Certified Information Systems Security Professional (CISSP) is the most globally recognized certification in the information security market. Required by some of the world?s most security conscious organizations, the CISSP is considered the gold standard credential that assures information security leaders possess the breadth of knowledge, skills and experience required to credibly build and manage the security posture of an organization.
Backed by (ISC)2, the global leader in information security certifications, CISSPs have earned their place as trusted advisors. Their expertise plays a critical role in helping organizations integrate stronger security protocols and protect against threats in an increasingly complex cyber security landscape.
CISSP was the first credential in the field of information to meet the stringent requirements of ISO/IEC Standard 17024. Not only is the CISSP an objective measure of excellence, but also a globally recognized standard of achievement.
Upon completing this course, the student will be able to meet these overall objectives:
- Identify key purpose, benefits, and process of information classification and how it is used to determine Access Control policies and identifying the process for assessing the effectiveness of implemented controls.
- Provide the basic understanding of Telecommunication and Network Security concepts, required components for minimizing security risks, securing channels of communication, and techniques for preventing and detecting network-based attacks.
- Define and apply the Information Security Governance and Risk Management framework including the policies, concepts, principles, structures and standards that are established for the protection of information assets, and how to assess the effectiveness of that protection.
- Explain the details of Software Development Security, including the activities and processes pertaining to the planning, programming, and management of software and systems that manage software including ways to secure applications through design and control interfaces, and assess the usefulness of their application security.
- Identify the concepts within Cryptography, including the terms and application of public and private algorithms, distribution management, methods of attack, and the application, development, and use of digital signatures for authenticity and electronic transactions, and nonrepudiation processes.
- Identify the Security Architecture and Design concepts focusing on the architecture of security systems that provide for the availability, integrity, and confidentiality of organizational assets. Learners will address concepts, principles, structures, frameworks, and standards used in the design and implementation of security requirements of individual components, and enterprise wide systems.
- Identify the key terms and processes of Security Operations and how to protect and control information processing assets in a centralized or distributed environment through the daily tasks required to keep security services operating reliably and efficiently.
- Identify and apply the Business Continuity and Disaster Recovery Planning requirements necessary to develop the preparation, processes, and practices necessary to ensure the preservation of the business in case of major disruptions to normal business operations including the project scope and planning, how to conduct a business impact analysis, identify recovery strategies, develop the recovery plan and implement it.
- Define and explain the Legal, Regulations, Investigations, and Compliance concepts of and internationally accepted methods, processes, and procedures used in computer crime legislation and regulations specific to the investigative measures and techniques used to identify the occurrence of an incidence, and the gathering, analysis, and management of evidence.
- Define and apply the requirements necessary for the overall Physical (Environmental) Security processes for the evaluation of physical, environmental, and procedural risks that might be present in a facility, organization, or structure where information systems are stored and managed.