Certified Information Systems Security Professional (CISSP)

This course is the most comprehensive review of information security concepts and industry best practices and covers the eight domains of the official CISSP CBK (Common Body of Knowledge). You will gain knowledge in information security that will increase your ability to successfully implement and manage security programs in any organization or government entity. You will learn how to determine who or what may have altered data or system information, potentially affecting the integrity of those asset and match an entity, such as a person or a computer system, with the actions that entity takes against valuable assets, allowing organizations to have a better understanding of the state of their security posture. Policies, concepts, principles, structures, and standards used to establish criteria for the protection of information assets are also covered in this course.



In-depth coverage of the eight domains required to pass the CISSP exam:

  1. Security and Risk Management
  2. Asset Security
  3. Security Architecture and Engineering
  4. Communications and Network Security
  5. Identity and Access Management (IAM)
  6. Security Assessment and Testing
  7. Security Operations
  8. Software Development Security
  • Candidates must have a minimum of five years cumulative paid work experience in two or more of the eight domains of the CISSP CBK. Earning a four-year college degree or regional equivalent or an additional credential from the (ISC)² approved list will satisfy one year of the required experience. Education credit will only satisfy one year of experience.
  • A candidate that doesn’t have the required experience to become a CISSP may become an Associate of ISC2 by successfully passing the CISSP examination. The Associate of ISC2 will then have six years to earn the five years required experience. You can learn more about CISSP experience requirements and how to account for part-time work and internships.

The CISSP is ideal for experienced security practitioners, managers and executives interested in proving their knowledge across a wide array of security practices and principles, including those in the following positions:

  • Chief Information Security Officer
  • Chief Information Officer
  • Director of Security
  • IT Director/Manager
  • Security Systems Engineer
  • Security Analyst
  • Security Manager
  • Security Auditor
  • Security Architect
  • Security Consultant
  • Network Architect
• Understand, adhere to, and promote professional ethics.
• Understand and apply security concepts.
• Evaluate and apply security governance principles.
• Determine compliance and other requirements.
• Understand legal and regulatory issues that pertain to information security in a holistic context.
• Understand requirements for investigation types (i.e., administrative, criminal, civil, regulatory, industry standards).
• Develop, document, and implement security policy, standards, procedures, and guidelines.
• Identify, analyze, and prioritize Business Continuity (BC) requirements.
• Contribute to and enforce personnel security policies and procedures.
• Understand and apply risk management concepts.
• Understand and apply threat modeling concepts and methodologies.
• Apply Supply Chain Risk Management (SCRM) concepts.
• Establish and maintain a security awareness, education, and training program.
• Identify and classify information and assets
• Establish information and asset handling requirements
• Provision resources securely
• Manage data lifecycle
• Ensure appropriate asset retention (e.g., End-of-Life (EOL), End-of-Support (EOS))
• Determine data security controls and compliance requirements
• Research, implement and manage engineering processes using secure design principles.
• Understand the fundamental concepts of security models (e.g., Biba, Star Model, Bell-LaPadula).
• Select controls based upon systems security requirements.
• Understand security capabilities of Information Systems (IS) (e.g., memory protection, Trusted Platform Module (TPM), encryption/decryption).
• Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements.
• Select and determine cryptographic solutions.
• Understand methods of cryptanalytic attacks.
• Apply security principles to site and facility design.
• Design site and facility security controls.
• Assess and implement secure design principles in network architectures
• Secure network components
• Implement secure communication channels according to design
• Control physical and logical access to assets
• Manage identification and authentication of people, devices, and services
• Federated identity with a third-party service
• Implement and manage authorization mechanisms
• Manage the identity and access provisioning lifecycle
• Implement authentication systems
• Design and validate assessment, test, and audit strategies
• Conduct security control testing
• Collect security process data (e.g., technical and administrative)
• Analyze test output and generate report
• Conduct or facilitate security audits
• Understand and comply with investigations
• Conduct logging and monitoring activities
• Perform Configuration Management (CM) (e.g., provisioning, baselining, automation)
• Apply foundational security operations concepts
• Apply resource protection
• Conduct incident management
• Operate and maintain detective and preventative measures
• Implement and support patch and vulnerability management
• Understand and participate in change management processes
• Implement recovery strategies
• Implement Disaster Recovery (DR) processes
• Test Disaster Recovery Plans (DRP)
• Participate in Business Continuity (BC) planning and exercises
• Implement and manage physical security
• Address personnel safety and security concerns
• Understand and integrate security in the Software Development Life Cycle (SDLC)
• Identify and apply security controls in software development ecosystems
• Assess the effectiveness of software security
• Assess security impact of acquired software
• Define and apply secure coding guidelines and standards
Length of exam  6 hours
Number of questions 250
Question format Multiple-choice and advanced innovative questions
Passing grade 700 out of 1000 points
Exam availability English
Testing center (ISC)2 Authorized PPC and PVTC Select Pearson VUE Testing Centers