ISC2, Cyber Security

Certified Information Systems Security Professional

CY-CISSP

Type

Virtual

Classroom ILT

Skill Level

ISC2: Advanced

Available dates

December 9, 2024

Learning Path

Cybersecurity

Virtual

Duration

5 Days

1 Day

TYPE

Virtual

Classroom ILT

LEARNING PATH

Cybersecurity

SKILL LEVEL

ISC2: Advanced

DURATION

5 Days

AVAILABLE DATES

December 9, 2024

Choose date

R32 900,00

Price excluding VAT

Introduction

In an increasingly complex cyber world, there is a growing need for information security leaders who possess the breadth and depth of expertise necessary to establish holistic security programs that assure the protection of organisations information assets.

CISSP is the most globally recognised certification in the information security market. Required by the world’s most security-conscious organisations, CISSP is the industry-leading credential that assures you have the deep technical and managerial knowledge and experience to effectively design, engineer, and manage the overall security posture of an organisation. The vendor neutral CISSP certification is the ideal credential for those with proven deep technical and managerial competence, skills, experience, and credibility to design, engineer, implement, and manage their overall information security program to protect organisations from growing sophisticated attacks.

Backed by ISC2, the globally recognised, non-profit organisation dedicated to advancing the information security field, the CISSP was the first credential in the field of information security to meet the stringent requirements of ISO/IEC Standard 17024. Not only is the CISSP an objective measure of excellence, but also a globally recognised standard of achievement.

Audience profile

This training course is intended for professionals who have at least 5 years of recent full-time professional work experience in 2 or more of the 8 domains of the CISSP CBK and are pursuing CISSP training and certification to acquire the credibility and mobility to advance within their current information security careers. The training course is ideal for those working in positions such as, but not limited to:

Security Consultant
Security Manager
IT Director/Manager
Security Auditor
Security Architect
Security Analyst
Security Systems Engineer
Chief Information Security Officer
Director of Security
Network Architect

Pre-requisites

Candidates must have a minimum of five years cumulative paid work experience in two or more of the eight domains of the ISC2 CISSP Common Body of Knowledge (CBK)
Earning a four-year college degree or regional equivalent in Computer Science, Information Technology (IT) or related fields or an additional credential from the ISC2 approved list will satisfy one year of the required experience
Education credit will only satisfy one year of experience
Part-time work and internships may also count towards your experience
Full-Time Experience: Your work experience is accrued monthly

Thus, you must have worked a minimum of 35 hours/week for four weeks to accrue one month of work experience:

Part-Time Experience: Your part-time experience cannot be less than 20 hours a week and no more than 34 hours a week
1040 hours of part-time = 6 months of full-time experience
2080 hours of part-time = 12 months of full-time experience
Internship: Paid or unpaid internship is acceptable. You will need documentation on company/organisation letterhead confirming your position as an intern. If you are interning at a school, the document can be on the registrar’s stationery

Course objectives

On completion of this program, the participants will be able to:

Apply fundamental concepts and methods related to the fields of information technology and security
Align overall organisational operational goals with security functions and implementations
Determine how to protect assets of the organisation as they go through their lifecycle
Leverage the concepts, principles, structures, and standards used to design, implement, monitor, and secure operating systems, equipment, networks, applications, and those controls used to enforce various levels of confidentiality, integrity, and availability
Apply security design principles to select appropriate mitigations for vulnerabilities present in common information system types and architectures
Explain the importance of cryptography and the security services it can provide in today’s digital and information age
Evaluate physical security elements relative to information security needs
Evaluate the elements that comprise communication and network security relative to information security needs
Leverage the concepts and architecture that define the associated technology and implementation systems and protocols at Open Systems Interconnection (OSI) model layers 1–7 to meet information security needs
Determine appropriate access control models to meet business security requirements
Apply physical and logical access controls to meet information security needs
Differentiate between primary methods for designing and validating test and audit strategies that support information security requirements
Apply appropriate security controls and countermeasures to optimize an organisation’s operational function and capacity
Assess information systems risks to an organisation’s operational endeavors
Determine appropriate controls to mitigate specific threats and vulnerabilities
Apply information systems security concepts to mitigate the risk of software and systems vulnerabilities throughout the systems’ lifecycles

Course content

Chapter 1: The Information Security Environments
Justify an organisational code of ethics	Relate confidentiality, integrity, availability, non-repudiation, authenticity, privacy and safety to do care and due diligence
Relate information security governance to organisational business strategies, goals, missions, and objectives	Apply the concepts of cybercrime to data breaches and other information security compromises
Relate legal, contractual, and regulatory requirements for privacy and data protection to information security objectives	Relate transcoder data movement and import-export issues to data protection, privacy, and intellectual property protection
Chapter 2: Information Asset Security
Relate the IT asset management and data security lifecycle models to information security	Explain the use of information classification and categorization, as two separate but related processes
Describe the different data states and their information security considerations	Describe the different roles involved in the use of information, and the security considerations for these roles
Describe the different types and categories of information security controls and their use	Select data security standards to meet organisational compliance requirements
Chapter 3: Identify and Access Management (IAM)
Explain the identity lifecycle as it applies to human and nonhuman users	Compare and contrast access control models, mechanisms, and concepts
Explain the role of authentication, authorization, and accounting in achieving information security goals and objectives	Explain how IAM implementations must protect physical and logical assets
Describe the role of credentials and the identity store in IAM systems
Chapter 4: Security Architecture and Engineering
Describe the major components of security engineering standards	Explain major architectural models for information security
Explain the security capabilities implemented in hardware and firmware	Apply security principles to different information systems architectures and their environments
Determine the best application of cryptographic approaches to solving organisational information security needs	Manage the use of certificates and digital signatures to meet organisational information security needs
Discover the implications of the failure to use cryptographic techniques to protect the supply chain	Apply different cryptographic management solutions to meet organisational information security needs
Verify cryptographic solutions are working and meeting the evolving threat of the real world	Describe defenses against common cryptographic attacks
Develop a management checklist to determine the organisation’s cryptologic state of health and readiness
Chapter 5: Communication and Network Security
Describe the architectural characteristics, relevant technologies, protocols and security considerations of each of the layers in the OSI model	Explain the application of secure design practices in developing network infrastructure
Describe the evolution of methods to secure IP communications protocols	Explain the security implications of bound (cable and fiber) and unbound (wireless) network environments
Describe the evolution of, and security implications for, key network devices	Evaluate and contrast the security issues with voice communications in traditional and VoIP infrastructures
Describe and contrast the security considerations for key remote access technologies	Explain the security implications of software-defined networking (SDN) and network virtualization technologies
Chapter 6: Software Development Security
Recognize the many software elements that can put information systems security at risk	Identify and illustrate major causes of security weaknesses in source code
Illustrate major causes of security weaknesses in database and data warehouse systems	Explain the applicability of the OWASP framework to various web architectures
Select malware mitigation strategies appropriate to organisational information security needs	Contrast the ways that different software development methodologies, frameworks, and guidelines contribute to systems security
Explain the implementation of security controls for software development ecosystems	Choose an appropriate mix of security testing, assessment, controls, and management methods for different systems and applications environments
Chapter 7: Security Assessment and Testing
Describe the purpose, process, and objectives of formal and informal security assessment and testing	Apply professional and organisational ethics to security assessment and testing
Explain internal, external, and third-party assessment and testing	Explain management and governance issues related to planning and conducting security assessments
Explain the role of assessment in data-driven security decision-making
Chapter 8: Security Operations
Show how to efficiently and effectively gather and assess security data	Explain the security benefits of effective change management and change control
Develop incident response policies and plans	Link incident response to needs for security controls and their operational use
Relate security controls to improving and achieving required availability of information assets and systems	Understand the security and safety ramifications of various facilities, systems, and infrastructure characteristics
Chapter 9: Putting It All Together
Explain how governance frameworks and processes relate to the operational use of information security controls	Relate the process of conducting forensic investigations to information security operations
Relate business continuity and disaster recovery preparedness to information security operations	Explain how to use education, training, awareness, and engagement with all members of the organisation to strengthen and enforce information security processes
Show how to operationalize information systems and IT supply chain risk management

Benefits of Certified Information Systems Security Professional

For the individual:

Instant credibility and differentiation: Positioned as an authority figure on cybersecurity, proving proficiency to keep up with new technologies, developments and threats. Quickly conveys knowledge and inspires trust
Unique recognition: The highest standard for cybersecurity expertise. It’s vendor-neutral, accredited and requires both practical knowledge and professional experience to earn
Enhanced knowledge and skill set: Advanced knowledge and skills to stay ahead of cybersecurity best practices, evolving technologies and mitigation strategies
Versatility: Vendor-neutral and multivendor knowledge can be applied across different technologies and methodologies, increasing marketability and ensuring ability to protect sensitive data in a global environment
Career advancement: Raises visibility and credibility, improves job security and creates new job opportunities
Increased compensation: Depending on country and employer. On average, ISC2 members report having 35% higher salaries than non-members

For the Organisation:

Secure the organisation’s critical data: Strengthen the security posture with qualified professionals who have proven expertise to competently design, build and maintain a secure business environment
Increase overall cybersecurity IQ: Implement the latest security best practices
Improve cybersecurity coherence across the organisation: Ensure professionals speak the same language across disciplines and have cross-department perspective
Instant respect and credibility: Increase organisational integrity in the eyes of clients and other stakeholders
Satisfy requirements: Meet certification mandates for service providers and subcontractors.
Stay current: Ensure work teams are up to date on emerging and evolving technologies, threats and mitigation strategies by meeting ISC2 Continuing Professional Education (CPE) requirements
Governance, Risk and Compliance: Comply with government or industry regulations (DoD 8140.01/8570.01 approved)

Associated certifications and exam

The CISSP draws from a comprehensive, up-to-date, global common body of knowledge that ensures security leaders have a deep knowledge and understanding of new threats, technologies, regulations, standards, and practices. Security Operations.

Associate of ISC2: A candidate who doesn’t have the required experience may become an Associate of ISC2 by successfully passing the CISSP examination. The Associate of ISC2 will then have six years to earn the five years of cumulative paid work experience in two or more of the eight domains of the ISC2 CISSP Common Body of Knowledge (CBK).

Exam Details	English Exam	Non-English Exam
Exam Title	Certified Information Systems Security (CISSP)	Certified Information Systems Security (CISSP)
Number of Questions/Practical Challenges	125 – 175 Questions	250 Questions
Test Duration	4 Hours	6 Hours
Test Format	Multiple choice questions and advanced innovative items	Multiple choice questions and advanced innovative items
Test Delivery	Pearson VUE Testing Centre	Pearson VUE Testing Centre
Availability	English	French, German, Brazilian Portuguese, Spanish-Modern, Japanese, Simplified Chinese, Korean
Passing Score	700/1000	700/1000

ISC2 Overview

ISC2 is an international non-profit membership association focused on inspiring a safe and secure cyber world. Today, based in the United States, ISC2 serves its global membership from its headquarters in Alexandria, Virginia, along with a portfolio of credentials and world-class education programs in the form of vendor-neutral education products and career services.

Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, ISC2 offers a portfolio of credentials that are part of a holistic, programmatic approach to security.

ISC2 members, candidates and associates, nearly 675,000 strong, are made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. ISC2 members represent an elite, global network of dedicated cybersecurity professionals – preeminent experts in their field – who have committed themselves to the highest ethical standards and best practices. All members are certified professionals who have passed ISC2 examinations attesting to skill and knowledge in their field. Through their ISC2 certification, they have demonstrated superior competency and devoted themselves to making the cyber world a safer place for all.

Torque IT is the longest standing Official Training Partner (OTP) in South Africa and has maintained the status of one of the leading ISC2 accredited training organizations in South Africa. Torque IT remains the Only Preferred OTP in the South Africa. As a leading and established training provider of cybersecurity education and certification, Torque IT is committed to expanding our offerings and promoting cybersecurity awareness and expertise across all ISC2 Certifications and throughout South Africa and various African countries.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Certified Information Systems Security Professional

Type

Skill Level

Available dates

Learning Path

Duration

TYPE

Virtual

Classroom ILT

LEARNING PATH

SKILL LEVEL

DURATION

AVAILABLE DATES

Price excluding VAT

ISC2 Overview

contact

Vendor
Authorised

Details

Menu

newsletter

Certified Information Systems Security Professional

Type

Skill Level

Available dates

Learning Path

Duration

TYPE

Virtual

Classroom ILT

LEARNING PATH

SKILL LEVEL

DURATION

AVAILABLE DATES

Price excluding VAT

ISC2 Overview

contact

Vendor Authorised

Details

Menu

newsletter

Vendor
Authorised