Certified Information Security Systems Professional (CISSP), Boot Camp

CISSP Class Details/Candidate Commitments

All those looking to get certified (including all AIS employees) must have a minimum of five years cumulative, full-time experience in two or more of the eight domains of the current CISSP Exam Outline. Earning a post-secondary degree (bachelors or masters) in computer science, information technology (IT) or related fields may satisfy up to one year of the required experience or an additional credential from the ISC2 approved list may satisfy up to one year of the required experience. Part-time work and internships may also count towards the experience requirement.

A candidate who doesn't have the required experience to become a CISSP may become an Associate of ISC2 by successfully passing the CISSP examination. The Associate of ISC2 will then have six years to earn the five years required experience.

1. For AIS employees only: AIS employees and their managers agree that candidate meets the criteria above, and will provide a target test date within 30 days of completing the course, as well as agree to submit their CISSP Certification Application within 30 days of passing their exam. Follow-ups on student progress, to include all relevant management, will continue on a weekly basis until all candidates have followed through on their commitments and scheduled their exam (no more than 30 days after the end of class).

2. Practice exam questions will be reviewed/discussed throughout class delivery.

3. Additional details/conditions apply for exam voucher and test pass guarantee. Exam voucher will be provided once practice test performance (per provided guidelines) reaches 80% on a minimum of two tests. Students have six month access to practice exam engine at no additional charge.

4. If the candidate does not pass the official CISSP exam on the first attempt, that candidate will be required to complete the following within a 30 day time period, at no additional cost:

1. Complete the eLearning course provided by Logical Operations.
2. Attend a 3-hour virtual exam session conducted by Logical Operations, before they attempt the official CISSP exam for a second time.
3. Re-take the exam (the exam itself must be re-taken within 30 days of the first failed attempt).

4. After taking and passing your CISSP exam, you are able to begin the post-exam process (all of which is required to earn CISSP status):

Once you receive your email informing you that you have successfully passed the exam, you can start the Certification Application.

You will be required to provide an endorser – another ISC2-certified professional in good standing – who can attest to your experience. If you do not know another ISC2-certified professional, you can opt for ISC2 to endorse you.

Your endorser will attest that your assertions regarding professional experience are true to the best of the endorser’s knowledge, and that you are in good standing within the cybersecurity industry. You will need the endorser’s member/certification number when filling out the online application.

You will also be asked to provide your relevant work experience (requirements vary by certification) and can also provide any experience waiver based on certifications held or higher education degrees completed.

Once your certification application has been approved, the final step in the process is to pay your first Annual Maintenance Fee (AMF). If you already hold an ISC2 certification you will not have to pay an additional AMF for your latest certification.

All candidates who pass an ISC2 credential examination are required by ISC2 to complete the certification application process within nine months of their exam date, or they forfeit the ability to become certified by ISC2.

Please note: A percentage of the candidates who pass an ISC2 examination and submit certification applications will be randomly subjected for audit and required to submit additional information, as required, for verification. You will be notified via email if your application is selected for audit.

Course Objectives

• Analyze components of the Security and Risk Management domain.
• Analyze components of the Asset Security domain.
• Analyze components of the Security Engineering domain.
• Analyze components of the Communications and Network Security domain.
• Analyze components of the Identity and Access Management domain.
• Analyze components of the Security Assessment and Testing domain.
• Analyze components of the Security Operations domain.
• Analyze components of the Software Development Security domain.

Who Should Attend?

This course is intended for experienced IT security-related practitioners, auditors, consultants, investigators, or instructors, including network or security analysts and engineers, network administrators, information security specialists, and risk management professionals, who are pursuing CISSP training and certification to acquire the credibility and mobility to advance within their current computer security careers or to migrate to a related career.

Through the study of all eight CISSP Common Body of Knowledge (CBK) domains, students will validate their knowledge by meeting the necessary preparation requirements to qualify to sit for the CISSP certification exam. Additional CISSP certification requirements include a minimum of five years of direct professional work experience in two or more fields related to the eight CBK security domains, or a college degree and four years of experience.

It is also highly recommended that students complete the CompTIA Network+ CompTIA and Security+ certifications or possess equivalent professional experience upon beginning CISSP training. Students will also benefit from having one or more of the following security-related or technology-related certifications or equivalent industry experience: MCSE, MCTS, MCITP, SCNP, CCNP, RHCE, LCE, CNE, SSCP®, GIAC, CISA™, or CISM®.

Lesson 1 - Security and Risk Management

• Security Governance Principles
• Compliance
• Professional Ethics
• Security Documentation
• Risk Management
• Threat Modeling
• Business Continuity Plan Fundamentals
• Acquisition Strategy and Practice
• Personnel Security Policies
• Security Awareness and Training

Lesson 2 - Asset Security

• Asset Classification
• Privacy Protection
• Asset Retention
• Data Security Controls
• Secure Data Handling

Lesson 3 - Security Engineering

• Security in the Engineering Lifecycle
• System Component Security
• Security Models
• Controls and Countermeasures in Enterprise Security
• Information System Security Capabilities
• Design and Architecture Vulnerability Mitigation
• Vulnerability Mitigation in Embedded, Mobile, and Web-Based Systems
• Cryptography Concepts
• Cryptography Techniques
• Site and Facility Design for Physical Security
• Physical Security Implementation in Sites and Facilities

Lesson 4 - Information Security Management Goals

• Organizational Security
• The Application of Security Concepts

Lesson 5 - Information Security Classification and Program Development

• Information Classification
• Security Program Development

Lesson 6 - Risk Management and Ethics

• Risk Management
• Ethics

Lesson 7 - Software Development Security

• Software Configuration Management
• Software Controls
• Database System Security

Lesson 8 - Cryptography

• Ciphers and Cryptography
• Symmetric-Key Cryptography
• Asymmetric-Key Cryptography
• Hashing and Message Digests
• Email, Internet, and Wireless Security
• Cryptographic Weaknesses

Lesson 9 - Physical Security

• Physical Access Control
• Physical Access Monitoring
• Physical Security Methods
• Facilities Security