CISSP Certificate Training Program in Pune

The CISSP course is designed to prepare IT professionals to manage and design the information security framework of an organisation. The course module consists of 8 domains, covering the necessary topics.

Domain 1: Security and Risk Management

Domain 1: Security and Risk Management

Domain 1 of the CISSP certificate course teaches you the importance of security and risk management in an organisation by incorporating legal and regulatory aspects.

1.1 - Understand, adhere to, and promote professional ethics

• ISC2 Code of Professional Ethics

• Organizational code of ethics

1.2 - Understand and apply security concepts

• Confidentiality, integrity, and availability, authenticity, and nonrepudiation (5 Pillars of Information Security)

1.3 - Evaluate and apply security governance principles

• Alignment of the security function to business strategy, goals, mission, and objectives

• Organizational processes (e.g., acquisitions, divestitures, governance committees)

• Organizational roles and responsibilities

• Security control frameworks (e.g., International Organization for Standardization (ISO), National Institute of Standards and Technology (NIST), Control Objectives for Information and Related Technology (COBIT), Sherwood Applied Business Security Architecture (SABSA), Payment Card Industry (PCI), Federal Risk and Authorization Management Program (FedRAMP))

• Due care/due diligence

1.4 - Understand legal, regulatory, and compliance issues that pertain to information security in a holistic context

• Cybercrimes and data breaches

• Licensing and Intellectual Property requirements

• Import/export controls

• Transborder data flow

• Issues related to privacy (e.g., General Data Protection Regulation (GDPR), California Consumer Privacy Act, Personal Information Protection Law, Protection of Personal Information Act)

• Contractual, legal, industry standards, and regulatory requirements

1.5 - Understand requirements for investigation types (i.e., administrative, criminal, civil, regulatory, industry standards)

1.6 - Develop, document, and implement security policy, standards, procedures, and guidelines

1.7 - Identify, analyze, assess, prioritize, and implement Business Continuity (BC) requirements

• Business impact analysis (BIA)

• External dependencies

1.8 - Contribute to and enforce personnel security policies and procedures

• Candidate screening and hiring

• Employment agreements and policy-driven requirements

• Onboarding, transfers, and termination processes

• Vendor, consultant, and contractor agreements and controls

1.9 - Understand and apply risk management concepts

• Threat and vulnerability identification

• Risk analysis, assessment, and scope

• Risk response and treatment (e.g., cybersecurity insurance)

• Applicable types of controls (e.g., preventive, detection, corrective)

• Control assessments (e.g., security and privacy)

• Continuous monitoring and measurement

• Reporting (e.g., internal, external)

• Continuous improvement (e.g., risk maturity modeling)

• Risk frameworks (e.g., International Organization for Standardization (ISO), National Institute of Standards and Technology (NIST), Control Objectives for Information and Related Technology (COBIT), Sherwood Applied Business Security Architecture (SABSA), Payment Card Industry (PCI)

1.10 - Understand and apply threat modeling concepts and methodologies

1.11 - Apply Supply Chain Risk Management (SCRM) concepts

• Risks associated with the acquisition of products and services from suppliers and providers (e.g., product tampering, counterfeits, implants)

• Risk mitigations (e.g., third-party assessment and monitoring, minimum security requirements, service level requirements, silicon root of trust, physically unclonable function, software bill of materials)

1.12 - Establish and maintain a security awareness, education, and training program

• Methods and techniques to increase awareness and training (e.g., social engineering, phishing, security champions, gamification)

• Periodic content reviews to include emerging technologies and trends (e.g., cryptocurrency, artificial intelligence (AI), blockchain)

• Program effectiveness evaluation
  

Domain 2: Asset Security

In domain 2 of the CISSP course, you learn how to identify information and assets in an enterprise. You also learn to establish proper asset handling requirements.

2.1 - Identify and classify information and assets

• Data classification

• Asset Classification

2.2 - Establish information and asset handling requirements

2.3 - Provision information and assets securely

• Information and asset ownership

• Asset inventory (e.g., tangible, intangible)

• Asset management

2.4 - Manage data lifecycle

• Data roles (i.e., owners, controllers, custodians, processors, users/subjects)

• Data collection

• Data location

• Data maintenance

• Data retention

• Data remanence

• Data destruction

2.5 - Ensure appropriate asset retention (e.g., End of Life (EOL), End of Support)

2.6 - Determine data security controls and compliance requirements

• Data states (e.g., in use, in transit, at rest)

• Scoping and tailoring

• Standards selection

• Data protection methods (e.g., Digital Rights Management (DRM), Data Loss Prevention (DLP), Cloud Access Security Broker (CASB)
  

Domain 3: Security Architecture and Engineering

Domain 3 of the CISSP course will cover the usage of secure design principles to manage and implement engineering processes, fundamental concepts of security models, and much more.

3.1 - Research, implement, and manage engineering processes using secure design principles

• Threat modeling

• Least privilege

• Defense in depth

• Secure defaults

• Fail securely

• Segregation of Duties (SoD)

• Keep it simple and small

• Zero trust or trust but verify

• Privacy by design

• Shared responsibility

• Secure Access Service Edge

3.2 - Understand the fundamental concepts of security models (e.g., Biba, Star Model, Bell-LaPadula)

3.3 - Select controls based upon system security requirements

3.4 - Understand security capabilities of Information Systems (IS) (e.g., memory protection, Trusted Platform Module (TPM), encryption/decryption)

3.5 - Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements

• Client-based systems

• Server-based systems

• Database systems

• Cryptographic systems

• Industrial Control Systems (ICS)

• Cloud-based systems (e.g., Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS))

• Distributed systems

• Internet of Things (IoT)

• Microservices (e.g., application programming interface (API))

• Containerization

• Serverless

• Embedded systems

• High-Performance Computing Systems

• Edge computing systems

• Virtualized systems

Certified Information Systems Security Professional (CISSP) is an independent information security certification and examination conducted by the International Information System Security Certification Consortium, Inc, also known as ISC2.

The CISSP certificate involves a rigorous examination process that covers eight security domains, preparing professionals to protect information systems, corporations, and national infrastructures. With CISSP course training, you come to understand that information security is an enterprise-wide issue. It falls in the hands of the human workers to coordinate and maintain a secure information system.

The CISSP certificate is widely recognised as a vendor-neutral certification course for IT security professionals in global level. The certificate is considered to be an ideal credential for those with proven deep technical and managerial competence, skills, and experience in information technology and security domains. The certification ensures that you are capable of protecting organizations from increasingly sophisticated attacks.

Learning Objectives

Understand and apply the concepts of IT risk assessment, risk analysis, data classification, and security awareness, and implement risk management infrastructure and the principles used to support it (Risk avoidance, Risk acceptance, Risk mitigation, Risk transference)  

With a CISSP certificate, you understand the structures, transmission methods, transport formats, and security measures used to provide confidentiality, integrity, and availability for transmissions over private and public communications networks and media. Also, learn to identify risks that can be quantitatively and qualitatively measured to support the building of a business and prevent security issues in the enterprise.

Offer greater visibility into determining who or what may have altered data or system information, potentially affecting the integrity of those assets. Also, learn to identify the person or computer system responsible for the security issue.  While going through the CISSP certification training course, you’ll also learn to identify the actions that the person or computer system takes against valuable assets, allowing organizations to have a better understanding of the state of their security infrastructure.

Plan for technology development, including risk, and evaluate the system design against mission requirements. A CISSP certificate will also enable you to identify where competitive prototyping and other evaluation techniques fit in the process.

Protect and control information processing assets in centralized and distributed environments and execute the daily tasks required to keep security services operating reliably and efficiently.

During the CISSP certification training course, you will understand the Software Development Life Cycle (SDLC) and how to apply security to it, identify which security control(s) are appropriate for the development environment, and assess the effectiveness of software security.