Summary & Scheduling

CISSP (Certified Information Systems Security Professional) Course Information

Course Length: 5 Days

CISSP certification is the ideal credential for those with proven deep technical and managerial competence, skills, experience, and credibility to design, engineer, implement, and manage their overall information security program to protect organizations from growing sophisticated attacks. It is often identified as a necessary certification by cyber security professionals from employers and potential employers. “56% of Cyber Jobs in Contracting Industry Require CISSP” – The Washington Post.

Course Objectives

Students completing this course will be better prepared to pass the formal CISSP examination. Students will learn how to apply the skills and knowledge to real world scenarios. The learning will far surpass just passing the certification examination.


Six to nine months in a role that is relevant to security practices and successfully completed the following courses or have equivalent experience is recommended.

  • CCNA215: ICND 1 – Interconnecting Cisco Networking Devices Part1 v2
  • A565: CompTIA A+ Certification 801 Support Skills (2012 Objectives)

Intended Audience

This course is primarily designed for the IT professional who is a seasoned employee or consultant, usually with a title like Security Manager, Security Analyst or Chief Information Security Officer. The ideal candidate has been in the field for 5+ years and has a good understanding of the IT threat landscape. An experienced professional in the computer security field who is responsible for developing the information security policies, standards, and procedures and managing their implementation across an organization.


Sample CISSP (Certified Information Systems Security Professional) Course Outline

1. Access Control

  • Security Principles and the Principle of Least Privilege
  • Confidentiality
  • Integrity
  • Availability
  • Identification, Authentication, Authorization, Access and Accounting
  • Authentication Techniques and Standards
  • Access Control Models
  • Access Control Methods and Implementations
  • Access Control Accounting and Auditing

2. Information Security Governance and Risk Management

  • Fundamental Principles of Security
  • Confidentiality
  • Integrity
  • Availability
  • Balancing the Security Principles
  • Security vs. Usability vs. Cost
  • Security Definitions
  • Types of Security Controls
  • Security Frameworks
  • ISO/IEC 27001
  • COSO
  • Process Management
  • Security Management
  • Risk Management
  • Risk Assessment and Analysis
  • Asset Classification
  • Data Classification
  • Risk Mitigation Strategies
  • Policies
  • Standards
  • Guidelines
  • Baselines
  • Procedures
  • Executive Leadership in Risk Management
  • Implementing Governance and Compliance Strategies

3. Security Architecture and Design

  • Computer System Architecture
  • Operating System Security Architecture
  • Application Security Architecture
  • System Security Models
  • Security Architecture Evaluation and Certification
  • Trusted Computer System Evaluation Criteria (TCSEC, or Orange Book)
  • Common Criteria for Information Technology Security Evaluation (ISO/IEC 15408)
  • System Testing and Certification

4. Business Continuity and Disaster Recovery Planning

  • Standards and Best Practices
  • Planning for Incidents
  • The Business Continuity Process
  • Implementing A Disaster Recovery Plan

5. Cryptography

  • Overview of Cryptography
  • The History of Cryptography (Without Math)
  • The Use of Cryptography (With Math)
  • Symmetric Key (Shared Secret Key) Cryptography
  • Diffie-Hellman Key Agreement
  • Asymmetric Key (Public – Private Key) Cryptography
  • Digital Signature (Hash) Cryptography
  • Implementing All Types of Cryptography in Cryptosystems
  • Public Key Infrastructure (PKI) and Certificates
  • Encrypted VPN Tunnels
  • Digitally Signed Documents and Email
  • Encrypting Data At Rest and In Transit

6. Legal, Regulations, Investigations and Compliance

  • The Complexity of Cybercrime
  • Regions
  • Laws
  • Law Enforcement
  • Privacy Laws
  • Intellectual Privacy Laws
  • Eavesdropping & Workplace Spying Laws
  • Legal Liability and Security Compliance
  • Conducting a Security Investigation
  • Ethics of Information Security

7. Operations Security (formerly Security Operations)

  • The Role of Operations in Information Security
  • Personnel Management and Administration
  • Planning System Security
  • Implementing and Maintaining System Security
  • Applying Controls
  • System Hardening
  • Trusted Recovery
  • Configuration Management
  • Change Control Process
  • Change Control Documentation
  • Change Control Compliance and Auditing
  • Vulnerability Assessment
  • Continuous Security Lifecycle

8. Physical (Environmental) Security

  • The Importance of Physical Security in Information Security
  • Planning Physical Security
  • Identifying and Protecting Assets
  • Internal Physical Security Threats and Controls
  • Perimeter Physical Security Threats and Controls
  • External Physical Security Threats and Controls

9. Software Development Security

  • Security as a Part of Software Development
  • System Development Lifecycle
  • Secure Software Development Lifecycle
  • Software Development Models
  • Change Control and Update Management
  • Cloud Computing
  • Web and Mobile Applications
  • Database Management and Security
  • Malicious Software
  • Viruses
  • Trojan Horses
  • Worms
  • Rootkits
  • Backdoors

10. Telecommunications and Network Security

  • The Open Systems Interconnect Model
  • TCP/IP Security
  • IPv4 Security and Threats
  • IPv6 Security and Threats
  • Network Cabling Types and Security Considerations
  • Network Devices
  • Hubs
  • Switches
  • Routers
  • Bridges
  • Gateways
  • Security Network Devices
  • Firewalls and Content Filters
  • Proxy Servers
  • Intrusion Detection Systems
  • Intrusion Prevention Systems
  • Firewalls
  • WAN Security
  • Dial-Up Network Security
  • Virtual Private Network (VPN) Security
  • Internet Protocol Security (IPSec)


CISSP (Certified Information Systems Security Professional) Certification Information

Certified Information System Security Professional

Certification can lead to better visibility, opportunities, and jobs. In today’s increasingly complex and highly-specialized economy, credentials are everything. Sure, the student knows that he/she has the skills to do the job, but how do they convince potential customers and employers? For many career-minded professionals, certification is often the answer.

For IT professionals, it is recognized as a valuable way to prove professional credentials to employers and the general public. For others, the topic can generate a puzzled response. Why become certified? Isn’t a college degree and/or years of practical hands-on experience enough to establish one’s credentials? Either response of yes or no is correct, depending on your clientele and colleagues.

Certified Information System Security Professional (CISSP) Objective

The goal of the course is to prepare professionals for the challenging CISSP exam, covering the objectives of the exam as defined in the ISC(2) common body of knowledge. CISSPs are expected to have a broad range of skills across security policy development and management, as well as technical understanding of a wide range of security controls across all disciplines within Information Security. Our program will provide with a quick and proven method for mastering this huge range of knowledge. The objective of the Certified Information System Security Professional (CISSP) designation is to confirm upon the certificate holder the best of breed of security professional certifications. The CISSP conveys that the individual who achieves the certification not only has the certificate, but more importantly possesses the in-depth knowledge related to the design, maintenance, and management, is a subject matter expert in the field of IT security, and that his/her training is current, relevant, and complete.

CISSP Candidates

Candidates should have a minimum of five years of professional experience of direct full-time professional security work experience in two or more of the ten domains of the (ISC)² CISSP CBK® or four years of direct full-time professional security work experience in two or more of the ten domains of the CISSP CBK with a college degree.
If you don’t have the experience, you can become an Associate of (ISC)² by successfully passing the CISSP exam. You’ll have six years to earn your experience to become a CISSP.

Why Should Individuals Get CISSP Certified?

This internationally recognized certification can lead to better visibility, opportunities, and jobs. In today’s increasingly complex and highly-specialized economy, credentials are everything. Sure, the student knows that he/she has the skills to do the job, but how do they convince potential customers and employers? For many career-minded professionals, certification is often the answer.

How to Get Your CISSP Certification

  • Obtain the Required Experience
  • Study for the Exam in the CISSP bootcamp
  • Register for the CISSP Exam (Pearson VUE testing centers)
  • Agree to adhere to the ISC2 code of ethics
  • Pass the Exam
  • Complete the Endorsement Process
  • Maintain the CISSP Certification

The CISSP exam is 6 hours in length, and consists of 250 questions covering the concepts and technologies within the Common Book of Knowledge (CBK) and in use today. The exam is offered by the Pearson VUE testing centers and can be ordered online, in many different locations, and at many different times to accommodate your needs. Students are encouraged to sit the exam within 1 to 2 weeks of participating in the CISSP bootcamp for optimum information retention.

Once the exam is completed the student learn on the spot if they passed the exam.

Certification Price

The cost of the Certified Information System Security Professional certification is $. Testing is available at authorized VMTraining testing centers throughout the world. Click here to purchase a certification exam voucher.