CISSP Certification Training in Liverpool, UK

1
www.infosectrain.com
Preparation for CISSP in Liverpool, UK
2
InfosecTrain
About Us
InfosecTrain is one of the finest Security and
Technology Training and Consulting organization,
focusing on a range of IT Security Trainings and
Information Security Services. InfosecTrain was
established in the year 2016 by a team of
experienced and enthusiastic professionals, who
have more than 15 years of industry experience.
We provide professional training, certification
consulting services related to all areas of
Information Technology and Cyber Security.
3
(No Transcript)
4
Preparation for CISSP

• CISSP is known as a Certified Information System
  Security Professional. Now it is one of the most
  globally recognized certifications in information
  security. So, the certificate is taken by people
  who are responsible for maintaining the security
  posture for an enterprise-level.
• It is not at all entry-level certification that
  requires a minimum of 5 years of experience in
  information security and two or more eight
  domains of CISSP.
• You will understand how important this
  certification is because it has been more than 26
  years since CISSP launched in 1994, and since
  then, there are only 140 thousand people
  certified across the globe.

• CCISO Certification

5
Part of CISSP certification

• There are eight domains of CISSP Certification
• Domain 1 Security and risk management (15)  It
  is all about security risk and control. It will
  give you a complete perspective of security risk,
  governance risk management, and it also talks
  about at an enterprise-level, how you can take
  care of business continuity planning. It also
  gives you a flavor of understanding the loss
  thats is following across the globe. This
  particular domain has the highest percentage in
  the examination.
• Domain 2 Asset Security (10) The next part is
  assets security, a relatively short domain but
  indeed a significant one. We will talk about
  various things that we deal with to protect
  assets (it is about the information assets that
  are the data).
• Domain 3 Security Architecture and engineering
  (13) It is one of the humongous domains in
  CISSP it includes five different modules and
  three other parts. It talks about cryptography,
  security architecture, and engineering, system
  architecture, and it also talks about physical
  security. So it is essential for the examination
  perspective.

6

• Domain 4 Communication and network security
  (14) It is one of the most extensive fields in
  CISSP from a content perspective and indeed
  important once. Many people do not have a
  networking background they have difficulty
  understanding many of the concepts from this
  domain.
• Domain 5 Identity and access management (ISM)
  (13) Indeed, it is one of the binding domain
  essentials, but there are few concepts in
  specific parts that are testable from an
  examination perspective.
• Domain 6 Security assessment and testing
  (12) In this domain, we look at various aspects
  that we need to know from an application security
  perspective the different things we need to
  understand while we asset or test an application
  from a security perspective.
• Domain 7 Security operations (13) Many people
  have first-hand experience in this domain because
  it talks about the concepts that everybody
  follows or sees at their day to day level. So it
  is going to change management, patch management,
  or vulnerability management. Many people who have
  worked in information security have done at least
  one thing in the security operations section.
• Domain 8 Software development security (10) In
  this, we will see various ways of developing
  software (like software development life cycle,
  life cycle model, and activity of malicious code
  and their impact on applications, including your
  software applications).

7
Exam Specifics

• CISSP is a CAT (Computer Adaptive Test)
• How exactly CAT format works When you start the
  examination, you will give the first question
  the question would have four responses choose
  one of the right answers. Now the movement, you
  select a reply and submit the response the next
  question will base on the previous questions
  response. If someone has done the last question
  correctly, the next question will be a slight
  difficulty level. If someone has done the
  previous question incorrectly, the next question
  will be a slightly lower difficulty level.
• When the examination gets over, the result will
  decide based on the three rules.
• Confidence interval rule.
• Minimum length exam rule.
• Run out of time rule.
• 3 hours of duration.
• You can not flag the question and go back to the
  previous one.
• You will be given a Wipr Board and pen with an
  inbuilt calculator in the testing system.
• Questions are weighted.

8
Domain1 Security Risk and governance

• Domain Agenda
• Understand and apply the concept of
  confidentiality, integrity, and availability.
• Develop, and implement security policy,
  standards, procedures, and guidelines.
• Understanding risk management concepts.
• Identify, analyze, and prioritize business
  continuity requirements.
• Understanding CIAConfidentiality Confidentialit
  y means any communication or any information
  intended for a specific audience we will only
  share with those audiences. The best method to
  protect the confidentiality of the data would be
  encryption. Now data at any state needs to be
  protected. So data has typically three different
  forms
• DIM (Data in motion)
• DAR (Data at rest)
• DIU (Data in use)

9
Integrity Any unauthorized modification of the
data by an authorized or unauthorized person
called as there is a compromise or breach in the
integrity. We need to ensure that any
unauthorized modification or alteration of any
data by any authorized and unauthorized person
will be called a compromise or a breach of
integritythe best method or approach for the
examination perspective made through the concept
of hashing.Availability Availability is going
to ensure that the data is available whenever
its needed. Whenever someone wants to access the
information, it should be available to us. The
best method to achieve availability is
fault-tolerance.Develop, and implement security
policy, standards, procedures, and
guidelines.What exactly is your policy? Now,
these documents are essential for any
organization. They need to keep a hold of these
documents because if we do not have these
documents, it is difficult for any enterprise or
organization to create security or drive a
security project at any organization.Policy It
is a mandatory document that precisely the system
is going to state. It is a high-level requirement
for security for any organization. Some security
policies areAccess controlNetwork
securityRisk managementTraining and awareness

10

• Standards Standards are also mandatory. Standard
  suggests that it(policies) is compulsory for
  every newly hired employee. So whenever someone
  joins the very first time the organization, they
  go through the mandatory orientation program.
• Guidelines Policy and standard are mandatory,
  but guidelines are optional. It is going to
  suggest the best practice.
• Baseline Just like policy and the standard, the
  baseline is also mandatory. The baseline is the
  minimum-security requirement. It suggests to you
  how the guidelines and measures can implement.
• Procedure Procedure is the step by step process
  to conduct any business tasks.
• Understanding risk management concepts
• Asset valuation Value of an asset.
• Vulnerability A weakness, a lack of safeguards.
• Threat Has the potential to harm the asset.
• Exploit Instance of compromise.
• Risk Likelihood that a threat will exploit a
  vulnerability in an asset.
• Controls Protective mechanism to a security
  vulnerability.

11
Identify, analyze, and prioritize business
continuity requirements

• Business continuity is going to help you to
  prepare for any disaster.
• Understand legal and regulatory issues that
  pertain to information security in a global
  context
• Laws apply to all organizations that collect
  data from EU residents or process that
  information on behalf of someone who manages it.
• General data protection regulation
• Breaches informed within 72 hours.
• Centralized data protection authorities.
• Individuals will have access to their data.
• Right to be forgotten Delete information if
  its no longer required.

12

• InfosecTrain is one of the best consulting
  organizations, focusing on a range of IT security
  training and information security services and
  providing all the necessary CISSP
  certification exam preparation. Certified
  instructors deliver all training with years of
  industry experience. You can check and enroll in
  our CISSP-certification-training to prepare for
  the certification exam.

13
(No Transcript)
14
ABOUT OUR COMPANY
OUR CONTACT
InfosecTrain welcomes overseas customers to come
and attend training sessions in destination
cities across the globe and enjoy their learning
experience at the same time.
 44 7451208413
https//www.facebook.com/Infosectrain/
sales_at_infosectrain.com
https//www.linkedin.com/company/infosec-train/
www.infosectrain.com
https//www.youtube.com/c/InfosecTrain