CISSP Exam Prep Course Description
As the world becomes more and more aware of the need for security, professionals in the Information System Security field vie to set themselves apart as knowledgeable, competent professionals. The CISSP exam is currently the premiere IT Security certification, satisfying Level 3 DOD 8570.1 compliance. To pass this exam, an in depth understanding of ten diverse domains are required.
- Information Security Governance and Risk Management: Understanding the principles of risk management and how they drive the strategic decisions within an organization are essential. All policies and procedures stem from an understanding of associated risks and an evaluation of our risk tolerances. Learn both Qualitative and Quantitative analysis, as it pertains to implementing security solutions and see why cost/benefit analysis is ultimately at the root of all of our governance strategies.
- Operations Security: We examine the day to day responsibilities of the security staff including, but not limited to fault tolerance, intrusion detection, as well as configuration and change management.
- Cryptography: Understanding the processes underneath applications like secure email or secure web transactions, the Cryptography domains includes an examination on both public and private key cryptography, Integrity techniques as well as the non-repudiation services. IPSec, SSL, SSH, WPAII, PGP, S/MIME and other technologies are explored in appropriate depth.
- Access Control: Exploration of the ways we restrict the capabilities that subjects have in relation to network objects and resources. Elements include Kerberos, Biometric Authentication, RADIUS, as well as security principles and access control models.
- Telecommunications and Network Security: Networking principles and foundational theory are explored in this domain. The OSI Reference Model, Well-known protocols, network devices and technologies explained for understanding and comprehension. Networking made easy, so to speak!
- Physical Security: This domain looks at the more tangible elements of security operations—those designed to protect the safety of our employees and tangible assets.
- Laws, Investigations and Ethics: Since, in many instances, company policies are driven by industry specific laws and regulations, it is essential that a CISSP understands those relevant standards. Additionally, evidence collection and ethical behavior are also considered.
- Security Architecture and Design: Perfect the process and the product will follow. The central premise of this domain is to provide a rigorous method for the design of a system, with inherent security, as opposed to implementing security as an afterthought. Explore foundational security models like The System State Model, Bell-LaPadula, Clark-Wilson and others and learn how secure design enforces secure operation.
- Software Development Security: Once Again, the design process determines the security of the product. Technical project management, exploration of the Software Development Lifecycle, Database design and protection are the main topics covered.
- Business Continuity and Disaster Recovery Planning: The final domain is essentially what it is all about—Keeping the business going, thriving and moving forward, no matter what. The key to long term health in the face of disasters or major disruptions is through planning. Learn the differing components of a BCP/DRP and how each element affects the overall process and success of the plan within the context of the CISSP exam.
Our CISSP Exam Prep Boot Camp is designed to provide six intense days of training and study using proven training methods and custom courseware designed by information security training specialists. Our materials take complex topics and make them easy to understand by focusing on comprehension of material, instead of memorization of facts. It is this approach that gives our students the advantage on the CISSP exam and we boast over a 90% first time pass rate. Suggested, but not mandatory prerequisites are Security+, Network+ or equivalent experience.
CISSP® certification is a globally recognized standard of achievement that confirms an individual's knowledge in the field of information security. CISSPs are information assurance professionals who define the architecture, design, management and/or controls that assure the security of business environments. It was the first certification in the field of information security to meet the stringent requirements of ISO/IEC Standard 17024.
Relevant Job Titles
- Security Consultant
- Security Manager
- IT Director/Manager
- Security Auditor
- Security Architect
- Security Analyst
- Security Systems Engineer
- Chief Information Security Officer
- Director of Security
- Network Architect
You must have a minimum of five years of direct full-time security work experience in two or more of these 10 domains of the (ISC)² CISSP CBK®:
- Access Control – a collection of mechanisms that work together to create security architecture to protect the assets of the information system.
- Telecommunications and Network Security – discusses network structures, transmission methods, transport formats and security measures used to provide availability, integrity and confidentiality.
- Information Security Governance and Risk Management – the identification of an organization’s information assets and the development, documentation and implementation of policies, standards, procedures and guidelines.
- Software Development Security – refers to the controls that are included within systems and applications software and the steps used in their development.
- Cryptography – the principles, means and methods of disguising information to ensure its integrity, confidentiality and authenticity.
- Security Architecture and Design – contains the concepts, principles, structures and standards used to design, implement, monitor, and secure, operating systems, equipment, networks, applications, and those controls used to enforce various levels of confidentiality, integrity and availability.
- Operations Security – used to identify the controls over hardware, media and the operators with access privileges to any of these resources.
- Business Continuity and Disaster Recovery Planning – addresses the preservation of the business in the face of major disruptions to normal business operations.
- Legal, Regulations, Investigations and Compliance – addresses computer crime laws and regulations; the investigative measures and techniques which can be used to determine if a crime has been committed and methods to gather evidence.
- Physical (Environmental) Security – addresses the threats, vulnerabilities and countermeasures that can be utilized to physically protect an enterprise’s resources and sensitive information.
|Number of Questions||250||Only 225 questions are graded. The other 25 questions are for research purposes but they are mixed into the entire 250 questions so you won’t know what questions are graded. You need to answer every question as if it’s graded.|
|Type of questions||Multiple choice||The questions are basic multiple choice questions. You may have some scenario-based items where you’ll read a scenario and then answer two or more questions related to the scenario. You aren’t penalized for wrong answers, so make sure you answer each question.|
|Time Limit||6 hours||You’re expected to arrive at 8 AM, instructions begin at 8:30, and the exam starts at 9. If you’re late, you probably won’t be allowed in. You’ll have until 3:00 PM to complete the exam.|
|Passing score||700/1000||The questions are weighted, so a score of 700 doesn’t indicate that you need to get exactly 70 questions correct.|