The CISSP Exam
Physical (Environmental) Security
Security Architecture and Design
Software Development Security
Information Security Governance and Risk Management
Telecommunications and Network Security
The CISSP: Certified Information Systems Security Professional Certification certification training package covers topics such as Access Control Systems, Cryptography, and Security Management Practices, teaching students the eight domains of information system security knowledge.
The new eight domains are:
- Security and Risk Management
- Asset Security
- Security Engineering
- Communications and Network Security
- Identity and Access Management
- Security Assessment and Testing
- Security Operations
- Software Development Security
The CISSP Certification is administered by the International Information Systems Security Certification Consortium or (ISC)². (ISC)² promotes the CISSP exam as an aid to evaluating personnel performing information security functions. Candidates for this exam are typically network security professionals and system administrators with at least four years of direct work experience in two or more of the ten test domains. As the first ANSI ISO accredited credential in the field of information security, the Certified Information Systems Security Professional (CISSP) certification provides information security professionals with not only an objective measure of competence, but a globally recognized standard of achievement.
Who this course is for:
- Experienced IT security-related practitioners, auditors, consultants, investigators or instructors, including network or security analysts and engineers, network administrators, information security specialists and risk management professionals, who wish to advance their current computer security careers
Skills Measured by CISSP Certification
The CISSP certification exam measures your skills and expertise in ten (10) key information security domains:
- Access Control – A collection of mechanisms that work together to create security architecture to protect the assets of the information system.
- Telecommunications and Network Security – Discusses network structures, transmission methods, transport formats and security measures used to provide availability, integrity and confidentiality.
- Information Security Governance and Risk Management – The identification of an organization’s information assets and the development, documentation and implementation of policies, standards, procedures and guidelines.
- Application Development Security – Refers to the controls that are included within systems and applications software and the steps used in their development.
- Cryptography – The principles, means and methods of disguising information to ensure its integrity, confidentiality and authenticity.
- Security Architecture and Design – Contains the concepts, principles, structures and standards used to design, implement, monitor, and secure, operating systems, equipment, networks, applications, and those controls used to enforce various levels of confidentiality, integrity and availability.
- Operations Security – Used to identify the controls over hardware, media and the operators with access privileges to any of these resources.
- Business Continuity and Disaster Recovery Planning – Addresses the preservation of the business in the face of major disruptions to normal business operations.
- Legal, Regulations, Investigations and Compliance – Addresses computer crime laws and regulations; the investigative measures and techniques which can be used to determine if a crime has been committed and methods to gather evidence.
- Physical (Environmental) Security – Addresses the threats, vulnerabilities and countermeasures that can be utilized to physically protect an enterprise’s resources and sensitive information.