• Ownership (e.g. data owners, system owners)
• Protect privacy
• Appropriate retention
• Data security controls
• Handling requirements (e.g. markings, labels, storage)
Domain 3 – Security Engineering
• Engineering processes using secure design principles
• Security models fundamental concepts
• Security evaluation models
• Security capabilities of information systems
• Security architectures, designs, and solution elements vulnerabilities
• Web-based systems vulnerabilities
• Mobile systems vulnerabilities
• Embedded devices and cyber-physical systems vulnerabilities
• Cryptography
• Site and facility design secure principles
• Physical security
Domain 4 – Communication & Network Security
• Secure network architecture design (e.g. IP & non-IP protocols, segmentation)
• Secure network components
• Secure communication channels
• Network attacks
Domain 5 – Identity and Access Management
• Physical and logical assets control
• Identification and authentication of people and devices
• Identity as a service (e.g. cloud identity)
• Third-party identity services (e.g. on-premise)
• Access control attacks
• Identity and access provisioning lifecycle (e.g. provisioning review)
Domain 6 – Security Assessment and Testing
• Assessment and test strategies
• Security process data (e.g. management and operational controls) •
• Security control testing
• Test outputs (e.g. automated, manual)
• Security architectures vulnerabilities
Domain 7 – Security Operations
• Investigations support and requirements
• Logging and monitoring activities
• Provisioning of resources
• Foundational security operations concepts
• Resource protection techniques
• Incident management
• Preventative measures
• Patch and vulnerability management
• Change management processes
• Recovery strategies
• Disaster recovery processes and plans
• Business continuity planning and exercises
• Physical security
• Personnel safety concerns
Domain 8 – Software Development Security
• Security in the software development lifecycle
• Development environment security controls
• Software security effectiveness
• Acquired software security impact
Practical “how to” guidance and sample questions are provided to enhance the students’ exam readiness.
Note: BAI provides training and test preparation. The exam itself is administered by ISC2.