CISSP

Certified Information Systems Security Professional (CISSP)
5 Day Instructor Led


If you are ready to take your security career to the next level, Ultimate Knowledge's Certified Information Systems Security Professional (CISSP) training and certification boot camp will help get you there. You will receive instruction from our experts who possess in-depth, real-world experience as you cover all the material you need to be fully prepared for the (ISC)2 CISSP exam. Our comprehensive CISSP exam prep tools contain the industry's most relevant, up-to-date information and includes summary charts, insightful data, and practice exams. Along with our CISSP training and certification custom course material, you will receive a free copy of Shon Harris' CISSP Certification All-in-One Exam Guide, 5th Edition and a CISSP Practice Exams Book (All-in-One).

CISSP Prerequisites
Systems administration experience, familiarization with TCP/IP, and an understanding of UNIX, Linux, and Windows. This advanced course also requires intermediate-level knowledge of the security concepts covered in our Security+ Prep Course. Security+ Prep Course

What You'll Get in CISSP
Expert Level Instruction
Shon Harris All-In-One Book
CISSP Practice Exams (All-in-One) Book
Ultimate Knowledge Institute Award Winning CISSP Student Workbook
Daily Homework Questions (Over 600 Questions)
Daily Quiz Questions (Over 600 Questions)
Handy Reference Charts and Tables
Flash Cards
Course Related Readings (Reinforcement)
Daily Exercises to Reinforce Memory Recall - Cognitive Core

What You'll Learn in CISSP
In-depth coverage of the ten domains required to pass the CISSP exam:

Operations Security
Information Security and Risk Management
Physical (Environmental) Security
Cryptography
Access Control
Security Architecture and Design
Telecommunications and Network Security
Business Continuity and Disaster Recovery Planning
Application Security
Legal, Regulations, Compliance, and Investigations

CISSP Certification
(ISC)2 requires exam candidates to have a minimum of five years of relevant work experience in two or more of the ten domains, four years of work experience with an applicable college degree, or a credential from the (ISC)2-approved list.

The CISSP certification requires successfully passing the CISSP exam (administered by (ISC)2) and having met the experience requirements.

CISSP Outline

1) Security and Risk Management (e.g., Security, Risk, Compliance, Law, Regulations, Business Continuity) 

A. Understand and apply concepts of confidentiality, integrity and availability 
B. Apply security governance principles through: 
B.1 Alignment of security function to strategy, goals, mission, and objectives 
(e.g., business case, budget and resources) 
B.2 Organizational processes (e.g., acquisitions, divestitures, governance committees) 
B.3 Security roles and responsibilities 
B.4 Control frameworks 
B.5 Due care 
B.6 Due diligence 
C. Compliance 
C.1 Legislative and regulatory compliance 
C.2 Privacy requirements compliance 
D. Understand legal and regulatory issues that pertain to information security in a global context 
D.1 Computer crimes 
D.2 Licensing and intellectual property (e.g., copyright, trademark, digital-rights management) 
D.3 Import/export controls 
D.4 Trans-border data flow 
D.5 Privacy 
D.6 Data breaches 
E. Understand professional ethics 
E.1 Exercise (ISC)2 Code of Professional Ethics 
E.2 Support organization’s code of ethics 
F. Develop and implement documented security policy, standards, procedures, and guidelines 
G. Understand business continuity requirements 
G.1 Develop and document project scope and plan 
G.2 Conduct business impact analysis 
H. Contribute to personnel security policies 
H.1 Employment candidate screening (e.g., reference checks, education verification) 
H.2 Employment agreements and policies 
H.3 Employment termination processes 
H.4 Vendor, consultant, and contractor controls 
H.5 Compliance 
H.6 Privacy 
I. Understand and apply risk management concepts 
I.1 Identify threats and vulnerabilities 
I.2 Risk assessment/analysis (qualitative, quantitative, hybrid) 
I.3 Risk assignment/acceptance (e.g., system authorization) 
I.4 Countermeasure selection 
I.5 Implementation 
I.6 Types of controls (preventive, detective, corrective, etc.) 
I.7 Control assessment 
I.8 Monitoring and measurement 
I.9 Asset valuation 
I.10 Reporting 
I.11 Continuous improvement 
I.12 Risk frameworks 
J. Understand and apply threat modeling 
J.1 Identifying threats (e.g., adversaries, contractors, employees, trusted partners) 
J.2 Determining and diagramming potential attacks (e.g., social engineering, spoofing) 
J.3 Performing reduction analysis 
J.4 Technologies and processes to remediate threats (e.g., software architecture and operations) 
K. Integrate security risk considerations into acquisition strategy and practice 
K.1 Hardware, software, and services 
K.2 Third-party assessment and monitoring (e.g., on-site assessment, document exchange and review, process/policy review) 
K.3 Minimum security requirements 
K.4 Service-level requirements 
L. Establish and manage information security education, training, and awareness 
L.1 Appropriate levels of awareness, training, and education required within organization 
L.2 Periodic reviews for content relevancy 

2) Asset Security (Protecting Security of Assets) 

A. Classify information and supporting assets (e.g., sensitivity, criticality) 
B. Determine and maintain ownership (e.g., data owners, system owners, business/mission owners) 
C. Protect privacy 
C.1 Data owners 
C.2 Data processers 
C.3 Data remanence 
C.4 Collection limitation 
D. Ensure appropriate retention (e.g., media, hardware, personnel) 
E. Determine data security controls (e.g., data at rest, data in transit) 
E.1 Baselines 
E.2 Scoping and tailoring 
E.3 Standards selection 
E.4 Cryptography 
F. Establish handling requirements (markings, labels, storage, destruction of sensitive information) 

3) Security Engineering (Engineering and Management of Security) 

A. Implement and manage engineering processes using secure design principles 
B. Understand the fundamental concepts of security models (e.g., Confidentiality, 
Integrity, and Multi-level Models) 
C. Select controls and countermeasures based upon systems security evaluation models 
D. Understand security capabilities of information systems (e.g., memory protection, virtualization, trusted platform module, interfaces, fault tolerance) 
E. Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements 
E.1 Client-based (e.g., applets, local caches) 
E.2 Server-based (e.g., data flow control) 
E.3 Database security (e.g., inference, aggregation, data mining, data analytics, warehousing) 
E.4 Large-scale parallel data systems 
E.5 Distributed systems (e.g., cloud computing, grid computing, peer to peer) 
E.6 Cryptographic systems 
E.7 Industrial control systems (e.g., SCADA) 
F. Assess and mitigate vulnerabilities in web-based systems (e.g., XML, OWASP) 
G. Assess and mitigate vulnerabilities in mobile systems 
H. Assess and mitigate vulnerabilities in embedded devices and cyber-physical systems (e.g., network-enabled devices, Internet of things (loT)) 
I. Apply cryptography 
I.1 Cryptographic life cycle (e.g., cryptographic limitations, algorithm/protocol governance) 
I.2 Cryptographic types (e.g., symmetric, asymmetric, elliptic curves) 
I.3 Public Key Infrastructure (PKI) 
I.4 Key management practices 
I.5 Digital signatures 
I.6 Digital rights management 
I.7 Non-repudiation 
I.8 Integrity (hashing and salting) 
I.9 Methods of cryptanalytic attacks (e.g., brute force, cipher-text only, known plaintext) 
J. Apply secure principles to site and facility design 
K. Design and implement physical security 
K.1 Wiring closets 
K.2 Server rooms 
K.3 Media storage facilities 
K.4 Evidence storage 
K.5 Restricted and work area security (e.g., operations centers) 
K.6 Data center security 
K.7 Utilities and HVAC considerations 
K.8 Water issues (e.g., leakage, flooding) 
K.9 Fire prevention, detection and suppression 

4) Communication and Network Security (Designing and Protecting Network Security) 

A. Apply secure design principles to network architecture (e.g., IP & non-IP protocols, segmentation) 
A.1 OSI and TCP/IP models 
A.2 IP networking 
A.3 Implications of multilayer protocols (e.g., DNP3) 
A.4 Converged protocols (e.g., FCoE, MPLS, VoIP, iSCSI) 
A.5 Software-defined networks 
A.6 Wireless networks 
A.7 Cryptography used to maintain communication security 
B. Secure network components 
B.1 Operation of hardware (e.g., modems, switches, routers, wireless access points, mobile devices) 
B.2 Transmission media (e.g., wired, wireless, fiber) 
B.3 Network access control devices (e.g., firewalls, proxies) 
B.4 Endpoint security 
B.5 Content-distribution networks 
B.6 Physical devices 
C. Design and establish secure communication channels 
C.1 Voice 
C.2 Multimedia collaboration (e.g., remote meeting technology, instant messaging) 
C.3 Remote access (e.g., VPN, screen scraper, virtual application/desktop, telecommuting) 
C.4 Data communications (e.g., VLAN, TLS/SSL) 
C.5 Virtualized networks (e.g., SDN, virtual SAN, guest operating systems, port isolation) 
D. Prevent or mitigate network attacks 

5) Identity and Access Management (Controlling Access and Managing Identity) 

A. Control physical and logical access to assets 
A.1 Information 
A.2 Systems 
A.3 Devices 
A.4 Facilities 
B. Manage identification and authentication of people and devices 
B.1 Identity management implementation (e.g., SSO, LDAP) 
B.2 Single/multi-factor authentication (e.g., factors, strength, errors, biometrics) 
B.3 Accountability 
B.4 Session management (e.g., timeouts, screensavers) 
B.5 Registration and proofing of identity 
B.6 Federated identity management (e.g., SAML) 
B.7 Credential management systems 
C. Integrate identity as a service (e.g., cloud identity) 
D. Integrate third-party identity services (e.g., on-premise) 
E. Implement and manage authorization mechanisms 
E.1 Role-Based Access Control (RBAC) methods 
E.2 Rule-based access control methods 
E.3 Mandatory Access Control (MAC) 
E.4 Discretionary Access Control (DAC) 
F. Prevent or mitigate access control attacks 
G. Manage the identity and access provisioning lifecycle (e.g., provisioning, review) 

6) Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing) 

A. Design and validate assessment and test strategies 
B. Conduct security control testing 
B.1 Vulnerability assessment 
B.2 Penetration testing 
B.3 Log reviews 
B.4 Synthetic transactions 
B.5 Code review and testing (e.g., manual, dynamic, static, fuzz) 
B.6 Misuse case testing 
B.7 Test coverage analysis 
B.8 Interface testing (e.g., API, UI, physical) 
C. Collect security process data (e.g., management and operational controls) 
C.1 Account management (e.g., escalation, revocation) 
C.2 Management review 
C.3 Key performance and risk indicators 
C.4 Backup verification data 
C.5 Training and awareness 
C.6 Disaster recovery and business continuity 
D. Analyze and report test outputs (e.g., automated, manual) 
E. Conduct or facilitate internal and third party audits 

7) Security Operations (e.g., Foundational Concepts, Investigations, Incident Management, Disaster Recovery) 

A. Understand and support investigations 
A.1 Evidence collection and handling (e.g., chain of custody, interviewing) 
A.2 Reporting and documenting 
A.3 Investigative techniques (e.g., root-cause analysis, incident handling) 
A.4 Digital forensics (e.g., media, network, software, and embedded devices) 
B. Understand requirements for investigation types 
B.1 Operational 
B.2 Criminal 
B.3 Civil 
B.4 Regulatory 
B.5 Electronic discovery (eDiscovery) 
C. Conduct logging and monitoring activities 
C.1 Intrusion detection and prevention 
C.2 Security information and event management 
C.3 Continuous monitoring 
C.4 Egress monitoring (e.g., data loss prevention, steganography, watermarking) 
D. Secure the provisioning of resources 
D.1 Asset inventory (e.g., hardware, software) 
D.2 Configuration management 
D.3 Physical assets 
D.4 Virtual assets (e.g., software-defined network, virtual SAN, guest operating systems) 
D.5 Cloud assets (e.g., services, VMs, storage, networks) 
D.6 Applications (e.g., workloads or private clouds, web services, software as a service) 
E. Understand and apply foundational security operations concepts 
E.1 Need-to-know/least privilege (e.g., entitlement, aggregation, transitive trust) 
E.2 Separation of duties and responsibilities 
E.3 Monitor special privileges (e.g., operators, administrators) 
E.4 Job rotation 
E.5 Information lifecycle 
E.6 Service-level agreements 
F. Employ resource protection techniques 
F.1 Media management 
F.2 Hardware and software asset management 
G. Conduct incident management 
G.1 Detection 
G.2 Response 
G.3 Mitigation 
G.4 Reporting 
G.5 Recovery 
G.6 Remediation 
G.7 Lessons learned 
H. Operate and maintain preventative measures 
H.1 Firewalls 
H.2 Intrusion detection and prevention systems 
H.3 Whitelisting/Blacklisting 
H.4 Third-party security services 
H.5 Sandboxing 
H.6 Honeypots/Honeynets 
H.7 Anti-malware 
I. Implement and support patch and vulnerability management 
J. Participate in and understand change management processes (e.g., versioning, baselining, security impact analysis) 
K. Implement recovery strategies 
K.1 Backup storage strategies (e.g., offsite storage, electronic vaulting, tape rotation) 
K.2 Recovery site strategies 
K.3 Multiple processing sites (e.g., operationally redundant systems) 
K.4 System resilience, high availability, quality of service, and fault tolerance 
L. Implement disaster recovery processes 
L.1 Response 
L.2 Personnel 
L.3 Communications 
L.4 Assessment 
L.5 Restoration 
L.6 Training and awareness 
M. Test disaster recovery plans 
M.1 Read-through 
M.2 Walkthrough 
M.3 Simulation 
M.4 Parallel 
M.5 Full interruption 
N. Participate in business continuity planning and exercises 
O. Implement and manage physical security 
O.1 Perimeter (e.g., access control and monitoring) 
O.2 Internal security (e.g., escort requirements/visitor control, keys and locks) 
P. Participate in addressing personnel safety concerns (e.g., duress, travel, monitoring) 

8) Software Development Security (Understanding, Applying, and Enforcing Software Security) 

A. Understand and apply security in the software development lifecycle 
A.1 Development methodologies (e.g., Agile, Waterfall) 
A.2 Maturity models 
A.3 Operation and maintenance 
A.4 Change management 
A.5 Integrated product team (e.g., DevOps) 
B. Enforce security controls in development environments 
B.1 Security of the software environments 
B.2 Security weaknesses and vulnerabilities at the source-code level (e.g., buffer overflow, escalation of privilege, input/output validation) 
B.3 Configuration management as an aspect of secure coding 
B.4 Security of code repositories 
B.5 Security of application programming interfaces 
C. Assess the effectiveness of software security 
C.1 Auditing and logging of changes 
C.2 Risk analysis and mitigation 
C.3 Acceptance testing 
D. Assess security impact of acquired software


Get More Information
* Denotes a required field.

Courses
Social Media Security Training
Schedule
Get a quote

Training
Training Effectiveness Assurance
Compliance Management Framework
Mentoring & Student Support Process
Department of Defense Training and 8570.1 Compliance


Testimonials
About Us

UKI Recognized as 2013
IT Training Mover & Shaker

2013 IT Training Mover & Shaker

Upcoming Public Course Dates

Nothing Scheduled
please check back soon

Great training...phenomenal from a management point of view! Name withheld by request ONI, Washington DC


UKI ROCKS because you do not just teach the test. Giving the customer what they need sits high on my list of customer satisfaction. Thanks! IT1 Quanessis Ricks, United States Navy


Very interactive! This is an intense skills training class that allows students to see multiple configurations with the chance to employ them. The hands-on labs in the class were set up in a manner that we were actually managing a network in the classroom. I wish (instructor) worked for me! James Stewart Jr Communications Chief, 2d Marine Division, USMC




UKI Twitter Feed

We Provide Expert Instruction in the Following Courses:
CISSP Certification Training | CCNA Certification Training | REDHAT Linux Essentials - RH033 Certification Training | Fiber Optic Installer Certification Training | CompTIA A+ 5 Day Certification Training | CompTIA Linux+ Certification Training | CISM Certification Training | SSCP Certification Training | UKI Social Media Security Professional (SMSP) - Online Only Certification Training | MCITP: Enterprise Administrator 2008 Upgrade Certification Training | CEH Certification Training | CompTIA Network+ N10-005 Certification Training | ITIL® Foundation Certification Training | Installing and Configuring Windows Server 2012 (M20410) Certification Training | CAP Certification Training | UKI Social Media Engineering & Forensics Professional (SMEFP) Certification Training | RedHat Linux System Administration Foundations Certification Training | CCNP Voice Certification Training | CISA Certification Training | CCNA Voice Certification Training | CHFI Certification Training | ECSA Certification Training | ISSEP Certification Training | MCITP: Enterprise and Server Administrator Certification Training | MCTS: Windows 7 Desktop Administrator 70-680 Certification Training | MCSE 2003/MCTS: Windows 7/Security+ Certification Training | UKI Social Media Security Professional (SMSP) Certification Training | CCNP Certification Training | Administering Microsoft Windows Server 2012 (M20411) Certification Training | Implementing Desktop Application Environments (M20416) Certification Training | Configuring Advanced Windows Server 2012 Services (M20412) Certification Training | Designing and Implementing a Server Infrastructure on Windows 2012 (M20413) Certification Training | CCNA Security Certification Training | Certified Wireless Network Administrator Certification Training | UKI Social Media Management & Governance Professional (SMMGP) Certification Training | UKI Social Media Governance Certification Training | UK EC Council Certified Incident Handler Certification Training | Cyber Kung Fu for the Certified in Risk and Information Systems Control (CRISC) Certification Training | CompTIA Security+ SY0-401 Certification Training | UKI Social Media Security Hybrid Training Course Certification Training | Implementing an Advanced Server Infrastructure (M20414) Certification Training | MCSA: Windows Server 2012 Boot Camp Certification Training | Cyber Kung Fu for the Certified Information Security Manager (CISM) Certification Training | CompTIA Storage + Certification Training | Advanced VMware vSphere Design, Optimize, & Manage Certification Training | PMP v5 Certification Training | Cyber Kung Fu for Wireshark Certification Training | Cyber Kung Fu for the Certified Information Systems Security Professional (CISSP) Certification Training | CompTIA Advanced Security Practitioner (CASP) CAS 002 Certification Training | Quick SharePoint 2013 Maintenance for the Part-Time Administrator Certification Training | CompTIA Network+ (N10-006) Certification Training | Security Design and Solutions, Network Security Design, Conduct a Security Assessment and Host Security Certification Training | Cyber Vanguard Series-Cyber Strike Certification Training | Cyber Vanguard Series- Enterprise Guardian Certification Training | CompTIA Cloud+ Certification Training | ISC2 Certified Cloud Security Professional (CCSP) Certification Training | Cyber Vanguard Series- Cyber Storm Assault Tactics Certification Training | Risk Management Framework for DoD - Fundamentals Certification Training | Programming in HTML5 with JavaScript and CSS3 Certification Training | RedHat System Administration II - RH135 Certification Training | Risk Management Framework for DoD - Deep Dive Certification Training | FUNDAMENTALS OF VMWARE ESXi SERVER Certification Training |
Copyright © 2017 Ultimate Knowledge Institute | Privacy Policy
ITIL® is a registered trade mark of AXELOS® Limited.
IT Infrastructure Library® is a registered trade mark of AXELOS® Limited.
The Swirl logo™; is a trade mark of AXELOS® Limited.

All other trademarks mentioned in this web site are the property of their respective owners.