(Click Category to List Courses)

42 - IT-S Information Technology - Security and Audit

IT-S 402 - Certified Information Systems Security Professional (CISSP) Preparation Course

Code Start Date Duration Venue
IT-S 402 01 July 2024 5 Days Istanbul Registration Form Link
IT-S 402 26 August 2024 5 Days Istanbul Registration Form Link
IT-S 402 23 September 2024 5 Days Istanbul Registration Form Link
IT-S 402 21 October 2024 5 Days Istanbul Registration Form Link
IT-S 402 18 November 2024 5 Days Istanbul Registration Form Link
IT-S 402 16 December 2024 5 Days Istanbul Registration Form Link
Please contact us for fees


Course Description

The aim of the course is to prepare participants to CISSP certification, as well as help them to gain managerial and high level technical insight about IT Security World.

The vendor-neutral CISSP certification is the ideal credential for those with proven deep technical and managerial competence, skills, experience, and credibility to design, engineer, implement, and manage their overall information security program to protect organizations from growing sophisticated attacks. 

Backed by (ISC)², the globally recognized, nonprofit organization dedicated to advancing the information security field, the CISSP was the first credential in the field of information security to meet the stringent requirements of ISO/IEC Standard 17024. Not only is the CISSP an objective measure of excellence, but also a globally recognized standard of achievement.

This is a course preparation for certification exam/procedure. The fee doesn't include exam fee. The exam date and application should be done by participant(s) themselves. Please contact us for details and further clarification.

Course Overview

  • Understanding security, risk, compliance, law, regulations, and business continuity
  • Protecting security of assets
  • Designing and protecting network security
  • Leaning about the foundational concepts, investigations, incident management, and disaster recovery
  • Applying and enforcing software security

Who Should Attend?

  • Security Consultant
  • Security Manager
  • IT Director/Manager
  • Security Auditor
  • Security Architect

Course Details/Schedule

Day 1

Security and Risk Management (e.g., Security, Risk, Compliance, Law, Regulations, Business Continuity)

  • Understand and apply concepts of confidentiality, integrity and availability
  • Apply security governance principles
  • Compliance
  • Understand legal and regulatory issues that pertain to information security in a global context
  • Understand professional ethics
  • Develop and implement documented security policy, standards, procedures, and guidelines
  • Understand business continuity requirements
  • Contribute to personnel security policies
  • Understand and apply risk management concepts
  • Understand and apply threat modeling
  • Integrate security risk considerations into acquisition strategy and practice
  • Establish and manage information security education, training, and awareness

Day 2

Asset Security (Protecting Security of Assets)

  • Classify information and supporting assets (e.g., sensitivity, criticality)
  • Determine and maintain ownership (e.g., data owners, system owners, business/mission owners)
  • Protect privacy
  • Ensure appropriate retention (e.g., media, hardware, personnel)
  • Determine data security controls (e.g., data at rest, data in transit)
  • Establish handling requirements (markings, labels, storage, destruction of sensitive information)

Security Engineering (Engineering and Management of Security)

  • Implement and manage engineering processes using secure design principles
  • Understand the fundamental concepts of security models (e.g., Confidentiality, Integrity, and Multi-level Models)
  • Select controls and countermeasures based upon systems security evaluation models
  • Understand security capabilities of information systems (e.g., memory protection, virtualization, trusted platform module, interfaces, fault tolerance)
  • Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements


Day 3

  • Assess and mitigate vulnerabilities in web-based systems (e.g., XML, OWASP)
  • Assess and mitigate vulnerabilities in mobile systems
  • Assess and mitigate vulnerabilities in embedded devices and cyber-physical systems (e.g., network-enabled devices, Internet of things (loT))
  • Apply cryptography
  • Apply secure principles to site and facility design
  • Design and implement physical security

Communication and Network Security (Designing and Protecting Network Security)

  • Apply secure design principles to network architecture (e.g., IP & non-IP protocols, segmentation)
  • Secure network components
  • Design and establish secure communication channels
  • Prevent or mitigate network attacks

Day 4

Identity and Access Management (Controlling Access and Managing Identity)

  • Control physical and logical access to assets
  • Manage identification and authentication of people and devices
  • Integrate identity as a service (e.g., cloud identity)
  • Integrate third-party identity services (e.g., on-premise)
  • Implement and manage authorization mechanisms
  • Prevent or mitigate access control attacks
  • Manage the identity and access provisioning lifecycle (e.g., provisioning, review)

Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)

  • Design and validate assessment and test strategies
  • Conduct security control testing
  • Collect security process data (e.g., management and operational controls)
  • Analyze and report test outputs (e.g., automated, manual)
  • Conduct or facilitate internal and third party audits

Day 5

Security Operations (e.g., Foundational Concepts, Investigations, Incident Management, Disaster Recovery)

  • Understand and support investigations
  • Understand requirements for investigation types
  • Conduct logging and monitoring activities
  • Secure the provisioning of resources
  • Understand and apply foundational security operations concepts
  • Employ resource protection techniques
  • Conduct incident management
  • Operate and maintain preventative measures
  • Implement and support patch and vulnerability management
  • Participate in and understand change management processes (e.g., versioning, baselining, security impact analysis)
  • Implement recovery strategies
  • Implement disaster recovery processes
  • Test disaster recovery plans
  • Participate in business continuity planning and exercises
  • Implement and manage physical security
  • Participate in addressing personnel safety concerns (e.g., duress, travel, monitoring)

Software Development Security (Understanding, Applying, and Enforcing Software Security)

  • Understand and apply security in the software development lifecycle
  • Enforce security controls in development environments
  • Assess the effectiveness of software security
  • Assess security impact of acquired software