Scribd
Upload
19 views5 pages

CISSP Syllabus

The CISSP Certification Course aims to prepare students for the CISSP Certification exam, focusing on essential cybersecurity principles and practices. It is designed for individuals with at least five years of professional experience in cybersecurity and covers various domains including risk management, asset security, and application security. By the end of the course, learners will have a comprehensive understanding of governance, security architecture, identity management, and security operations.

Uploaded by

casopo8594
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
19 views5 pages

CISSP Syllabus

The CISSP Certification Course aims to prepare students for the CISSP Certification exam, focusing on essential cybersecurity principles and practices. It is designed for individuals with at least five years of professional experience in cybersecurity and covers various domains including risk management, asset security, and application security. By the end of the course, learners will have a comprehensive understanding of governance, security architecture, identity management, and security operations.

Uploaded by

casopo8594
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Course Syllabus

Certified Information Systems Security Professional


(CISSP)
Instructor Name: Kelly Handerhan Course Creation Date: 10/28/2024

Course Description and Goals

Course Description: Our CISSP Certification Course is designed to help students prepare for
the CISSP Certification exam and demonstrate the appropriate knowledge equivalent to five
years of experience in cybersecurity.

Target Audience: Individuals who wish to validate their knowledge and understanding of
cybersecurity principles across a broad wealth of topics.

Course Level: Intermediate to Advanced

Prerequisites: This course is recommended for individuals with five years of professional
experience in cybersecurity. Students with technical, managerial, or operational backgrounds will
also benefit from this course.

Course Goals: By the end of this course, learners should be able to:

● Understand the importance of governance and risk management in relation to


cybersecurity
● Protect assets through categorization and implementation of baseline security controls
● Understand the foundational concepts of security architecture and design
implementations
● Be able to describe and recommend cryptographic solutions and implementations
● Demonstrate an understanding of telecommunications and networking technologies, as
well as vulnerabilities and security controls to mitigate risks
● Describe concepts and technologies associated with Identity and Access Management
● Show knowledge related to assessing the security posture of a network
● Understand the stages of the Software Development Lifecycle and assess and mitigate
risks associated with software development

Course Outline

Domain 1: Information Security and Risk Management


Lesson 1.1: Course Introduction
Lesson 1.2: The CISSP Mindset
Lesson 1.3: CISSP Mindset - Test Yourself
Lesson 1.4: Goals of Information Security
Lesson 1.5: Information Security Governance
Lesson 1.6: Compliance Requirements
Lesson 1.7: Intellectual Property
Lesson 1.8: Privacy
Lesson 1.9: Enterprise Roles and Responsibilities
Lesson 1.10: Information Security Frameworks
Lesson 1.11: Information Security Program
Lesson 1.12: Policies, Standards, Procedures, Guidelines, and Baselines
Lesson 1.13: Information Security Controls
Lesson 1.14: Information Security Risk Management
Lesson 1.15: Risk Definitions
Lesson 1.16: Risk Management Lifecycle - Identification and Assessment
Lesson 1.17: Risk Management Lifecycle - Mitigation and Monitoring
Lesson 1.18: Knowledge Transfer

Domain 2: Asset Security


Lesson 2.1: Data Categorization and Classification
Lesson 2.2: States of Data
Lesson 2.3: Threats to Data Protection
Lesson 2.4: Data Security in the Cloud
Domain 3: Security Architecture and Engineering

Lesson 3.1: Security Design Principles


Lesson 3.2: Security Models - Part : Bell LaPadula
Lesson 3.3: Security Models - Part 2: Biba
Lesson 3.4: Security Models - Part 3: Clark Wilson and Brewer Nash
Lesson 3.5: Security Architecture
Lesson 3.6: Assessment and Authorization
Lesson 3.7: Cloud Services and Cloud Deployment Models
Lesson 3.8: Cloud Service Models
Lesson 3.9: Cryptography Through History
Lesson 3.10: Cryptography Basics - Part 1: Security Services Provided by Cryptography
Lesson 3.11: Cryptography Basics - Part 2: Crypto Definitions
Lesson 3.12: Symmetric Cryptography
Lesson 3.13: Asymmetric Cryptography - Part 1: Privacy with Asymmetric Cryptography
Lesson 3.14: Asymmetric Cryptography - Part 2: Integrity and Non-Repudiation
Lesson 3.15: Common Asymmetric Algorithms
Lesson 3.16: Hybrid Cryptography and Public Key Infrastructure
Lesson 3.17: Message Authentication Codes
Lesson 3.18: IPSec
Lesson 3.19: Email Cryptosystems
Lesson 3.20: The Impact of Quantum Computing and Quantum Key Distribution
Lesson 3.21: Blockchain

Domain 4: Communication and Network Security


Lesson 4.1: Domain 4 Overview
Lesson 4.2: The OSI Model | Layer 1: Physical Layer
Lesson 4.3: The OSI Model | Layer 2: Data Link
Lesson 4.4: Network Connectivity Devices
Lesson 4.5: The OSI Model | Layer 3: Network Layer
Lesson 4.6: The OSI Model | Layers 4-6: Transport, Session, and Presentation
Lesson 4.7: The OSI Model | Layer 7: Application Layer
Lesson 4.8: TCP Model and OSI Review
Lesson 4.9: Security Zones and Firewalls
Lesson 4.10: NAT and PAT
Lesson 4.11: WAN Technology
Lesson 4.12: Voice over IP (VoIP)
Lesson 4.13: Remote Access Protocols and Tunneling
Lesson 4.14: Wireless Networking
Lesson 4.15: Cloud Computing and Cloud Services
Lesson 4.16: Software Defined Networking

Domain 5: Identity and Access Management


Lesson 5.1: Identity Management
Lesson 5.2: Authentication - Type 1
Lesson 5.3: Authentication - Type 2
Lesson 5.4: Authentication - Type 3
Lesson 5.5: Kerberos and Single Sign On (SSO)
Lesson 5.6: Federated Trusts
Lesson 5.7: Authorization
Lesson 5.8: Access Control Models
Lesson 5.9: Access Control Models - Part 2

Domain 6: Security Assessment and Testing


Lesson 6.1: Domain 6 Overview
Lesson 6.2: Audits
Lesson 6.3: Types of Audits
Lesson 6.4: Types of Audits - Part 2
Lesson 6.5: SOC Reports
Lesson 6.6: Vulnerability Assessments
Lesson 6.7: Penetration Testing
Lesson 6.8: Cyber Kill Chain and Degree of Knowledge
Lesson 6.9: Log Reviews
Lesson 6.10: Intrusion Detection and Prevention Systems, Analysis Engines, and Other
Detective Tools

Domain 7: Security Operations


Lesson 7.1: Domain 7 Overview
Lesson 7.2: Event Monitoring
Lesson 7.3: Incident Management
Lesson 7.4: Incident Management Processes
Lesson 7.5: Incident Response Plan
Lesson 7.6: Forensic Investigation
Lesson 7.7: Fault Management and Redundancy
Lesson 7.8: Fault Management and Redundancy - Part 2
Lesson 7.9: Business Continuity and Disaster Recovery
Lesson 7.10: NIST 800-34: Contingency Planning Guide for Federal Information Systems
Lesson 7.11: NIST 800-34: Contingency Planning Processes
Lesson 7.12: NIST 800-34: Contingency Planning Processes - Part 2
Lesson 7.13: NIST 800-34: Contingency Planning Processes - Part 3
Lesson 7.14: Plan Testing, Training and Exercises

Domain 8: Application Security

Lesson 8.1: The Software Development Lifecycle (SDLC)


Lesson 8.2: Software Development Methodologies
Lesson 8.3: Secure Development
Lesson 8.4: APIs
Lesson 8.5: Application Threats
Lesson 8.6: Timing/Race Conditions
Lesson 8.7: Cohesion and Coupling
Lesson 8.8: Security Testing for Applications
Lesson 8.9: Relational Databases
Lesson 8.10: Relational Databases - Part 2

You might also like