About This Course

The CISSP has clearly emerged as THE key certification for security professionals. In fact, in an informal survey of information security jobs on a major employment Web site, over 70 percent of the positions required CISSP certification! Corporations are demanding experienced information security professionals with the certifications to prove it to protect their information and assets.

The CISSP Prep class was developed to meet current demands and the growing needs of the computer industry. This class provides the student with the level of knowledge needed as part of the (ISC)2 certification requirements for the Certified Information System Security Professional (CISSP) Certification. This certification is rapidly becoming a requirement for employment with security tasks. Students gain a solid background on security concerns, communications, infrastructure, basic cryptography, and operational

Who should attend?

The CISSP is ideal for experienced security practitioners, managers and executives interested in proving their knowledge across a wide array of security practices and principles, including those in the following positions:

• Security Manager
• Security Auditor
• Security Architect
• Security Consultant
• Network Architect
• Chief Information Security Officer
• Chief Information Officer
• Director of Security
• IT Director/Manager
• Security Systems Engineer
• Security Analyst

Course Contents

The CISSP exam evaluates your expertise across eight security domains. Think of the domains as topics you need to master based on your professional experience and education.

Domain 1 : Security and Risk Management (Security, Risk,Compliance, Law, Regulations, and Business Continuity)

• Confidentiality, integrity, and availability concepts
• Security governance principles
• Compliance
• Legal and regulatory issues
• Professional ethics
• Security policies, standards, procedures and guidelines
• Business continuity requirements
• Personnel security policies
• Risk management concepts
• Threat modeling
• Risk considerations
• Security education, training, and awareness

Domain 2 : Asset Security (Protecting Security of Assets)

• Information and asset classification
• Ownership (e.g. data owners, system owners)
• Protect privacy
• Appropriate retention
• Data security controls
• Handling requirements (e.g. markings, labels,storage)

Domain 3 : Security Engineering (Engineering and Management of Security)

• Engineering processes using secure design principles
• Security models fundamental concepts
• Security evaluation models
• Security capabilities of information systems
• Security architectures, designs, and solution elements vulnerabilities
• Web-based systems vulnerabilities
• Mobile systems vulnerabilities
• Embedded devices and cyber-physical systems vulnerabilities
• Cryptography
• Site and facility design secure principles
• Physical security

Domain 4 : Communication and Network Security (Designing and Protecting Network Security)

• Secure network architecture design (e.g. IP & non-IP protocols, segmentation)
• Secure network components
• Secure communication channels
• Network attacks

Domain 5 : Identity and Access Management (Controlling Access and Managing Identity)

• Physical and logical assets control
• Identification and authentication of people and devices
• Identity as a service (e.g. cloud identity)
• Third-par ty identity services (e.g. on-premise)
• Access control attacks
• Identity and access provisioning lifecycle (e.g. provisioning review)

Domain 6 : Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)

• Assessment and test strategies
• Security process data (e.g. management and operational controls)
• Security control testing
• Test outputs (e.g. automated, manual)
• Security architectures vulnerabilities

Domain 7 : Security Operations (Foundational Concepts, Investigations, Incident Management, and Disaster Recovery)

• Investigations support and requirements
• Logging and monitoring activities
• Provisioning of resources
• Foundational security operations concepts
• Resource protection techniques
• Incident management
• Preventative measures
• Patch and vulnerability management
• Change management processes
• Recovery strategies
• Disaster recovery processes and plans
• Business continuity planning and exercises
• Physical security
• Personnel safety concerns

Domain 8 : Software Development Security (Understanding,Applying, and Enforcing Software Security)

• Security in the software development life cycle
• Development environment security controls
• Software security effectiveness
• Acquired software security impact

CISSP Changes To Computerized Adaptive Testing

(ISC)² has introduced Computerized Adaptive Testing (CAT) for all English CISSP exams worldwide. Based on the same exam content outline as the linear, fixed-form exam, CISSP CAT is a more precise and efficient evaluation of your competency. CISSP CAT enables you to prove your knowledge by answering fewer items and completing the exam in half the time.

How Does it Work?

Each candidate taking the CISSP CAT exam will start with an item that is well below the passing standard. Following a candidate’s response to an item, the scoring algorithm re-estimates the candidate’s ability based on the difficulty of all items presented and answers provided. With each additional item answered, the computer’s estimate of the candidate’s ability becomes more precise – gathering as much information as possible about a candidate’s true ability level more efficiently than traditional, linear exams.

This more precise evaluation enables us to reduce the maximum exam administration time from 6 hours to 3 hours, and it reduces the items necessary to accurately assess a candidate’s ability from 250 items on a linear, fixed-form exam to as little as 100 items on the CISSP CAT exam.

The exam content outline and passing standard for both versions of the examination are exactly the same. Each candidate will be assessed on the same content and must demonstrate the same level of competency regardless of the exam format.

CISSP exams in all other languages, as well as all CISSP concentration exams are delivered as linear, fixed-form exams.

Training Info

Duration : 5 Days
Date : Mar 20 – 24, 2023
Time : 9.30-16.30 pm.
Venue : ACinfotec Training Center
16th Fl., Asia Centre Bldg., South Sathorn Rd.
Training Fee : 38,000 Baht (ex.vat 7%)
Exam Fee : Please call
Tel. 02 670 8980-3 ext.304, 305
Email. [email protected]