ISC2 - Certified Information Systems Security Professional CISSP certification



Only 6 Days



Classroom / Online / Hybrid

Next date

Next date:

2/10/2023 (Monday)


CISSP training, CISSP certification

Get CISSP trained in just six days on this accelerated course. The CISSP (certified information systems security professional) is globally recognised as the gold standard IT security certification – learn the skills you need to achieve it at twice the speed with Firebrand.

Developed by (ISC)2, the world’s leading cyber security membership association, the CISSP is key for professionals aiming for senior roles in information security. With Firebrand, you’ll build the expert knowledge needed to implement and manage an enterprise security programme.

On this accelerated course, you’ll study the eight domains of the CISSP Common Body of Knowledge (CBK):

  1. Security and Risk Management
  2. Asset Security
  3. Security Architecture and Engineering
  4. Communication and Network Security
  5. Identity and Access Management (IAM)
  6. Security Assessment and Testing
  7. Security Operations
  8. Software Development Security

Strengthen your skills as a security professional – this training is ideal for security consultants, analysts, managers, auditors and architects. Plus, the CISSP certification is highly desirable for ambitious professionals aiming to achieve Chief Information Security Officer (CISO) roles.

Train at twice the speed on this official CISSP course

Firebrand Training is an Authorised Provider of (ISC)2 training. On this accelerated course, you’ll get access to resources only available to authorised providers:

  • Expert training from authorised (ISC)2 instructors
  • Official courseware
  • Official CISSP Practice Exam and Evaluation
CISSP training with onsite CISSP exam

(ISC)2 Highest Performing Affiliate of the Year

Firebrand Training has been named as a “Highest Performing Affiliate of the Year – EMEA” by (ISC)2. Upon announcing the award, W. Hord Tipton, Executive Director of (ISC)2, stated: “This award represents Firebrand as the top performer for (ISC)2...for the EMEA region.”

Seven reasons why you should sit your CISSP course with Firebrand Training

  1. You'll be CISSP trained in just 6 days.
  2. Our CISSP course is all-inclusive. A one-off fee covers all course materials, exams, accommodation and meals. No hidden extras
  3. Pass CISSP first time or train again for free. This is our guarantee. We’re confident you’ll pass your course first time. But if not, come back within a year and only pay for accommodation, exams and incidental costs
  4. You’ll learn more CISSP. A day with a traditional training provider generally runs from 9am – 5pm, with a nice long break for lunch. With Firebrand Training you’ll get at least 12 hours/day quality learning time, with your instructor
  5. You’ll learn CISSP faster. Chances are, you’ll have a different learning style to those around you. We combine visual, auditory and tactile styles to deliver the material in a way that ensures you will learn faster and more easily
  6. You’ll be studying CISSP with the best. We’ve been named in Training Industry’s “Top 20 IT Training Companies of the Year” every year since 2010. As well as winning many more awards, we’ve trained and certified 134,561 professionals, and we’re partners with all of the big names in the business
  7. You'll do more than study CISSP courseware. We use practical exercises to make sure you can apply your new knowledge to the work environment. Our instructors use demonstrations and real-world experience to keep the day interesting and engaging


(ISC)2 Membership Benefits

(ISC)2 is an international, non-profit membership association built for security professionals. When you certify, you’ll become a member of (ISC)². As a member, you’ll join a global network of 125,000+ and get access to an array of exclusive resources, tools and peer-to-peer networking opportunities, conference and event discounts.

Become a member by earning one of (ISC)2’s gold standard certifications. Contact us to find out more.

Benefits of Firebrand’s official six-day CISSP training

  • (ISC)2 instructors present the Common Body of Knowledge Seminar
  • Study with (ISC)2 copyrighted training material, which is unavailable to non-partner organisations
  • Prepare for your CISSP exam with the official (ISC)2 practice exam
  • Receive a personal critique of your practice exam results to help you focus on topics where additional focus should be given
  • Study faster with accelerated training in a distraction-free environment

Benefits of CISSP certification for your company

  • Establish information security best practices within your organisation
  • Organisations employing CISSP-certified professionals have their data and systems safeguarded by the best in the business
  • Provides a business and technology orientation to risk management

Other accelerated training providers rely heavily on lecture and independent self-testing and study.

Effective technical instruction must be highly varied and interactive to keep attention levels high, promote camaraderie and teamwork between the students and instructor, and solidify knowledge through hands-on learning.

Firebrand Training provides instruction to meet every learning need:

  • Intensive group instruction
  • One-on-one instruction attention
  • Hands-on labs
  • Lab partner and group exercises
  • Question and answer drills
  • Independent study

This information has been provided as a helpful tool for candidates considering training. Courses that include certification come with a certification guarantee. Pass first time or train again for free (just pay for accommodation and exams on your return). We do not make any guarantees about personal successes or benefits of obtaining certification. Benefits of certification determined through studies do not guarantee any particular personal successes.


Domain 1: Security and Risk Management

1.1 Understand and apply concepts of confidentiality, integrity and availability

1.2 Evaluate and apply security governance principles

  • Alignment of security function to business
  • Security control frameworks strategy, goals, mission, and objectives
  • Due care/due diligence
  • Organisational processes (e.g., acquisitions, divestitures, governance committees)
  • Organisational roles and responsibilities

1.3 Determine compliance requirements

  • Contractual, legal, industry standards, and regulatory requirements
  • Privacy requirements

1.4 Understand legal and regulatory issues that pertain to information security in a global context

  • Cyber crimes and data breaches
  • Trans-border data flow
  • Licensing and intellectual property requirements
  • Privacy
  • Import/export controls

1.5 Understand, adhere to and promote professional ethics

  • (ISC)² Code of Professional Ethics
  • Organisational code of ethics

1.6 Develop, document, and implement security policy, standards, procedures, and guidelines

1.7 Identify, analyse and prioritise Business Continuity (BC) requirements

  • Develop and document scope and plan
  • Business Impact Analysis (BIA)

1.8 Contribute to and enforce personnel security policies and procedures

  • Candidate screening and hiring
  • Compliance policy requirements
  • Employment agreements and policies
  • Privacy policy requirements
  • Onboarding and termination processes
  • Vendor, consultant, and contractor agreements and controls

1.9 Understand and apply risk management concepts

  • Identify threats and vulnerabilities
  • Security Control Assessment (SCA)
  • Risk assessment/analysis
  • Monitoring and measurement
  • Risk response
  • Asset valuation
  • Countermeasure selection and implementation
  • Reporting
  • Applicable types of controls (e.g., preventive, Continuous improvement detective, corrective)
  • Risk frameworks

1.10 Understand and apply threat modelling concepts and methodologies

  • Threat modelling methodologies
  • Threat modelling concepts

1.11 Apply risk-based management concepts to the supply chain 

  • Risks associated with hardware, software, and SERVICES            
  • Service-level requirements services
  • Third-party assessment and monitoring
  • Minimum security requirements

1.12 Establish and maintain a security awareness, education, and training program

  • Methods and techniques to present awareness and training
  • Periodic content reviews
  • Program effectiveness evaluation

Domain 2: Asset Security

2.1 Identify and classify information and assets

  • Data classification
  • Asset Classification

2.2 Determine and maintain information and asset ownership

2.3 Protect privacy

  • Data owners
  • Data remanence
  • Data processors
  • Collection limitation

2.4 Ensure appropriate asset retention

2.5 Determine data security controls

  • Understand data states
  • Standards selection
  • Scoping and tailoring
  • Data protection methods

2.6 Establish information and asset handling requirements

Domain 3: Security Architecture and Engineering

3.1 Implement and manage engineering processes using secure design principles

3.2 Understand the fundamental concepts of security models

3.3 Select controls based upon systems security requirements

3.4 Understand security capabilities of information systems (e.g., memory protection, Trusted Platform Module (TPM), encryption/decryption)

3.5 Assess and mitigate the vulnerabilities of security architectures, designs, and solution

  • Client-based systems
  • Server-based systems
  • Database systems
  • Cryptographic systems
  • Industrial Control Systems (ICS)
  • Cloud-based systems
  • Distributed systems
  • Internet of Things (IoT)

3.6 Assess and mitigate vulnerabilities in web-based systems

3.7 Assess and mitigate vulnerabilities in mobile systems

3.8 Assess and mitigate vulnerabilities in embedded devices

3.9 Apply cryptography

  • Cryptographic life cycle (e.g., key management, algorithm selection)
  • Cryptographic methods (e.g., symmetric, asymmetric, elliptic curves)
  • Public Key Infrastructure (PKI)
  • Digital signatures
  • Non-repudiation
  • Integrity (e.g., hashing)
  • Understand methods of cryptanalytic attacks
  • Digital Rights Management (DRM)
  • Key management practices

3.10 Apply security principles to site and facility design

3.11 Implement site and facility security controls

  • Wiring closets/intermediate distribution facilities
  • Server rooms/data centres
  • Media storage facilities
  • Evidence storage
  • Restricted and work area security
  • Utilities and Heating, Ventilation, and Air Conditioning (HVAC) » Environmental issues
  • Fire prevention, detection, and suppression

Domain 4: Communication and Network Security

4.1 Implement secure design principles in network architectures

  • Open System Interconnection (OSI) and Transmission Control Protocol/Internet Protocol (TCP/IP) models
  • Internet Protocol (IP) networking
  • Implications of multilayer protocols
  • Software-defined networks
  • Wireless networks
  • Converged protocols

4.2 Secure network components             

  • Operation of hardware
  • Transmission media
  • Network Access Control (NAC) devices
  • Endpoint security
  • Content-distribution networks

4.3 Implement secure communication channels according to design

  • Voice
  • Multimedia collaboration
  • Remote access
  • Data communications
  • Virtualised networks

Domain 5: Identity and Access Management (IAM)

5.1 Control physical and logical access to assets

  • Information
  • Systems
  • Devices
  • Facilities

5.2 Manage identification and authentication of people, devices, and services

  • Identity management implementation
  • Registration and proofing of identity
  • Single/multi-factor authentication
  • Federated Identity Management (FIM)
  • Accountability
  • Credential management systems
  • Session management

5.3 Integrate identity as a third-party service

  • On-premise
  • Cloud
  • Federated

5.4 Implement and manage authorisation mechanisms

  • Role Based Access Control (RBAC)
  • Discretionary Access Control (DAC)
  • Rule-based access control
  • Attribute Based Access Control (ABAC)
  • Mandatory Access Control (MAC)

5.5 Manage the identity and access provisioning lifecycle

  • User access review
  • System account access review
  • Provisioning and deprovisioning

Domain 6: Security Assessment and Testing 

6.1 Design and validate assessment, test, and audit strategies

  • Internal
  • External
  • Third-party

6.2 Conduct security control testing

  • Vulnerability assessment
  • Code review and testing
  • Penetration testing
  • Misuse case testing
  • Log reviews
  • Test coverage analysis
  • Synthetic transactions
  • Interface testing

6.3 Collect security process data (e.g., technical and administrative)

  • Account management
  • Training and awareness
  • Management review and approval
  • Disaster Recovery (DR) and Business Continuity
  • Key performance and risk indicators (BC)
  • Backup verification data

6.4 Analyse test output and generate report

6.5 Conduct or facilitate security audits

  • Internal
  • External
  • Third-party

Domain 7: Security Operations

7.1 Understand and support investigations

  • Evidence collection and handling
  • Investigative techniques
  • Reporting and documentation
  • Digital forensics tools, tactics, and procedures

7.2 Understand requirements for investigation types

  • Administrative
  • Regulatory
  • Criminal
  • Industry standards
  • Civil

7.3 Conduct logging and monitoring activities

  • Intrusion detection and prevention
  • Continuous monitoring
  • Security Information and Event Management
  • Egress monitoring (SIEM)

7.4 Securely provisioning resources

  • Asset inventory
  • Asset management
  • Configuration management

7.5 Understand and apply foundational security operations concepts

  • Need-to-know/least privileges
  • Job rotation
  • Separation of duties and responsibilities
  • Information lifecycle
  • Privileged account management
  • Service Level Agreements (SLA)

7.6 Apply resource protection techniques

  • Media management
  • Hardware and software asset management

7.7 Conduct incident management

  • Detection
  • Recovery
  • Response
  • Remediation
  • Mitigation
  • Lessons learned
  • Reporting

7.8 Operate and maintain detective and preventative measures

  • Firewalls
  • Sandboxing
  • Intrusion detection and prevention systems
  • Honeypots/honeynets
  • Whitelisting/blacklisting
  • Anti-malware
  • Third-party provided security services

7.9 Implement and support patch and vulnerability management

7.10 Understand and participate in change management processes

7.11 Implement recovery strategies

  • Backup storage strategies
  • System resilience, high availability, Quality of
  • Recovery site strategies Service (QoS), and fault tolerance
  • Multiple processing sites

7.12 Implement Disaster Recovery (DR) processes

  • Response
  • Personnel
  • Communications

7.13 Test Disaster Recovery Plans (DRP)               

  • Assessment
  • Restoration
  • Training and awareness
  • Read-through/tabletop
  • Walkthrough
  • Simulation
  • Parallel
  • Full interruption

7.14 Participate in Business Continuity (BC) planning and exercises

7.15 Implement and manage physical security

  • Perimeter security controls
  • Internal security controls

7.16 Address personnel safety and security concerns

  • Travel
  • Emergency management
  • Security training and awareness
  • Duress

Domain 8: Software Development Security

8.1 Understand and integrate security in the Software Development Life Cycle (SDLC)

  • Development methodologies
  • Change management
  • Maturity models
  • Integrated product team
  • Operation and maintenance

8.2 Identify and apply security controls in development environments

  • Security of the software environments
  • Configuration management as an aspect of secure coding
  • Security of code repositories

8.3 Assess the effectiveness of software security

  • Auditing and logging of changes
  • Risk analysis and mitigation

8.4 Assess security impact of acquired software

8.5 Define and apply secure coding guidelines and standards

  • Security weaknesses and vulnerabilities at the source-code level
  • Security of application programming interfaces
  • Secure coding practices


What is a CISSP Boot Camp?

Firebrand’s CISSP Boot Camp is an accelerated course that will prepare you to take the challenging CISSP exam. Accelerated training is fast, but this is not a crash course – you’ll learn from a real-world security expert and study everything you need to know to pass the exam.

You’ll study the eight CISSP CBK (Common Body of Knowledge) domains using the most up-to-date curriculum and revision materials.

Firebrand’s CISSP bootcamp is ideal for experienced security professionals, including managers, auditors and consultants – or anyone aiming to achieve CISO roles.

Does Firebrand offer CISSP online training?

Firebrand does not provide online training for the CISSP certification. Instead, Firebrand’s CISSP course provides students with an opportunity to learn in-person from expert security instructors.

How much does CISSP training cost?

To find out the cost of this accelerated CISSP course and others, visit our prices page.

What is the CISSP CBK?

The CISSP Common Body of Knowledge (CBK) is an established information security framework covering security terminology, principles and a library of cyber security topics. It is sometimes referred to as the CISSP syllabus.

Created by (ISC)2, the CBK is used to assess a student’s level of security knowledge when preparing for and sitting the CISSP exam.

CISSPs are subject matter experts (SMEs) who work within two or more of these eight domains and possess advanced knowledge, skills, and experience gained through certification. 

What are the CISSP domains?

The CISSP exam covers 8 domains in 2018 which are:

  • Security and Risk Management
  • Asset Security
  • Security Engineering
  • Communications & Network Security
  • Identity & Access Management
  • Security Assessment & Testing
  • Security Operations
  • Software Development Security

What are the CISSP prerequisites?

To achieve this certification, you must have at least five years of cumulative, paid and full-time work experience in two or more of the eight CISSP CBK domains.

However, if you don’t meet these requirements, you can get a one-year experience waiver with:

  • A four-year college degree (or regional equivalent)
  • An approved credential from (ISC)2’s experience waiver list

You may also opt to take and sit the CISSP exam without the required experience. If you do pass the exam without the prerequisite experience, you will become an Associate of (ISC)2. You’ll then have six years to earn the work experience required, at which point you will receive your CISSP certification.

What does the CISSP exam cost in the UK?

The CISSP exam costs £560 in the UK.

How many hours is the CISSP exam?

The CISSP CAT exam duration is three hours. Exceptions can be provided to candidates with medical accommodations that are pre-approved by (ISC)2.

There is no minimum exam duration and students may proceed through the exam at their own pace.

What is the salary for a CISSP professional?

The average annual salary for professionals holding the CISSP certification is £60,000 – according to data from ITJobsWatch.

Exam Track

This accelerated CISSP course will prepare you for the following exam. The exam voucher is included in the course price. If you wish to take the exam, we'll provide guidance on how to book your seat at a Pearson Vue testing centre.

  • CISSP exam
    • Exam length: up to three hours
    • Number of questions: 100-150
    • Format: Multiple choice and advanced innovative questions
    • Passing grade: 700 out of 1000 points
    • Languages: English, French, German, Brazilian Portuguese, Spanish, Japanese, Simplified Chinese and Korean. The exam is also available in a format for Visually Impaired students.

You'll be tested on the eight CISSP domains:

  1. Security and Risk Management - 15%
  2. Asset Security - 10%
  3. Security Architecture and Engineering - 13%
  4. Communication and Network Security - 14%
  5. Identity and Access Management (IAM) - 13%
  6. Security Assessment and Testing - 12%
  7. Security Operations - 13%
  8. Software Development Security - 10%

After passing your exam

Once you have successfully passed your certification exam, you'll receive your certificate and ID card. Upon receiving notification of your exam success, you will be required to subscribe to the (ISC)2 Code of Ethics and have your application endorsed before the credential can be awarded.

An endorsement form for this purpose must be completed and signed by an (ISC)2 certified professional who is an active member, and who can attest to your professional experience. You are required to become certified within nine months of the date of your exam.

If you do not become certified or an Associate of (ISC)2 within 9 months of the date of your exam, you will be required to retake the exam in order to become certified. It is possible for (ISC)2 to endorse you if you cannot find a certified individual to act as one.

Maintenance Requirements

The CISSP certification has annual and three-year CPE requirements. To maintain your certification you must:

  • Earn and submit a minimum of 40 Continuing Professional Education (CPE) credits each year of the three year certification cycle
  • Gain a minimum of 120 CPE credits every three years
  • Pay the annual maintenance fee (AMF) of USD$85 each year of your three-year certification cycle
  • Fully support and abide by the (ISC)2 Code of Ethics

Please note: Passing candidates may be randomly selected and audited by (ISC)2 Member Services prior to issuance of a certification. Attaining multiple certifications may result in a candidate being audited more than once. Firebrand Training will provide support for candidates that are audited.

What's Included

On your accelerated CISSP course, you'll get access to resources only available to authorised (ISC)2 training providers:

  • Authorised (ISC)2 instructors vetted by (ISC)2 and trained to deliver (ISC)2 certification courses
  • Official and up-to-date courseware, including "The Official (ISC)2 CISSP CBK Review Seminar - Student Handbook"
  • Official Practice Exam

Firebrand will also provide you with:

  • Personal exam-readiness evaluation
  • Supplementary material designed to further strengthen your knowledge in preparation for the exam

For this 6 day duration CISSP course, (ISC)2 recognise a maximum of 40 CPEs for an existing (ISC)2 certification holder.

Firebrand Training offers top-quality technical education and certification training in an all-inclusive course package specifically designed for the needs and ease of our students. We attend to every detail so our students can focus solely on their studies and certification goals.

Our Certification Programs includes

  • Intensive Hands-on Training Utilising our (Lecture | Lab | Review)TM Delivery
  • Comprehensive Study Materials, Program Courseware and Self-Testing Software including MeasureUp *
  • Fully instructor-led program with 24 hour lab access
  • Examination vouchers **
  • Near site testing, Transportation to/from Testing Center are provided ***
  • Accommodation, all meals, unlimited beverages, snacks and tea / coffee****
  • Examination Passing Policy

Please note

  • * Not on all courses
  • ** Examination vouchers are not included for the following courses: PMP, CAPM and CISSP CBK Review
  • *** Not included in our PMP, CAPM, CISA, CISM, CGEIT, CRISC, (ISC)2 or ITIL Managers and Revision Certifications
  • **** Accommodation not included on the CISSP CBK Review Seminar

Our instructors teach to accommodate every student's learning needs through individualised instruction, hands-on labs, lab partner and group exercises, independent study, self-testing, and question/answer drills.

Firebrand Training has dedicated, well-equipped educational facilities where you will attend instruction and labs and have access to comfortable study and lounging rooms. Our students consistently say our facilities are second-to-none.

Examination Passing Policy

Should a student complete a Firebrand Training Program without having successfully passed all vendor examinations, the student may re-attend that program for a period of one year.  Students will only be responsible for accommodations and vendor exam fees.


To achieve this certification, you must have:

  • At least five years cumulative, paid, full-time work experience in two or more of the eight (ISC)2 CISSP Body of Knowledge (CBK) domains

If you don’t meet the work experience requirement you can get a one year experience waiver with:

  • A four-year college degree (or regional equivalent)
  • An approved credential from (ISC)2’s experience waiver list

Alternatively, you may opt to take and sit the CISSP exam without the required experience. Pass the exam and you will become an Associate of (ISC)2 – you’ll then have six years to earn the work experience required. Upon gaining the experience you will receive your full CISSP certification.

Unsure whether you meet the prerequisites? Don’t worry. Your training consultant will discuss your background with you to understand if this course is right for you.


Here's the Firebrand Training review section. Since 2001 we've trained exactly 134,561 students and asked them all to review our Accelerated Learning. Currently, 96.46% have said Firebrand exceeded their expectations.

Read reviews from recent accelerated courses below or visit Firebrand Stories for written and video interviews from our alumni.

"The scope of the topic immediately strikes the fear of God, filling one with dread and apprehension. Our instructor's eccentric delivery, laced with humour, belies a suitably qualified and experienced person SQEP who never looses site of the need of his students; who he affords the due care and diligence to ensuring you certify. Exceptionally gifted."
RM. (4/9/2023 (Monday) to 9/9/2023 (Saturday))

"The experience with Firebrand and the instructor we had was second to none. Given how comprehensive the content is, I am still in awe at how well the instructor kept us engaged, spaced the out the breaks really well, and made sure no one was left behind. I would highly recommend going with Firebrand for any training needs you have."
SZ. (4/9/2023 (Monday) to 9/9/2023 (Saturday))

"Absolutely amazing instructor. This is the second time I have trained with him as my instructor. His charisma, positivity and humorous anecdotes help the information to stick. This was a resit for me, and I can confidently say that his efforts have helped me to affirm my knowledge and understanding. I would most certainly return to train with him again hopefully for a different course, as I'm hoping I'll pass my CISSP, and would highly recommend my instructor and Firebrand to others!"
Rashpal Soor. (4/9/2023 (Monday) to 9/9/2023 (Saturday))

"The training course initially felt very full on but as the week progressed, it was clear as to how much information I had taken in and it boosted confidence quite quickly at that point. All staff encountered were friendly and informative. I would definitely recommend Firebrand to anyone"
Jonathan Faulds. (4/9/2023 (Monday) to 9/9/2023 (Saturday))

"Training was great, appreciate the jokes and well-time breaks to help stay engaged in the training."
Anonymous. (4/9/2023 (Monday) to 9/9/2023 (Saturday))

Course Dates

FrontFoot - CISSP Boot Camp




Book now

7/8/2023 (Monday)

12/8/2023 (Saturday)

Finished - Leave feedback


4/9/2023 (Monday)

9/9/2023 (Saturday)

Finished - Leave feedback


2/10/2023 (Monday)

7/10/2023 (Saturday)

Limited availability

Book now

30/10/2023 (Monday)

4/11/2023 (Saturday)


Book now

13/11/2023 (Monday)

18/11/2023 (Saturday)


Book now

20/11/2023 (Monday)

25/11/2023 (Saturday)


Book now

27/11/2023 (Monday)

2/12/2023 (Saturday)


Book now

4/12/2023 (Monday)

9/12/2023 (Saturday)

Wait list


11/12/2023 (Monday)

16/12/2023 (Saturday)


Book now

8/1/2024 (Monday)

13/1/2024 (Saturday)


Book now

15/1/2024 (Monday)

20/1/2024 (Saturday)


Book now

22/1/2024 (Monday)

27/1/2024 (Saturday)


Book now

26/2/2024 (Monday)

2/3/2024 (Saturday)


Book now

4/3/2024 (Monday)

9/3/2024 (Saturday)


Book now

8/4/2024 (Monday)

13/4/2024 (Saturday)


Book now

22/4/2024 (Monday)

27/4/2024 (Saturday)


Book now

13/5/2024 (Monday)

18/5/2024 (Saturday)


Book now

20/5/2024 (Monday)

25/5/2024 (Saturday)


Book now

10/6/2024 (Monday)

15/6/2024 (Saturday)


Book now

17/6/2024 (Monday)

22/6/2024 (Saturday)


Book now

Latest Reviews from our students