Sign In

Sign In here to pay AMFs, submit CPEs, update profile settings, review transactions, and more.

(Training and Education)

Official (ISC)²® CBK® Training Seminars for the CISSP

CISSP Training Straight from the Source

NOTE: Effective April 15, 2015, the CISSP exam will be based on a new exam blueprint. Please refer to the Exam Outline and FAQs for details.

(ISC)² is the creator of the CISSP Exam, so why would you get your training anywhere else? The (ISC)² Official CBK Training Seminar for the CISSP is the key to success in obtaining your certification.

CISSP Course Overview

Led by (ISC)² authorized instructors, who are experts in information security, the Official (ISC)² CISSP CBK Training Seminar is the most comprehensive review of information security concepts and industry best practices, and covers the 10 domains of the CISSP CBK (Common Body of Knowledge). This training course will help candidates review and refresh their information security knowledge and help identify areas they need to study for the CISSP exam.

Several types of activities are used throughout the course to reinforce topics and increase knowledge retention. These activities include open ended questions from the instructor to the students, matching and poll questions, group activities, open/closed questions, and group discussions. This interactive learning technique is based on sound adult learning theories.

Course Objectives

After completing this workshop, participants will be able to:

  • Identify key purposes, benefits, and processes of information classification and how it is used to determine access control policies and identify the process for assessing the effectiveness of implemented controls
  • Understand the bascis of telecommunication and network security concepts, required components for minimizing security risks, securing channels of communication, and techniques for preventing and detecting network-based attacks
  • Define and apply information security governance and Risk Management Framework including the policies, concepts, principles, structures and standards that are established for the protection of information assets and how to assess the effectiveness of that protection
  • Explain the details of software development security, including the activities and processes pertaining to the planning, programming, and management of software and systems that manage software, including ways to secure applications through design and control interfaces and assess the usefulness of their application security
  • Identify the concepts within cryptography, including the terms and application of public and private algorithms, distribution management, methods of attack, and the application, development, and use of digital signatures for authenticity, electronic transactions, and non-repudiation processes
  • Identify security architecture and design concepts, focusing on the architecture of security systems that provide for the availability, integrity, and confidentiality of organizational assets as well as the concepts, principles, structures, frameworks, and standards used in the design and implementation of security requirements of individual components and enterprise-wide systems
  • Identify the key terms and processes of security operations and how to protect and control information processing assets in a centralized or distributed environment
  • Identify and apply the business continuity and disaster recovery planning requirements necessary to ensure the preservation of the business in case of major disruptions to normal business operations, including the project scope, planning and how to conduct a business impact analysis, identify recovery strategies, develop the recovery plan, and implement it
  • Define and explain the legal, regulations, investigations, and compliance concepts of internationally accepted methods, processes, and procedures used in computer crime legislation; regulations specific to the investigative measures and techniques used to identify the occurrence of an incidence; and the gathering, analysis, and management of evidence
  • Define and apply the requirements necessary for the overall physical (environmental) security processes for the evaluation of physical, environmental, and procedural risks that might be present in a facility, organization, or structure where information systems are stored and managed

Who should attend?

The course is intended for students who have at least four years of recent full-time security professional work experience in two or more of the ten domains of the (ISC)² Certified Information System Security Professional (CISSP) Common Body of Knowledge (CBK), including experience with the architecture, design, management, risk, and controls that assure the security of business environments. The course builds on and brings together the holistic view of the topics covered in the everyday environment of an information systems security professional. Professional experience including the following will greatly enhance the learning environment.

  • Work requiring special education or intellectual attainment, usually including a liberal education or college degree
  • Work requiring habitual memory of a body of knowledge shared by others doing similar work
  • Management/supervision of projects and/or employees
  • Work requiring the exercise of judgment, management decision-making, and discretion
  • Work requiring the exercise of ethical judgment (as opposed to ethical behavior)
  • Professional writing and oral communication (e.g., presentation)
  • Research and development
  • The specification and selection of controls and mechanisms
  • Applicable job title examples include: CISO, director, manager, supervisor, analyst, cryptographer, cyber architect, information assurance engineer, instructor, professor, lecturer, investigator, computer scientist, program manager, and lead

Course Outline

Domain 1 - Access Control

  • Module 1: Introduction to Access Control
  • Module 2: Access Control Key Concepts, Methodologies, and Techniques
  • Module 3: System Logging and Monitoring
  • Module 4: Access Control Attacks and Threats
  • Module 5: Access Control Effectiveness
  • Module 6: Identify and Access Provisioning Lifecycle

Domain 2 - Telecommunications and Network Security

  • Module 1: Introduction to Telecommunications and Network Security
  • Module 2: Network Models and System Architecture
  • Module 3: The Network and IT Security
  • Module 4: Understanding the Attack
  • Module 5: Tools and Tasks in Network Security
  • Module 6: Layer 1 - Physical Layer
  • Module 7: Layer 2 - Data-link  Layer
  • Module 8: Layer 3 - Network Layer
  • Module 9: Layer 4 - Transport Layer
  • Module 10: Layer 5 - Session Layer
  • Module 11: Layer 6 - Presentation Layer
  • Module 12: Layer 7 - Application Layer

Domain 3 - Information Security Governance and Risk Management

  • Module 1: Introduction to Information Security Governance and Risk Management
  • Module 2: Information Security Governance
  • Module 3: The Risk Management Process
  • Module 4: Ethical Considerations in Information Security

Domain 4 - Software Development Security

  • Module 1: System Lifecycle Security
  • Module 2: Systems Development Methodologies
  • Module 3: Security Issues with Programming Languages
  • Module 4: Assessing the Effectiveness of Software Security
  • Module 5: Security Controls
  • Module 6: Database Security
  • Module 7: Application and Database Security Issues

Domain 5 - Cryptography

  • Module 1: Key Concepts and Common Terminology Used in Cryptography
  • Module 2: Historical Aspect of Cryptography
  • Module 3: Uses of Cryptography
  • Module 4: The Cryptographic Lifecycle
  • Module 5: Methods of Cryptography
  • Module 6: The Different Encryption Systems
  • Module 7: Algorithm Concepts
  • Module 8: Methods of Cryptanalytic Attacks
  • Module 9: Maintaining Network Security
  • Module 10: Maintaining Application Security
  • Module 11: Information Hiding Alternatives

Domain 6 - Security Architecture and Design

  • Module 1: Key Concepts and Definitions
  • Module 2: Types of Security Models
  • Module 3: Components of an Architecture
  • Module 4: Basic Principles of System Design
  • Module 5: Evaluation Models of Information Systems
  • Module 6: Common Security Frameworks
  • Module 7: Vulnerabilities and Threats

Domain 7 - Security Operations

  • Module 1: Security Concepts and Activities
  • Module 2: Protection of Resources
  • Module 3: Preventive Measures
  • Module 4: Change Management and Configuration Management
  • Module 5: System Resilience and Fault Tolerance Requirements 

Domain 8 - Business Continuity and Disaster Recovery Planning

  • Module 1: Processes Required for Planning the Project
  • Module 2: Defining the Organization
  • Module 3: Plan Implementation 

Domain 9 - Legal, Regulations, Investigations, and Compliance

  • Module 1: The Major Legal Systems in Information Security
  • Module 2: International Law in Information Security
  • Module 3: Supporting the Investigation
  • Module 4: The Forensic Investigation
  • Module 5: Hardware/Embedded Device Analysis
  • Module 6: Compliance Processes and Procedures
  • Module 7: Ensure Security in Contractual Agreements and Procurement Processes 

Domain 10 - Physical (Environmental) Security

  • Module 1: Definitions and Key Concepts
  • Module 2: Site and Facility Design Considerations
  • Module 3: Implementation and Operation of Perimeter Security
  • Module 4: Implementation and Operation of Internal Security
  • Module 5: Implementation and Operation of Facilities Security
  • Module 6: Equipment Protection
  • Module 7: Personnel Privacy and Safety
Official (ISC)² CBK Training Seminars for the CISSP are offered in three convenient formats:

classroom based training iconClassroom-based Training
Info orange arrow small Register orange arrow small


liveonline training iconLive OnLine Training
Info orange arrow small Register orange arrow small


private onsite trainingPrivate, On-site Training
Info orange arrow small


Need help deciding on a training option? Email: (ISC)² Education or call +1.866.462.4777.


orange line


CISSP Live Webinar

The (ISC)² CISSP Domain Refresh
April 3, 2015
1:00pm - 2:00pm EST
Register Now