Menu Search Sign up

Preparing for CISSP Certification Exam

Overview of CISSP Certification

CISSP® certification is a globally recognized standard of achievement that confirms an individual's knowledge in the field of information security. CISSPs are information assurance professionals who define the architecture, design, management and/or controls that assure the security of business environments. It was the first certification in the field of information security to meet the stringent requirements of ISO/IEC Standard 17024.

CISSP certification is offered by (ISC)², the International Information Systems Security Certification Consortium, Inc. Headquartered in the United States and with offices in London, Hong Kong and Tokyo, (ISC)² is a global, not-for-profit leader in certifying information security professionals.

The CISSP exam tests one's competence in the ten CISSP domains of the (ISC)²® CBK®, which cover critical topics in security today, including risk management, cloud computing, mobile security, application development security and more. Candidates must have a minimum of five years of experience in two of the ten domains.

CISSPs often hold job functions including:

  •     Security Consultant
  •     Security Manager
  •     IT Director/Manager
  •     Security Auditor
  •     Security Architect
  •     Security Analyst
  •     Security Systems Engineer
  •     Chief Information Security Officer
  •     Director of Security
  •     Network Architect

The CISSP exam is based on the following ten domains:

  •     Access Control
  •     Telecommunications and Network Security
  •     Information Security Governance and Risk Management
  •     Software Development Security
  •     Cryptography
  •     Security Architecture and Design
  •     Operations Security
  •     Business Continuity and Disaster Recovery Planning
  •     Legal, Regulations, Investigations and Compliance
  •     Physical (Environmental) Security

To get the CISSP certification, you will need to:

1. Meet the CISSP eligibility requirements
2. Pass the CISSP exam

If you don't yet have the necessary experience to meet the CISSP eligibility requirements, you may earn the Associate of (ISC)² designation by passing the required CISSP examination.

The CISSP eligibility requirements is as follows:

CISSP candidates must have a minimum of five years of direct full-time security professional work experience in two or more of the ten domains of the (ISC)2®  CISSP CBK®, or four years of direct full-time security professional work experience in two or more of the ten domains of the CISSP CBK with a college degree. Alternatively, there is a one-year waiver of the professional experience requirement for holding an additional credential on the (ISC)2 approved list.

For more information about CISSP certification, refer to https://www.isc2.org/cissp/default.aspx.

e2College offers a training course to help you prepare for CISSP Certification exam. The training course "Preparing for CISSP Certification Exam" includes activities and hands-on exercises to reinforce understanding of the 10 domains of CISSP CBK.

The course is taught by e2College instructors holding current CISSP certification and who are leaders in the information security industry.

Course Objectives

The objective of this course is to help students gain knowledge in the 10 domains of CISSP core body of knowledge and to prepare for the CISSP certification exam.

Course Content

The training course "Preparing for CISSP Certification Exam" covers the following topics:

Security Architecture and Models

  • Computer hardware architecture
  • Operating system architectures
  • Trusted computing base and security mechanisms
  • Protection mechanisms within an operating system
  • Various security models
  • Assurance evaluation criteria and ratings
  • Certification and accreditation processes
  • Attack types

Security Management Practices

  • Security management responsibilities
  • Difference between administrative, technical, and physical controls
  • Three main security principles
  • Risk management and risk analysis
  • Security policies
  • Information classification
  • Security-awareness training

Telecommunications and Network Security

  • OSI model
  • TCP/IP and many other protocols
  • LAN, WAN, MAN, intranet, and extranet technologies
  • Cable types and data transmission types
  • Network devices and services
  • Communications security management
  • Telecommunications devices
  • Remote access methods and technologies
  • Wireless technologies

Physical Security

  • Administrative, technical, and physical controls
  • Facility location, construction, and management
  • Physical security risks, threats, and countermeasures
  • Electric power issues and countermeasures
  • Fire prevention, detection, and suppression
  • Intrusion detection systems

Laws, Investigation, and Ethics

  • Ethics, pertaining to information security professionals and best practices
  • Computer crimes and computer laws
  • Motives and profiles of attackers
  • Computer crime investigation process and evidence collection
  • Incident-handling procedures
  • Various types of evidence
  • Laws and acts put into effect to fight computer crime

Access Control Systems and Methodology

  • Identification methods and technologies
  • Authentication methods, models, and technologies
  • Discretionary, mandatory, and nondiscretionary models
  • Accountability, monitoring, and auditing practices
  • Emanation security and technologies
  • Intrusion detection systems
  • Possible threats to access control practices and technologies

Cryptography

  • History of cryptography
  • Cryptography components and their relationships
  • Government involvement in cryptography
  • Symmetric and asymmetric key algorithms
  • Public key infrastructure (PKI) concepts and mechanisms
  • Hashing algorithms and uses
  • Types of attacks on cryptosystems

Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP)

  • Project initiation steps
  • Recovery and continuity planning requirements
  • Business impact analysis
  • Selecting, developing, and implementing disaster and continuity plans
  • Backup and offsite facilities
  • Types of drills and tests

Application and System Development

  • Various types of software controls and implementation
  • Database concepts and security issues
  • Data warehousing and data mining
  • Software life-cycle development processes
  • Change control concepts
  • Object-oriented programming components
  • Expert systems and artificial intelligence

Operations Security

  • Administrative management responsibilities
  • Product evaluation and operational assurance
  • Configuration management
  • Trusted recovery states
  • Redundancy and fault-tolerant systems
  • E-mail security
  • Threats to operations security

Course Format & Schedule

The training course "Preparing for CISSP Certification Exam" is offered as an online live class and you can log in at the scheduled times and join your instructor and classmates in an interactive virtual classroom. Classes meet two evenings a week for six weeks for a total of 12 sessions. The evening class time is usually between 7:30pm to 10:00pm local time (Specific class time may vary a little to accomodate attendees from different time zones).

Course Prerequisites

The training course "Preparing for CISSP Certification Exam" is valuable for those planning to take the (ISC)2 CISSP Certification exam. To get the CISSP certification, you will need to meet the CISSP eligibility requirements, which requires CISSP candidates to have a minimum of five years of direct full-time security professional work experience in two or more of the ten domains of the (ISC)2®  CISSP CBK®, or four years of direct full-time security professional work experience in two or more of the ten domains of the CISSP CBK with a college degree. Alternatively, there is a one-year waiver of the professional experience requirement for holding an additional credential on the (ISC)2 approved list.