Description
Price: 25.00 USD | Size: 20.6 GB | Duration : 70+ Hours |527 Video Lessons | ⭐️⭐️⭐️⭐️⭐️ 4.9
BRAND: Expert TRAINING | ENGLISH | Bonus : CISSP PDF Guides Bundle | INSTANT DOWNLOAD
CISSP CONCENTRATIONS COURSE BUNDLE & PDF Guides
Earning your Certified Information Systems Security Professional (CISSP) delivers new opportunities for your cybersecurity career. It’s a great first step, but you may find it valuable to go beyond this and focus on CISSP concentrations. These concentrations go above the standard CISSP certification in many ways. With such credentials, you may be an even more attractive candidate to employers or advance your career, earn more and take on more responsibilities.
We’ll review requirements, steps for certification, learning objectives for each certification and who should pursue concentrations and why for all the CISSP concentrations.
What are the various CISSP concentrations?
There are three CISSP concentrations:
- Information Systems Security Architecture Professional (ISSAP)
- Information Systems Security Engineering Professional (ISSEP)
- Information Systems Security Management Professional (ISSMP)
Each focuses on a different subarea within the CISSP framework, allowing you to hone your skills and specialize. The concentrations will enable you to build upon the knowledge learned by achieving your CISSP certification. With these three concentrations, you can develop your acumen in either architecture, engineering or management.
These concentrations come from the International Information System Security Certification Consortium or (ISC)². This group defines the steps to certification.
Steps to certification
There are several steps you must take to qualify for concentrations.
Step 1: Experience
To qualify for each of these concentrations, you’ll need to be a CISSP in “good standing,” which means holding and maintaining the certification, including earning continuing Professional Education (CPE) credits.
You’ll also need at least two years of cumulative, paid work experience in these areas, respective to their concentration:
- One of more of the six domains of CISSP-ISSAP Common Body of Knowledge (CBK)
- One or more of the five domains of the CISSP-ISSEP CBK
- One or more of the six domains of the CISSP-ISSMP CBK
The CISSP certification requires five years of experience, so these certifications are targeted towards experienced security professionals.
Step 2: Register with Pearson VUE and schedule the exam
If you meet the first round of qualifications, you’ll next need to take an exam. You’ll start by creating an account on Pearson VUE. When you set up an account, you’ll have to complete an examination agreement, which means you will adhere to the (ISC)² code of ethics. You’ll also need to review the candidate background questions. Finally, you’ll pay the fee of $599 (or equivalent in other currency).
Step 3: Prep for, take and pass the exam
In preparation for the exam, you can either develop a study plan or enroll in certification training prep from (ISC)² or a licensed training provider. (ISC)² also offers webinars on each of the three concentrations. Training can be online, in a classroom, or private, on-site. Understand that each of the three concentrations has its own CBK that goes beyond that for CISSP.
The exam format for each credential is 3 hours to answer 125 multiple-choice questions. To successfully pass, you’ll need to earn 700 points on a 1,000-point scale. A panel of subject matter experts (SMEs) who are (ISC)² volunteers establish the passing score.
Step 4: Endorsement
After passing the exam, you will need to go through the endorsement process once more (the same as when you earned your CISSP certification). You have nine months from the date of passing your exam to complete your endorsement. The endorsement requires a signing off by an (ISC)² certified professional who is an active member.
After the endorsement approval, you’ll pay a single annual maintenance fee (AMF). (ISC)² uses these fees to support the costs of maintaining certifications. The cost is $125, and it’s due annually. It’s one cost, no matter the number of certifications you earn.
Maintaining certification
Along with the yearly AMF, you’ll also need to complete 20 CPEs every year for each concentration. Every three years, you’ll need to renew your certification.
How do these concentrations differ from CISSP certification?
CISSP concentrations build upon your CISSP certification, bringing greater depth, knowledge and expertise in one of the three areas. The testing is shorter for concentrations compared to CISSP.
Another key difference between the three CISSP concentrations and the CISSP itself is that you cannot substitute becoming an (ISC)² associate to demonstrate competence. The “associate” level is for those who have not yet earned their CISSP certification and need a little help in demonstrating competence.
To truly highlight the differences between CISSP concentrations and the standard CISSP certification, we’ll delve into what each of the three concentrations covers.
ISSAP
The CISSP-ISSAP certification deals specifically with information security architecture. Earning this certification demonstrates your knowledge in developing, designing and analyzing security solutions. Further, it proves you are proficient in providing risk-based guidance to key decision-makers to enable organizational goals.
CISSP-ISSAP domains and weighting:
- Domain 1. Architect for governance, compliance, and risk management (17%)
- Domain 2. Security architecture modeling (15%)
- Domain 3. Infrastructure security architecture (21%)
- Domain 4. Identity and access management (IAM) architecture (16%)
- Domain 5. Architect for application security (13%)
- Domain 6. Security operations architecture (18%)
Are you a good fit for CISSP-ISSAP?
(ISC)² notes CISSP-ISSAP is an appropriate credential for chief security architects or analysts. The roles it fits best with are those with a consultative or analytical process of information security.
Ideally, you should pursue ISSAP if you want to be an SME in your field and are plotting a path for your career that includes incremental growth in responsibility and salary.
What are the learning objectives for ISSAP?
(ISC)² lists the following ISSAP exam outline for each domain:
Domain 1
- Determine legal, regulatory, organizational and industry requirements
- Manage risk
Domain 2
- Identify security architecture approach
- Verify and validate design (e.g., Functional Acceptance Testing (FAT), regression)
Domain 3
- Develop infrastructure security requirements
- Design defense-in-depth architecture
- Secure shared services (e.g., wireless, email, voice over internet protocol (VoIP), unified communications (UC), Domain Name System (DNS), network time protocol (NTP))
- Integrate technical security controls
- Design and integrate infrastructure monitoring
- Design infrastructure cryptographic solutions
- Design secure network and communication infrastructure (e.g., virtual private network (VPN), internet protocol security (IPsec), transport layer security (TLS))
- Evaluate physical and environmental security requirements
Domain 4
- Design identity management and lifecycle
- Design access control management and lifecycle
- Design identity and access solutions
Domain 5
- Integrate software development life cycle (SDLC) with application security architecture (e.g., requirements traceability matrix (RTM), security architecture documentation, secure coding)
- Determine application security capability requirements and strategy (e.g., open source, cloud service providers (CSP), software as a service (SaaS)/infrastructure as a service (IaaS)/platform as a service (PaaS) environments)
- Identify common proactive controls for applications (e.g., Open Web Application Security Project (OWASP))
Domain 6
- Gather security operations requirements (e.g., legal, compliance, organizational and business requirements)
- Design information security monitoring (e.g., security information and event management (SIEM), insider threat, threat intelligence, user behavior analytics, incident response (IR) procedures)
- Design business continuity (BC) and resiliency solutions
- Validate business continuity plan (BCP)/disaster recovery plan (DRP)
- Design incident response (IR) management
ISSEP
The CISSP-ISSEP concentration focuses on information systems security engineering. Earning the certification demonstrates you know how to apply systems engineering principles and processes practically. It also represents your ability to integrate security across the infrastructure. (ISC)² developed the concentration in partnership with the U.S. National Security Agency (NSA).
CISSP-ISSEP domains and weighting
- Domain 1. Systems security engineering foundations (25%)
- Domain 2. Risk management (14%)
- Domain 3. Security planning and design (30%)
- Domain 4. Systems implementation, verification, and validation (14%)
- Domain 5. Secure operations, change management and disposal (17%)
Are you a good fit for CISSP-ISSEP?
Most pursuers of this concentration are senior systems engineers, information assurance systems engineers, information assurance officers, information assurance analysts and senior security analysts. If those are your areas of specialty and interest, you can move ahead in your career and increase your salary by earning ISSEP.
What are the learning objectives for ISSEP?
(ISC)² lists the following ISSEP exam outline for each domain:
Domain 1
- Apply systems security engineering fundamentals
- Execute systems security engineering processes
- Integrate with applicable system development methodology
- Perform technical management
- Participate in the acquisition process
- Design trusted systems and networks (TSN)
Domain 2
- Apply security risk management principles
- Address risk to the system
- Manage risk to operations
Domain 3
- Analyze the organizational and operational environment
- Apply system security principles
- Develop system requirements
- Create system security architecture and design
Domain 4
- Implement, integrate and deploy security solutions
- Verify and validate security solutions
Domain 5
- Develop secure operations strategy
- Participate in secure operations
- Participate in change management
- Participate in the disposal process
ISSMP
The ISSMP concentration centers around security management. Holding this concentration certification represents that you can establish, present and govern information security programs. It also shows your management and leadership skills.
CISSP-ISSMP domains and weighting
- Domain 1. Leadership and business management (22%)
- Domain 2. Systems lifecycle management (19%)
- Domain 3. Risk management (18%)
- Domain 4. Threat intelligence and incident management (17%)
- Domain 5. Contingency management (10%)
- Domain 6. Law, ethics and security compliance management (14%)
Are you a good fit for CISSP-ISSMP?
Those pursuing ISSMP fall into leadership roles, including chief information officers, chief information security officers, chief technology officers or senior security executives. If you hold these titles or are the goal for your career, then ISSMP is an excellent concentration that can also boost your salary. To take on a leadership role, you need more than technical skills. You also need to manage things like budget, training and metrics.
What are the learning objectives for ISSMP?
(ISC)² lists the following ISSMP exam outline for each domain:
Domain 1
- Establish security’s role in organizational culture, vision and mission
- Align security program with organizational governance
- Define and implement information security strategies
- Define and maintain security policy framework
- Manage security requirements in contracts and agreements
- Oversee security awareness and training programs
- Define, measure and report security metrics
- Prepare, obtain and administer security budget
- Manage security programs
- Apply product development and project management principles
Domain 2
- Manage integration of security into system development lifecycle (SDLC)
- Integrate new business initiatives and emerging technologies into the security architecture
- Define and oversee comprehensive vulnerability management programs (e.g., vulnerability scanning, penetration testing, threat analysis)
- Manage security aspects of change control
Domain 3
- Develop and manage a risk management program
- Conduct risk assessments
Domain 4
- Establish and maintain a threat intelligence program
- Establish and Maintain Incident Handling and Investigation Program
Domain 5
- Oversee development of contingency plans
- Guide development of recovery strategies
- Maintain business continuity plan (BCP), continuity of operations plan (COOP) and disaster recovery plan (DRP)
- Manage recovery process
Domain 6
- Understand the impact of laws that relate to information security
- Understand management issues as related to the (ISC)² Code of Ethics
- Validate compliance with applicable laws, regulations and industry best practices
- Coordinate with auditors and assist with the internal and external audit process
- Document and manage compliance exceptions
Why earn a CISSP concentration?
There are several benefits to earning a concentration. According to the (ISC)², “Passing a concentration examination demonstrates proven capabilities and subject-matter expertise beyond that required for the CISSP or SSCP credentials.”
This puts you in a prime position for higher-paying positions with more responsibilities and challenges, allowing you to enjoy an even more rewarding career.
Another reason to earn your credentials is to set yourself apart from others; CISSP certification is the gold standard for the industry. According to (ISC)², there are over 147,000 certified CISSP professionals in the world. That’s widespread, but concentrations have much fewer numbers. In the U.S., current numbers are:
- 1,311 ISSAP certified professionals
- 1,220 ISSEP certified professionals
- 961 ISSMP certified professionals
Earning your CISSP credential will give you an advantage in a very competitive, growing field, and a CISSP concentration credential will do even more for you. Completing these concentrations is not necessary for everyone. Balance your career goals against the CBKs for each concentration to determine if they will be the right fit for your needs.
Which CISSP concentration is right for you?
Choosing which field to specialize in includes a variety of factors. Each concentration is specific to roles and career paths. The decision for you may include considering:
- Your strengths and required experience
- Career goals
- Opportunities within your current organization and the job market
- What you’re passionate about
- Your interest in leadership positions
By defining your goals, strengths and opportunities, you can determine which concentration will deliver the most value.
Course Contents
(ISC)² CAP Fundamentals
001 – Security Objectives
002 – Risk Management – Terms and Definitions
003 – Risk Management Overview
004 – RMF Objectives and Tasks
005 – Defining the Information Systems
006 – Categorization Documents
007 – Control Selection Objectives and Tasks
008 – Implementation Objectives and Tasks
009 – Organization of Controls
010 – Control Assurance and Documentation
011 – Conducting Security Control Assessment
012 – Authorization Objective and Tasks
013 – Making Security Authorization Decisions
014 – Continuous Monitoring Tasks and Objectives
015 – Continuous Monitoring Process
(ISC)² CCSP Fundamentals
001 – Cybersecurity Fundamentals
002 – Cloud Computing Concepts
003 – Deployment Models
004 – Principles of Secure Cloud Computing
005 – Cloud Terms you MUST Know
006 – Data Classification and Categorization
007 – Data Lifecycle
008 – Data Destruction and Disposal
009 – Cloud Storage Architectures
010 – Cloud Security Strategies
011 – Cloud Secure Software Development Lifecycle
012 – Application Architecture Elements of Cloud Services
013 – Physical Logical Operations
014 – Managing Risks
015 – Legal Concepts
016 – Assurance Frameworks and Certification
(ISC)² Certified Authorization Professional (CAP)
001 – Introduction
002 – CAP Basis and Foundations
004 – CAP Domain 1 Introduction
005 – Security Objectives
006 – Essential Laws and Documents
007 – Security Authorization Process
008 – Risk Management – Terms and Definitions
009 – Risk Management – Risk Definition and Types
010 – Risk Management Overview
011 – System Boundaries and Control Allocation
012 – SDLC Integration
013 – Authorization Roles and Responsibilities
014 – RMF Objectives and Tasks
015 – Privacy Requirements and Hosted Systems
016 – Federal Laws
017 – Executive Orders and OMB Documents
018 – NIST Documents – FIPS
019 – NIST Documents – Special Publications
020 – CNSS
021 – Supplemental Regulations
022 – CAP Domain 2 Introduction
023 – Defining the Information Systems
024 – System Security Plan
025 – Categorization Documents
026 – Identifying the Information Types
027 – Determining the Impact Level
028 – Categorization Examples and Exercises
029 – Categorization of National Security Systems
030 – CAP Domain 3 Introduction
031 – Control Selection Objectives and Tasks
032 – Tailoring of Controls
033 – Monitoring Strategy and Security Plan Approval
034 – Step One – Prepare
035 – Step Two – Conduct the Assessment
036 – Step Three – Report and Communicate
037 – Step Four – Maintain
038 – CAP Domain 4 Introduction
039 – Implementation Objective and Tasks
040 – Organization of Controls
041 – Compensating Controls
042 – Control Assurance and Documentation
043 – Defense in Depth
044 – Types of Controls
045 – CAP Domain 5 Introduction
046 – Preparing for Security Control Assessment (SCA)
047 – Conducting Security Control Assessment (SCA)
048 – Preparing and Developing Security Assessment Report (SAR)
049 – CAP Domain 6 Introduction
050 – Authorization Objective and Tasks
051 – Developing Plan of Action and Milestones (POAM) & assembling Security Authorization Package
052 – Determining Information System Risk
053 – Making Security Authorization Decision
054 – CAP Domain 7 Introduction
055 – Continuous Monitoring Tasks and Objectives
056 – System Configuration Management
057 – Ongoing Assessments, Remediation and Risk Acceptance
058 – Decommission of Information Systems
059 – Continuous Monitoring Process
060 – ISCM Fundamentals
061 – Role of Automation in ISCM
062 – CAP Exam Details
063 – CAP Exam Study Tips
064 – Taking the CAP Exam
CAP Supplemental Materials
(ISC)² Certified Cloud Security Professional (CCSP)
001 – Introduction to CCSP
002 – Cybersecurity Fundamentals
003 – Governance Principles
004 – Control Frameworks
005 – Cyber Security Framework (CSF) Amplification Framework
006 – Regulatory Compliance
008 – Cloud Computing Concepts
009 – Cloud Reference Architecture
010 – Deployment Models
011 – Security Aspects of Virtualization
012 – Principles of Secure Cloud Computing
013 – Design Requirements
014 – Cloud Model Boundaries
015 – Protecting Sensitive Information
016 – Threat Modeling
017 – Cloud Terms You MUST Know
018 – Data Classification and Categorization
019 – Data Lifecycle
020 – Information Rights Management (IRM) Digital Rights Management (DRM) Solutions
021 – Data Retention
022 – Data Audits
023 – Data Destruction Disposal
024 – Cloud Storage Architectures
025 – Cloud Security Strategies
026 – Cloud Platform Risks and Responsibilities
027 – Disaster Recovery and Business Continuity Management
028 – Cloud Secure Software Development Lifecycle
029 – Software Security Testing
030 – Application Architecture Elements of Cloud Services
031 – Auditing in the Cloud
032 – Physical Logical Operations
033 – Monitoring, Capacity and Maintenance
034 – Change and Configuration Management
035 – Managing Risks
036 – Security Training and Awareness
037 – Legal Concepts
038 – Intellectual Property
039 – Contract and Service-Level Agreements (SLAs)
040 – Assurance Frameworks and Certification
041 – CSA Security, Trust and Assurance Registry
042 – Test Essential Knowledge Areas
043 – The Test
CCSP Supplemental Materials
(ISC)² Certified Information Systems Security Professional (CISSP)
001 – Introduction to CISSP
002 – C-I-A
003 – Security Governance Fundamentals
005 – Regulatory Compliance
006 – Protecting Privacy
007 – Intellectual Property
008 – Import-Export
009 – Ethics
011 – Risk Definitions
012 – Risk Frameworks
013 – Risk Assessment
014 – Threats and Threat Agents
015 – Risk Assignment
016 – Threat Modeling
017 – Security Awareness
018 – Due Diligence and Due Care
019 – Vendor Security
021 – Policy
022 – Personnel Security
023 – Control Frameworks
024 – SLAs
025 – Security Documents
027 – Managing Data
028 – Data Ownership
029 – Data Security Controls
030 – Data Remanence
031 – Data at Rest
032 – Data in Transit
033 – Classification
035 – Cryptography Terminology
036 – Hashing
037 – Cryptographic Attacks
038 – Symmetric Cryptography
039 – Asymmetric Cryptography
040 – Hybrid Cryptography
042 – Ciphers
043 – Digital Signatures
045 – PKI Definition and Components
046 – PKI Certificates
047 – Key Management
048 – Key Exchange
050 – Secure Design Principles
051 – Security Models Part 1
052 – Security Models Part 2
053 – Security Models Part 3
054 – Security Modes
055 – Evaluation Models
056 – Rainbow Series
057 – Common Criteria
058 – Certification and Accreditation
060 – TCB
061 – Computer Components
062 – Protection Mechanisms
063 – Common Architecture Flaws
064 – Web-Based Vulnerabilities
065 – Covert Channels
066 – Embedded Systems
068 – Facility Design
069 – Facility Construction
070 – Physical Security
071 – Perimeter Defenses
072 – Doors and Locks
073 – Internal Facilities Security
074 – Physical Intrusion Detection
075 – Personnel Safety
077 – Data Center Security
078 – Media Storage
079 – Utilities and HVAC
080 – Fire Safety
082 – Database Architectures
083 – Database Terminology
084 – Data Mining
085 – Transaction Management
086 – Database Attacks
088 – OSI Protocols
090 – OSI Layers
092 – TCPIP Model
093 – Network Devices
094 – Network Security
095 – IP Networking
097 – DNS and DHCP
098 – ARP
099 – Multi-layer Protocols
100 – Converged Protocols
101 – Network Cabling and Topology
102 – Signaling Types
103 – Network Attacks
104 – Switching
106 – Wireless Networks
107 – Mobile Systems
108 – WAN Technologies
109 – Remote Access
110 – Secure Communication Protocols
112 – Firewalls
113 – DMZ
114 – Honeypots
115 – Endpoint Security
116 – IDS
117 – Authentication Protocols
119 – VPN and VLAN
121 – Distributed and Cloud Computing
122 – Virtualization
123 – Virtualized Networks
125 – Access Control Basics
126 – Access Control Categories
127 – Authentication
129 – Account Management
130 – Single Sign-On (SSO)
132 – Identification
133 – Something You Know
134 – Something You Have
135 – Something You Are (Biometrics)
137 – Authorization
138 – Session Management and Accountability
139 – WLAN Authentication
140 – Remote Authentication Services
141 – Federated Identity
142 – Integrating Identity Services
143 – Access Control Models
144 – Access Control Techniques
145 – Access Control Administration
146 – Access Control Attacks
147 – Social Engineering
148 – Circumventing Access Controls
149 – Access Provisioning
151 – Security Assessment Goals
152 – Control Testing
153 – Penetration Testing
154 – Security Management Processes
156 – Computer Crime
157 – Investigations
158 – Forensics
159 – Evidence
161 – Log Management
162 – Egress Monitoring
163 – Configuration Management
164 – Operations Concepts
165 – Preventive Measures
166 – Trusted Recovery
167 – Patch & Vulnerability Management
169 – Business Continuity Planning
170 – Incident Response Plan
171 – Business Impact Analysis (BIA)
173 – Recovery Strategy
174 – Recovery Process
175 – Disaster Recovery Plan (DRP) Testing
176 – RAID
177 – Backups
178 – Network Redundancy
180 – Secure Software Design
181 – Secure SDLC
182 – Software Development Models
183 – Maturity Models
185 – Change Control
186 – Software Testing
187 – Software Environment
188 – Object-Oriented Programming (OOP)
189 – Distributed Computing
190 – Mobile Code
191 – Acquired Software
192 – Application Attacks
193 – Malware
Common Ports
Encryption
IPSec VPN
Notes on Biometrics
Notes on Access Control
Notes on IPv4-IPv6
Notes on Kerberos
OSI Model
(ISC)² CISSP Fundamentals
001 – The CIA Triad
002 – Regulatory Compliance
003 – Security Documents
004 – Risk Definitions
005 – Threats and Threat Agents
006 – Classification
007 – Data Security Controls
008 – Cryptography Terminology
009 – Hashing
010 – Cryptographic Attacks
011 – PKI Definition and Components
012 – Security Models Part 1
013 – Security Models Part 2
014 – Security Models Part 3
015 – Computer Components
016 – Malware
017 – Web-based Vulnerabilities
018 – Physical Security
019 – Utilities and HVAC
020 – Database Architectures
021 – Database Terminology
022 – Network Cabling and Topology
023 – OSI Protocols
024 – OSI Layers
025 – Wireless Networks
026 – Network Devices
027 – VPN and VLAN
028 – Access Control Basics
029 – Authentication
030 – Single Sign-On (SSO)
031 – Access Control Models
032 – Control Testing
033 – Forensics
034 – Preventative Measures
035 – Business Continuity Planning
036 – Backups
037 – Secure Software Design
038 – Secure SDLC
039 – Application Attacks
(ISC)² CISSP-ISSAP
001 – ISSAP Introduction
002 – ISSAP Layout and Testing
003 – Architect for GRC – Introduction
004 – Standards and Guidelines
005 – Design the Threat Handling and Risk Management Capabilities – Introduction
006 – Risk Assessment Process
007 – Security Architecture Modeling – Introduction
008 – Enterprise Architectures – Overview
009 – Enterprise Architectures – SABSA
010 – Enterprise Architectures – TOGAF
011 – Enterprise Architectures – SOMF
012 – Industrial Control Systems (ICS)
013 – Federal Enterprise Architecture Reference Models
014 – Verify and validate design
015 – Infrastructure Security Architecture – Introduction
016 – Communications and Network Security – Overview
017 – LAN Protocols
018 – Network Topologies
019 – WANs
020 – Common Services Security
021 – LAN Technologies
022 – Wireless Technologies
023 – VoIP, Email, and Remote Access Protocols
024 – OSI Reference Model – Introduction
025 – OSI Layers
026 – Networking Devices and Firewalls
027 – VPN and Secure Protocols
028 – Monitoring, Detection and Response
029 – Design Integrated Cryptographic Solutions
030 – Architecting PKI
031 – IAM Architecture – Introduction
032 – Access Control Concepts
033 – Access Control Services
034 – Access Control Techniques and Technologies
035 – Identity Management
036 – Access Control Protocols and SSO
037 – Kerberos and SESAME
038 – EAP, SAML, OAuth
039 – Access Control Models and Governance
040 – Access Control Categories and Methods
041 – Authorization Process and Types
042 – Privilege Access Management
043 – Access Control Practices
044 – Access Control Protocols
045 – Testing of Access Controls
046 – Network Access Control
047 – Architect for Application Security – Introduction
048 – SDLC
049 – Requirements Traceability Matrix (RTM)
050 – Application Testing
051 – Crypto Key Management
052 – Application Threats
053 – Application Security – Mobile, Web, Proxy and Database Use
054 – Capability Maturity Model (CMM) and Common Criteria (CC)
055 – Off-site Data Storage and Usage
056 – Virtualization and Cloud Computing
057 – Security Operations Architecture – Introduction
058 – Security Operation Capability Requirements
059 – Continuous Security Monitoring
060 – Insider Threats
061 – Log Management
062 – Cybercrime and APTs
063 – Continuity and Recovery Solutions Design
064 – Continuity Planning
065 – BCP and DRP
066 – Business Impact Assessment and Analysis
067 – Continuity Strategy
068 – Recovery and Restoration
069 – Recovery Plan and Strategy Development
070 – Data and Software Backup
071 – BCP and DRP structures and documentation
072 – SecOps Concepts
073 – Physical Security Considerations
074 – Facility Requirements
075 – Physical Security Threats and Access Controls
076 – Environmental Controls
077 – Media and Equipment Considerations
078 – Physical Security Program Components
079 – Incident Management Capabilities
080 – Secure Communications and Networks
(ISC)² CISSP-ISSAP Fundamentals
001 – ISSAP Introduction
002 – ISSAP Layout and Testing
003 – Risk Assessment Process
004 – Standards and Guidelines
005 – Security Architecture Modeling
006 – Verify and Validate Design
007 – Infrastructure Security Architecture
008 – Communication and Network Security Overview
009 – Crypto Solutions
010 – IAM Architecture
011 – Access Control Protocols and SSO
012 – Network Architecture
013 – Architecture for Application Security
014 – Application Testing
015 – Security Operations Architecture
016 – Cybercrime and APTs
017 – SecOps
(ISC)² CISSP-ISSEP
001 – Introduction to ISSEP
002 – General Security Principles
003 – Risk Management Principles
004 – System Resilience Principles
005 – Vulnerability Management Principles
006 – Risk Management Process
007 – Operational Risk Management
008 – Stakeholder Requirements Definition
009 – Requirements Analysis
010 – System Security Architecture and Design
011 – Implementation, Integration, and Deployment of Systems or System Modifications
012 – Verification and Validation of Systems or System Modifications
013 – Secure Operations
014 – Secure Maintenance
015 – Secure Disposal
016 – Acquisition Process
017 – System Development Methodologies
018 – Technical Management Processes
(ISC)² CISSP-ISSEP Fundamentals
001 – General Security Principles
002 – Risk Management Principles
003 – Risk Management Process
004 – Operational Risk Management
005 – Stakeholder Requirements Definition
006 – Requirements Analysis
007 – Secure Operations
008 – Secure Maintenance
009 – Acquisition Process
010 – System Development Methodologies
(ISC)² CISSP-ISSMP
001 – Leadership and Business Management
002 – Security Role
003 – Security Program and Governance
004 – Information Security Strategy
005 – Enterprise System Security Framework 1
006 – Enterprise System Security Framework 2
007 – Enterprise System Security Framework 3
008 – Managing Third-Party Relationships
009 – Security Awareness
010 – Security Metrics
011 – Security Budget
012 – Security Programs
013 – Project Management
014 – Systems Life Cycle Management Introduction
015 – Manage Integration of Security into SDLC – Part 1
016 – Manage Integration of Security into SDLC – Part 2
017 – Manage Integration of Security into SDLC – Part 3
018 – Manage Integration of Security into SDLC – Part 4
019 – Manage Integration of Security into SDLC – Part 5
020 – Manage Integration of Security into SDLC – Part 6
021 – Manage Integration of Security into SDLC – Part 7
022 – Manage Integration of Security into SDLC – Part 8
023 – Evaluate New Business Initiatives, Integrate Initiatives into Security Architecture
024 – Vulnerability Management, Penetration Testing, Threat Assessment and Modeling – Part 1
025 – Vulnerability Management, Penetration Testing, Threat Assessment and Modeling – Part 2
026 – Vulnerability Management, Penetration Testing, Threat Assessment and Modeling – Part 3
027 – Change Control
028 – Risk Management Introduction
029 – Risk Management Program
030 – Conduct Risk Assessments
031 – Risk Assessment Process
032 – Threat Intelligence and Incident Management Introduction
033 – Threat Intelligence
034 – Incident Response and Management – Part 1
035 – Incident Response and Management – Part 2
036 – Incident Response and Management – Part 3
037 – Contingency Management Introduction
038 – Oversee Continuity Planning Development – Part 1
039 – Oversee Continuity Planning Development – Part 2
040 – Oversee Continuity Planning Development – Part 3
041 – Recovery Strategies
042 – Maintaining Plans
043 – Manage Recovery
044 – Law, Ethics and Security Compliance Management Introduction
045 – Legal Parameters – Part 1
046 – Legal Parameters – Part 2
047 – Ethics and Management Issues
048 – Compliance Management IAW Security Policies and Procedures – Part 1
049 – Compliance Management IAW Security Policies and Procedures – Part 2
050 – Compliance Management IAW Security Policies and Procedures – Part 3
051 – Compliance Management IAW Security Policies and Procedures – Part 4
052 – Compliance Management IAW Security Policies and Procedures – Part 5
053 – Coordination with Auditors
(ISC)² CISSP-ISSMP Fundamentals
001 – Roles and Responsibilities
002 – Security Compliance Management Program
003 – Systems Development Lifecycle
004 – SDLC Wrap-up
005 – Risk Assessment
006 – Security Risk Analysis
007 – Incident Management
008 – Digital Forensics
009 – Concept of Business Continuity Planning
010 – BCP Project Planning
011 – Ethics
012 – Other Compliance Considerations
Discover more from Expert Training
Subscribe to get the latest posts sent to your email.