Training: Certified Information Systems Security Professional – CISSP

Module 1: Security and Risk Management (e.g., Security, Risk, Compliance, Law, Regulations, Business Continuity)

• Lesson 1: Understand and Apply Concepts of Confidentiality, Integrity, and Availability
• Lesson 2: Apply Security Governance Principles
• Lesson 3: Compliance
• Lesson 4: Understand Legal and Regulatory Issues that Pertain to Information Security in a Global Context
• Lesson 5: Develop and Implement Documented Security Policy, Standards, Procedures, and Guidelines
• Lesson 6: Understand Business Continuity Requirements
• Lesson 7: Contribute to Personnel Security Policies
• Lesson 8: Understand and Apply Risk Management Concepts
• Lesson 9: Understand and Apply Threat Modeling
• Lesson 10: Integrate Security Risk Considerations into Acquisitions Strategy and Practice
• Lesson 11: Establish and Manage Security Education, Training, and Awareness

Module 2: Asset Security (Protecting Security of Assets)

• Lesson 1: Classify Information and Supporting Assets
• Lesson 2: Determine and Maintain Ownership
• Lesson 3: Protect Privacy
• Lesson 4: Ensure Appropriate Retention
• Lesson 5: Determine Data Security Controls
• Lesson 6: Establish Handling Requirements

Module 3: Security Engineering (Engineering and Management of Security)

• Lesson 1: Implement and Manage an Engineering Life Cycle Using Security Design Principles
• Lesson 2: Understand Fundamental Concepts of Security Models
• Lesson 3: Select Controls and Countermeasures Based Upon Information Systems Security Standards
• Lesson 4: Understand the Security Capabilities of Information Systems
• Lesson 5: Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements
• Lesson 6: Assess and Mitigate Vulnerabilities in Web-based Systems
• Lesson 7: Assess and Mitigate Vulnerabilities in Mobile Systems
• Lesson 8: Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical Systems
• Lesson 9: Apply Cryptography
• Lesson 10: Apply Secure Principles to Site and Facility Design
• Lesson 11: Design and Implement Facility Security

Module 4: Communications and Network Security (Designing and Protecting Network Security)

• Lesson 1: Apply Secure Design Principles to Network Architecture
• Lesson 2: Securing Network Components
• Lesson 3: Design and Establish Secure Communication Channels
• Lesson 4: Prevent or Mitigate Network Attacks

Module 5: Identity and Access Management (Controlling Access and Managing Identity)

• Lesson 1: Control Physical and Logical Access to Assets
• Lesson 2: Manage Identification and Authentication of People and Devices
• Lesson 3: Integrate Identity as a Service (IDaaS)
• Lesson 4: Integrate Third-Party Identity Services
• Lesson 5: Implement and Manage Authorization Mechanisms
• Lesson 6: Prevent or Mitigate Access Control Attacks
• Lesson 7: Manage the Identity and Access Provisioning Life Cycle

Module 6: Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)

• Lesson 1: Design and Validate Assessment and Test Strategies
• Lesson 2: Conduct Security Control Testing
• Lesson 3: Collect Security Process Data
• Lesson 4: Conduct or Facilitate Internal and Third-Party Audits

Module 7: Security Operations (e.g., Foundational Concepts, Investigations, Incident Management, Disaster Recovery)

• Lesson 1: Understand and Support Investigations
• Lesson 2: Understand Requirements for Investigation Types
• Lesson 3: Conduct Logging and Monitoring Activities
• Lesson 4: Secure the Provisioning of Resources through Configuration Management
• Lesson 5: Understand and Apply Foundational Security Operations Concepts
• Lesson 6: Employ Resource Protection Techniques
• Lesson 7: Conduct Incident Response
• Lesson 8: Operate and Maintain Preventative Measures
• Lesson 9: Implement and Support Patch and Vulnerability Management
• Lesson 10: Participate in and Understand Change Management Processes
• Lesson 11: Implement Recovery Strategies
• Lesson 12: Implement Disaster Recovery Processes
• Lesson 13: Test Disaster Recovery Plan
• Lesson 14: Participate in Business Continuity Planning
• Lesson 15: Implement and Manage Physical Security
• Lesson 16: Participate in Personnel Safety

Module 8: Software Development Security (Understanding, Applying, and Enforcing Software Security)

• Lesson 1: Understand and Apply Security in the Software Development Life Cycle
• Lesson 2: Enforce Security Controls in the Development Environment
• Lesson 3: Assess the Effectiveness of Software Security
• Lesson 4: Assess Software Acquisition Security