• Identify and classify information and assets
• Establish information and asset handling requirements
• Provision resources securely
• Manage data lifecycle
• Ensure appropriate asset retention (e.g., End-of-Life (EOL), End-of-Support (EOS))
• Determine data security controls and compliance requirements

• Research, implement and manage engineering processes using secure design principles
• Understand the fundamental concepts of security models (e.g., Biba, Star Model, Bell-LaPadula)
• Select controls based upon systems security requirements
• Understand security capabilities of Information Systems (IS) (e.g., memory protection, Trusted Platform Module (TPM), encryption/decryption)
• Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements
• Select and determine cryptographic solutions
• Understand methods of cryptanalytic attacks
• Apply security principles to site and facility design
• Design site and facility security controls

• Assess and implement secure design principles in network architectures
• Secure network components
• Implement secure communication channels according to design

• Control physical and logical access to assets
• Manage identification and authentication of people, devices, and services
• Federated identity with a third-party service
• Implement and manage authorization mechanisms
• Manage the identity and access provisioning lifecycle

• Design and validate assessment, test, and audit strategies
• Conduct security control testing
• Collect security process data (e.g., technical and administrative)
• Analyze test output and generate report
• Conduct or facilitate security audits

• Understand and comply with investigations
• Conduct logging and monitoring activities
• Perform Configuration Management (CM) (e.g., provisioning, baselining, automation)
• Apply foundational security operations concepts
• Apply resource protection
• Conduct incident management
• Operate and maintain detective and preventative measures
• Implement and support patch and vulnerability management
• Understand and participate in change management processes
• Implement recovery strategies
• Implement Disaster Recovery (DR) processes
• Test Disaster Recovery Plans (DRP)
• Participate in Business Continuity (BC) planning and exercises
• Implement and manage physical security
• Address personnel safety and security concerns

• Understand and integrate security in the Software Development Life Cycle (SDLC)
• Identify and apply security controls in software development ecosystems
• Assess the effectiveness of software security
• Assess security impact of acquired software
• Define and apply secure coding guidelines and standards

A: The CISSP training covers a broad range of cybersecurity domains, including security and risk management, asset security, security architecture and engineering, communication and network security, identity and access management, security assessment and testing, security operations, and software development security. You will learn about industry best practices, standards, and methodologies to protect information assets effectively.

A: The CISSP training is ideal for experienced information security professionals, IT managers, security consultants, security auditors, and individuals seeking to advance their career in the field of cybersecurity. It is suitable for those responsible for designing and managing secure information systems within organizations.

A: Yes, to attend the CISSP training, you need to have a minimum of five years of cumulative, paid, full-time work experience in two or more of the eight CISSP Common Body of Knowledge (CBK) domains. Alternatively, you can meet the experience requirement with a four-year college degree or an approved credential from ISC².

A: Obtaining the CISSP certification demonstrates your expertise in information security and can open doors to new career opportunities. It enhances your credibility as a cybersecurity professional, improves your earning potential, and provides you with a competitive edge in the industry.

A: This training can be customized to address specific organizational needs. We can discuss customization options based on your requirements.