Course
digicode: SSP
ISC2 Certified Information Systems Security Professional® (CISSP®)
Course facts
- Learning how to plan, implement, and manage information security programs in accordance with international standards (e.g., ISO 27001, NIST, CIS)
- Applying security and risk management methods to identify, assess, and treat risks
- Designing secure IT architectures and system designs, taking into account cryptography, network security, and physical protection measures
- Implementing identity and access management (IAM) and defining secure authentication and authorization procedures
- Analyzing and testing existing security controls, performing audits, tests, and vulnerability analyses
- Planning and controlling operational security processes such as incident response, monitoring, business continuity, and disaster recovery
- Evaluating software development processes and integrating security aspects into the entire software lifecycle
- Preparing for the CISSP® exam through structured review, case studies, and exam strategies for optimal knowledge application
1 Security and Risk Management
Fundamentals of security and risk management, legal and regulatory requirements, compliance, and strategies for business continuity and governance.
2 Asset Security
Protection and management of information assets – from data classification and ownership rights to secure storage and disposal of sensitive information.
3 Security Architecture and Engineering
Design and operation of secure architectures and systems, understanding of security models, cryptography, hardware and network security.
4 Communication and Network Security
Planning, setting up and securing networks, protecting communication channels and using secure protocols against internal and external threats.
5 Identity and Access Management (IAM)
Management of user identities and access rights, authentication mechanisms, lifecycle management, and principles such as least privilege or separation of duties.
6 Security Assessment and Testing
Planning and execution of security assessments, audits, penetration tests, and continuous monitoring to ensure the effectiveness of security measures.
7 Security Operations
Operation and control of security-related processes – including incident response, monitoring, forensic analysis, recovery, and emergency management.
8 Software Development Security
Integration of security principles into the software development process, secure programming, testing methods, and control of software security risks.
CISSP® certification is ideal for you if you already hold or aspire to a specialist or management role. It is the decisive career step for:
Managers: As a CISO, CIO, or IT manager, you will master the strategic management of your organization by focusing on security and risk management.
Architects & Engineers: As a security or network architect or security systems engineer, you will deepen your knowledge of security architecture and engineering as well as communication and network security in order to design secure infrastructures.
Specialists & consultants: As a security consultant, analyst, manager, or auditor, you will sharpen your profile in areas such as asset security, identity and access management (IAM), and security assessment and testing.
Developers: You will learn how to efficiently manage security operations and ensure software development security throughout the company.
To obtain the full CISSP® certificate, you need at least five years of relevant full-time work experience. This experience must cover at least two of the eight domains of the CISSP® Exam Outlines.
How to shorten the time required:
- Study: A relevant 4-year university degree (or a regionally equivalent degree) counts as one year of work experience.
- Additional qualifications: Recognized certifications from the ISC2 list can also replace one year of the required practical experience.
- Important: A maximum of one year of the required five years can be waived through study or other certificates.
- Flexibility: Part-time positions and internships can also be counted toward your professional experience.
Don't have enough experience yet? Become an «Associate of ISC2»
If you don't yet have the necessary practical experience, this is no obstacle to your career:
- You successfully complete the CISSP® exam.
- You receive the status of «Associate of ISC2»
- You then have six years to gain the missing professional experience and finalize your full CISSP® certificate.
Exam format
- Exam duration: 3 hours
- Number of questions: 100 to 150
- Format: Multiple choice & advanced question types
- Pass rate: 70% (700/1000 points)
- Language: English, Chinese, German, Japanese, Spanish
- Exam content: The 8 domains
- Domain 1: Security and Risk Management – 16%
- Domain 2: Asset Security – 10%
- Domain 3: Security Architecture and Engineering – 13%
- Domain 4: Communication and Network Security – 13%
- Domain 5: Identity and Access Management (IAM) – 13%
- Domain 6: Security Assessment and Testing – 12%
- Domain 7: Security Operations – 13%
- Domain 8: Software Development Security – 10%
Applying for certification
Once you have passed the CISSP® exam, you can apply for the official ISC2 certificate. To do so, you must sign the ISC2 Code of Ethics, and your professional experience must be verified by an actively certified ISC2 professional. Certification must be completed within nine months of the exam date. If you are unable to find a suitable person, ISC2 will assist you in validating your application.
Recertification
The CISSP® certificate is valid for three years. To maintain your certification, you must provide proof of continuing professional education (CPE) and pay the annual maintenance fee (AMF) to ISC2. This ensures that your expertise remains up to date and your status as a Certified Professional remains active.