This practical and highly-interactive course includes real-life case studies where participants will be engaged in a series of interactive small groups and class workshops. 

This course is designed to provide participants with a detailed and up-to-date overview of Certified Information System Security Professional. It covers the security and risk management; the concepts of confidentiality, integrity and availability; the security governance principles, compliance requirements and legal and regulatory issues that pertain to information security in a global context; the business continuity (BC) requirements and personnel security policies and procedures; and the risk management and threat modeling concepts, methodologies and risk-based management concepts to the supply chain. 

 

Further, the course will also discuss the security awareness, education and training program; the asset security, privacy, appropriate asset retention, data security controls and information and asset handling requirements; the security architecture and engineering; the fundamental concepts of security models; and the systems security requirements, security architectures, designs sand solution elements. 

 

Participants of the course will be able to assess and mitigate vulnerabilities in web-based systems, mobile systems and embedded devices; apply cryptography, security principles to site and facility design as well as implement site and facility security controls; employ communication and network security; implement secure design principles in network architectures and identify secure network components; implement secure communication channels according to design; recognize identity and access management (IAM), control physical and logical access to assets; manage identification and authentication of people, devices, and services; integrate identity as a third-party service; implement and manage authorization mechanisms and manage the identity and access provisioning lifecycle; carryout security assessment and testing as well as design and validate assessment, test, and audit strategies and conduct security control testing; and collect security process, analyze test output, generate report and conduct or facilitate security audits. 

 

During this interactive course, participants will learn the security operations, support investigations and the requirements for investigation types; the logging and monitoring activities, provisioning resources and foundational security operations concepts and resource protection techniques; the incident management, detective and preventative measures and patch and vulnerability management; the change management processes, recovery strategies, disaster recovery (DR) processes and disaster recovery plans (DRP); the business continuity (BC) planning and exercises, physical security and personnel safety and security concerns; the software development security, security in the software development life cycle (SDLC) and security controls in development environments; the effectiveness of software security and security impact of acquired software; and the coding guidelines and standard