Course Outline

Certified Information Systems Security Professional


30 Hours




The Certified Information Systems Security Professional (CISSP) is the most globally recognized certification in the information security market. CISSP validates an information security professional’s deep technical and managerial knowledge and experience to effectively design, engineer, and manage the overall security posture of an organization.

Target Audience

  • Security Consultant
  • Security Manager
  • IT Director/Manager
  • Security Auditor
  • Security Architect
  • Security Analyst
  • Security Systems Engineer
  • Chief Information Security Officer
  • Director of Security
  • Network Architect


Candidates must have a minimum of five years cumulative paid work experience in two or more of the eight domains of the CISSP CBK. Earning a four-year college degree or regional equivalent or an additional credential from the (ISC)² approved list will satisfy one year of the required experience. Education credit will only satisfy one year of experience.

A candidate who doesn’t have the required experience to become a CISSP may become an Associate of (ISC)² by successfully passing the CISSP examination. The Associate of (ISC)² will then have six years to earn the five years required experience.

Skills Gained

The CISSP is often described as “a mile wide and an inch deep.” Yet this enduring description is factually incorrect. The CISSP covers the fundamental elements of the entire cybersecurity field – from security and risk management to communication and network security to security testing and operations. It ensures that a certified professional understands all aspects of information security and, most critically, how the aspects of the information security environment they themselves work on will interact with the overall organizational ecosystem.

Certificate and Exam

Lenght of Exam: 3 hours

Number of Items: 100-150

Item format: Multiple choice and advanced innovative items

Pasing grade: 700 out of 1000 points

Topics Covered

  • Security and Risk Management
    • Security Governance Principles

    • Compliance

    • Professional Ethics

    • Security Documentation

    • Risk Management

    • Threat Modeling

    • Business Continuity Plan Fundamentals

    • Acquisition Strategy and Practice

    • Personnel Security Policies

    • Security Awareness and Training

  • Asset Security
    • Asset Classification

    • Privacy Protection

    • Asset Retention

    • Data Security Controls

    • Secure Data Handling

  • Security Architecture and Engineering
    • Security in the Engineering Lifecycle

    • System Component Security

    • Security Models

    • Controls and Countermeasures in Enterprise Security

    • Information System Security Capabilities

    • Design and Architecture Vulnerability Mitigation

    • Vulnerability Mitigation in Mobile, IoT, Embedded, and Web-Based Systems

    • Cryptography Concepts

    • Cryptography Techniques

    • Site and Facility Design for Physical Security

    • Physical Security Implementation in Sites and Facilities

  • Communications and Network Security
    • Network Protocol Security

    • Network Components Security

    • Communication Channel Security

    • Network Attack Mitigation

  • Identity and Access Management
    • Physical and Logical Access Control

    • Identification, Authentication, and Authorization

    • Identity as a Service

    • Authorization Mechanisms

    • Access Control Attack Mitigation

  • Security Assessment and Testing
    • System Security Control Testing

    • Software Security Control Testing

    • Security Process Data Collection

    • Audits

  • Security Operations
    • Security Operations Concepts

    • Physical Security

    • Personnel Security

    • Logging and Monitoring

    • Preventative Measures

    • Resource Provisioning and Protection

    • Patch and Vulnerability Management

    • Change Management

    • Incident Response

    • Investigations

    • Disaster Recovery Planning

    • Disaster Recovery Strategies

    • Disaster Recovery Implementation

  • Software Development Security
    • Security Principles in the System Lifecycle

    • Security Principles in the Software Development Lifecycle

    • Database Security in Software Development

    • Security Controls in the Development Environment

    • Software Security Effectiveness Assessment