
Explains the CIA triad—confidentiality, integrity, and availability—and how they protect data from unauthorized access, tampering, and denial of service. Emphasizes encryption, least privilege, hash-based integrity checks, and firewall protection.
Explore identification, authentication, authorization, and accounting through server login, username and password credentials, and authorization decisions about what users can do. Learn how auditing records user activity with log files.
Learn how abstraction groups users into roles to apply policies efficiently, practice data hiding to restrict access, and use encryption to protect data in transit and at rest.
Learn security governance and its link to corporate and IT governance, with clear controls and roles to identify threats and monitor breaches. Understand data classification and protection.
Learn security roles and responsibilities, from senior managers approving changes to data owners and custodians protecting data, and examine policy types, standards, procedures, and testing.
Explore criminal, civil, and administrative law, intellectual property rights, and information security regulations, including PCI DSS, encryption, and licensing practices essential for security professionals.
Examine symmetric and public-key cryptography, including RSA, ECC, and El-Gamal, and how hash functions, digital signatures, and certificates secure integrity, authenticity, and online communications.
Learn how cache RAM speeds up systems by buffering data from slower devices to faster memory. See how caches appear in hardware and as browser cookies and temporary files.
Understand collision domains and broadcast domains, how hubs create a single collision domain, how switches and routers segment networks, and half duplex behavior in reducing collisions.
Compare authentication protocols CHAP and PAP, highlighting how CHAP uses a three-way handshake to prevent clear-text credentials, unlike PAP's username and password sent in the clear.
Explore how network address translation maps private IPs to public IPs with static and dynamic NAT, and compare circuit switching, packet switching, and DoS attacks.
Explore types of access control including preventive, detective, corrective, recovery, deterrence, and compensating controls, plus logical and physical controls and the concept of single sign on.
Explore Kerberos ticket systems and ssl single sign-on for authenticating service requests across trusted networks. Understand aaa—authentication, authorization, accountability—and the roles of radius and diameter in securing access.
Explore discretionary access control by illustrating group-based permissions, ACLs on objects, and owner-driven access decisions that grant or restrict data access.
Learn protection methods against attacks, including Windows file protection, ransomware defense via restricted permissions, strong passwords, multi-factor authentication, account lockout, and last login notifications.
Assess security levels through testing to reveal flaws in controls and authentication. Explore automated scan tool-assisted penetration testing, risk assessment, posture assessment, and internal versus external audits.
Test interfaces across API, GUI, CLI, and physical interfaces to ensure security requirements in complex software systems; perform discovery analysis, KPI tracking, and use-case and misuse-case testing with pre-production scanning.
Learn to manage security operations by applying the need-to-know principle, least privilege, and permissions controls, with revocation, separation of duties, and transitive trust concepts.
Label backups with dates and departments; secure data in transit and at rest, including offsite storage; manage hardware and software assets; protect licenses with recovery emails and CCTV.
Master the change management process from request to approval and implementation. Assess change types and impacts on people, networks, costs, risk, plus stakeholder analysis, communication, and readiness.
Master patch management by identifying new patches, evaluating and testing them, approving and deploying updates, and verifying deployment to keep operating systems up to date and secure.
Explore common log types for incident detection and auditing, including security, system, application, firewall, and proxy logs. See how logs capture access, changes, and events across files and systems.
Audit trails monitor security by recording comprehensive system activity to detect threats, prevent incidents, and show a before-and-after view of system state for cyber law prosecutions.
Explain recovery strategy as part of a data protection plan, comparing backup options from local to remote and disaster recovery sites like hot and warm sites, service bureaus, and cloud.
Explore disaster recovery site types, defined recovery objectives, and backup strategies from full, incremental, and differential backups to minimize data loss and downtime.
Investigate security incidents with a focus on lawful inquiry, evidence handling, and forensic discovery, detailing real, documentary, and testimonial evidence, and the role of law enforcement.
The CISSP: Certified Information Systems Security Professional Certification certification training package covers topics such as Access Control Systems, Cryptography, and Security Management Practices, teaching students the eight domains of information system security knowledge.
The new eight domains are:
The CISSP Certification is administered by the International Information Systems Security Certification Consortium or (ISC)². (ISC)² promotes the CISSP exam as an aid to evaluating personnel performing information security functions. Candidates for this exam are typically network security professionals and system administrators with at least four years of direct work experience in two or more of the ten test domains. As the first ANSI ISO accredited credential in the field of information security, the Certified Information Systems Security Professional (CISSP) certification provides information security professionals with not only an objective measure of competence, but a globally recognized standard of achievement.
Who is the target audience?
*note: This course is not for someone who simply looking to crack Exam only, This course will provide you the knowledge to appear for Interview and Include the knowledge of CISSP Course