CISSP - Certified Information Systems Security Professional
Our CISSP training prepares the student to the exam to become a Certified Security Expert from the ISC2 (International Information Systems Security Certification Consortium). The certification ensures the owner has a broad knowledge of the security matters and he/she keeps his/her knowledge up to date. The certification is world wide recognized as a foundation for any Security Expert.
ISC2 defines a Common Body of Knowledge (CBK ®). The CBK defines what a Security Professional should Master in every one of those 8 Chapters. The CBK defined chapters and required knowledge is defined upon what every Security Experts need to know for his/her day-to-day work. The Certification allows to standardize those knowledge. ISC2 requires more over to the CISSP certification owner to keep his/her knowledge up to date to retain his/her certification. The CBK covers not only theoretical aspects a Security Professional needs to know but also the also more practical details a Security Professional will encounter in his/her everyday job.
Our CISSP training is fully independent of any product or organisation, giving our student a true unbiased training.
Depending of the session (one group is not another one) the training may be complete in 4 days and we are left with one full day of practice or Q&A.
Other arrangement have been found depending of the Customers.
- Chief Information Security Officer
- Chief Information Officer
- Director of Security
- IT Director/Manager
- Security Systems Engineer
- Security Analyst
- Security Manager
- Security Auditor
- Security Architect
- Security Consultant
- Network Architect
SANS's Web site : https://www.isc2.org/Certifications/CISSP
The training goes over the 1.200+ pages of the CBK book (official CBK ou "Official Study Guide" ).
Trainees will have to do the memorization work by themselves.
After the training ...
Students can always ask / call but the true nature of the CISSP is that ISC2 holds the questions and their style confidential.
Every students receives either the Official CBK book plus a set of slides or an equivalent book (we recently decided not to go for the official book as it is really a terrible one to study).
We spend 5 days for 8 - 10 hours a day going over the training materials. At your pace... sometimes we make a difficult chapter in a couple of hours and sometimes we finish a supposedly easy chapter in one day. The trainer is available from 8h00 to 19h00 (depending of the facility openings hours).
Here is a possible day by day time table. It is give as indication and NOT as something cast in Iron.
- Chapitre 0 : Consiste en une introduction où des éléments tels que :
- Structure de la semaine
- Evolution du contenu du CISSP et importance des différents chapîtres.
- Structure de l'examen
- Préparation de l'examen, conseils, recommendation, forme de certaines questions, CISSP Computerized Adaptive Testing
- Examen en Français ou en Anglais ... ?
- Le CISSP et après ?
- CISSP code of Ethics
- Domaine 1 : Security and Risk Management (Security, Risk, Compliance, Law, Regulations, and Business Continuity) Confidentiality, integrity, and availability concepts
- Security governance principles
- Legal and regulatory issues
- Professional ethic
- Security policies, standards, procedures and guidelines
- Domaine 1 (continued )
- Domaine 2 : Asset Security (Protecting Security of Assets)
- Information and asset classification
- Ownership (e.g. data owners, system owners)
- Protect privacy
- Appropriate retention
- Data security controls
- Handling requirements (e.g. markings, labels, storage)
- Domaine 3 : Security Engineering (Engineering and Management of Security)
- Engineering processes using secure design principles
- Security models fundamental concepts
- Security evaluation models
- Security capabilities of information systems
- Security architectures, designs, and solution elements vulnerabilities
- Web-based systems vulnerabilities
- Mobile systems vulnerabilities
- Embedded devices and cyber-physical systems vulnerabilities
- Site and facility design secure principles
- Physical security
- Domaine 4 :
- Communication and Network Security (Designing and Protecting Network Security) Secure network architecture design (e.g. IP & non-IP protocols, segmentation)
- Secure network components
- Secure communication channels
- Network attacks
- Domaine 4 (continued)
- Domaine 5 : Identity & Access Management (Controlling Access and Managing Identity)
- Physical and logical assets control
- Identification and authentication of people and devices
- Identity as a service (e.g. cloud identity)
- Third-party identity services (e.g. on-premise)
- Access control attacks
- Identity and access provisioning lifecycle (e.g. provisioning review)
- Domaine 6 : Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
- Assessment and test strategies
- Security process data (e.g. management and operational controls)
- Security control testing
- Test outputs (e.g. automated, manual)
- Security architectures vulnerabilities
- Domaine 7 : Security Operations (Foundational Concepts, Investigations, Incident Management, and Disaster Recovery)
- Investigations support and requirements
- Logging and monitoring activities
- Provisioning of resources
- Foundational security operations concepts
- Resource protection techniques
- Incident management
- Preventative measures
- Patch and vulnerability management
- Change management processes
- Recovery strategies
- Disaster recovery processes and plans
- Business continuity planning and exercises
- Physical security
- Personnel safety concerns
- Domaine 8 : Software Development Security (Understanding, Applying, and Enforcing Software Security)
- Security in the software development lifecycle
- Development environment security controls
- Software security effectiveness
- Acquired software security impact