CISSP Courses

Certified Information Security Systems Professional (CISSP) Courses

Course Overview

Course Outline


New Horizons CISSP Training is the most comprehensive review of information security concepts and industry best practices, and covers the 10 domains of the CISSP CBK (Common Body of Knowledge). This training course will help candidates review and refresh their information security knowledge and help identify areas they need to study for the CISSP exam.


Retail Training Weekdays – 5 days

Course Description

New Horizons CISSP Training is the most comprehensive review of information security concepts and industry best practices, and covers the 10 domains of the CISSP CBK (Common Body of Knowledge). This training course will help candidates review and refresh their information security knowledge and help identify areas they need to study for the CISSP exam. Several types of activities are used throughout the course to reinforce topics and increase knowledge retention. These activities include open ended questions from the instructor to the students, matching and poll questions, group activities, open/closed questions, and group discussions. This interactive learning technique is based on sound adult learning theories.

Who Should Attend?

The course is intended for students who have at least four years of recent full-time security professional work experience in two or more of the ten domains of the (ISC) Certified Information System Security Professional (CISSP) Common Body of Knowledge (CBK), including experience with the architecture, design, management, risk, and controls that assure the security of business environments. The course builds on and brings together the holistic view of the topics covered in the everyday environment of an information systems security professional. Professional experience including the following will greatly enhance the learning environment.

  • Work requiring special education or intellectual attainment, usually including a liberal education or college degree
  • Work requiring habitual memory of a body of knowledge shared by others doing similar work
  • Management/supervision of projects and/or employees
  • Work requiring the exercise of judgment, management decision-making, and discretion
  • Work requiring the exercise of ethical judgment (as opposed to ethical behavior)
  • Professional writing and oral communication (e.g., presentation)
  • Research and development
  • The specification and selection of controls and mechanisms
  • Applicable job title examples include: CISO, director, manager, supervisor, analyst, cryptographer, cyber architect, information assurance engineer, instructor, professor, lecturer, investigator, computer scientist, program manager, and lead
Prerequisite(s) or equivalent knowledge:
  • CompTIA Network+ Certification (Exam N10-005)
  • CompTIA Security+ Certification (2011 Objectives)
Course Objectives

After completing this workshop, participants will be able to:

  • Identify key purposes, benefits, and processes of information classification and how it is used to determine access control policies and identify the process for assessing the effectiveness of implemented controls
  • Understand the bascis of telecommunication and network security concepts, required components for minimizing security risks, securing channels of communication, and techniques for preventing and detecting network-based attacks
  • Define and apply information security governance and Risk Management Framework including the policies, concepts, principles, structures and standards that are established for the protection of information assets and how to assess the effectiveness of that protection
  • Explain the details of software development security, including the activities and processes pertaining to the planning, programming, and management of software and systems that manage software, including ways to secure applications through design and control interfaces and assess the usefulness of their application security
  • Identify the concepts within cryptography, including the terms and application of public and private algorithms, distribution management, methods of attack, and the application, development, and use of digital signatures for authenticity, electronic transactions, and nonrepudiation processes
  • Identify security architecture and design concepts, focusing on the architecture of security systems that provide for the availability, integrity, and confidentiality of organizational assets as well as the concepts, principles, structures, frameworks, and standards used in the design and implementation of security requirements of individual components and enterprise-wide systems
  • Identify the key terms and processes of security operations and how to protect and control information processing assets in a centralized or distributed environment
  • Identify and apply the business continuity and disaster recovery planning requirements necessary to ensure the preservation of the business in case of major disruptions to normal business operations, including the project scope, planning and how to conduct a business impact analysis, identify recovery strategies, develop the recovery plan, and implement it
  • Define and explain the legal, regulations, investigations, and compliance concepts of internationally accepted methods, processes, and procedures used in computer crime legislation; regulations specific to the investigative measures and techniques used to identify the occurrence of an incidence; and the gathering, analysis, and management of evidence
  • Define and apply the requirements necessary for the overall physical (environmental) security processes for the evaluation of physical, environmental, and procedural risks that might be present in a facility, organization, or structure where information systems are stored and managed
Course Outline

1.Security and Risk Management (Security, Risk, Compliance, Law, Regulations, and Business Continuity)

  • Confidentiality, integrity, and availability concepts
  • Security governance principles
  • Compliance
  • Legal and regulatory issues
  • Professional ethics
  • Security policies, standards, procedures and guidelines
  • Business continuity requirements
  • Personnel security policies
  • Risk management concepts
  • Threat modeling
  • Risk considerations
  • Security education, training, and awareness

2. Asset Security (Protecting Security of Assets)

  • Information and asset classification
  • Ownership (e.g. data owners, system owners)
  • Protect privacy
  • Appropriate retention
  • Data security controls
  • Handling requirements (e.g. markings, labels, storage)

3. Security Engineering (Engineering and Management of Security)

  • Engineering processes using secure design principles
  • Security models fundamental concepts
  • Security evaluation models
  • Security capabilities of information systems
  • Security architectures, designs, and solution elements vulnerabilities
  • Web-based systems vulnerabilities
  • Mobile systems vulnerabilities
  • Embedded devices and cyber-physical systems vulnerabilities
  • Cryptography
  • Site and facility design secure principles
  • Physical security

4. Communication and Network Security (Designing and Protecting Network Security)

  • Secure network architecture design (e.g. IP & non-IP protocols, segmentation)
  • Secure network components
  • Secure communication channels
  • Network attacks

5. Identity and Access Management (Controlling Access and Managing Identity)

  • Physical and logical assets control
  • Identification and authentication of people and devices
  • Identity as a service (e.g. cloud identity)
  • Third-party identity services (e.g. on-premise)
  • Access control attacks
  • Identity and access provisioning lifecycle (e.g. provisioning review)

6. Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)

  • Assessment and test strategies
  • Security process data (e.g. management and operational controls)
  • Security control testing
  • Test outputs (e.g. automated, manual)
  • Security architectures vulnerabilities

7. Security Operations (Foundational Concepts, Investigations, Incident Management, and Disaster Recovery)

  • Investigations support and requirements
  • Logging and monitoring activities
  • Provisioning of resources
  • Foundational security operations concepts
  • Resource protection techniques
  • Incident management
  • Preventative measures
  • Patch and vulnerability management
  • Change management processes
  • Recovery strategies
  • Disaster recovery processes and plans
  • Business continuity planning and exercises
  • Physical security
  • Personnel safety concerns

8. Software Development Security (Understanding, Applying, and Enforcing Software Security)

  • Security in the software development lifecycle
  • Development environment security controls
  • Software security effectiveness
  • Acquired software security impact