Certified Information Systems Security Professional Course And Certification

Certified Information Systems Security Professional (CISSP) 

As at July 2020, over 140,000 security professionals had been CISSP certified. (ISC)2, arguably the world's leading cybersecurity professional organization, introduced the Certified Information Security Systems Professional (CISSP) Certification in 1994. An understanding of security principles and practices is required.

What is the CISSP?

The CISSP is one of the most sought-after security certifications. In order to demonstrate a security professional's ability to develop, engineer, implement, and manage an information security program.

Many security professionals seek the CISSP certification because of the high salary and predicted career growth.

The CISSP requires a difficult exam and much work experience, yet its popularity shows that most security professionals can achieve certification.

The CISSP exam is a three-hour, 150 question multiple-choice test. A candidate must score 700 or more out of 1000 potential points to pass this exam. The (ISC)2 certification bearer must also formally embrace the CISSP Code of Ethics.

What are the job opportunities?

While (ISC)2 does not publish a comprehensive list of appropriate work experience for the CISSP certification, its promotional materials suggest the following jobs:

• IT manager
• CIO
• Security director
• Network guru
• Security expert
• Scofflaw
• SEC auditor

What are the requirements?

(ISC)2 evaluates security job experience provided as part of a CISSP certification application for educational and professional achievements. College degrees, management skills, and knowledge of security techniques and principles are required.

Candidate must have experience in two or more of the eight domains of the (ISC)2 CISSP Common Body of Knowledge (CBK).

Notably, an applicant without the qualifying experience to become a CISSP may become an Associate of (ISC)2. The (ISC)2 Associate will then have six years to achieve the CISSP experience.

CISSP salary data

The CISSP is a highly sought-after professional designation, partly because to its high compensation. In 2018, the average CISSP salary was $131,030. It's safe to say that the present skills gap in information security positions has driven CISSP wages even higher.

According to the US Bureau of Labor Statistics, job growth for Information Security Analysts is anticipated to be 31% from 2019 to 2029.

The CISSP is approved by the US Department of Defense and opens doors inside the US Federal Government. Members of (ISC)2earn 35% more than non-members.

The CISSP is a globally recognized certification that can lead to global travel and opportunities.

If there was just one professional certification for information security professionals to consider, it would be the CISSP. It is the most complete and generally recognized certification.

The CISSP is designed to be difficult. Employers respect certifications based on their level of knowledge and expertise. A CISSP is required for many high-level security professions and is a benchmark for security leaders.

CISSP Course Outline

Chapter 1: Security and Risk Management

• Security terminology and principles

• Protection control types

• Security frameworks, models, standards, and best practices

• Computer laws and crimes

• Intellectual property

• Data breaches

• Risk management

• Threat modeling

• Business continuity and disaster recovery

• Personnel security

• Security governance

Chapter 2: Asset Security

• Information life cycle

• Information classification and protection

• Information ownership

• Protection of privacy

• Information retention

• Data security controls

• Data handling requirements

Chapter 3: Security Architecture and Engineering

• System architecture

• Trusted computing base and security mechanisms

• Information security software models

• Assurance evaluation criteria and ratings

• Certification and accreditation processes

• Distributed systems security

• Cryptography components and their relationships

• Steganography

• Public key infrastructure (PKI)

• Site and facility design considerations

• Physical security risks, threats, and countermeasures

• Electric power issues and countermeasures

• Fire prevention, detection, and suppression

Chapter 4: Communication and Network Security

• OSI and TCP/IP models

• Protocol types and security issues

• LAN, WAN, MAN, intranet, and extranet technologies

• Transmission media

• Wireless technologies

• Network devices and services

• Communications security management

• Remote access technologies

• Threats and attacks

• Software-defined networks

• Content distribution networks

• Multilayer protocols

• Convergent network technologies

Chapter 5: Identity and Access Management

• Identification methods and technologies

• Authentication methods, models, and technologies

• Discretionary, mandatory, and nondiscretionary models

• Accountability, monitoring, and auditing practices

• Registration and proof of identity

• Identity as a Service

• Threats to access control practices and technologies

Chapter 6: Security Assessment and Testing 

• Internal, external, and third-party audits

• Vulnerability testing

• Penetration testing

• Log reviews

• Synthetic transactions

• Code review and testing

• Misuse case testing

• Interface testing

• Account management

• Backup data verification

• Disaster recovery and business continuity

• Security training and security awareness

• Key performance and risk indicators

• Analyzing and reporting

• Management review and approval

Chapter 7: Security Operations

• Operations department responsibilities

• Administrative management responsibilities

• Physical security

• Secure resource provisioning

• Network and resource availability

• Preventive and detective measures

• Incident management

• Investigations

• Disaster recovery

• Liability

• Personnel safety concerns

Chapter 8: Software Development Security

• Common software development issues

• Software development life cycles

• Secure software development approaches

• Development/operations integration (DevOps)

• Change control and configuration management

• Security of code repositories

• Programming language types

• Database concepts and security issues

• Malware types and attacks

Chapter 9: Video Lectures

Chapter 10: Examination