cissp courses

Certified Information Systems Security Professional (CISSP)

cissp courses

This course follows the (ISC)² CISSP Common Body of Knowledge (CBK) for the 2024 Exam Outline.
The structure is built on the principle of “Think like a Manager” — focusing on risk, strategy, and business continuity rather than just technical keystrokes.

Course Content

Domain 1: Security and Risk Management
10 Topics
1 Quiz
Topic 1: CIA Triad and DAD
Topic 2: Security Governance
Topic 3: Compliance & Legal Frameworks (GDPR, HIPAA, PCI-DSS)
Topic 4: Security Policy Hierarchy (Policies, Standards, Procedures, Guidelines)
Topic 5: Business Continuity (BCP) & Disaster Recovery (DR) Planning
Topic 6: Risk Management Frameworks (NIST RMF, ISO 31000)
Topic 7: Risk Treatment Options (Mitigate, Transfer, Accept, Avoid)
Topic 8: Third-Party Risk Management (TPRM)
Topic 9: Security Awareness & Training
Topic 10: Professional Ethics ((ISC)² Code)
Domain 1: Security and Risk Management
Domain 2: Asset Security
10 Topics
1 Quiz
Topic 1: Information Lifecycle Management
Topic 2: Data Classification Models (Government vs. Commercial)
Topic 3: Data Ownership Roles (Owner, Steward, Custodian, User)
Topic 4: Data Security Controls (At-Rest, In-Transit, In-Use)
Topic 5: Data Loss Prevention (DLP)
Topic 6: Data Sovereignty & Residency
Topic 7: Privacy Principles (OECD, FIPPs)
Topic 8: Secure Data Disposal (Degaussing, Shredding, Erasure)
Topic 9: Asset Classification & Labeling
Topic 10: Cloud Asset Management (Shared Responsibility Model)
Domain 2: Asset Security
Domain 3: Security Architecture and Engineering
10 Topics
1 Quiz
Topic 1: Secure Design Principles (Least Privilege, Defense-in-Depth, Zero Trust)
Topic 2: Enterprise Security Architecture Frameworks (SABSA, TOGAF, Zachman)
Topic 3: Cryptography Basics (Symmetric vs. Asymmetric)
Topic 4: Hashing & Digital Signatures (PKI)
Topic 5: Cryptographic Key Management
Topic 6: Site & Facility Security (CCTV, Mantraps, HVAC)
Topic 7: Hardware Security Modules (HSM) & TPM
Topic 8: Security Capabilities of Systems (Virtualization, Containers, Microservices)
Topic 9: Security Models (Bell-LaPadula, Biba, Clark-Wilson)
Topic 10: IoT & Embedded Systems Security (SCADA/ICS)
Domain 3: Security Architecture and Engineering
Domain 4: Communication and Network Security
10 Topics
1 Quiz
Topic 1: OSI Model & TCP/IP Deep Dive
Topic 2: Secure Network Protocols (IPSec, TLS/SSL, SSH, HTTPS)
Topic 3: Network Attack Vectors (DoS/DDoS, Spoofing, Sniffing)
Topic 4: Network Segmentation & Segregation (VLANs, Subnetting)
Topic 5: Wireless Network Security (WPA3, EAP-TLS)
Topic 6: Network Access Control (NAC)
Topic 7: Firewall Architectures (Stateless, Stateful, Proxy, WAF, NGFW)
Topic 8: Virtual Private Networks (VPNs)
Topic 9: Secure Routing & Switching (BGP, STP)
Topic 10: Software-Defined Networking (SDN) & SASE
Domain 4: Communication and Network Security
Domain 5: Identity and Access Management (IAM)
10 Topics
1 Quiz
Topic 1: IAAA Model (Identification, Authentication, Authorization, Accountability)
Topic 2: Authentication Factors (Know, Have, Are)
Topic 3: Federated Identity Management (SAML, OAuth, OIDC)
Topic 4: Directory Services (LDAP, Active Directory, Azure Entra ID)
Topic 5: Access Control Models (DAC, MAC, RBAC, ABAC)
Topic 6: Single Sign-On (SSO) & Kerberos
Topic 7: Privileged Access Management (PAM)
Topic 8: Identity Lifecycle Management (Joiner, Mover, Leaver)
Topic 9: Biometric Considerations (FAR, FRR, CER)
Topic 10: Password Management & Credential Stuffing
Domain 5: Identity and Access Management (IAM)
Domain 6: Security Assessment and Testing
10 Topics
1 Quiz
Topic 1: Vulnerability Management Lifecycle
Topic 2: Penetration Testing Frameworks
Topic 3: SAST vs. DAST vs. IAST
Topic 4: Security Audit & Logging (SIEM)
Topic 5: Vulnerability Scanning Tools (Nessus, Burp Suite)
Topic 6: Red, Blue, and Purple Team Exercises
Topic 7: Business Impact Analysis (BIA) Revisited (MTD, RTO, RPO)
Topic 8: Disaster Recovery Testing (Tabletop, Simulation, Full-interruption)
Topic 9: SOC 2 Audits (Type 1 vs. Type 2)
Topic 10: GDPR & Privacy Audits (DSARs, Right-to-be-forgotten)
Domain 6: Security Assessment and Testing
Domain 7: Security Operations
10 Topics
1 Quiz
Topic 1: Incident Response (IR) Lifecycle
Topic 2: Security Operations Center (SOC) Functions
Topic 3: Threat Intelligence (IOCs, TTPs, MITRE ATT&CK)
Topic 4: Malware Analysis (Static vs. Dynamic)
Topic 5: Digital Forensics
Topic 6: Disaster Recovery (DR) Execution (Failover, Failback, Hot/Warm/Cold)
Topic 7: Endpoint Detection and Response (EDR/XDR)
Topic 8: Vulnerability Patch Management
Topic 9: Physical Security Operations
Topic 10: Continuous Improvement (Post-Incident Reviews, Playbooks)
Domain 7: Security Operations
Domain 8: Software Development Security
10 Topics
1 Quiz
Topic 1: Secure SDLC (Waterfall, Agile, DevOps)
Topic 2: DevSecOps & CI/CD Pipeline Security
Topic 3: Software Security Maturity Models (OWASP SAMM, BSIMM)
Topic 4: OWASP Top 10 (2021)
Topic 5: Secure Coding Practices (Input Validation, Output Encoding)
Topic 6: Threat Modeling (STRIDE)
Topic 7: API Security (REST, SOAP, Rate Limiting)
Topic 8: Database Security (SQL Injection)
Topic 9: Third-Party Code Management (SBOM)
Topic 10: Code Signing & Secrets Management (HashiCorp Vault)
Domain 8: Software Development Security
Final Quiz
CISSP Final Exam: 50 Questions (All Domains)
Virtual (Optional)