Description

Price: 25.00 USD | Size: 20.6 GB | Duration : 70+ Hours  |527 Video Lessons | ⭐️⭐️⭐️⭐️⭐️ 4.9

BRAND: Expert TRAINING | ENGLISH | Bonus : CISSP PDF Guides Bundle | INSTANT DOWNLOAD

 

 

Earning your Certified Information Systems Security Professional (CISSP) delivers new opportunities for your cybersecurity career. It’s a great first step, but you may find it valuable to go beyond this and focus on CISSP concentrations. These concentrations go above the standard CISSP certification in many ways. With such credentials, you may be an even more attractive candidate to employers or advance your career, earn more and take on more responsibilities.

We’ll review requirements, steps for certification, learning objectives for each certification and who should pursue concentrations and why for all the CISSP concentrations.

There are three CISSP concentrations:

• Information Systems Security Architecture Professional (ISSAP)
• Information Systems Security Engineering Professional (ISSEP)
• Information Systems Security Management Professional (ISSMP)

Each focuses on a different subarea within the CISSP framework, allowing you to hone your skills and specialize. The concentrations will enable you to build upon the knowledge learned by achieving your CISSP certification. With these three concentrations, you can develop your acumen in either architecture, engineering or management.

These concentrations come from the International Information System Security Certification Consortium or (ISC)². This group defines the steps to certification.

There are several steps you must take to qualify for concentrations.

To qualify for each of these concentrations, you’ll need to be a CISSP in “good standing,” which means holding and maintaining the certification, including earning continuing Professional Education (CPE) credits.

You’ll also need at least two years of cumulative, paid work experience in these areas, respective to their concentration:

• One of more of the six domains of CISSP-ISSAP Common Body of Knowledge (CBK)
• One or more of the five domains of the CISSP-ISSEP CBK
• One or more of the six domains of the CISSP-ISSMP CBK

The CISSP certification requires five years of experience, so these certifications are targeted towards experienced security professionals.

If you meet the first round of qualifications, you’ll next need to take an exam. You’ll start by creating an account on Pearson VUE. When you set up an account, you’ll have to complete an examination agreement, which means you will adhere to the (ISC)² code of ethics. You’ll also need to review the candidate background questions. Finally, you’ll pay the fee of $599 (or equivalent in other currency).

In preparation for the exam, you can either develop a study plan or enroll in certification training prep from (ISC)² or a licensed training provider. (ISC)² also offers webinars on each of the three concentrations. Training can be online, in a classroom, or private, on-site. Understand that each of the three concentrations has its own CBK that goes beyond that for CISSP.

The exam format for each credential is 3 hours to answer 125 multiple-choice questions. To successfully pass, you’ll need to earn 700 points on a 1,000-point scale. A panel of subject matter experts (SMEs) who are (ISC)² volunteers establish the passing score.

After passing the exam, you will need to go through the endorsement process once more (the same as when you earned your CISSP certification). You have nine months from the date of passing your exam to complete your endorsement. The endorsement requires a signing off by an (ISC)² certified professional who is an active member.

After the endorsement approval, you’ll pay a single annual maintenance fee (AMF). (ISC)² uses these fees to support the costs of maintaining certifications. The cost is $125, and it’s due annually. It’s one cost, no matter the number of certifications you earn.

Along with the yearly AMF, you’ll also need to complete 20 CPEs every year for each concentration. Every three years, you’ll need to renew your certification.

CISSP concentrations build upon your CISSP certification, bringing greater depth, knowledge and expertise in one of the three areas. The testing is shorter for concentrations compared to CISSP.

Another key difference between the three CISSP concentrations and the CISSP itself is that you cannot substitute becoming an (ISC)² associate to demonstrate competence. The “associate” level is for those who have not yet earned their CISSP certification and need a little help in demonstrating competence.

To truly highlight the differences between CISSP concentrations and the standard CISSP certification, we’ll delve into what each of the three concentrations covers.

The CISSP-ISSAP certification deals specifically with information security architecture. Earning this certification demonstrates your knowledge in developing, designing and analyzing security solutions. Further, it proves you are proficient in providing risk-based guidance to key decision-makers to enable organizational goals.

• Domain 1. Architect for governance, compliance, and risk management (17%)
• Domain 2. Security architecture modeling (15%)
• Domain 3. Infrastructure security architecture (21%)
• Domain 4. Identity and access management (IAM) architecture (16%)
• Domain 5. Architect for application security (13%)
• Domain 6. Security operations architecture (18%)

(ISC)² notes CISSP-ISSAP is an appropriate credential for chief security architects or analysts. The roles it fits best with are those with a consultative or analytical process of information security.

Ideally, you should pursue ISSAP if you want to be an SME in your field and are plotting a path for your career that includes incremental growth in responsibility and salary.

(ISC)² lists the following ISSAP exam outline for each domain:

Domain 1

• Determine legal, regulatory, organizational and industry requirements
• Manage risk

Domain 2

• Identify security architecture approach
• Verify and validate design (e.g., Functional Acceptance Testing (FAT), regression)

Domain 3

• Develop infrastructure security requirements
• Design defense-in-depth architecture
• Secure shared services (e.g., wireless, email, voice over internet protocol (VoIP), unified communications (UC), Domain Name System (DNS), network time protocol (NTP))
• Integrate technical security controls
• Design and integrate infrastructure monitoring
• Design infrastructure cryptographic solutions
• Design secure network and communication infrastructure (e.g., virtual private network (VPN), internet protocol security (IPsec), transport layer security (TLS))
• Evaluate physical and environmental security requirements

Domain 4

• Design identity management and lifecycle
• Design access control management and lifecycle
• Design identity and access solutions

Domain 5

• Integrate software development life cycle (SDLC) with application security architecture (e.g., requirements traceability matrix (RTM), security architecture documentation, secure coding)
• Determine application security capability requirements and strategy (e.g., open source, cloud service providers (CSP), software as a service (SaaS)/infrastructure as a service (IaaS)/platform as a service (PaaS) environments)
• Identify common proactive controls for applications (e.g., Open Web Application Security Project (OWASP))

Domain 6

• Gather security operations requirements (e.g., legal, compliance, organizational and business requirements)
• Design information security monitoring (e.g., security information and event management (SIEM), insider threat, threat intelligence, user behavior analytics, incident response (IR) procedures)
• Design business continuity (BC) and resiliency solutions
• Validate business continuity plan (BCP)/disaster recovery plan (DRP)
• Design incident response (IR) management

The CISSP-ISSEP concentration focuses on information systems security engineering. Earning the certification demonstrates you know how to apply systems engineering principles and processes practically. It also represents your ability to integrate security across the infrastructure. (ISC)² developed the concentration in partnership with the U.S. National Security Agency (NSA).

• Domain 1. Systems security engineering foundations (25%)
• Domain 2. Risk management (14%)
• Domain 3. Security planning and design (30%)
• Domain 4. Systems implementation, verification, and validation (14%)
• Domain 5. Secure operations, change management and disposal (17%)

Most pursuers of this concentration are senior systems engineers, information assurance systems engineers, information assurance officers, information assurance analysts and senior security analysts. If those are your areas of specialty and interest, you can move ahead in your career and increase your salary by earning ISSEP.

(ISC)² lists the following ISSEP exam outline for each domain:

Domain 1

• Apply systems security engineering fundamentals
• Execute systems security engineering processes
• Integrate with applicable system development methodology
• Perform technical management
• Participate in the acquisition process
• Design trusted systems and networks (TSN)

Domain 2

• Apply security risk management principles
• Address risk to the system
• Manage risk to operations

Domain 3

• Analyze the organizational and operational environment
• Apply system security principles
• Develop system requirements
• Create system security architecture and design

Domain 4

• Implement, integrate and deploy security solutions
• Verify and validate security solutions

Domain 5

• Develop secure operations strategy
• Participate in secure operations
• Participate in change management
• Participate in the disposal process

The ISSMP concentration centers around security management. Holding this concentration certification represents that you can establish, present and govern information security programs. It also shows your management and leadership skills.

• Domain 1. Leadership and business management (22%)
• Domain 2. Systems lifecycle management (19%)
• Domain 3. Risk management (18%)
• Domain 4. Threat intelligence and incident management (17%)
• Domain 5. Contingency management (10%)
• Domain 6. Law, ethics and security compliance management (14%)

Those pursuing ISSMP fall into leadership roles, including chief information officers, chief information security officers, chief technology officers or senior security executives. If you hold these titles or are the goal for your career, then ISSMP is an excellent concentration that can also boost your salary. To take on a leadership role, you need more than technical skills. You also need to manage things like budget, training and metrics.

(ISC)² lists the following ISSMP exam outline for each domain:

Domain 1

• Establish security’s role in organizational culture, vision and mission
• Align security program with organizational governance
• Define and implement information security strategies
• Define and maintain security policy framework
• Manage security requirements in contracts and agreements
• Oversee security awareness and training programs
• Define, measure and report security metrics
• Prepare, obtain and administer security budget
• Manage security programs
• Apply product development and project management principles

Domain 2

• Manage integration of security into system development lifecycle (SDLC)
• Integrate new business initiatives and emerging technologies into the security architecture
• Define and oversee comprehensive vulnerability management programs (e.g., vulnerability scanning, penetration testing, threat analysis)
• Manage security aspects of change control

Domain 3

• Develop and manage a risk management program
• Conduct risk assessments

Domain 4

• Establish and maintain a threat intelligence program
• Establish and Maintain Incident Handling and Investigation Program

Domain 5

• Oversee development of contingency plans
• Guide development of recovery strategies
• Maintain business continuity plan (BCP), continuity of operations plan (COOP) and disaster recovery plan (DRP)
• Manage recovery process

Domain 6

• Understand the impact of laws that relate to information security
• Understand management issues as related to the (ISC)² Code of Ethics
• Validate compliance with applicable laws, regulations and industry best practices
• Coordinate with auditors and assist with the internal and external audit process
• Document and manage compliance exceptions

There are several benefits to earning a concentration. According to the (ISC)², “Passing a concentration examination demonstrates proven capabilities and subject-matter expertise beyond that required for the CISSP or SSCP credentials.”

This puts you in a prime position for higher-paying positions with more responsibilities and challenges, allowing you to enjoy an even more rewarding career.

Another reason to earn your credentials is to set yourself apart from others; CISSP certification is the gold standard for the industry. According to (ISC)², there are over 147,000 certified CISSP professionals in the world. That’s widespread, but concentrations have much fewer numbers. In the U.S., current numbers are:

• 1,311 ISSAP certified professionals
• 1,220 ISSEP certified professionals
• 961 ISSMP certified professionals

Earning your CISSP credential will give you an advantage in a very competitive, growing field, and a CISSP concentration credential will do even more for you. Completing these concentrations is not necessary for everyone. Balance your career goals against the CBKs for each concentration to determine if they will be the right fit for your needs.

Choosing which field to specialize in includes a variety of factors. Each concentration is specific to roles and career paths. The decision for you may include considering:

• Your strengths and required experience
• Career goals
• Opportunities within your current organization and the job market
• What you’re passionate about
• Your interest in leadership positions

By defining your goals, strengths and opportunities, you can determine which concentration will deliver the most value.

Course Contents

 

001 – Security Objectives

002 – Risk Management – Terms and Definitions

003 – Risk Management Overview

004 – RMF Objectives and Tasks

005 – Defining the Information Systems

006 – Categorization Documents

007 – Control Selection Objectives and Tasks

008 – Implementation Objectives and Tasks

009 – Organization of Controls

010 – Control Assurance and Documentation

011 – Conducting Security Control Assessment

012 – Authorization Objective and Tasks

013 – Making Security Authorization Decisions

014 – Continuous Monitoring Tasks and Objectives

015 – Continuous Monitoring Process

 

001 – Cybersecurity Fundamentals

002 – Cloud Computing Concepts

003 – Deployment Models

004 – Principles of Secure Cloud Computing

005 – Cloud Terms you MUST Know

006 – Data Classification and Categorization

007 – Data Lifecycle

008 – Data Destruction and Disposal

009 – Cloud Storage Architectures

010 – Cloud Security Strategies

011 – Cloud Secure Software Development Lifecycle

012 – Application Architecture Elements of Cloud Services

013 – Physical  Logical Operations

014 – Managing Risks

015 – Legal Concepts

016 – Assurance Frameworks and Certification

 

001 – Introduction

002 – CAP Basis and Foundations

004 – CAP Domain 1 Introduction

005 – Security Objectives

006 – Essential Laws and Documents

007 – Security Authorization Process

008 – Risk Management – Terms and Definitions

009 – Risk Management – Risk Definition and Types

010 – Risk Management Overview

011 – System Boundaries and Control Allocation

012 – SDLC Integration

013 – Authorization Roles and Responsibilities

014 – RMF Objectives and Tasks

015 – Privacy Requirements and Hosted Systems

016 – Federal Laws

017 – Executive Orders and OMB Documents

018 – NIST Documents – FIPS

019 – NIST Documents – Special Publications

020 – CNSS

021 – Supplemental Regulations

022 – CAP Domain 2 Introduction

023 – Defining the Information Systems

024 – System Security Plan

025 – Categorization Documents

026 – Identifying the Information Types

027 – Determining the Impact Level

028 – Categorization Examples and Exercises

029 – Categorization of National Security Systems

030 – CAP Domain 3 Introduction

031 – Control Selection Objectives and Tasks

032 – Tailoring of Controls

033 – Monitoring Strategy and Security Plan Approval

034 – Step One – Prepare

035 – Step Two – Conduct the Assessment

036 – Step Three – Report and Communicate

037 – Step Four – Maintain

038 – CAP Domain 4 Introduction

039 – Implementation Objective and Tasks

040 – Organization of Controls

041 – Compensating Controls

042 – Control Assurance and Documentation

043 – Defense in Depth

044 – Types of Controls

045 – CAP Domain 5 Introduction

046 – Preparing for Security Control Assessment (SCA)

047 – Conducting Security Control Assessment (SCA)

048 – Preparing and Developing Security Assessment Report (SAR)

049 – CAP Domain 6 Introduction

050 – Authorization Objective and Tasks

051 – Developing Plan of Action and Milestones (POAM) & assembling Security Authorization Package

052 – Determining Information System Risk

053 – Making Security Authorization Decision

054 – CAP Domain 7 Introduction

055 – Continuous Monitoring Tasks and Objectives

056 – System Configuration Management

057 – Ongoing Assessments, Remediation and Risk Acceptance

058 – Decommission of Information Systems

059 – Continuous Monitoring Process

060 – ISCM Fundamentals

061 – Role of Automation in ISCM

062 – CAP Exam Details

063 – CAP Exam Study Tips

064 – Taking the CAP Exam

CAP Supplemental Materials

 

001 – Introduction to CCSP

002 – Cybersecurity Fundamentals

003 – Governance Principles

004 – Control Frameworks

005 – Cyber Security Framework (CSF) Amplification Framework

006 – Regulatory Compliance

008 – Cloud Computing Concepts

009 – Cloud Reference Architecture

010 – Deployment Models

011 – Security Aspects of Virtualization

012 – Principles of Secure Cloud Computing

013 – Design Requirements

014 – Cloud Model Boundaries

015 – Protecting Sensitive Information

016 – Threat Modeling

017 – Cloud Terms You MUST Know

018 – Data Classification and Categorization

019 – Data Lifecycle

020 – Information Rights Management (IRM)  Digital Rights Management (DRM) Solutions

021 – Data Retention

022 – Data Audits

023 – Data Destruction Disposal

024 – Cloud Storage Architectures

025 – Cloud Security Strategies

026 – Cloud Platform Risks and Responsibilities

027 – Disaster Recovery and Business Continuity Management

028 – Cloud Secure Software Development Lifecycle

029 – Software Security Testing

030 – Application Architecture Elements of Cloud Services

031 – Auditing in the Cloud

032 – Physical  Logical Operations

033 – Monitoring, Capacity and Maintenance

034 – Change and Configuration Management

035 – Managing Risks

036 – Security Training and Awareness

037 – Legal Concepts

038 – Intellectual Property

039 – Contract and Service-Level Agreements (SLAs)

040 – Assurance Frameworks and Certification

041 – CSA Security, Trust and Assurance Registry

042 – Test Essential Knowledge Areas

043 – The Test

CCSP Supplemental Materials

 

001 – Introduction to CISSP

002 – C-I-A

003 – Security Governance Fundamentals

005 – Regulatory Compliance

006 – Protecting Privacy

007 – Intellectual Property

008 – Import-Export

009 – Ethics

011 – Risk Definitions

012 – Risk Frameworks

013 – Risk Assessment

014 – Threats and Threat Agents

015 – Risk Assignment

016 – Threat Modeling

017 – Security Awareness

018 – Due Diligence and Due Care

019 – Vendor Security

021 – Policy

022 – Personnel Security

023 – Control Frameworks

024 – SLAs

025 – Security Documents

027 – Managing Data

028 – Data Ownership

029 – Data Security Controls

030 – Data Remanence

031 – Data at Rest

032 – Data in Transit

033 – Classification

035 – Cryptography Terminology

036 – Hashing

037 – Cryptographic Attacks

038 – Symmetric Cryptography

039 – Asymmetric Cryptography

040 – Hybrid Cryptography

042 – Ciphers

043 – Digital Signatures

045 – PKI Definition and Components

046 – PKI Certificates

047 – Key Management

048 – Key Exchange

050 – Secure Design Principles

051 – Security Models Part 1

052 – Security Models Part 2

053 – Security Models Part 3

054 – Security Modes

055 – Evaluation Models

056 – Rainbow Series

057 – Common Criteria

058 – Certification and Accreditation

060 – TCB

061 – Computer Components

062 – Protection Mechanisms

063 – Common Architecture Flaws

064 – Web-Based Vulnerabilities

065 – Covert Channels

066 – Embedded Systems

068 – Facility Design

069 – Facility Construction

070 – Physical Security

071 – Perimeter Defenses

072 – Doors and Locks

073 – Internal Facilities Security

074 – Physical Intrusion Detection

075 – Personnel Safety

077 – Data Center Security

078 – Media Storage

079 – Utilities and HVAC

080 – Fire Safety

082 – Database Architectures

083 – Database Terminology

084 – Data Mining

085 – Transaction Management

086 – Database Attacks

088 – OSI Protocols

090 – OSI Layers

092 – TCPIP Model

093 – Network Devices

094 – Network Security

095 – IP Networking

097 – DNS and DHCP

098 – ARP

099 – Multi-layer Protocols

100 – Converged Protocols

101 – Network Cabling and Topology

102 – Signaling Types

103 – Network Attacks

104 – Switching

106 – Wireless Networks

107 – Mobile Systems

108 – WAN Technologies

109 – Remote Access

110 – Secure Communication Protocols

112 – Firewalls

113 – DMZ

114 – Honeypots

115 – Endpoint Security

116 – IDS

117 – Authentication Protocols

119 – VPN and VLAN

121 – Distributed and Cloud Computing

122 – Virtualization

123 – Virtualized Networks

125 – Access Control Basics

126 – Access Control Categories

127 – Authentication

129 – Account Management

130 – Single Sign-On (SSO)

132 – Identification

133 – Something You Know

134 – Something You Have

135 – Something You Are (Biometrics)

137 – Authorization

138 – Session Management and Accountability

139 – WLAN Authentication

140 – Remote Authentication Services

141 – Federated Identity

142 – Integrating Identity Services

143 – Access Control Models

144 – Access Control Techniques

145 – Access Control Administration

146 – Access Control Attacks

147 – Social Engineering

148 – Circumventing Access Controls

149 – Access Provisioning

151 – Security Assessment Goals

152 – Control Testing

153 – Penetration Testing

154 – Security Management Processes

156 – Computer Crime

157 – Investigations

158 – Forensics

159 – Evidence

161 – Log Management

162 – Egress Monitoring

163 – Configuration Management

164 – Operations Concepts

165 – Preventive Measures

166 – Trusted Recovery

167 – Patch & Vulnerability Management

169 – Business Continuity Planning

170 – Incident Response Plan

171 – Business Impact Analysis (BIA)

173 – Recovery Strategy

174 – Recovery Process

175 – Disaster Recovery Plan (DRP) Testing

176 – RAID

177 – Backups

178 – Network Redundancy

180 – Secure Software Design

181 – Secure SDLC

182 – Software Development Models

183 – Maturity Models

185 – Change Control

186 – Software Testing

187 – Software Environment

188 – Object-Oriented Programming (OOP)

189 – Distributed Computing

190 – Mobile Code

191 – Acquired Software

192 – Application Attacks

193 – Malware

Common Ports

Encryption

IPSec VPN

Notes on  Biometrics

Notes on Access Control

Notes on IPv4-IPv6

Notes on Kerberos

OSI Model

 

001 – The CIA Triad

002 – Regulatory Compliance

003 – Security Documents

004 – Risk Definitions

005 – Threats and Threat Agents

006 – Classification

007 – Data Security Controls

008 – Cryptography Terminology

009 – Hashing

010 – Cryptographic Attacks

011 – PKI Definition and Components

012 – Security Models Part 1

013 – Security Models Part 2

014 – Security Models Part 3

015 – Computer Components

016 – Malware

017 – Web-based Vulnerabilities

018 – Physical Security

019 – Utilities and HVAC

020 – Database Architectures

021 – Database Terminology

022 – Network Cabling and Topology

023 – OSI Protocols

024 – OSI Layers

025 – Wireless Networks

026 – Network Devices

027 – VPN and VLAN

028 – Access Control Basics

029 – Authentication

030 – Single Sign-On (SSO)

031 – Access Control Models

032 – Control Testing

033 – Forensics

034 – Preventative Measures

035 – Business Continuity Planning

036 – Backups

037 – Secure Software Design

038 – Secure SDLC

039 – Application Attacks

 

001 – ISSAP Introduction

002 – ISSAP Layout and Testing

003 – Architect for GRC – Introduction

004 – Standards and Guidelines

005 – Design the Threat Handling and Risk Management Capabilities – Introduction

006 – Risk Assessment Process

007 – Security Architecture Modeling – Introduction

008 – Enterprise Architectures – Overview

009 – Enterprise Architectures – SABSA

010 – Enterprise Architectures – TOGAF

011 – Enterprise Architectures – SOMF

012 –  Industrial Control Systems (ICS)

013 – Federal Enterprise Architecture Reference Models

014 – Verify and validate design

015 – Infrastructure Security Architecture – Introduction

016 – Communications and Network Security – Overview

017 – LAN Protocols

018 – Network Topologies

019 – WANs

020 – Common Services Security

021 – LAN Technologies

022 – Wireless Technologies

023 – VoIP, Email, and Remote Access Protocols

024 – OSI Reference Model – Introduction

025 – OSI Layers

026 – Networking Devices and Firewalls

027 – VPN and Secure Protocols

028 – Monitoring, Detection and Response

029 – Design Integrated Cryptographic Solutions

030 – Architecting PKI

031 – IAM Architecture – Introduction

032 – Access Control Concepts

033 – Access Control Services

034 – Access Control Techniques and Technologies

035 –  Identity Management

036 – Access Control Protocols and SSO

037 – Kerberos and SESAME

038 – EAP, SAML, OAuth

039 – Access Control Models and Governance

040 – Access Control Categories and Methods

041 – Authorization Process and Types

042 – Privilege Access Management

043 – Access Control Practices

044 – Access Control Protocols

045 – Testing of Access Controls

046 – Network Access Control

047 – Architect for Application Security – Introduction

048 – SDLC

049 – Requirements Traceability Matrix (RTM)

050 – Application Testing

051 – Crypto Key Management

052 – Application Threats

053 – Application Security – Mobile, Web, Proxy and Database Use

054 – Capability Maturity Model (CMM) and Common Criteria (CC)

055 – Off-site Data Storage and Usage

056 – Virtualization and Cloud Computing

057 – Security Operations Architecture – Introduction

058 –  Security Operation Capability Requirements

059 – Continuous Security Monitoring

060 – Insider Threats

061 – Log Management

062 – Cybercrime and APTs

063 – Continuity and Recovery Solutions Design

064 – Continuity Planning

065 – BCP and DRP

066 – Business Impact Assessment and Analysis

067 – Continuity Strategy

068 – Recovery and Restoration

069 – Recovery Plan and Strategy Development

070 – Data and Software Backup

071 – BCP and DRP structures and documentation

072 – SecOps Concepts

073 – Physical Security Considerations

074 – Facility Requirements

075 – Physical Security Threats and Access Controls

076 – Environmental Controls

077 – Media and Equipment Considerations

078 – Physical Security Program Components

079 – Incident Management Capabilities

080 – Secure Communications and Networks

 

001 – ISSAP Introduction

002 – ISSAP Layout and Testing

003 – Risk Assessment Process

004 – Standards and Guidelines

005 – Security Architecture Modeling

006 – Verify and Validate Design

007 – Infrastructure Security Architecture

008 – Communication and Network Security Overview

009 – Crypto Solutions

010 – IAM Architecture

011 – Access Control Protocols and SSO

012 – Network Architecture

013 – Architecture for Application Security

014 – Application Testing

015 – Security Operations Architecture

016 – Cybercrime and APTs

017 – SecOps

 

001 – Introduction to ISSEP

002 – General Security Principles

003 – Risk Management Principles

004 – System Resilience Principles

005 – Vulnerability Management Principles

006 – Risk Management Process

007 – Operational Risk Management

008 – Stakeholder Requirements Definition

009 – Requirements Analysis

010 – System Security Architecture and Design

011 – Implementation, Integration, and Deployment of Systems or System Modifications

012 – Verification and Validation of Systems or System Modifications

013 – Secure Operations

014 – Secure Maintenance

015 – Secure Disposal

016 – Acquisition Process

017 – System Development Methodologies

018 – Technical Management Processes

 

001 – General Security Principles

002 – Risk Management Principles

003 – Risk Management Process

004 – Operational Risk Management

005 – Stakeholder Requirements Definition

006 – Requirements Analysis

007 – Secure Operations

008 – Secure Maintenance

009 – Acquisition Process

010 – System Development Methodologies

 

001 – Leadership and Business Management

002 – Security Role

003 – Security Program and Governance

004 – Information Security Strategy

005 – Enterprise System Security Framework 1

006 – Enterprise System Security Framework 2

007 – Enterprise System Security Framework 3

008 – Managing Third-Party Relationships

009 – Security Awareness

010 – Security Metrics

011 – Security Budget

012 – Security Programs

013 – Project Management

014 – Systems Life Cycle Management Introduction

015 – Manage Integration of Security into SDLC – Part 1

016 – Manage Integration of Security into SDLC – Part 2

017 – Manage Integration of Security into SDLC – Part 3

018 – Manage Integration of Security into SDLC – Part 4

019 – Manage Integration of Security into SDLC – Part 5

020 – Manage Integration of Security into SDLC – Part 6

021 – Manage Integration of Security into SDLC – Part 7

022 – Manage Integration of Security into SDLC – Part 8

023 – Evaluate New Business Initiatives, Integrate Initiatives into Security Architecture

024 – Vulnerability Management, Penetration Testing, Threat Assessment and Modeling – Part 1

025 – Vulnerability Management, Penetration Testing, Threat Assessment and Modeling – Part 2

026 – Vulnerability Management, Penetration Testing, Threat Assessment and Modeling – Part 3

027 – Change Control

028 – Risk Management Introduction

029 – Risk Management Program

030 – Conduct Risk Assessments

031 – Risk Assessment Process

032 – Threat Intelligence and Incident Management Introduction

033 – Threat Intelligence

034 – Incident Response and Management – Part 1

035 – Incident Response and Management – Part 2

036 – Incident Response and Management – Part 3

037 – Contingency Management Introduction

038 – Oversee Continuity Planning Development – Part 1

039 – Oversee Continuity Planning Development – Part 2

040 – Oversee Continuity Planning Development – Part 3

041 – Recovery Strategies

042 – Maintaining Plans

043 – Manage Recovery

044 – Law, Ethics and Security Compliance Management Introduction

045 – Legal Parameters – Part 1

046 – Legal Parameters – Part 2

047 – Ethics and Management Issues

048 – Compliance Management IAW Security Policies and Procedures – Part 1

049 – Compliance Management IAW Security Policies and Procedures – Part 2

050 – Compliance Management IAW Security Policies and Procedures – Part 3

051 – Compliance Management IAW Security Policies and Procedures – Part 4

052 – Compliance Management IAW Security Policies and Procedures – Part 5

053 – Coordination with Auditors

 

001 – Roles and Responsibilities

002 – Security Compliance Management Program

003 – Systems Development Lifecycle

004 – SDLC Wrap-up

005 – Risk Assessment

006 – Security Risk Analysis

007 – Incident Management

008 – Digital Forensics

009 – Concept of Business Continuity Planning

010 – BCP Project Planning

011 – Ethics

012 – Other Compliance Considerations