Overview
This course provides an AI-led adaptive learning platform through which individualized paths are provided based on prior knowledge, learning speed, and confidence levels. As learners experience the material, they answer questions using the accompanying sliders to rate their level of confidence, which helps to detect knowledge gaps while building self-awareness regarding competency. Analytics provide a complete overview into one’s learning progress and performance. A robust search feature enables learners to find specific content for reinforcement and further study. Key takeaway documents are useful study materials for reviewing concepts and reflecting on learning. The practical assessment helps learners to evaluate their mastery and understanding of domain concepts as they prepare for the certification examination.
This course leverages the power of artificial intelligence to guide students through a self-paced learning experience adapted to their unique needs. Providing a comprehensive review of information systems security concepts and industry best practices included in the CISSP Common Body of Knowledge (CBK), this data-driven experience brings to participants interactive study materials guided by their level of understanding and confidence, nurturing self-awareness and boosting learning efficiency.
- Domain 1: Security and Risk Management
- Domain 2: Asset Security
- Domain 3: Security Architecture and Engineering
- Domain 4: Communication and Network Security
- Domain 5: Identity and Access Management (IAM)
- Domain 6: Security Assessment Testing
- Domain 7: Security Operations
- Domain 8: Software Development Security
Program provides:
- 180-day access
- Self-Paced Online Adaptive Learning Journey
- Data-driven analytics dashboard providing real-time feedback on learner progress
- Robust search functionality to home in on topics
- Digital Textbook
- Knowledge checks
- Sliders to gauge confidence with question answers
- Key Takeaways
- Interactive content
- Online interactive flash cards
- Practical Assessment
- 24x7x365 chat technical support
Who should attend
Prior to taking this experience, the learner should have the expertise, skills or knowledge obtained while serving in roles similar to the following:
- Chief Information Officer
- Chief Information Security Officer
- Chief Technology Officer
- Compliance Manager/ Officer
- Director of Security
- Information Architect
- Information Manager / Information Risk Manager or Consultant
- IT Specialist/Director/Manager
- Network/System Administrator
- Security Administrator
- Security Architect / Security Analyst
- Security Consultant
- Security Manager
- Security Systems Engineer/ Security Engineer
Outline
Domain 1: Security and Risk Management
Learning Objectives:
- Justify an organizational code of ethics.
- Explain the ethical standards every professional security professional is expected to uphold.
- Specify the standards of behavior and performance expected of ISC2 members.
- Explain the security concepts of confidentiality, integrity, availability, authenticity, non-repudiation, privacy and safety.
- Relate security governance to organizational business strategies, goals, missions and objectives.
- Relate concepts and principles to due care and due diligence.
- Describe contractual, legal and industry standards, as well as regulatory requirements for information security.
- Explain how transborder data flow and import and export controls apply to data protection and privacy.
- Understand requirements for investigation types an organization may conduct in the case of a cyber incident.
- Review various privacy, cybersecurity and risk frameworks from an operational security perspective and as compliance requirements to their role in operational processes.
- Explain the overall organizational business continuity practice and the importance of the business impact analysis (BIA) to the planning process.
- Advocate for security considerations in personnel practices.
- Apply basic risk management theory to information security risks.
- Demonstrate the readiness of the human component of organizational information security.
Domain 2: Asset Security
Learning Objectives:
- Identify, classify, and categorize information assets.
- Explain the importance of treating information as an asset.
- Differentiate the IT asset management lifecycle from the data security lifecycle.
- Relate the data states of in use, in transit, and at rest to the data lifecycle.
- Relate the different roles that people and organizations have with respect to data.
- Describe the different security control types and categories.
- Explain the use of data security standards and baselines to meet organizational compliance requirements.
Domain 3: Security Architecture and Engineering
Learning Objectives:
- Explain the significance of basic secure design principles.
- Compare and contrast the key security characteristics of security models.
- Explain the hardware foundations of security.
- Apply security principles to different information systems and their environments.
- Determine the best application of cryptographic approaches to solving organizational information security needs.
- Manage the use of certificates and digital signatures to meet organizational information security needs.
- Apply different cryptographic management solutions to meet organizational information security needs.
- Describe defenses against common cryptanalytic attacks.
- Apply the lessons of Crime Prevention through Environmental Design (CPTED) to information systems security design and operation.
- Identify information security implications of various physical facilities, systems and infrastructure.
Domain 4: Communication and Network Security
Learning Objectives:
- Describe the architectural characteristics, relevant technologies, protocols and security considerations of each of the layers in the Open Systems Interconnection (OSI) model.
- Explain the application of secure design practices in developing network infrastructure.
- Describe the evolution of methods to secure IP communications protocols.
- Explain the security implications of bound (cable and fiber) and unbound (wireless) network environments.
- Describe the evolution of, and security implications for, key network devices.
- Evaluate and contrast the security issues with voice communications in traditional and voice over internet protocol (VoIP) infrastructures.
- Describe and contrast the security considerations for key remote access technologies.
- Explain the security implications of software-defined networking (SDN) and network virtualization technologies.
Domain 5: Identity and Access Management
Learning Objectives:
- Explain the identity lifecycle as it applies to human and nonhuman users.
- Compare and contrast access control models, mechanisms and concepts.
- Explain the role of authentication, authorization and accounting in achieving information security goals and objectives.
- Explain how IAM implementations must protect physical and logical assets.
- Describe the role of credentials and the identity store in IAM systems.
Domain 6: Security Assessment and Testing
Learning Objectives:
- Describe the purpose, process and objectives of formal and informal security assessment and testing.
- Apply professional and organizational ethics to security assessment and testing.
- Explain internal, external and third-party assessment and testing.
- Explain management and governance issues related to planning and conducting security assessments.
- Explain the role of assessment in data-driven security decision-making.
Domain 7: Security Operations
Learning Objectives:
- Show how to efficiently and effectively gather and assess security data.
- Explain the security benefits of effective change management and change control.
- Develop incident response policies and plans.
- Link incident response to needs for security controls and their operational use.
- Relate security controls to improving and achieving required availability of information assets and systems.
- Understand the security and safety ramifications of various facilities, systems and infrastructure characteristics.
Domain 8: Software Development Security
Learning Objectives:
- Recognize the many software elements that can put information systems security at risk.
- Identify and illustrate major causes of security weaknesses in source code.
- Illustrate major causes of security weaknesses in database and data warehouse systems.
- Explain the applicability of the Open Web Application Security Project (OWASP) framework to various web architectures.
- Contrast the ways that different software development methodologies, frameworks and guidelines contribute to information systems security.
- Explain the implementation of security controls for software development ecosystems.
- Choose an appropriate mix of security testing, assessment, controls and management methods for different systems and applications environments.