CISSP 2018

Associated Courses



This cybersecurity certification is an elite way to demonstrate your knowledge, advance your career and become a member of a community of cybersecurity leaders. It shows you have all it takes to design, engineer, implement and run an information security program.


  • Certified Information Systems Security Professional is an independent information security certification.
  • As of 1 January 2018, there are 122,289 CISSP’s worldwide.
  • Governing Body: International Information System Security Certification Consortium,(ISC)²
  • External exam costs: $699 in United States
  • Price does/does not include exam

Security / Managerial / Certification

This is a DOD 8570 compliant course fitting for the following roles:


This course fulfills NICE/NICCS Roles of:

  • Executive Cyber Leadership – OV-EXL-001
  • Cyber Policy and Strategy Planner (OV-SPP-002)

We expect every student to learn the knowledge, skills, and abilities necessary to develop and support an enterprise security program. As a side benefit of the course students will pass the exam and validate thier skills as a cybersecurity professional via certification.

  • Identify and use computer networking concepts and protocols, and network security methodologies.
  • Understand basic risk management processes.
  • Execute secure network administration principles.
  • Distinguish and differentiate cyber threats and vulnerabilities.
  • Manage a team of three for two years
  • Perform team member evaluations
  • Write and/or review vendor contracts, statements of work, or memorandums of understanding
  • A suitable certification replacement for technical or security experience would be CompTIA Security+.
  • Build an information security risk management program and convey it through governance and policy.
  • Applying secured design principles for communication to network security.
  • Performing asset management security through classification program.
  • Designing cyber security metrics programs through assessment and testing.
  • Managing and maintaining identity access management in the enterprise and the cloud.
  • Architecting and engineering cyber security controls that adequately mitigate threats.
  • Enhancing security operations through continuity, physical controls, and personal life safety.
  • Securing the software development lifecycle in the enterprise.

Domain Security and Risk Management

  • Understand and apply concepts of confidentiality, integrity, and availability
  • Evaluate and apply security governance principles
  • Alignment of security function to business strategy, goals, mission, and objectives
  • Organizational processes (e.g., acquisitions, divestitures, governance committees)
  • Organizational roles and responsibilities
  • Security control frameworks
  • Due care/due diligence
  • Determine compliance requirements
  • Contractual, legal, industry standards, and regulatory requirements
  • Privacy requirements
  • Understand legal and regulatory issues that pertain to information security in a global context
  • Cyber crimes and data breach
  • Licensing and intellectual property requirements
  • Import/export controls
  • Trans-border data flow
  • Privacy
  • Understand, adhere to, and promote professional ethics
  • Develop, document, and implement security policy, standards, procedures, and guidelines
  • Identify, analyze, and prioritize Business Continuity requirement
  • Develop and document scope and plan
  • Business Impact Analysis
  • Contribute to and enforce personnel security policies and procedures
  • Candidate screening and hiring
  • Employment agreements and policies
  • Employment agreements and policies
  • Onboarding and termination processes
  • Vendor, consultant, and contractor agreements and controls
  • Compliance policy requirements
  • Privacy policy requirements
  • Understand and apply risk management concepts
  • Identify threats and vulnerabilities
  • Risk assessment/analysis
  • Risk response
  • Countermeasure selection and implementation
  • Applicable types of controls (e.g., preventive, detective, corrective)
  • Security Control Assessment
  • Monitoring and measurement
  • Asset valuation
  • Reporting
  • Continuous improvement
  • Risk frameworks
  • Understand and apply threat modeling concepts and methodologies
  • Threat modeling methodologies
  • Threat modeling concepts
  • Apply risk-based management concepts to the supply chain
  • Risks associated with hardware, software, and services
  • Third-party assessment and monitoring
  • Minimum security requirements
  • Service-level requirements
  • Establish and maintain a security awareness, education, and training program
  • Methods and techniques to present awareness and training
  • Periodic content reviews
  • Program effectiveness evaluation
  • Domain Asset Security
  • Identify and classify information and assets
  • Determine and maintain information and asset ownership
  • Protect privacy
  • Data owners
  • Data processors
  • Data remanence
  • Data remanence
  • Collection limitation
  • Ensure appropriate asset retention
  • Determine data security controls
  • Understand data states
  • Scoping and tailoring
  • Standards selection
  • Data protection methods
  • Establish information and asset handling requirements

Domain Security Architecture and Engineering

  • Implement and manage engineering processes using secure design principles
  • Understand the fundamental concepts of security models
  • Select controls based upon systems security requirements
  • Understand security capabilities of information systems
  • Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements
  • Client-based systems
  • Server-based systems
  • Database systems
  • Cryptographic systems
  • Industrial Control Systems
  • Cloud-based systems
  • Distributed systems
  • Assess and mitigate vulnerabilities
  • Cryptographic life cycle
  • Cryptographic methods
  • Public Key Infrastructure
  • Key management practices
  • Digital signatures
  • Non-repudiation
  • Integrity
  • Understand methods of cryptanalytic attacks
  • Digital Rights Management
  • Apply security principles to site and facility design
  • Implement site and facility security controls
  • Wiring closets intermediate distribution facilities
  • Server rooms data centers
  • Media storage facilities
  • Evidence storage
  • Restricted and work area security
  • Utilities and Heating, Ventilation, and Air Conditioning
  • Environmental issues
  • Fire prevention, detection, and suppression

Domain Communication and Network Security

  • Implement secure design principles in network architectures
  • Open System Interconnection and Transmission Control Protocol/Internet Protocol (TCP/IP) models
  • Internet Protocol networking
  • Implications of multilayer protocols
  • Converged protocols
  • Software-defined networks
  • Wireless networks
  • Secure network components
  • Operation of hardware
  • Transmission media
  • Network Access Control devices
  • Endpoint security
  • Content-distribution networks
  • Implement secure communication channels according to design
  • Voice
  • Multimedia collaboration
  • Remote access
  • Data communications
  • Virtualized networks

Domain Identity and Access Management

  • Control physical and logical access to assets
  • Information
  • Systems
  • Devices
  • Facilities
  • Manage identification and authentication of people, devices, and services
  • Identity management implementation
  • Single/multi-factor authentication
  • Accountability
  • Session management
  • Registration and proofing of identity
  • Federated Identity Management
  • Credential management systems
  • Integrate identity as a third-party service
  • On-premise
  • Cloud
  • Federated
  • Implement and manage authorization mechanisms
  • Role Based Access Control
  • Mandatory Access Control
  • Discretionary Access Control
  • Attribute Based Access Control
  • Manage the identity and access provisioning lifecycle

Domain Security Assessment and Testing

  • Design and validate assessment, test, and audit strategies
  • Internal
  • External
  • Third-party
  • Conduct security control testing
  • Vulnerability assessment
  • Penetration testing
  • Log reviews
  • Synthetic transactions
  • Code review and testing
  • Misuse case testing
  • Test coverage analysis
  • Interface testing
  • Collect security process data
  • Account management
  • Management review and approval
  • Key performance and risk indicators
  • Backup verification data
  • Training and awareness
  • Disaster Recovery and Business Continuity
  • Analyze test output and generate report
  • Conduct or facilitate security audits

Domain Security Operations

  • Understand and support investigations
  • Evidence collection and handling
  • Reporting and documentation
  • Investigative techniques
  • Digital forensics tools, tactics, and procedures
  • Understand requirements for investigation types
  • Administrative
  • Criminal
  • Civil
  • Regulatory
  • Industry standards
  • Conduct logging and monitoring activities
  • Intrusion detection and prevention
  • Security Information and Event Management
  • Continuous monitoring
  • Egress monitoring
  • Securely provisioning resources
  • Asset inventory
  • Asset management
  • Configuration management
  • Understand and apply foundational security operations concepts
  • Need-to-know
  • Least privileges
  • Separation of duties and responsibilities
  • Privileged account management
  • Job rotation
  • Information lifecycle
  • Service Level Agreements
  • Apply resource protection techniques
  • Media management
  • Hardware and software asset management
  • Conduct incident management
  • Detection
  • Response
  • Mitigation
  • Reporting
  • Recovery
  • Remediation
  • Lessons learned
  • Operate and maintain detective and preventative measures
  • Firewalls
  • Intrusion detection and prevention systems
  • Whitelisting/blacklisting
  • Third-party provided security services
  • Sandboxing
  • Honeypots
  • Honeynets
  • Anti-malware
  • Implement and support patch and vulnerability management
  • Understand and participate in change management processes
  • Implement recovery strategies
  • Backup storage strategies
  • Recovery site strategies
  • Multiple processing sites
  • System resilience, high availability, Quality of Service, and fault tolerance
  • Implement Disaster Recovery processes
  • Response
  • Personnel
  • Communications
  • Assessment
  • Restoration
  • Training and awareness
  • Test Disaster Recovery Plans
  • Read-through/tabletop
  • Walkthrough
  • Simulation
  • Parallel
  • Full interruption
  • Participate in Business Continuity planning and exercises
  • Implement and manage physical security
  • Perimeter security controls
  • Internal security controls
  • Address personnel safety and security concerns
  • Travel
  • Security training and awareness
  • Emergency management
  • Duress

Domain Software Development Security

  • Understand and integrate security in the Software Development Life Cycle
  • Development methodologies
  • Maturity models
  • Operation and maintenance
  • Change management
  • Integrated product team
  • Identify and apply security controls in development environments
  • Security of the software environments
  • Configuration management as an aspect of secure coding
  • Security of code repositories
  • Assess the effectiveness of software security
  • Auditing and logging of changes
  • Risk analysis and mitigation
  • Assess security impact of acquired software
  • Define and apply secure coding guidelines and standards
  • Security weaknesses and vulnerabilities at the source-code level
  • Security of application programming interfaces
  • Secure coding practices

There are 15 different possible exercises that can be used in the course of a one hour meeting. As soon as students become accustomed to a particular flow, or they get comfortable, the instructor will switch methods. Some examples include: threats and controls, case studies, risk analysis practice, and reading review.

Students will read before class, take a practice test, submit case study information, and build flashcards. Each activity is graded as needed.

We use a custom textbook developed by our internal experts. Is a completely digital format.

  • 1 hour per session
  • 5 Sessions per week
  • 10 weeks with 2 break weeks
  • Orientation is held for 90 minutes before first live class.
  • Class meeting times are listed on the public calendar.

Student links:   Help Forum      Logistics

Upcoming Classes
6:00 pm CISSP
Apr 22 @ 6:00 pm – 6:55 pm
CISSP @ Online
Please Note: all class times are in Central time zone (Chicago)
6:00 pm CISSP
Apr 23 @ 6:00 pm – 6:55 pm
CISSP @ Online
Please Note: all class times are in Central time zone (Chicago)
6:00 pm CISSP
Apr 24 @ 6:00 pm – 6:55 pm
CISSP @ Online
Please Note: all class times are in Central time zone (Chicago)
6:00 pm CISSP
Apr 25 @ 6:00 pm – 6:55 pm
CISSP @ Online
Please Note: all class times are in Central time zone (Chicago)
6:00 pm CISSP
Apr 26 @ 6:00 pm – 6:55 pm
CISSP @ Online
Please Note: all class times are in Central time zone (Chicago)

Additional information

Weight 14 oz
Dimensions 10 × 2 × 10 in