About This Course

The CISSP has clearly emerged as THE key certification for security professionals. In fact, in an informal survey of information security jobs on a major employment Web site, over 70 percent of the positions required CISSP certification! Corporations are demanding experienced information security professionals with the certifications to prove it to protect their information and assets.

The CISSP Prep class was developed to meet current demands and the growing needs of the computer industry. This class provides the student with the level of knowledge needed as part of the (ISC)2 certification requirements for the Certified Information System Security Professional (CISSP) Certification. This certification is rapidly becoming a requirement for employment with security tasks. Students gain a solid background on security concerns, communications, infrastructure, basic cryptography, and operational

Who should attend?

The CISSP is ideal for experienced security practitioners, managers and executives interested in proving their knowledge across a wide array of security practices and principles, including those in the following positions:

  • Security Manager
  • Security Auditor
  • Security Architect
  • Security Consultant
  • Network Architect
  • Chief Information Security Officer
  • Chief Information Officer
  • Director of Security
  • IT Director/Manager
  • Security Systems Engineer
  • Security Analyst

Course Contents

The CISSP exam evaluates your expertise across eight security domains. Think of the domains as topics you need to master based on your professional experience and education.

Domain 1 : Security and Risk Management (Security, Risk,Compliance, Law, Regulations, and Business Continuity)

  • Confidentiality, integrity, and availability concepts
  • Security governance principles
  • Compliance
  • Legal and regulatory issues
  • Professional ethics
  • Security policies, standards, procedures and guidelines
  • Business continuity requirements
  • Personnel security policies
  • Risk management concepts
  • Threat modeling
  • Risk considerations
  • Security education, training, and awareness

Domain 2 : Asset Security (Protecting Security of Assets)

  • Information and asset classification
  • Ownership (e.g. data owners, system owners)
  • Protect privacy
  • Appropriate retention
  • Data security controls
  • Handling requirements (e.g. markings, labels,storage)

Domain 3 : Security Engineering (Engineering and Management of Security)

  • Engineering processes using secure design principles
  • Security models fundamental concepts
  • Security evaluation models
  • Security capabilities of information systems
  • Security architectures, designs, and solution elements vulnerabilities
  • Web-based systems vulnerabilities
  • Mobile systems vulnerabilities
  • Embedded devices and cyber-physical systems vulnerabilities
  • Cryptography
  • Site and facility design secure principles
  • Physical security

Domain 4 : Communication and Network Security (Designing and Protecting Network Security)

  • Secure network architecture design (e.g. IP & non-IP protocols, segmentation)
  • Secure network components
  • Secure communication channels
  • Network attacks

Domain 5 : Identity and Access Management (Controlling Access and Managing Identity)

  • Physical and logical assets control
  • Identification and authentication of people and devices
  • Identity as a service (e.g. cloud identity)
  • Third-par ty identity services (e.g. on-premise)
  • Access control attacks
  • Identity and access provisioning lifecycle (e.g. provisioning review)

Domain 6 : Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)

  • Assessment and test strategies
  • Security process data (e.g. management and operational controls)
  • Security control testing
  • Test outputs (e.g. automated, manual)
  • Security architectures vulnerabilities

Domain 7 : Security Operations (Foundational Concepts, Investigations, Incident Management, and Disaster Recovery)

  • Investigations support and requirements
  • Logging and monitoring activities
  • Provisioning of resources
  • Foundational security operations concepts
  • Resource protection techniques
  • Incident management
  • Preventative measures
  • Patch and vulnerability management
  • Change management processes
  • Recovery strategies
  • Disaster recovery processes and plans
  • Business continuity planning and exercises
  • Physical security
  • Personnel safety concerns

Domain 8 : Software Development Security (Understanding,Applying, and Enforcing Software Security)

  • Security in the software development life cycle
  • Development environment security controls
  • Software security effectiveness
  • Acquired software security impact

CISSP Examination Information

Length of exam : 6 hours
Number of questions : 250
Question format : Multiple choice and advanced innovative questions
Passing grade : 700 out of 1000 points
Exam language availability : French, German, Brazilian Portuguese, Spanish, Japanese, Simplified Chinese, Korean
Testing center :  (ISC)2 Authorized PPC and PVTC Select Pearson VUE Testing Centers

Training Info

Language: Conducted in Thai Language
Duration: 5 Days
Venue: ACinfotec Training Center
16th Fl., Asia Centre Bldg., South Sathorn Rd.
Training Fees: 38,000 BAHT (Ex.Vat 7%)
Tel : 02 670 8980-3 ext. 304, 305
E-mail: [email protected]