CISSP - Certified Information Systems Security Professional

General information

Approach

Our CISSP training prepares the student to the exam to become a Certified Security Expert from the ISC2 (International Information Systems Security Certification Consortium). The certification ensures the owner has a broad knowledge of the security matters and he/she keeps his/her knowledge up to date. The certification is world wide recognized as a foundation for any Security Expert.

ISC2 defines a Common Body of Knowledge (CBK ®). The CBK defines what a Security Professional should Master in every one of those 8 Chapters. The CBK defined chapters and required knowledge is defined upon what every Security Experts need to know for his/her day-to-day work. The Certification allows to standardize those knowledge. ISC² requires more over to the CISSP certification owner to keep his/her knowledge up to date to retain his/her certification. The CBK covers not only theoretical aspects a Security Professional needs to know but also the also more practical details a Security Professional will encounter in his/her everyday job.

Our CISSP training is fully independent of any product or organisation, giving our student a true unbiased training.

Your pace

Depending of the session (one group is not another one) the training may be complete in 4 days and we are left with one full day of practice or Q&A.

Other arrangement have been found depending of the Customers.

Course change

Lately the course was changed : Aug. 2018. Our course has been adapted to reflect those changes.

Schedule

We spend 5 days for 8 - 10 hours a day going over the training materials. At your pace... sometimes we make a difficult chapter in a couple of hours and sometimes we finish a supposedly easy chapter in one day. The trainer is available from 8h00 to 19h00 (depending of the facility openings hours).

Here is a possible day by day time table. It is give as indication and NOT as something cast in Iron.

DAY-1

• Chapitre 0 : Consiste en une introduction où des éléments tels que :
  • Structure de la semaine
  • Evolution du contenu du CISSP et importance des différents chapîtres.
  • Structure de l'examen
  • Préparation de l'examen, conseils, recommendation, forme de certaines questions, CISSP Computerized Adaptive Testing
  • Examen en Français ou en Anglais ... ?
  • Le CISSP et après ?
  • CISSP code of Ethics
• Domaine 1 : Security and Risk Management (Security, Risk, Compliance, Law, Regulations, and Business Continuity) Confidentiality, integrity, and availability concepts
  • Security governance principles
  • Compliance
  • Legal and regulatory issues
  • Professional ethic
  • Security policies, standards, procedures and guidelines

DAY-2

• Domaine 1 (continued )
• Domaine 2 : Asset Security (Protecting Security of Assets)
  • Information and asset classification
  • Ownership (e.g. data owners, system owners)
  • Protect privacy
  • Appropriate retention
  • Data security controls
  • Handling requirements (e.g. markings, labels, storage)

DAY-3

• Domaine 3 : Security Engineering (Engineering and Management of Security)
  • Engineering processes using secure design principles
  • Security models fundamental concepts
  • Security evaluation models
  • Security capabilities of information systems
  • Security architectures, designs, and solution elements vulnerabilities
  • Web-based systems vulnerabilities
  • Mobile systems vulnerabilities
  • Embedded devices and cyber-physical systems vulnerabilities
  • Cryptography
  • Site and facility design secure principles
  • Physical security
• Domaine 4 :
  • Communication and Network Security (Designing and Protecting Network Security) Secure network architecture design (e.g. IP & non-IP protocols, segmentation)
  • Secure network components
  • Secure communication channels
  • Network attacks

DAY-4

• Domaine 4 (continued)
• Domaine 5 : Identity & Access Management (Controlling Access and Managing Identity)
  • Physical and logical assets control
  • Identification and authentication of people and devices
  • Identity as a service (e.g. cloud identity)
  • Third-party identity services (e.g. on-premise)
  • Access control attacks
  • Identity and access provisioning lifecycle (e.g. provisioning review)
• Domaine 6 : Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
  • Assessment and test strategies
  • Security process data (e.g. management and operational controls)
  • Security control testing
  • Test outputs (e.g. automated, manual)
  • Security architectures vulnerabilities

DAY-5

• Domaine 7 : Security Operations (Foundational Concepts, Investigations, Incident Management, and Disaster Recovery)
  • Investigations support and requirements
  • Logging and monitoring activities
  • Provisioning of resources
  • Foundational security operations concepts
  • Resource protection techniques
  • Incident management
  • Preventative measures
  • Patch and vulnerability management
  • Change management processes
  • Recovery strategies
  • Disaster recovery processes and plans
  • Business continuity planning and exercises
  • Physical security
  • Personnel safety concerns
• Domaine 8 : Software Development Security (Understanding, Applying, and Enforcing Software Security)
  • Security in the software development lifecycle
  • Development environment security controls
  • Software security effectiveness
  • Acquired software security impact

Other

After the training ...

Students can always ask / call but the true nature of the CISSP is that ISC2 holds the questions and their style confidential.

Material provided

Every students receives either the Official CBK book plus a set of slides or an equivalent book (we recently decided not to go for the official book as it is really a terrible one to study).

Last update : April 20, 2020