Trainings
Training on Certified Information Systems Security Professional (CISSP)
42 Hours – online (once in a week)
Starting date: Workshop- 7th Aug 2021
Course outline
1. Security and Risk management
Understand and apply security concepts
Evaluate and apply security governance principles
Determine compliance and other requirements
Understand legal and regulatory issues that pertain to information security in a holistic context
Understand requirements for investigation types (i.e., administrative, criminal, civil, regulatory, industry standards)
Develop, document, and implement security policy, standards, procedures, and guidelines
Identify, analyze, and prioritize Business Continuity (BC) requirements
Contribute to and enforce personnel security policies and procedure
Understand and apply risk management concepts
Understand and apply threat modeling concepts and methodologies
Apply Supply Chain Risk Management (SCRM) concepts
Establish and maintain a security awareness, education, and training program
2. Asset Security
Identify and classify information and assets
Establish information and asset handling requirements
Provision resources securely
Manage data lifecycle
Ensure appropriate asset retention (e.g., End-of-Life (EOL), End-of-Support (EOS))
Determine data security controls and compliance requirements (DRM, CASB, DLP)
3. Security Architecture and Engineering
Research, implement and manage engineering processes using secure design principles
Understand the fundamental concepts of security models (e.g., Biba, Star Model, Bell-LaPadula)
Select controls based upon systems security requirements
Understand security capabilities of Information Systems (IS) (e.g., memory protection, Trusted Platform Module (TPM), encryption/decryption)
Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements
Select and determine cryptographic solutions
Understand methods of cryptanalytic attacks
Apply security principles to site and facility design
Design site and facility security controls
4. Communication and Network Security
Assess and implement secure design principles in network architectures
Secure network components
Multilayer protocol
Implement secure communication channels according to design
Network Attacks
5. Identity and Access Management (IAM)
Control physical and logical access to assets
Manage identification and authentication of people, devices, and services
(Single Sign On (SSO) » Just-In-Time (JIT))
Federated identity with a third-party service
Implement and manage authorization mechanisms
Manage the identity and access provisioning lifecycle
Implement authentication systems
6. Security Assessment and Testing
Design and validate assessment, test, and audit strategies
Conduct security control testing
Collect security process data (e.g., technical and administrative)
Analyze test output and generate report
Conduct or facilitate security audits
7. Security Operations
Understand and comply with investigations
Conduct logging and monitoring activities
Perform Configuration Management (CM) (e.g., provisioning, baselining, automation)
Conduct incident management
Operate and maintain detective and preventative measures
Implement and support patch and vulnerability management
Understand and participate in change management processes
Implement recovery strategies
Implement Disaster Recovery (DR) processes
Test Disaster Recovery Plans (DRP)
Participate in Business Continuity (BC) planning and exercises
Implement and manage physical security
Address personnel safety and security concerns
8. Software Development Security
Understand and integrate security in the Software Development Life Cycle (SDLC)
Identify and apply security controls in software development ecosystems
Assess the effectiveness of software security
Assess security impact of acquired software
Define and apply secure coding guidelines and standards
