Certified Info Systems Professional

CISSP: Certified Info Systems Security Professional


Globally recognized, CISSP is a leading certification and internationally recognized information security certification designed for information security professionals. The CISSP examination measures the competence of candidates against an internationally accepted common body of knowledge encompassing eight (8) security domains which include: Security & Risk Management, Asset Security, Security Engineering, Communication and Network Security, Identity and Access Management, Security Assessment and Testing, Security Operations and Software Development Security.


Security & Risk Management

  • Confidentiality, Integrity & Availability
  • Security Governance – Alignment of security function to strategy, goals, mission and objectives; organizational processes; security roles and responsibilities; due care and due diligence
  • Compliance – Legislative and regulatory; privacy requirements compliance
  • Legal & Regulatory Issues Pertaining to Information Security in Global Context – Computer Crimes; Licensing and intellectual property; import/export controls; trans-border data flow; privacy; data breaches
  • Professional Ethics
  • Documented Security Policy, Standards, Procedures & Guidelines
  • Business Continuity Requirements
  • Personnel Security Policies
  • Risk Management Concepts
  • Threat Modeling – identifying; determining and diagramming potential attacks; reduction analysis; technologies and processes to remediate threats
  • Security Risk Considerations Integrated into Acquisition Strategy & Practice – hardware, software and services; third-party assessment and monitoring; minimum security requirements and service-level requirements
  • Information Security Education, Training & Awareness

Asset Security

  • Classify Information and Supporting Assets
  • Determine & Maintain Ownership
  • Data Privacy
  • Retention
  • Data Security Controls
  • Handling Requirements

Security Engineering

  • Engineering Processes Using Secure Design Principles
  • Concepts of Security Models
  • Controls & Countermeasures
  • Security Capabilities of Information Systems
  • Assess & Mitigate Vulnerabilities of Security Architectures, Designs & Solution Elements – client-based; server-based; database security; large-scale parallel systems; distributed systems; cryptographic systems; industrial control systems
  • Assess & Mitigate Vulnerabilities in Web-based Systems
  • Assess & Mitigate Vulnerabilities in Mobile Systems
  • Assess & Mitigate Vulnerabilities in in Embedded Devices & Cyber-Physical Systems
  • Apply Cryptography – life cycle; types; PKI; key management practices; digital signatures; digital rights management; non-repudiation; integrity; methods of cryptanalytic attacks
  • Secure Principles: Site and Facility Design
  • Design & Implement Physical Security

Communication & Network Security

  • Secure Design Principles Applied to Network Architecture – OSI and TCP/IP models; IP networking; implications of multilayer protocols; converged protocols; software-defined networks; wireless networks; cryptography used to maintain communication security
  • Secure Network Components – operation of hardware; transmission media; network access control devices; endpoint security; content-distribution networks; physical devices
  • Secure Communication Channels – voice; multimedia collaboration; remotes access; data communications; virtualized networks
  • Prevent or Mitigate Network Attacks

Identity & Access Management

  • Control Physical & Logical Access to Assets
  • Manage Identification & Authentication of People and Devices
  • Identity as a Service
  • Third-Party identity Services
  • Implement & Manage Authorization Mechanisms
  • Prevent or Mitigate Access Controls Attacks
  • Manage Identity & Access Provisioning Lifecycle

Security Assessment & Testing

  • Design & Validate Assessment & Test Strategies
  • Conduct Security Control Testing
  • Collect Security Process Data
  • Analyze & Report Test Outputs
  • Conduct or Facilitate Internal & Third Party Audits

Security Operations

  • Investigations – evidence collection and handling; reporting and documenting; investigative techniques; digital forensics
  • Requirements for Investigation Types – operations; criminal; civil; regulatory; eDiscovery
  • Logging & Monitoring Activities
  • Sure Provisioning of Resources
  • Foundational Security Operations Concepts
  • Resource protection Techniques
  • Incident Management
  • Operate & Maintain Preventative Measures
  • Patch & Vulnerability Management
  • Change Management Processes
  • Recovery Stages – backup storage strategies; recovery site strategies; multiple processing sites; system resilience, high availability, quality of service and fault tolerance
  • Disaster Recovery Processes
  • Test Disaster Recovery Plans
  • Business Continuity Planning & Exercises
  • Implement & Manage Physical Security
  • Address Personal Safety Concerns

Software Development Security

  • Security in the Software Development Lifecycle
  • Security Controls in Development Environments
  • Assess Effectiveness of Software Security
  • Assess Security Impact of Acquired Software


  • Award-Winning Instructor
  • Instructor Certified in What They Teach
  • Instructor Who Is a Practitioner – Bringing Expertise and Real-World Experience to Classroom
  • Customized Courseware in Electronic and Hard Copy Forms Created by HackerU
  • Practice Tests
  • Certificate of Completion
  • Certification Endorsement Upon Passing Exam to Achieve CISSP Credential
  • Snacks and Coffee Breaks for Duration of Training
  • Instructor Availability
  • And More


  • This is a straight boot camp/certification prep and the exam voucher and exam are NOT included. Students shall arrange and pay for test at a later date via (ISC)² or PearsonVue. We would be happy to assist you if needed.
  • You possess 5 years of cumulative paid full-time security professional work experience in two or more of the eight domains of the (ISC)²® CISSP CBK®
  • Candidates who presently hold an active certification that appears on the ISC2 approved list may receive a one year experience waiver
  • Alternately, a four-year Baccalaureate degree or the regional equivalent may be substituted for one year of experience
  • No more than 1 year of total experience may be waived

“Hacker University’s CISSP class was outstanding. The instructor was CISSP certified, which is uncommon, and brought real-world experience to the classroom. Hacker U’s customized courseware equipped us with knowledge we could use immediately on the job and resulted in every student passing the exam. I highly recommend Hacker U for security certifications.”  – Rick Scarfino, Senior Manager, Assurance Services, Stone Carlie