This 5-day concentrated course provides information security professionals with a fully-immersed, minimum-distraction CISSP training and certification experience.

The course covers the 8 domains of the CISSP Common Body of Knowledge as reorganised and updated in early 2015. The course will broaden and deepen your understanding of the domains and give you full preparation for the (ISC)2 CISSP accreditation examination.

The Gold Standard

CISSP  is long regarded as the gold standard of security qualifications.  It draws from a comprehensive, up-to-date, global common body of knowledge that ensures security leaders have a deep knowledge and understanding of new threats, technologies, regulations, standards, and practices.  It is based on the CBK (Common Body of Knowledge) which comprises eight subject domains that the (ISC) 2 compiles and maintains through ongoing peer review by subject matter experts.

To attain the CISSP certification candidates must have a minimum of 5 years of direct, full-time security professional work experience in 2 or more of the domains of the CISSP CBK. One year of work experience may be waived by (ISC)2 if the candidate holds a four-year or higher college or university degree or approved credential.  Candidates who do not meet these criteria may be given Associate status until conditions are met.

Unsure if you have adequate experience?

If you are unsure whether you meet the prerequisite experience criteria, please refer to the (ISC)2 web site Professional Experience Requirement.

Please note that (ISC)2 also offers the option to become an Associate of (ISC)2.

Learning outcomes

The CISSP exam tests one’s competence in the 8 domains of the CISSP CBK.

This 5-day training program is designed to fully prepare you for the CISSP exam. It focuses on the 10 Common Body of Knowledge areas designated by (ISC)2:

  • Security and Risk Management
  • Security Engineering
  • Security Assessment and Testing
  • Asset Security
  • Communications and Network Security
  • Identity and Access Management
  • Security in the Software Development Life Cycle
  • Security Operations

Who should attend

The CISSP is designed for experienced security professionals who want to expand their knowledge and gain an internationally recognised accreditation.  It is is ideal for those working in positions such as, but not limited to:

  • Security Consultant
  • Security Manager
  • IT Director/Manager
  • Security Auditor
  • Security Architect
  • Security Analyst
  • Security Systems Engineer
  • Chief Information Security Officer
  • Director of Security
  • Network Architect

Whilst anyone can attend the course, please note that the CISSP accreditation is only available to those who meet the (ISC)2 entry requirements. Refer to the EXAMS section below for more information.

Course contents

This course covers the 8 domains of the CISSP Common Body of Knowledge as reorganised and updated in early 2015. The order of some topics has been altered to provide a better structure and a more consistent conceptual model. All topics of the new CBK are fully covered and the course provides full prep for the CISSP exam.

1.  Introduction

  • Welcome and Administrivia
  • Course Overview
  • Review and Revision Techniques
  • References
  • Specialised References and Additional Reading
  • Other Resources
  • The “CISSP World-View”
  • The Exam
  • On the Day of the Exam
  • Exam Technique
  • After the Exam
  • CISSP Concentrations
  • Blended Learning Follow-up

2.  Security and Risk Management

  • Security Properties of Information and Systems – The CIA Triad
  • Security Governance
    • Organizational Structure and Processes
    • Security Roles and Responsibilities
    • Reporting Relationships
    • Governance of Third Parties
  • Compliance, Legal and Regulatory Requirements
    • Privacy Requirements
      • Transborder Data Flows
      • Data Breaches
    • Intellectual Property
    • Computer Ethics and Professional Ethics
  • Risk Management Concepts
    • Definitions of Risk
    • Risk Management Processes (SP800-30, ISO27005)
    • Information Risk Analysis, Audit Frameworks and Methodologies
    • Countermeasures and Controls
      • Control Assessment, Testing and Monitoring
    • Threat Modeling
    • Business Continuity Requirements
      • Development of Business Continuity and Disaster Recovery Plans
    • Security Policies, Standards, Procedures, Guidelines
      • Personnel Security
    • Acquisitions Policy and Strategies
    • Security Education, Awareness and Training

3.  Security Engineering

  • Security Engineering Lifecycle
  • Systems Architecture
  • Enterprise Security Architecture
  • Security Models
    • Mandatory Access Control Models
    • Discretionary Access Control
  • Evaluation, Certification and Accreditation
    • Evaluation Schemes
  • Security Implementation Guidelines, Frameworks and Standards
  • Database Security
  • Vulnerabilities
    • Architectural Vulnerabilities
    • Distributed Computing
    • Remote and Mobile Computing
    • Process Control and SCADA
    • Embedded Systems and the Internet of Things
  • Cryptology
    • Types of Cryptoprimitives
    • Classical Cryptography
    • Symmetric Cryptoprimitives
    • Unkeyed and Keyed Hashes
    • Public Key Cryptosystems
      • Authentication & Digital Signatures
      • Public Key Infrastructure
    • Key Management
    • Advanced Concepts – Quantum computing, etc.
    • Cryptanalysis and Attacks
  • Site Planning and Design
    • Security Survey
    • Crime Prevention Through Environmental Design
  • Facility Security
    • Physical Security Principles
    • Data Centers, Server Rooms and Wiring Closets
    • Secure Work Areas

4.  Security Assessment and Testing

  • Security Audit, Assessment and Testing Concepts
    • First-Person and Third-Party Audits
  • Software Security Assessment
    • Unit Testing
    • Integration Testing
    • Regression Testing
    • Advanced Techniques and Tools – Fuzzers, Model Checkers, Automated Theorem Provers
  • Systems Security Assessment
  • Network Security Assessment
  • Networking Principles
    • Protocol Layers
    • ISO/OSI vs TCP/IP
  • Physical Layer
    • Local Area Network Protocols
    • Wide Area Network Protocols
    • Physical Layer Attacks
  • Network Layer
    • IP Addressing and Routing
    • IP Protocol Operation
    • ICMP Protocol
    • Dynamic Routing Protocols
    • Software Defined Networking
    • Network Layer Attacks
  • Transport Layer
    • Transport Layer Concepts
    • UDP
    • TCP
    • Other Transport Layer Protocols
    • Transport Layer Attacks
  • Application Layer
    • Application Layer Protocols
      • Directory Services – BIND, LDAP, etc.
      • Remote Access and File Transfer
      • Email
      • Web – HTTP
      • VoiP, Instant Messaging and Collaboration
    • Application Layer Vulnerabilities and Attacks
  • Network Security Testing and Assurance
  • Continuous Security Monitoring

5.  Asset Security

  • Information Assets – Identification, Ownership
  • Data Standards and Policy
  • Information Classification
  • Handling Requirements
  • Data Retention Policy, Destruction and Disposal

6.  Communications and Network Security

  • Networking Principles
    • Protocol Layers
    • ISO/OSI vs TCP/IP
  • Physical Layer
    • Local Area Network Protocols
    • Wide Area Network Protocols
    • Physical Layer Attacks
  • Network Layer
    • IP Addressing and Routing
    • IP Protocol Operation
    • ICMP Protocol
    • Dynamic Routing Protocols
    • Software Defined Networking
    • Network Layer Attacks
  • Transport Layer
    • Transport Layer Concepts
    • UDP
    • TCP
    • Other Transport Layer Protocols
    • Transport Layer Attacks
  • Application Layer
    • Application Layer Protocols
      • Directory Services – BIND, LDAP, etc.
      • Remote Access and File Transfer
      • Email
      • Web – HTTP
      • VoiP, Instant Messaging and Collaboration
    • Application Layer Vulnerabilities and Attacks
  • Network Security Testing and Assurance

7.  Identity and Access Management

  • Basic Concepts: Trust, Identity, Authentication and Access Control
  • Authentication Techniques
    • Password Management
    • Tokens, Badges, Smartcards and Other Devices
    • Biometric Techniques
  • Authorization and Access Control
    • Mandatory Access Control
      • Multi-Level Systems
      • Role-Based Access Control
      • Rule-Based Access Control
    • Discretionary Access Control
    • Capability-Based Systems
  • Federated Identity Management Systems
  • Identity Management Lifecycle

8.  Security in the Software Development Life Cycle

  • Application Development Concepts
    • Programming Languages
    • Development Tools
    • Object-Oriented Concepts and Security
    • Third-Party Libraries and Frameworks
  • Vulnerabilities Introduced During Development
    • Buffer Overflows
    • Format String Vulnerabilities
    • Input /Output Sanitization
    • Citizen Programmers
    • Covert Channels
    • Time-of-Check/Time-of-Use Vulnerabilities
    • Object Reuse
    • Trapdoors and Backdoors
    • Executable Content and Mobile Code
  • Software Development Methodologies
    • Software Development Life Cycle
      • Security Activities in the SDLC
    • Prototyping, Iterative and Agile Techniques
    • Cleanroom and Formal Methods
    • Continuous Delivery and DevOps
    • Maturity Models
  • Databases and Data Warehouses
    • Database Concepts
    • Database Vulnerabilities and Controls
    • Unstructured Data and Knowledge Management
  • Web Application Security
    • Web Application Architectures and Languages
    • Common Vulnerabilities
      • SQL and Command Injection
      • Cross-Site Scripting (XSS)
      • Cross-Site Request Forgery
      • Insecure Direct Object Access
      • Incorrect Session Management
      • Insecure Configuration
      • Inadequate Use of TLS
    • Software Acquisition

9.  Security Operations

  • Security Operations and Operations Security
    • Segregation of Roles, Job Rotation
    • Dealing with Privileged Accounts and Users
    • Information Lifecycle
  • Threats and Vulnerabilities
    • Malware
      • Viruses, Worms, Trojans, etc.
      • Rootkits
      • Remote-Access Trojans
      • Spyware and Adware
    • Logic Bombs
    • Social Engineering
    • Phishing, Spear-Phishing, Pharming and Botnets
    • Hoaxes and Pranks
  • Configuration and Change Management
  • Patch Management and Vulnerabilities
  • Security Metrics, Monitoring and Reporting
    • Network Monitoring and Logging
    • Systems Monitoring and Logging
  • Incident Response
    • First Response
      • Containment
      • Investigation
      • Recovery
    • Crime Investigation
      • Evidence Collection and Handling
      • Evidence Processing and Forensics
      • Presentation in Court
    • Business Continuity and Disaster Recovery
      • Plan Development
        • Recovery Strategies
      • Plan Documentation
      • Training
      • Testing
    • Physical Security
    • Personnel Safety

10.  Summary and Wrap-up

Course fees

Fees A$ Per Person

Fast Track CISSP® Certified Information Systems Security Professional

$3150 + gst

When you attend this course you receive:

  • 5 full days of course instruction
  • Comprehensive course workbook
  • Full sit-down lunch and morning and afternoon tea each day

NOTE:
The CISSP exam is NOT included in the course fees. The CISSP exams are administered by Pearson Vue on behalf of (ISC)2. You must register for the exam online. See below for more details.

Prerequisites

The course assumes you have an at least reasonable level of varied IT experience   Please note that to attain the CISSP certification you must have a minimum of 5 years of direct, full-time security professional work experience in 2 or more of the domains of the CISSP CBK. One year of work experience may be waived by (ISC)2 if you hold a four-year or higher college or university degree or approved credential.  Candidates who do not meet these criteria may be given Associate status until conditions are met.

For full information please refer to the (ISC)2 web site pages dealing with Professional Experience Requirement and becoming an Associate of (ISC)2

CISSP Exam – procedure | dates | locations

The CISSP exams are administered by Pearson Vue on behalf of (ISC)2. You must register for the exam online.

For Information on dates or how to enrol for an exam please contact Pearson Vue.

pearson-vue-cissp-au-687x1024

 

Instructor-led classroom training
 

Guaranteed to run

guaranteed-img

Unlike our competitors, we guarantee to run all of our CISSP courses.

Once you have booked, you have our 100% assurance that the course will run.
  • Staff have been extremely positive and supportive.
    Principal consultant | OMNI EXECUTIVE
  • Our trainer was excellent. He made it fun and interesting. Plus we all passed. Fantastic. I feel comfortable that my future projects will be very successful. Pace - Spot on.
    IT Professional | Information Technology
  • "The course was excellent. The instructor was highly knowledgeable and had an extremely personable approach. The learning materials were very good. The venue was most suited and lunch was excellent. Lastly, I am extremely confident that I have the right level of knowledge to proceed and succeed."
    Simon T., Dept of Defence, Business Analysis Foundation, Sydney April 2016
  • "Excellent service provided by ALC customer service. Trainer has exceptionally good training skills and brilliant style of communication. Excellent coach."
    Trainer: Michael Fong Principal  |  Fujitsu Australia Ltd
  • Laurence has incredible subject matter expertise and his person anecdotes added a lot to the learning.
  • Would highly recommend ALC and Laurence for training and obtaining one's certification in Agile PM
    Demi Anderson, Programme Manager
  • Leigh was fantastic. Without doubt the most accurate and interesting presenter by leaps and bounds. Very inspirational.
    System Analyst | Department of Corporate and Information Services
  • "The course was excellent.   The instructor was highly knowledgeable and had an extremely personable approach. The learning materials were very good. The venue was most suited and lunch was excellent. Lastly, I am extremely confident that I have the right level of knowledge to proceed and succeed."
    Simon T., Dept of Defence, Business Analysis Foundation, Sydney April 2016
  • "In regards to the course, the stakeholder and participants were wrapped. The trainer was attentive and engaged and the material was relevant and professional."
    Kathleen O’Riley Learning and Development Advisor  |  SA Water Corporation Course: Business Relationship Management Professional (BRMP®) Trainer: Darren Dove
  • "Excellent course and while content was quite laborious and intense, Peter's delivery was excellent; particularly the 'war stories' and examples provided."
    Russell Close | Head of IT  |  Bennelong Funds Management
  • Well presented and great depth of knowledge by the trainer. A very professional delivery!
  • Just successfully completed three COBIT® 5 courses: Foundation, Implementation and Assessor. Courses were very well managed and presented. Exams were challenging, both in terms of time and knowledge. Very happy to pass all three exams. Highly recommend. Many thanks.
  • Very quick response from Customer service upon enquiry.
  • I must say I really enjoyed the course facilitated by your trainer. He was the best and he really explained the course clearly so that we could understand it. He really is an asset to ALC as he makes sense.
    Service Assurance Release Manager | Westpac Banking Corporation
  • Excellent presentation, anecdotes & examples of real world application. Neil has exemplified my expectation of ALC as atop level training services provider.
    Operations Transition Manager |  Motorola Solutions Australia Pty Ltd
  • The trainer was a great facilitator - lots of real life examples and I felt very prepared for the exam.
    Help Desk Team Leader | Bank SA
  • "Very good training session.  Trainer used multiple examples of non-IT situations to cover various aspects of what was being taught which made it not only easier to understand but also interesting."
    Senior Applications Specialist | Fairfax Media
  • The instructor was clearly knowledgeable, good-humoured and enthusiastic. I did not see anyone fall asleep. Given the notoriety of this course, I sincerely feel that that was a major "achievement".I do feel that I have greatly expanded my knowledge and that I will be more productive at work - The Hallmark of a successful course in my opinion. I would recommend ALC to others. Thank you and well done!
  • Peter’s real world samples went a long was in understanding the content.Waleed Al-Atm – Dept. Justice & Regulation
  • Excellent course that was very well presented and benefited immensely from Darren's practical experience in Service

    Management. Thanks Darren!

    National IT Manager | Information Technology

  • Excellent course and while content was quite laborious and intense, Peter’s delivery was excellent; particularly the ‘war stories’ and examples provided.
  • Michelle Zgalin displays an extremely thorough knowledge of the course content. Pace of the course tailored to suit participants. Presentation of content very good. Ability to deliver large amounts of content was impressive. :)
    PRINCE2 Melbourne Senior Business Analyst | VMIA | Risk Management & Insurance
  • A brilliant trainer, she really knows her stuff and manages to get the most out of us, it was almost like a continuation from Foundation.  I felt like I hadn't left.
    Executive Assistant | Guild Group Holdings Limited
  • Very worthwhile course - learned a lot! Intense, but very well structured. Great Trainer:)."
    Business Analyst | VMIA | Risk Management & Insurance
  • The trainers level of professional experience combined with a capacity to communicate personably and effectively with a diverse group added to my experience and contributed greatly to the amount of information I was able to bring away with  me from the course. I could not recommend Steve highly enough either as a trainer or as a potential PM consultant. Top qualities: Personable, Expert, High Integrity
    Service Delivery Manager | NEC Australia Pty Ltd
  • Great Job, one of the best trainers I have had.  Could not have asked for more.
    ISG | University of New England
  • Really well structured course, very qualified presenter, engaging presentation style, high quality course materials.  Relevant and useful information discussed with a good balance of theory vs "Real World" examples. I thoroughly enjoyed this course, would highly recommend to others.
    Samantha, Program Coordinator, Transport NSW
  • "Enjoyed the training very much, learned heaps but have doubts due to work experience. Will definitely apply the knowledge."
    Manager, IT Risk & Assurance | Ernst & Young
  • "David's vast experiences and shared stories give great insight to the issues and problems which the SABSA framework addresses."
    Information Security Consultant  | Westpac
  • "Thanks David for making this course enjoyable and knowledgeable.  Your experience and insights have been very valuable."
    Security Solutions Designer | Westpac
  • We’ve been training and presentation since 1994. See what just some of our successful delegates have to say about getting certified with ALC Training.“David’s vast experiences and shared stories give great insight to the issues and problems which the SABSA framework addresses.”
    Information Security Consultant | Westpac
  • “Neil was very good in sharing his knowledge using relevant examples.”
    IT Support Officer | Cricket Australia
  • “Good understanding of ITIL Foundations. Neil is a great presenter with excellent people skills & real world experiences.”
    State ICT Manager | Hassell
  • “Excellent presentation, anecdotes & examples of real world application. Neil has exemplified my expectation of ALC as a top level training services provider.”
    Operations Transitions Manager Motorola Solutions Australlia Pty Ltd
  • “I must say I really enjoyed the course facilitated by your trainer. He was the best and he really explained the course clearly so that we could understand it. He really is an asset to ALC as he makes sense.”
    Service Assurance Release Manager | Westpac Banking Corporation
  • “Enjoyed the training very much, learned heaps but have doubts due to work experience. Will definitely apply the knowledge.”
    Manager, IT Risk & Assurance | Ernst & Young
  • “Just successfully completed three COBIT® 5 courses: Foundation, Implementation and Assessor. Courses were very well managed and presented. Exams were challenging, both in terms of time and knowledge. Very happy to pass all three exams. Highly recommend. Many thanks.”
    Manager | ANZ Banking Group
  • “Extremely good – presenter’s experience and depth of knowledge very visible. The trainer was excellent! Good examples, good discussions.”
    Project Manager | Shell Company of Australia Limited Melbourne
  • “The trainers level of professional experience combined with a capacity to communicate personably and effectively with a diverse group added to my experience and contributed greatly to the amount of information I was able to bring away with me from the course. I could not recommend Steve highly enough either as a trainer or as a potential PM consultant. Top qualities: Personable, Expert, High Integrity.”
    Service Delivery Manager | NEC Australia Pty Ltd
  • “I would be happy to recommend Axel to all those looking at a TOGAF training course. His subject matter expertise in TOGAF and his ability to relate to real world examples and experience was fundamental in helping me passing my exam.”
    Daniel Garcia, IT Architect, Strategy and PMO Manager | ANSTO