ISC2 CISSP

What does the CISSP certification cover?

Fb Logo Uk Wheel Rgb 200Px
Sarah Morgan
27 January, 2014

The ISC2 Certified Information Systems Security Professional (CISSP) is an advanced-level certification designed for information security professionals.

As a CISSP, you’ll be an expert in developing, guiding, and managing security standards, policies, and procedures within your organisation.

CISSP is divided into 10 areas, also referred to as domains, known collectively as the Common Body of Knowledge (CBK). 

Here’s what you’ll be covering in those domains, during your CISSP training:

1. Access Control

You’ll learn about concepts, methodologies and techniques to protect the assets of your systems against attacks.

2. Telecommunications & Network Security

This domain focuses on network structures, its components and methods to keep them safe. It also covers transport methods, communication channels and network security measures.

3. Information Security Governance & Risk Management

In this domain, you’ll learn how identify your organisation’s information assets. In addition, you’ll gain understanding of the development, documentation and implementation of policies, procedures and standards regarding:

  • Security governance and policy
  • Information classification and ownership
  • Contractual agreements and procurement processes
  • Risk management concepts
  • Personnel security
  • Security education, training and awareness
  • Certification and accreditation

4. Software Development Security

It teaches you about the controls that are included within systems and applications software, and the steps used in their development.

5. Cryptography

The Cryptography domain teaches you about encryption concepts, cryptanalytic attacks, as well as other principles, means and methods of disguising information.

6. Security Architecture & Design

This domain contains the concepts, structures, principles and standards used to design, implement, monitor, and secure, operating systems, equipment, applications and networks.

7. Security Operations

You’ll learn about controls over hardware, media and the operators with access privileges to:

  • Resource protection
  • Incident response
  • Attack prevention and response
  • Patch and vulnerability management

8. Business Continuity & Disaster Recovery Planning

If the worst happens to your organisation, you’ll need to react quickly, in order to recover as quickly as possible. In this domain, you’ll learn about recovery strategies, business impact analysis and disaster recovery processes.

9. Legal, Regulations, Investigations and Compliance

This domain addresses computer crime laws and regulations; the investigative measures and techniques which can be used to determine if a crime has been committed and methods to gather evidence.

10. Physical (Environmental) Security

The last domain covers threats and vulnerabilities, and provides preventive measures, that can be used to physically protect an enterprise’s sensitive information. You’ll learn about:

  • Site/facility design considerations
  • Perimeter security
  • Internal security
  • Facilities security

Get CISSP-certified with Firebrand

For the past twelve years in a row, we’ve been named one of the Top 20 IT Training Companies in the World.

We offer accelerated courses, training solutions, and Apprenticeships to develop core IT skills.

Could one of them be right for you?