CISSP Certified Information Systems Security Professional - Canada

Certified Information Systems Security Professional Course Outline

Domain 1: Security and Risk Management

• Understand and Apply Security Concepts
• Evaluate and Apply Security Governance Principles
• Determine Compliance and Other Requirements
• Legal and Regulatory Issues that Pertain to Information Security in a Global Context
• Requirements for Investigation Types
• Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines
• Identify, Analyse, and Prioritise Business Continuity (BC) Requirements
• Contribute to and Enforce Personnel Security Policies and Procedures
• Understand and Apply Risk Management Concepts
• Understand and Apply Threat Modelling Concepts and Methodologies
• Apply Supply Chain Risk Management (SCRM) Concepts
• Establish and Maintain a Security Awareness, Education, and Training Program

Domain 2: Asset Security

• Identify and Classify Information and Assets
• Establish Information and Asset Handling Requirements
• Provision Resources Securely
• Manage Data Lifecycle
• Ensure Appropriate Asset Retention
• Data Security Controls and Compliance Requirements

Domain 3: Security Architecture and Engineering

• Research, Implement, and Manage Engineering Processes Using Secure Design Principles
• Fundamental Concepts of Security Models
• Select Controls Based Upon Systems Security Requirements
• Security Capabilities of Information Systems
• Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements
• Cryptographic Life Cycle
• Methods of Cryptanalytic Attacks
• Apply Security Principles to Site and Facility Design
• Design Site and Facility Security Controls

Domain 4: Communication and Network Security

• Implement Secure Design Principles in Network Architectures
• Secure Network Components
• Implement Secure Communication Channels According to Design

Domain 5: Identity and Access Management (IAM)

• Control Physical and Logical Access to Assets
• Manage Identification and Authentication of People, Devices, and Services
• Integrate Identity as a Third-Party Service
• Implement and Manage Authorisation Mechanisms
• Manage the Identity and Access Provisioning Lifecycle
• Implement Authentication Systems

Domain 6: Security Assessment and Testing

• Design and Validate Assessment, Test, and Audit Strategies
• Conduct Security Control Testing
• Collect Security Process Data
• Analyse Test Output and Generate Report
• Conduct or Facilitate Security Audits

Domain 7: Security Operations

• Understand and Support Investigations
• Requirements for Investigation Types
• Conduct Logging and Monitoring Activities
• Securely Provisioning Resources
• Understand and Apply Foundational Security Operations Concepts
• Apply Resource Protection Techniques
• Conduct Incident Management
• Operate and Maintain Detective and Preventative Measures
• Implement and Support Patch and Vulnerability Management
• Participate in Change Management Processes
• Implement Recovery Strategies

Domain 8: Software Development Security

• Integrate Security in the Software Development Life Cycle (SDLC)
• Identify and Apply Security Controls in Development Environments
• Assess the Effectiveness of Software Security
• Assess Security Impact of Acquired Software
• Define and Apply Secure Coding Guidelines and Standards