AT Computer Solution Limited
Call Us: 01818-446835, 01711-452688

Certified Information Systems Security Professional (CISSP)

 

CISSP - Certified Information Systems Security Professional

 

Domain 1: Security and Risk Management                                                                                                             

Domain 2: Asset Security                                                                                                                                              

Domain 3: Security Engineering                                                                                                                                   

Domain 4: Communications and Network Security                                                                                                    

Domain 5: Identity and Access Management                                                                                                             

Domain 6: Security Assessment and Testing                                          

Domain 7: Security Operations                                                                                                                                     

Domain 8: Software Development Security

 

Domain 1: Security and Risk Management

1.1 Understand and apply concepts of confidentiality, integrity and availability

1.2 Apply security governance principles through:

1.3 Compliance

    »» Legislative and regulatory compliance

    »» Privacy requirements compliance

1.4 Understand legal and regulatory issues that pertain to information security in a global context

1.5 Understand professional ethics

   »» Exercise (ISC)² Code of Professional Ethics

   »» Support organization’s code of ethics

1.6 Develop and implement documented security policy, standards, procedures, and guidelines.

1.7 Understand business continuity requirements

    »» Develop and document project scope and plan

    »» Conduct business impact analysis

    »» Alignment of security function to strategy, goals,

mission, and objectives (e.g., business case, budget and resources)

   »» Organizational processes (e.g., acquisitions, divestitures, governance committees)

   »» Security roles and responsibilities

   »» Control frameworks

   »» Due care

   »» Due diligence

   »» Computer crimes

   »» Licensing and intellectual property (e.g., copyright, trademark, digital-rights management)

   »» Import/export controls                                           

   »» Trans-border data flow                                         

   »» Privacy

   »» Data breaches

CISSP Certification Exam Outline 6

1.8 Contribute to personnel security policies

1.9 Understand and apply risk management concepts

1.10 Understand and apply threat modeling

1.11 Integrate security risk considerations into acquisition strategy and practice

1.12 Establish and manage information security education, training, and awareness

   »» Appropriate levels of awareness, training, and education required within organization

   »» Periodic reviews for content relevancy

   »» Employment candidate screening (e.g., reference checks, education verification)

   »» Employment agreements and policies

   »» Employment termination processes

   »» Vendor, consultant, and contractor controls

   »» Compliance

   »» Privacy

   »» Identify threats and vulnerabilities

   »» Risk assessment/analysis (qualitative, quantitative, hybrid)

   »» Risk assignment/acceptance (e.g., system authorization)

   »» Countermeasure selection

   »» Implementation

   »» Types of controls (preventive, detective, corrective, etc.)

   »» Control assessment

   »» Monitoring and measurement

  »» Asset valuation

  »» Reporting

  »» Continuous improvement

  »» Risk frameworks

  »» Identifying threats (e.g., adversaries, contractors, employees, trusted partners)

  »» Determining and diagramming potential attacks (e.g., social engineering, spoofing)

  »» Performing reduction analysis

  »» Technologies and processes to remediate threats (e.g., software architecture and operations)

  »» Hardware, software, and services

  »» Third-party assessment and monitoring (e.g., onsite assessment, document exchange and review, process/policy review)

  »» Minimum security requirements

  »» Service-level requirements

CISSP Certification Exam Outline 7

 

Domain 2: Asset Security

2.1 Classify information and supporting assets (e.g., sensitivity, criticality)

2.2 Determine and maintain ownership (e.g., data owners, system owners, business/mission owners)

2.3 Protect privacy

2.4 Ensure appropriate retention (e.g., media, hardware, personnel)

2.5 Determine data security controls (e.g., data at rest, data in transit)

2.6 Establish handling requirements (markings, labels, storage, destruction of sensitive information)

  »» Data owners

  »» Data processers

  »» Data remanence

  »» Collection limitation

 »» Baselines

 »» Scoping and tailoring

 »» Standards selection

»» Cryptography

CISSP Certification Exam Outline 8

 

Domain 3: Security Engineering

3.1 Implement and manage engineering processes using secure design principles

3.2 Understand the fundamental concepts of security models (e.g., Confidentiality,

Integrity, and Multi-level Models)

3.3 Select controls and countermeasures based upon systems security evaluation models

3.4 Understand security capabilities of information systems (e.g., memory protection,

virtualization, trusted platform module, interfaces, fault tolerance)

3.5 Assess and mitigate the vulnerabilities of security architectures, designs, and solution

elements

3.6 Assess and mitigate vulnerabilities in web-based systems (e.g., XML, OWASP)

3.7 Assess and mitigate vulnerabilities in mobile systems

3.8 Assess and mitigate vulnerabilities in embedded devices and cyber-physical systems (e.g.,

network-enabled devices, Internet of things (loT))

3.9 Apply cryptography

»» Client-based (e.g., applets, local caches)

»» Server-based (e.g., data flow control)

»» Database security (e.g., inference, aggregation,

data mining, data analytics, warehousing)

»» Large-scale parallel data systems

»» Distributed systems (e.g., cloud computing, grid

computing, peer to peer)

»» Cryptographic systems

»» Industrial control systems (e.g., SCADA)

»» Cryptographic life cycle (e.g., cryptographic

limitations, algorithm/protocol governance)

»» Cryptographic types (e.g., symmetric, asymmetric,

elliptic curves)

»» Public Key Infrastructure (PKI)

»» Key management practices

»» Digital signatures

»» Digital rights management

»» Non-repudiation

»» Integrity (hashing and salting)

»» Methods of cryptanalytic attacks (e.g., brute force,

cipher-text only, known plaintext)

CISSP Certification Exam Outline 9

3.10 Apply secure principles to site and facility design

3.11 Design and implement physical security

»» Wiring closets

»» Server rooms

»» Media storage facilities

»» Evidence storage

»» Restricted and work area security (e.g., operations

centers)

»» Data center security

»» Utilities and HVAC considerations

»» Water issues (e.g., leakage, flooding)

»» Fire prevention, detection and suppression

CISSP Certification Exam Outline 10

 

Domain 4: Communications and Network Security

4.1 Apply secure design principles to network architecture (e.g., IP & non-IP protocols,

segmentation)

4.2 Secure network components

4.3 Design and establish secure communication channels

4.4 Prevent or mitigate network attacks

»» OSI and TCP/IP models

»» IP networking

»» Implications of multilayer protocols (e.g., DNP3)

»» Converged protocols (e.g., FCoE, MPLS, VoIP,

iSCSI)

»» Software-defined networks

»» Wireless networks

»» Cryptography used to maintain communication

security

»» Operation of hardware (e.g., modems, switches,

routers, wireless access points, mobile devices)

»» Transmission media (e.g., wired, wireless, fiber)

»» Network access control devices (e.g.,

firewalls, proxies)

»» Endpoint security

»» Content-distribution networks

»» Physical devices

»» Voice

»» Multimedia collaboration (e.g., remote meeting

technology, instant messaging)

»» Remote access (e.g., VPN, screen scraper, virtual

application/desktop, telecommuting)

»» Data communications (e.g., VLAN, TLS/SSL)

»» Virtualized networks (e.g., SDN, virtual SAN, guest

operating systems, port isolation)

CISSP Certification Exam Outline 11

 

Domain 5: Identity and Access Management

5.1 Control physical and logical access to assets

»» Information

»» Systems

»» Devices

»» Facilities

5.2 Manage identification and authentication of people and devices

5.3 Integrate identity as a service (e.g., cloud identity)

5.4 Integrate third-party identity services (e.g., on-premise)

5.5 Implement and manage authorization mechanisms

»» Role-Based Access Control (RBAC) methods

»» Rule-based access control methods

»» Mandatory Access Control (MAC)

»» Discretionary Access Control (DAC)

5.6 Prevent or mitigate access control attacks

5.7 Manage the identity and access provisioning lifecycle (e.g., provisioning, review)

»» Identity management implementation (e.g., SSO,

LDAP)

»» Single/multi-factor authentication (e.g., factors,

strength, errors)

»» Accountability

»» Session management (e.g., timeouts,

screensavers)

»» Registration and proofing of identity

»» Federated identity management (e.g., SAML)

»» Credential management systems

CISSP Certification Exam Outline 1122

6.1 Design and validate assessment and test strategies

6.2 Conduct security control testing

6.3 Collect security process data (e.g., management and operational controls)

6.4 Analyze and report test outputs (e.g., automated, manual)

6.5 Conduct or facilitate internal and third party audits

»» Vulnerability assessment

»» Penetration testing

»» Log reviews

»» Synthetic transactions

»» Code review and testing (e.g., manual, dynamic,

static, fuzz)

»» Misuse case testing

»» Test coverage analysis

»» Interface testing (e.g., API, UI, physical)

»» Account management (e.g., escalation,

revocation)

»» Management review

»» Key performance and risk indicators

»» Backup verification data

»» Training and awareness

»» Disaster recovery and business continuity

Domain 6: Security Assessment and Testing

CISSP Certification Exam Outline 13

7.1 Understand and support investigations

7.2 Understand requirements for investigation types

7.3 Conduct logging and monitoring activities

7.4 Secure the provisioning of resources

7.5 Understand and apply foundational security operations concepts

7.6 Employ resource protection techniques

»» Media management

»» Hardware and software asset management

Domain 7:

Security Operations

»» Evidence collection and handling (e.g., chain of

custody, interviewing)

»» Reporting and documenting

»» Investigative techniques (e.g., root-cause analysis,

incident handling)

»» Digital forensics (e.g., media, network, software,

and embedded devices)

»» Intrusion detection and prevention

»» Security information and event management

»» Continuous monitoring

»» Egress monitoring (e.g., data loss prevention,

steganography, watermarking)

»» Asset inventory (e.g., hardware, software)

»» Configuration management

»» Physical assets

»» Virtual assets (e.g., software-defined network,

virtual SAN, guest operating systems)

»» Cloud assets (e.g., services, VMs, storage,

networks)

»» Applications (e.g., workloads or private clouds,

web services, software as a service)

»» Need-to-know/least privilege (e.g., entitlement,

aggregation, transitive trust)

»» Separation of duties and responsibilities

»» Monitor special privileges (e.g., operators,

administrators)

»» Job rotation

»» Information lifecycle

»» Service-level agreements

»» Operational

»» Criminal

»» Civil

»» Regulatory

»» Electronic discovery (eDiscovery)

CISSP Certification Exam Outline 14

7.7 Conduct incident management

7.8 Operate and maintain preventative measures

7.9 Implement and support patch and vulnerability management

7.10 Participate in and understand change management processes (e.g., versioning, baselining,

security impact analysis)

7.11 Implement recovery strategies

7.12 Implement disaster recovery processes

7.13 Test disaster recovery plans

7.14 Participate in business continuity planning and exercises

7.15 Implement and manage physical security

»» Perimeter (e.g., access control and monitoring)

»» Internal security (e.g., escort requirements/visitor control, keys and locks)

7.16 Participate in addressing personnel safety concerns (e.g., duress, travel, monitoring)

»» Detection

»» Response

»» Mitigation

»» Reporting

»» Recovery

»» Remediation

»» Lessons learned

»» Firewalls

»» Intrusion detection and prevention systems

»» Whitelisting/Blacklisting

»» Third-party security services

»» Sandboxing

»» Honeypots/Honeynets

»» Anti-malware

»» Backup storage strategies (e.g., offsite storage,

electronic vaulting, tape rotation)

»» Recovery site strategies

»» Multiple processing sites (e.g., operationally

redundant systems)

»» System resilience, high availability, quality of

service, and fault tolerance

»» Response

»» Personnel

»» Communications

»» Assessment

»» Restoration

»» Training and awareness

»» Read-through

»» Walkthrough

»» Simulation

»» Parallel

»» Full interruption

CISSP Certification Exam Outline 15

Domain 8:

Software Development Security

8.1 Understand and apply security in the software development lifecycle

8.2 Enforce security controls in development environments

8.3 Assess the effectiveness of software security

»» Auditing and logging of changes

»» Risk analysis and mitigation

»» Acceptance testing

8.4 Assess security impact of acquired software

»» Development methodologies (e.g., Agile,

Waterfall)

»» Maturity models

»» Operation and maintenance

»» Change management

»» Integrated product team (e.g., DevOps)

»» Security of the software environments

»» Security weaknesses and vulnerabilities at

the source-code level (e.g., buffer overflow,

escalation of privilege, input/output validation)

»» Configuration management as an aspect of

secure coding

»» Security of code repositories

»» Security of application programming interfaces

CISSP Certification Exam Outline 16

 

 

 

Close

ADMISSION FORM



* Name :
Parent/Guardian :
Permanent Address :
* Current Address :
* Email :
* Phone :
* Course Title :
Sex :
Date of Birth :
Computer Knowledge :
Reference :
* Last Education :
* Occupation :
Terms & Condition:
  1. Studentship will be terminated if two uninterrupted weeks are absent.
  2. Students are bound to follow the given class schedule.


Close
965/1, Shewrapara, Kafrul, Dhaka -1216

CONTACT FORM

Personal Information
* Name :
Professional Information
Office :
Designation :
Contact Information
* Mobile :
* Email :
Academic Information
Last Education :
Other Qualification :


Close
965/1, Shewrapara, Kafrul, Dhaka -1216

AT Computer Training Survey

Student Information
* Name :
Email :
* Student ID :
Contract Number :
Course :
Section One: Instructor

left arrowstrongly agree

strongly disagreeright arrow

  • 5

  • 4

  • 3

  • 2

  • 1

left arrowstrongly agree

strongly disagreeright arrow

  • 5

  • 4

  • 3

  • 2

  • 1

left arrowstrongly agree

strongly disagreeright arrow

  • 5

  • 4

  • 3

  • 2

  • 1

left arrowstrongly agree

strongly disagreeright arrow

  • 5

  • 4

  • 3

  • 2

  • 1

left arrowstrongly agree

strongly disagreeright arrow

  • 5

  • 4

  • 3

  • 2

  • 1

Please share any comments you have about the instructor:
Section Two: Curriculum

left arrowstrongly agree

strongly disagreeright arrow

  • 5

  • 4

  • 3

  • 2

  • 1

left arrowstrongly agree

strongly disagreeright arrow

  • 5

  • 4

  • 3

  • 2

  • 1

  • No. There was not nearly enough time.
  • No. There was not enough time.
  • Yes
  • No. There was not enough material.
  • No. There was not nearly enough material.

left arrowstrongly agree

strongly disagreeright arrow

  • 5

  • 4

  • 3

  • 2

  • 1

left arrowstrongly agree

strongly disagreeright arrow

  • 5

  • 4

  • 3

  • 2

  • 1

Please share any comments you have on the training format and materials:
Section Three: Facility

left arrowstrongly agree

strongly disagreeright arrow

  • 5

  • 4

  • 3

  • 2

  • 1

left arrowstrongly agree

strongly disagreeright arrow

  • 5

  • 4

  • 3

  • 2

  • 1

left arrowstrongly agree

strongly disagreeright arrow

  • 5

  • 4

  • 3

  • 2

  • 1

Please share any comments you have about the facilities:
Section Four: Overall
Suggestion box: Our model is continual improvement. We invite you to suggest specific improvements.


Please share any comments you have about the facilities:


Please share any comments you have about the facilities:
Close

Forgot ID or Password ?
Don't have account?
Close

0.0958