CISSP - Certified Information Systems Security Professional

Approach

Our CISSP training prepares the student to the exam to become a Certified Security Expert from the ISC2 (International Information Systems Security Certification Consortium). The certification ensures the owner has a broad knowledge of the security matters and he/she keeps his/her knowledge up to date. The certification is world wide recognized as a foundation for any Security Expert.

ISC2 defines a Common Body of Knowledge (CBK ®). The CBK defines what a Security Professional should Master in every one of those 8 Chapters. The CBK defined chapters and required knowledge is defined upon what every Security Experts need to know for his/her day-to-day work. The Certification allows to standardize those knowledge. ISC2 requires more over to the CISSP certification owner to keep his/her knowledge up to date to retain his/her certification. The CBK covers not only theoretical aspects a Security Professional needs to know but also the also more practical details a Security Professional will encounter in his/her everyday job.

Our CISSP training is fully independent of any product or organisation, giving our student a true unbiased training.

Your pace

Depending of the session (one group is not another one) the training may be complete in 4 days and we are left with one full day of practice or Q&A.

Other arrangement have been found depending of the Customers.

Duration

.

Audience

As to be found on SANS web site :
  • Chief Information Security Officer
  • Chief Information Officer
  • Director of Security
  • IT Director/Manager
  • Security Systems Engineer
  • Security Analyst
  • Security Manager
  • Security Auditor
  • Security Architect
  • Security Consultant
  • Network Architect

SANS's Web site : https://www.isc2.org/Certifications/CISSP

Prerequisite

There is no specific requirement. However a good 2-7 years experience in IT (and or in IT - Security ) really helps to understand all the concnpts.

Objectives

The training goes over the 1.200+ pages of the CBK book (official CBK ou "Official Study Guide" ).

Trainees will have to do the memorization work by themselves.

Information

Other

After the training ...

Students can always ask / call but the true nature of the CISSP is that ISC2 holds the questions and their style confidential.

Material provided

Every students receives either the Official CBK book plus a set of slides or an equivalent book (we recently decided not to go for the official book as it is really a terrible one to study).

Detailled program

Schedule

We spend 5 days for 8 - 10 hours a day going over the training materials. At your pace... sometimes we make a difficult chapter in a couple of hours and sometimes we finish a supposedly easy chapter in one day. The trainer is available from 8h00 to 19h00 (depending of the facility openings hours).

Here is a possible day by day time table. It is give as indication and NOT as something cast in Iron.

DAY-1

  • Chapitre 0 : Consiste en une introduction où des éléments tels que :
    • Structure de la semaine
    • Evolution du contenu du CISSP et importance des différents chapîtres.
    • Structure de l'examen
    • Préparation de l'examen, conseils, recommendation, forme de certaines questions, CISSP Computerized Adaptive Testing
    • Examen en Français ou en Anglais ... ?
    • Le CISSP et après ?
    • CISSP code of Ethics
  • Domaine 1 : Security and Risk Management (Security, Risk, Compliance, Law, Regulations, and Business Continuity) Confidentiality, integrity, and availability concepts
    • Security governance principles
    • Compliance
    • Legal and regulatory issues
    • Professional ethic
    • Security policies, standards, procedures and guidelines

DAY-2

  • Domaine 1 (continued )
  • Domaine 2 : Asset Security (Protecting Security of Assets)
    • Information and asset classification
    • Ownership (e.g. data owners, system owners)
    • Protect privacy
    • Appropriate retention
    • Data security controls
    • Handling requirements (e.g. markings, labels, storage)

DAY-3

  • Domaine 3 : Security Engineering (Engineering and Management of Security)
    • Engineering processes using secure design principles
    • Security models fundamental concepts
    • Security evaluation models
    • Security capabilities of information systems
    • Security architectures, designs, and solution elements vulnerabilities
    • Web-based systems vulnerabilities
    • Mobile systems vulnerabilities
    • Embedded devices and cyber-physical systems vulnerabilities
    • Cryptography
    • Site and facility design secure principles
    • Physical security
  • Domaine 4 :
    • Communication and Network Security (Designing and Protecting Network Security) Secure network architecture design (e.g. IP & non-IP protocols, segmentation)
    • Secure network components
    • Secure communication channels
    • Network attacks

DAY-4

  • Domaine 4 (continued)
  • Domaine 5 : Identity & Access Management (Controlling Access and Managing Identity)
    • Physical and logical assets control
    • Identification and authentication of people and devices
    • Identity as a service (e.g. cloud identity)
    • Third-party identity services (e.g. on-premise)
    • Access control attacks
    • Identity and access provisioning lifecycle (e.g. provisioning review)
  • Domaine 6 : Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
    • Assessment and test strategies
    • Security process data (e.g. management and operational controls)
    • Security control testing
    • Test outputs (e.g. automated, manual)
    • Security architectures vulnerabilities

DAY-5

  • Domaine 7 : Security Operations (Foundational Concepts, Investigations, Incident Management, and Disaster Recovery)
    • Investigations support and requirements
    • Logging and monitoring activities
    • Provisioning of resources
    • Foundational security operations concepts
    • Resource protection techniques
    • Incident management
    • Preventative measures
    • Patch and vulnerability management
    • Change management processes
    • Recovery strategies
    • Disaster recovery processes and plans
    • Business continuity planning and exercises
    • Physical security
    • Personnel safety concerns
  • Domaine 8 : Software Development Security (Understanding, Applying, and Enforcing Software Security)
    • Security in the software development lifecycle
    • Development environment security controls
    • Software security effectiveness
    • Acquired software security impact


CISSP - Certified Information Systems Security Professional

Interrested by this training ? Please contact us for more details.