Training & Certifications

The Official CISSP-ISSAP is designed for the chief security architect or analyst. Drawing from the comprehensive Informational Systems Security Architecture Professional (ISSAP) Common Body of Knowledge (CBK®), the course provides a deep understanding of the broad spectrum of topics included in the CBK and addresses new threats, technologies, regulations, standards and practices. This self-paced training covers the following six domains of the CISSP-ISSAP CBK:

At the end of the program, the participants will be able to :

  1. Create an Information Security Architecture that meets the requirements of governance, compliance and risk management
  2. Evaluate Security architecture models and frameworks
  3. Develop an infrastructure security program
  4. Produce an identity and access management architecture
  5. Integrate security principles into applications development
  6. Design a security operations architecture

CISSP Program is beneficial to Security Consultant, Security Analyst, Security Manager, Security Systems Engineer, IT Director/Manager, Chief Information Security Officer, Security Auditor, Director of Security, Security Architect and Network Architect.

This program is 5 days of intensive training class.

Participants are required to have minimum of five years of cumulative paid full-time work experience in two or more of the eight domains:

  • Security and Risk Management
  • Asset Security
  • Security Engineering
  • Identity and Access Management
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security
  • Communications and Network Security

At the end of the program, participants will be assessed with 3 hours of CISSP-ISSAP.

CISSP-ISSAP Certification will be awarded upon successfully passing the exam from (ISC)2.

  1. Determine Legal, Regulatory, Organizational and Industry Requirements.

    • Ensure that the security architect is aware of legal requirements and designs (builds-in) the ability to support audit and compliance functionality into information systems and the information security framework.
    • Ensure that the security architect is aware the core privacy principles adopted by the OECD.
    • Understand the requirements of the General Data Protection Regulations (GDPR).
    • Understand the requirements of the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH).
    • Understand the requirements of the North American Electric Reliability Corporation – Critical Infrastructure Protection.
    • Understand the requirements of privacy and information security laws in the United Kingdom.
    • Understand the requirements of information security laws in the Asia Pacific region.
    • Understand the requirements of information security laws in Latin America.
    • Ensure that the security architect is aware of the requirements of the Electronic Communications Privacy Act (ECPA).
    • Understand the capabilities and techniques used to develop an enterprise security architecture based on common architectural frameworks.
    • Understand the requirements of information management laws: Gramm-Leach0Bliley Act (GLBA) and Sarbanes-Oxley Act.
  2. Determine Applicable Information Security Standards and Guidelines.

    • Understand the process of evaluating and selecting architectural standards.
    • Understand the requirements of the National Institute of Standards and Technology for information systems protection.
    • Understand the requirements of the Information Security Management System (ISMS) as documented in ISO/IEC 27001.
    • Understand the capabilities and techniques used to develop an enterprise security architecture based on common architectural frameworks.
    • Understand the requirements of the payment card industry for protection of payment cards.
    • Understand the requirements to support audit and compliance services and demonstrate the design, implementation and management of good security practices.
  3. Determine Applicable Sensitive/Personal Data Standards, Guidelines and Privacy Regulations.

    • Introduce the importance of compliance with privacy laws in the context of the real world.
  4. Designing Systems for Auditability

    • Understand the requirements to design systems to support audit and accountability standards.
    • Understand the process of Control Self-Assessment (CSA) and know how to design systems to support CSA.
    • Understand the requirements to design a system for auditability.
    • Understand the process of digital forensics and the examination of evidence.
    • Understand the requirements of working with external entities in the event of an incident.
    • Understand the process of architecting relationships with outsourcing suppliers and partners.
  5. Manage Risk

    • Review the importance of risk management in relation to the establishment of an information security program.
    • Understand the process of determining the relationship between assets and business mission.
    • Understand the Risk Management Framework and risk management process.
    • Understand the principles of risk assessment and risk treatment.
    • Be familiar with quantitative and qualitative risk assessment.
    • Understand the principles and practices of asset identification and classification.
    • Understand the process of determining asset value.
    • Understand the types of threat actors.
    • Understand the types of human threats, natural threats and supply chain risk.
    • Understand the risk related to technology.
    • Understand the process of determining risk.
    • Understand the process of risk reporting and the risk register.
  6. Overview of Risk Treatment

    • Review the principles of risk treatment and risk response.
    • Be familiar with the requirement to perform a cost–benefit analysis when considering control options.
  7. Risk Monitoring

    • Understand the principles of risk monitoring.
    • Understand the impact of emerging threats and vulnerabilities on the level of risk faced by the organization.
    • Understand the factors that can affect risk, such as changes to business processes.
    • Understand the importance of reporting current and emerging risk to management.
    • Be familiar with a risk register and how to use it.
  1. Identify Security Architecture Approach

    • Understand the various architectural approaches and identify the impact upon security of each approach.
    • Understand new security challenges as the types of systems and networks evolve.
    • Understand the security needs as organizations move from systems architecture to enterprise architecture.
    • Be familiar with the security requirements that are unique to each of the common architectural models.
    • Be familiar with the concepts of Service - Oriented Architecture (SOA).
    • Understand the challenges that the Internet of Things (IoT) places on security architecture.
    • Review the security considerations associated with SCADA systems.
    • Review the fundamental security models and various forms of enterprise configurations.
    • Understand the value of benchmarks and baseline configurations.
    • Remember the benefits and types of network segmentation.
    • Be familiar with the evolution of networking and network technologies.
  2. Review Physical Security Requirements.

    • Understand the importance of physical security as related to information security.
    • Understand the methods used to validate physical security controls.
    • Understand the generally accepted data center design tiers
    • Understand the various options to control physical access to data centers.
    • Understand the deployment of closed-circuit television (CCTV).
    • Review the principles of perimeter-based security.
    • Review the principles of fire management.
  3. Verify and validate Design

    • Understand the process of testing and validating the project deliverables.
    • Understand the process of regression testing and avoiding single points of failure.
    • Understand the process of independent verification and validation of infrastructure and control design.
  1. Develop Infrastructure Security Requirements.

    • Understand the process of developing infrastructure security requirements.
    • Understand the security requirements of various types of system deployments.
    • Understand the application of security in a cloud environment.
  2. Design Defense-in-Depth Architecture.

    • Understand the principles of defense in depth and be able to design a defense-in-depth solution for their organization.
    • Understand the role of management networks in protecting and monitoring information systems and system components.
    • Review the core security concepts in relation to infrastructure.
    • Understand the security of various system components.
    • Understand cloud security risk
  3. Review Secure Shared Services

    • Understand the Network Time Protocol (NTP), Domain Name Systems (DNS), and Voice over Internet Protocol (VoIP).
  4. Design Boundary Protection with Enterprise Security Requirements Considered

    • Understand boundary protection.
    • Understand the security requirements when acquiring, deploying and managing various devices.
    • Understand the need for security of mobile devices.
    • Understand cloud virtualization and cloud virtual storage.
  5. Design Infrastructure monitoring

    • Understand the design of monitoring systems.
    • Understand the methods of active and passive data collection.
    • Design the systems to monitor network traffic.
    • Understand security analytics.
  6. Review introduction to cryptographic principles.

    • Understand the legal requirements concerning the design, implementation and operation of cryptographic solutions.
  7. Design infrastructure Cryptographic Solutions

    • Understand the design of infrastructure cryptographic solutions.
  8. Asymmetric Algorithms

    • Understand the principles of asymmetric encryption.
    • Understand the principles of RSA certificates.
    • Understand the process of elliptic curve cryptography.
    • Understand the composition and use of digital signatures.
    • Understand the process of certificate validation.
    • Review the processes of ensuring message integrity through the use of a hash function.
    • Review the SHA3 Algorithm.
    • Understand use of a VPN using Diffie-Hellman.
    • Understand the ElGamal algorithm.
  9. Internet Protocol Security (IPSec)

    • Understand Internet Protocol Security (IPSec).
    • Review the operations of TLS using RSA+.
  1. Evaluate Enterprise Identity Management Requirements

    • Be able to identify and evaluate the requirements for identity management.
    • Understand the process of assigning identifiers to entities.
    • Understand the core principle of information security based on the use of multi-factor authentication to protect systems from unauthorized access.
    • Understand the principles of identification, authentication, authorization and accounting as they relate to identity management
    • Understand the challenges of digital identities.
    • Be able to establish processes to identify personnel and facilitate trust relationships.
    • Be able to define multi-factor authentication.
    • Be able to design risk-based and location-based access controls.
    • Be able to design knowledge-based and object-based access controls.
    • Understand biometrics.
    • Be able to recognize authentication protocols and technology.
    • Understand Security Assertion Markup Language (SAML), RADIUS, and Kerberos.
  2. Access Control Concepts and Principles

    • Understand access control concepts and principles.
    • Be able to design access control management, including the access control management lifecycle.
  3. Design Identity and Access Solutions

    • Understand how to design an identity and access solution for an organization.
    • Understand various access control protocols and technologies.
    • Understand various credential management technologies.
    • Understand the advantages and disadvantages of centralized versus decentralized identity and access management systems.
    • Understand the different types of identity and access management implementations.
    • Understand the risk and requirements for managing privileged accounts.
    • Review the accounting or audit aspect of identity and access management.
  1. Assess and Align Application Security with the Enterprise

    • Understand the process of assessing and aligning application security with the enterprise.
    • Understand how to use the SDLC to design resilient secure systems.
    • Understand how to address security in the SDLC.
    • Understand the requirements traceability matrix (RTM).
    • Understand the principles of secure software coding.
    • Review the principles of security architecture documentation.
  2. Assess Code Review Methodology and Testing

    • Understand the processes and methodologies used to assess software code.
    • Review the principles of static code testing.
    • Review the principles of dynamic code testing.
    • Review the principles of creating valid test data.
    • Review the security concerns associated with APIs.
    • Understand the principles of protecting systems through runtime application self-protection (RASP).
    • Review the principles of anti-malware tools.
    • Review the implementation of encryption in an application.
    • Determine appropriate cryptographic solution for applications.
    • Be familiar with the methodologies used to assess software code and implementations.
    • Understand the principles of a secure code repository.
    • Understand the value and process of version control.
  3. Determine Application Security Capability Requirements and Strategy

    • Understand the process to determine application security requirements.
    • Determine the security requirements for applications operating in a platform as a service (PaaS) deployment.
    • Understand the requirements to secure the infrastructure used in supporting applications.
    • Understand the role that network security plays in supporting secure operations of applications.
    • Understand the requirements to secure the endpoint devices and desktops that support applications.
    • Understand the requirements to secure data storage for an application.
    • Evaluate applicability of security controls for system components.
  4. Identify Common Proactive Controls for Applications

    • Understand some of the common controls used to protect applications.
    • Review the CIS critical security controls.
  1. Security Operations Architecture

    • Understand how to gather security operations requirements.
    • Understand the architect’s role in setting up monitoring and the benefits that an effective monitoring program will provide.
  2. Design Information Security Monitoring

    • Understand the techniques of monitoring and incident identification.
    • Understand the process of incident preparation.
    • Understand the process of incident detection.
    • Understand the process of incident response.
    • Review vulnerability assessments and penetration testing.
    • Work with and support audits, and benefit from the audit process.
  3. Design Business Continuity (BC) and Resiliency Solutions

    • Understand their role in designing business continuity and resiliency solutions.
    • Understand the basics of gathering resource requirements used to support business continuity (BC).
    • Understand their role in assisting in the creation of incident response and communications and training plans.
    • Understand the process of incident response management.
    • Understand the various response strategies that can be used.
    • Identify continuity and availability solutions.
  4. Validate Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) Architecture

    • Be able to participate in the validation of business continuity plans and disaster recovery plans.

Scroll to Top