International Institute for Learning, Inc.
Project Management for IT Professionals

Prep Course for the (ISC)2® Certified Information Systems
Security Professional (CISSP®) Exam

The Gold Standard in Information Security Certification

Print Download PDF  
Traditional Classroom
Course No.:
5 Days
35 PDUs / 3.5 CEUs
Virtual Classroom
Course No.:
Ten 3-hour sessions
30 PDUs / 3.0 CEUs
  • Possess a minimum of five years of direct full-time work experience in two or more of the ten (ISC)2 information security domains. One year may be waived under certain conditions
  • Have the qualifications endorsed by another CISSP in good standing
Course Level:



About the Program
The CISSP certification is a globally recognized standard of achievement that confirms an individual’s knowledge in the field of information security. CISSPs are information assurance professionals who define the architecture, design, management, and/or implement controls that assure the security of business environments.

It is the first certification in the field of Information Security to meet the stringent requirements of the SO/IEC Standard 17024:2003. It is also formally approved by the U.S. Department of Defense for their DoDD 8570 certification requirement.

Now amended to reflect the latest version update – CISSP 2015.

Who Should Attend

  • CTOs
  • IT Directors
  • Managers
  • Security Directors
  • Auditors
  • Architects

What You Will Learn
The CISSP taxonomy encompassed in its Common Body of Knowledge covers the following eight domains:

Security and Risk Management (Security, Risk, Compliance, Law, Regulations, and Business Continuity)

  • Confidentiality, integrity, and availability concepts 
  • Security governance principles
  • Compliance
  • Legal and regulatory issues
  • Professional ethics
  • Security policies, standards, procedures, and guidelines

Asset Security (Protecting Security of Assets)

  • Information and asset classification
  • Ownership (e.g., data owners, system owners)
  • Protect privacy
  • Appropriate retention
  • Data security controls
  • Handling requirements (e.g., markings, labels, storage)

Security Engineering (Engineering and Management of Security)

  • Engineering processes using secure design principles
  • Security models – fundamental concepts
  • Security evaluation models
  • Security capabilities of information systems
  • Security architectures, designs, and solution elements vulnerabilities
  • Web-based systems vulnerabilities
  • Mobile systems vulnerabilities
  • Embedded devices and cyber-physical systems vulnerabilities
  • Cryptography
  • Site and facility design secure principles
  • Physical security  

Communication and Network Security (Designing and Protecting Network Security)

  • Secure network architecture design (e.g., IP & non-IP protocols, segmentation)
  • Secure network components
  • Secure communication channels
  • Network attacks  

Identity and Access Management (Controlling Access and Managing Identity)

  • Physical and logical assets control
  • Identification and authentication of people and devices
  • Identity as a service (e.g., Cloud identity)
  • Third-party identity services (e.g., on-premise)
  • Access control attacks
  • Identity and access provisioning lifecycle (e.g., provisioning review)  

Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)

  • Assessment and test strategies
  • Security process data (e.g., management and operational controls)
  • Security control testing
  • Test outputs (e.g., automated, manual)
  • Security architectures vulnerabilities

Security Operations (Foundational Concepts, Investigations, Incident Management, and Disaster Recovery)

  • Investigations support and requirements
  • Logging and monitoring activities
  • Provisioning of resources
  • Foundational security operations concepts
  • Resource protection techniques
  • Incident management
  • Preventative measures
  • Patch and vulnerability management
  • Change management processes
  • Recovery strategies
  • Disaster recovery processes and plans
  • Business continuity planning and exercises
  • Physical security
  • Personnel safety concerns

Software Development Security (Understanding, Applying, and Enforcing Software Security)

  • Security in the software development lifecycle
  • Development environment security controls
  • Software security effectiveness
  • Acquired software security impact

CISSP Certification Qualifications
Apart from the requirements detailed above, the candidate must submit an application directly with (ISC)2, pay the requisite fees, and pass the six-hour, computer-based, 250-question exam.

©2000-2018 International Institute for Learning, Inc.