Introduction to CISSP® Course

Introduction to CISSP Tutorial

This is the introductory lesson of the CISSP tutorial, which is part of the CISSP Certification Training. This tutorial will give you an overview of the course, its prerequisites, and the value it will offer to you.

What is CISSP?

Certified Information Systems Security Professional (CISSP®) is an autonomous information security certification governed by International Information Systems Security Certification Consortium or (ISC)²® (read as ISC square). A Certified Information Systems Security Professional (CISSP®) is an information assurance professional who defines the architecture, design, management, and/or controls that assure the security of business environments. CISSP® was the first credential in the field of information to meet the stringent requirements of ISO/IEC Standard 17024. CISSP® is an objective measure of excellence and a globally recognized standard of achievement.

 

In June 2004, the CISSP® became the first information security credential accredited by ANSI ISO/IEC Standard 17024:2003 (read as A-N-S-I I-S-O I-E-C standard seventeen thousand twenty four) accreditation.

 

In the next section of the CISSP tutorial, we’ll discuss the benefits of CISSP to professionals and organizations.

Benefits of CISSP to Professionals and Organizations

CISSP® provides many benefits for professionals.

 

The benefits of CISSP® for professionals are:

  • It helps in demonstrating a working knowledge of information security.

  • It ensures that the professionals have commitment to profession.

  • CISSP® offers a career differentiator, with enhanced credibility and marketability.

  • CISSP® provides the exclusive benefits of valuable resources such as peer networking and idea exchange, for (ISC)² members.

  • CISSP® indicates that certified information security professionals earn a worldwide average of 25% more than their non-certified counterparts, according to the Global Information Security Workforce Study.

  • It helps to fulfill government and organization requirements for information security certification mandates.

In the next section, we will discuss various domains of CISSP.

 

CISSP® Domains

CISSP domains are drawn from various information security topics within the (ISC)2 CBK. Updated annually, the domains reflect the most up-to-date best practices worldwide, while establishing a common framework of terms and principles to discuss, debate, and resolve matters pertaining to the profession.

CISSP CBK consists of the following eight domains:

1.Security and Risk Management: This domain includes the fundamentals of security, security governance, compliance law and regulations, professional ethics, security policies, business continuity, personnel security, risk management, threat modeling, and security awareness, training, and education.

 

2.Asset Security: This domain includes collection, handling, and protection of information throughout its lifecycle. The topics covered in this domain include information classification, ownership, privacy protection, asset retention and handling, and security controls.

 

3.Security Engineering: This domain discusses the concepts of secure design principles, security models, evaluation models, security architecture, cryptography, and physical security.

 

4.Communications and Network Security: This domain discusses network structures, countermeasures, transmission methods, transport formats, and security measures used to provide availability, integrity, and confidentiality.

 

5.Identity and Access Management: This domain includes physical and logical access control, identification, authentication, authorization, identity services, identity and access provisioning lifecycle, and attacks on access control and its countermeasures.

 

6.Security Assessment and Testing: This domain focuses on security control assessment and testing, testing strategies, testing reports, and internal and third party audits.

 

7.Security Operations: This domain discusses investigations, monitoring and logging, resource provision, security operations, disaster recovery, and incident, patch, vulnerability, and change management.

 

8.Software Development Security: This domain focuses on security in a software development lifecycle, applying security controls, and measuring security effectiveness and impact.

In the next section, we will discuss how CISSP® is beneficial for employers.

Benefits of CISSP® for Employers

CISSP® adds its benefits not only to the professionals but also to the employers. The benefits of CISSP® for employers are as follows:

  • CISSP® improves the credibility and value of the employees in the organization to a higher rank as the (ISC)²® certifications are recognized internationally.

  • It offers an increased credibility and goodwill for the organization when working with vendors and contractors.

  • CISSP® empowers the employees with a universal language, circumventing ambiguity with industry-accepted terms and practices.

  • It validates the organization’s commitment and years of experience gained in the industry.

  • It requires the Continuing Professional Education or CPE credits to ensure that CISSP® professionals improve their skills.

  • CISSP® satisfies certification mandate requirements of the organization when dealing with service providers or subcontractors.

In the next section of the CISSP tutorial, we’ll discuss the details about CISSP Examination.

 

CISSP® Examination

Exam Format: The CISSP examination consists of 250 multiple choice questions with four choices each. Only 225 questions are graded, while 25 are used for research purpose. There may be scenario-based questions, which may have more than one multiple choice question associated with it. Drag and drop, and hotspot questions will be there as well. There is no penalty for incorrect answers. So, candidates should not leave any question unanswered.

 

Exam Duration: The maximum duration of the CISSP exam is 6 hours. Please note that there will be no lunch break during the testing period. However, you are permitted to bring a snack with you. You may, at your option, take a break and eat your snack at the back of the examination room. No additional time will be allotted for breaks.

 

Exam Passing Grade: Examination results will be based only on the scored questions of the examination. There are several versions of the examination. Each candidate has an equal opportunity to pass the examination.

 

Subject Matter Experts or SMEs have provided inputs regarding the difficulty level of all the questions used in the examinations. The information is used to develop examination forms that have comparable difficulty levels. When there are differences in the examination difficulty, a mathematical procedure called Equating is used to make the difficulty level of each test form equal.

 

As the number of questions required to pass the examination may be different for each version, the scores are converted into a reporting scale to ensure a common standard. The passing grade required is 700 out of a possible 1000 points on the grading scale.

 

Examination Results: Computer-Based Test or CBT results are displayed when the candidate submits the exam. For paper-based exams, results are released via email within 4 to 6 weeks of the examination date. A comprehensive statistical and psychometric analysis of the score data is conducted prior to the results.

 

To retake the exam, candidates must wait for 30 days from the date of the first attempt. From the date of the second attempt, candidates must wait for 90 days to retake the exam. From the date of the third attempt, candidates must wait for 180 days to retake the exam.

 

Examination Fees: The exam fee is USD (read as US dollar) 599 for both paper-based test and computer-based test. Examination Type: From September 1st, 2012 (read as twenty twelve), (ISC)²® (read as ISC square) offers only computer-based testing or CBT for all of its certification exams. For candidates located in areas outside of 75-mile (read as seventy-five mile) radius from an approved testing center, a case-by-case basis paper-based exam is offered.

In the next section of the CISSP tutorial, we’ll discuss the prerequisites of CISSP.

CISSP Tutorial Prerequisites

Following are some of the CISSP Tutorial Prerequisites.

  • Obtain the required experience of five years of direct full-time professional security work experience in two or more of the ten domains of the (ISC)²® CISSP® Common Body of Knowledge or CBK®.

  • Four years of direct full-time professional security work experience in two or more of the ten domains of the CISSP® CBK® with a four-year college degree.

  • Additional credential from the (ISC)²® approved list.

In case of no experience, the candidates can become an Associate of (ISC)²® by successfully passing the CISSP® exam. He has six years to earn the required experience to become a CISSP®.

Let us explore the target audience of CISSP Tutorial in the next section.

CISSP Target Audience

The CISSP certification is the most globally recognized professional requirement in the IT Security domain.

 

This certification is best suited for:

  • Security Consultants/Managers

  • IT Directors/Managers

  • Security Auditors/Architects

  • Security Systems Engineers

  • Chief Information Security Officers

  • Network Architects

 

Let us explore the CISSP Tutorial Overview in the next section.

CISSP Tutorial Overview

By the end of this CISSP tutorial, you will:

  • Be able to define the architecture, design and management of the security of your organization.

  • Acquire the relevant knowledge and skills required to pass the CISSP certification exam.

  • Earn the requisite 30 CPEs required to take up the CISSP certification exam.

  • Develop working knowledge in the 8 domains prescribed by the CISSP Common Book of Knowledge, 2015.

 

In the next section, we will discuss the objectives of the CISSP tutorial.

Objectives

After completing this lesson, you will be able to:

 

  • Define CISSP

  • List the different CISSP domains

  • Explain the importance of CISSP

  • Identify the various CISSP certification requirements

  • Describe CISSP exam

 

Let us explore the lessons covered in CISSP Tutorial in the next section.

Lessons Covered in this CISSP Tutorial

There are seven lessons covered in this tutorial. Take a look at the lesson names that are listed below

 

Lesson No

Chapter Name

What You’ll Learn

Lesson 1

CISSP - Security and Risk Management Tutorial

In this chapter, you’ll be able to:

  • Recognize the importance of Information Security Management

  • Describe Security Policy Implementation

  • Describe Information Risk Management

  • Define the process of Managing Personnel Security and Managing Security Function

  • Define Computer Crime

  • Explain the Business Continuity Plan process

Lesson 2

CISSP - Asset Security Tutorial

In this chapter, you’ll be able to:

  • Classify information and supporting assets

  • Determine and maintain ownership of assets

  • Identify ways to protect privacy

  • Ensure appropriate data retention

  • Determine data security controls

  • Establish asset handling requirements

Lesson 3

CISSP - Security Engineering Tutorial

In this chapter, you’ll be able to:

  • Describe Architecture Frameworks

  • Describe Security Models

  • List the types of Evaluation Criteria

  • Describe System Security Architecture

  • List the types of Distributed Systems

Lesson 4

CISSP - Communications and Network Security Tutorial

In this chapter, you’ll be able to:

  • Describe the various secure network architectures and designs

  • Recognize the importance of securing network components

  • List the different secure communication channels

  • List the common network attacks and the countermeasures

Lesson 5

CISSP - Identity and Access Management Tutorial

In this chapter, you’ll be able to:

  • Explain how to control physical and logical access to assets.

  • Discuss how to manage identification and authentication of people and devices.

  • Explain how to implement and manage authorization mechanisms.

  • Discuss how to prevent or mitigate access control attacks.

Lesson 6

CISSP - Security Assessment and Testing Tutorial

In this chapter, you’ll be able to:

  • Discuss security assessment and test strategies

  • Describe log management

  • Describe different testing techniques

  • Discuss security testing in the Software Development Life Cycle

  • Describe internal and third-party audits

Lesson 7

CISSP - Security Operations Tutorial

In this chapter, you’ll be able to:

  • Discuss how to conduct logging and monitoring activities.

  • Describe the concepts of foundational security operations.

  • Discuss how to conduct incident response.

  • Explain how to implement recovery strategies.

Lesson 8

CISSP - Software Development Security Tutorial

In this chapter, you’ll be able to:

  • Recognize the importance of system environments and programming concepts

  • Discuss Object-Oriented Programming

  • Describe the System Life Cycle and Systems Development

  • Explain Database and Data Warehousing Environments

  • List The Ten Best Practices for Secure Software Development – (ISC)2 ( read as I-S-C- square)

Conclusion

With this, we come to an end about what this CISSP tutorial includes. In the next chapter, we will discuss the CISSP - Security and Risk Management Tutorial.

  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.

Request more information

For individuals
For business
Name*
Email*
Phone Number*
Your Message (Optional)
We are looking into your query.
Our consultants will get in touch with you soon.

A Simplilearn representative will get back to you in one business day.

First Name*
Last Name*
Email*
Phone Number*
Company*
Job Title*