|
CISSP Course Syllabus:
Security and Risk ManagementRegulatory and legal issuesConfidentiality, availability, and integrity conceptsPrinciples of security governanceCompliance and professional ethicsRequirements of business continuityPolicies of personnel securityThreat modeling and risk considerationsSecurity education, awareness, and trainingSecurity policies, standards, procedures, and guidelines
Asset SecurityPrivacy protectionAsset and information classificationOwnershipData security controls and appropriate retentionRequirements handling
Security Architecture and EngineeringSecurity evaluation modelsFundamental concepts of security modelsSecurity designs, architectures, and solution elements vulnerabilitiesInformation systems security capabilitiesUsing secure design principles for engineering processesVulnerabilities of web-based and mobile systemsCryptographyVulnerabilities of cyber-physical systems and embedded devicesSecure principles of facility and site designPhysical security
Communication and Network SecurityArchitectural design of a secure networkChannels for secure communicationComponents of a secure networkNetwork attacks
Identity and Access Management (IAM)Logical/physical access to assets managementAuthentication and identification managementIntegrating identity as a third-party serviceMechanism of authorizationProvisioning life cycle’s identity and accessSecurity Assessment and TestingTest outputs (e.g., manual and automated)Security process data (e.g., operational and management controls)Vulnerabilities of security architecturesTesting of security controlTest and assessment strategies
Security OperationsMonitoring and logging activitiesInvestigation requirements and supportIncident managementResource provisionConcepts of foundational security operationsRecovery strategiesTechniques of resource protectionPhysical securityMeasures of preventionVulnerability and patch managementProcesses of change managementExercises and planning of business continuityPersonnel safety concernsPlans and processes for disaster recovery
Software Development SecuritySecurity controls for development environmentSoftware development life cycle securityImpact of acquired software securityEffectiveness of software security
More information on CISSP certification course is available online.
|