Certified Information Systems Security Professional(CISSP-ISSAP® ) training

Description

In the field of information security, if you hold a position of responsibility, the CISSP-ISSAP programme is the best specialisation option to consider. Whether you're looking to advance your career, hone your skills or gain a high-level professional qualification, CISSP-ISSAP training is the right choice. It demonstrates your in-depth understanding of the implementation of information systems security architectures.
This course, designed for architects and analysts in charge of information systems security, is based on the CISSP and the Common Body of Knowledge (ISC² CBK®). It will enable you to master the many areas covered by this body of knowledge, while dealing with issues relating to threats, technologies, regulations, standards and best practices. Each CISSP-ISSAP course covers the following six areas:
At the end of this 5-day course, you will also be prepared to sit the (ISC)² CISSP-ISSAP exam. This exam, which you can sit at our Pearson VUE centre, will give you the title of Certified Information Systems Security Architecture Professional (for more information, please see the Certification tab).

Day 1: Governance, compliance and risk management

  • Exploration of information security standards and regulations.
  • Understanding third party obligations and contractual commitments relating to supply chain, outsourcing and subcontracting.
  • Study of data protection directives, including the RGPD.
  • Design for auditability of information systems, including regulatory and legislative requirements.
  • Coordination with external bodies such as law enforcement agencies and independent experts.
  • Identification and classification of risks, as well as recommendations for their treatment (mitigation, transfer, acceptance, avoidance).
  • Risk monitoring and reporting.

Day 2: Security architecture modelling

  • Analysis of architecture types (enterprise, network, cloud, IoT) and SCADA systems.
  • Introduction to frameworks such as SABSA and SOMF.
  • Development of security architectures and reference plans.
  • Security configuration: basics, benchmarks and profiles.
  • Network configuration: physical, logical and high availability aspects.
  • Validation of threat modelling results: identification of threat vectors and assessment of consequences.
  • Identifying vulnerabilities and exploring alternative solutions.

Day 3: Infrastructure security architecture

  • Examination of the prerequisites for on-premises, cloud and hybrid systems.
  • Discussion of IoT and the zero-trust model.
  • Network management and security for industrial control systems (ICS).
  • Securing networks, operating systems, databases, containers and workloads in the cloud.
  • Security awareness for users.
  • Border protection with devices such as firewalls and VPNs.
  • Secure management of devices (BYOD, servers, endpoints).
  • Implementing effective network visibility.

Day 4: Identity and access management

  • Identifying and verifying identities within the system.
  • Assigning identifiers to users, services and devices.
  • Identity provisioning and de-provisioning processes.
  • Federated and autonomous trust relationships.
  • Various authentication methods (MFA, risk-based).
  • Authentication protocols such as SAML and RADIUS.
  • Physical, logical and administrative access control concepts.
  • Management of privileged accounts and their authorisations.

Day 5: Application and operations security

  • Evaluation of code revision methods (dynamic, manual).
  • Analysis of application protection requirements (application firewall, anti-malware).
  • Encryption requirements for data at rest, in transit and in use.
  • Use of a secure code repository for application development.
  • Implementation of a secure operational architecture including proactive detection, analysis and remediation.
  • Development of a business continuity plan (BCP) including disaster recovery.

This course is aimed at the following groups

  • IS security managers, architects or any other person involved in information systems security policy.

To follow the CISSP-ISSAP training course, you need the following prerequisites:

  • hold the current CISSP professional qualification and have 2 years' cumulative professional experience in one or more of the 6 areas of the CBK body of knowledge (ISC)².

On completion of the CISSP-ISSAP course, you will be able to validate the following skills:
 

  • Requirements definition: Establish the legal, organisational and sectoral requirements needed to design a security architecture.
  • Risk management: mastering the various stages of risk management.
  • Architecture strategy: Identifying the appropriate strategy for the security architecture to be implemented.
  • Architecture validation: Checking and validating the design of a security architecture.
  • Security requirements: Determine the security requirements for a given infrastructure.
  • Defence architecture: Design an architecture based on the principle of defence in depth.
  • Securing shared services: Protecting shared services within the organisation.
  • Technical controls: Implement technical controls to ensure security.
  • Monitoring system: Designing and integrating a monitoring system tailored to the infrastructure.
  • Cryptographic solutions: Developing cryptographic solutions to secure the infrastructure.
  • Secure infrastructure: Designing a secure network and communications.
  • Physical and environmental security: Assessing physical and environmental security requirements.
  • Identity and access management: Designing identity and access control lifecycle management and associated solutions.
  • SDLC integration: Integrating the software development life cycle (SDLC) into the application security architecture.
  • Application security requirements: Determine the security requirements and strategy for applications.
  • Proactive controls: Identify common proactive controls for applications and necessary security operations.
  • Information security monitoring: Design an information security monitoring system.
  • Business continuity: Develop solutions to ensure business continuity and organisational resilience.
  • Validation of BCP/DRP plans: Validate the architecture of the business continuity plan (BCP) and the disaster recovery plan (DRP).
  • Incident management: Design a framework for managing responses to cybersecurity incidents.
  • Exam preparation: Be well prepared to sit the official CISSP-ISSAP exam.

Training Details

  • Reference : COT-FCISSP01
    Training location : Cotonou
    Date :
    Duration : 5 Days
    Price : FCFA1,390,000

Currency

Training location

We design, build and support digital products for clients who want to make a positive impact in their industry. Creative with technology, we develop great solutions to help our clients grow and especially by strengthening our relationships based on continuous improvement, maintenance, support and hosting services.

Follow us