Official (ISC)² CISSP CBK Online Self-Paced Training
Gain access to pre-recorded video content from an (ISC)2 Authorized Instructor and official courseware. You’ll get complete autonomy to learn on your schedule, at your pace.
Course content is offered in English.
This course is designed for information security professionals with deep technical and managerial knowledge and experience to effectively design, engineer, and manage the overall security posture of an organization. This interactive online self-paced training provides a comprehensive review of information systems security concepts and industry best practices, covering the following eight domains of the CISSP Common Body of Knowledge (CBK®):
- • Domain 1: Security and Risk Management
- • Domain 2: Asset Security
- • Domain 3: Security Architecture and Engineering
- • Domain 4: Communication and Network Security
- • Domain 5: Identity and Access Management (IAM)
- • Domain 6: Security Assessment Testing
- • Domain 7: Security Operations
- • Domain 8: Software Development Security
Who Should Take this Course:
This course is for individuals planning to pursue the CISSP certification. The CISSP is intended for professionals who have a minimum of 5 years’ cumulative work experience in 2 or more of the 8 domains of the CISSP Common Body of Knowledge (CBK). Earning a 4-year college degree or regional equivalent or a recognized credential from the (ISC)² approved list will satisfy 1 year of the required experience. Education credit will only satisfy 1 year of experience.
Prior to taking this course the learner should have experience, skills, or knowledge obtained while serving in the following roles:
- • Chief Information Officer
- • Chief Information Security Officer
- • Chief Technology Officer
- • Compliance Manager/ Officer
- • Director of Security
- • Information Architect
- • Information Manager / Information Risk Manager or Consultant
- • IT Specialist/Director/Manager
- • Network/System Administrator
- • Security Administrator
- • Security Architect / Security Analyst
- • Security Consultant
- • Security Manager
- • Security Systems Engineer/ Security Engineer
- • 180-day access to official course content:
- • 15+ hours of pre-recorded videos and narrated power points
- • 71 real-world learning activities and 9 applied scenarios
- • 9 end-of-chapter quizzes with answer feedback
- • 180-question post-course assessment with answer feedback
- • Online interactive flash cards
- • Glossary of terms
- • 24x7x365 chat technical support
- • Instructor email support
- • Official (ISC)2 Certificate of Completion
- • Course Completion Badge
- • Education Guarantee (below for details)
What to Expect:
This is an interactive online self-paced course offering the learner the flexibility to work through the content and activities at their own pace over a 180-day period. Estimated time to complete the course is 40 hours.
Content will be taught using a series of lecture-based videos, audio presentations, interactive exercises, readings and assessments. In addition to viewing audio and video lectures, learners will be asked to work through and complete the following activities:
15+ Hours of Multimedia Content
Learners will engage in over fifteen hours of multimedia learning resources including videos and narrated presentations.
9 Applied Scenario Activities
In this course-wide recurring project, learners assume specific roles and apply security concepts to a situation that CISSPs will likely encounter in the workplace.
71 Content-Specific Activities
These include interactive exercises, reflections and knowledge checks leveraging real-world and fictitious case studies providing examples of security failures and other course-related content.
9 End-of-Chapter Quizzes
Each chapter concludes with an end-of-chapter quiz to assess comprehension of the learning within the chapter.
180-Question Post-Course Assessment
The course concludes with a post-course assessment designed to validate learnings in the course and identify areas for further study. The assessment includes answer feedback.
Included is a comprehensive list of terms with definitions used throughout the course.
Interactive Online Flashcards
An interactive learning tool for learners to test their knowledge on the most common industry terms represented within the Common Body of Knowledge (CBK) of the CISSP.
Instructor Support through Email
(ISC)2 Authorized instructors are available via email to help learners with content-related questions as they work through the course. Learners will receive responses to inquiries within 48 hours.
(ISC)² wants its candidates to successfully pass their certification exam and achieve their goal of earning an (ISC)² credential. Included with our Training Seminar is our Education Guarantee. If you do not pass the exam after completing our Training Seminar, you can take a second self-paced Training Seminar course at no cost to you (within one year of taking the initial seminar). The Education Guarantee covers the cost of the second seminar only. You will have to pay the full price for your second attempt of the exam.
Course Learning Objectives:
At the end of this course, learners will be able to:
- • Apply fundamental concepts and methods related to the fields of information technology and security.
- • Align overall organizational operational goals with security functions and implementations.
- • Determine how to protect assets of the organization as they go through their lifecycle.
- • Leverage the concepts, principles, structures, and standards used to design, implement, monitor, and secure operating systems, equipment, networks, applications, and those controls used to enforce various levels of confidentiality, integrity, and availability.
- • Apply security design principles to select appropriate mitigations for vulnerabilities present in common information system types and architectures.
- • Explain the importance of cryptography and the security services it can provide in today’s digital and information age.
- • Evaluate physical security elements relative to information security needs.
- • Evaluate the elements that comprise communication and network security relative to information security needs.
- • Leverage the concepts and architecture that define the associated technology and implementation systems and protocols at Open Systems Interconnection (OSI) model layers 1–7 to meet information security needs.
- • Determine appropriate access control models to meet business security requirements.
- • Apply physical and logical access controls to meet information security needs.
- • Differentiate between primary methods for designing and validating test and audit strategies that support information security requirements.
- • Apply appropriate security controls and countermeasures to optimize an organization’s operational function and capacity.
- • Assess information systems risks to an organization’s operational endeavors.
- • Determine appropriate controls to mitigate specific threats and vulnerabilities.
- • Apply information systems security concepts to mitigate the risk of software and systems vulnerabilities throughout the systems’ lifecycles.
Note: Chapter learning objectives provided below.
Chapters Covered in this Course:
Chapter 1: The Information Security Environment
- • Justify an organizational code of ethics.
- • Relate confidentiality, integrity, availability, non-repudiation, authenticity, privacy and safety to due care and due diligence.
- • Relate information security governance to organizational business strategies, goals, missions, and objectives.
- • Apply the concepts of cybercrime to data breaches and other information security compromises.
- • Relate legal, contractual, and regulatory requirements for privacy and data protection to information security objectives.
- • Relate transborder data movement and import-export issues to data protection, privacy, and intellectual property protection.
Chapter 2: Information Asset Security
- • Relate the IT asset management and data security lifecycle models to information security.
- • Explain the use of information classification and categorization, as two separate but related processes.
- • Describe the different data states and their information security considerations.
- • Describe the different roles involved in the use of information, and the security considerations for these roles.
- • Describe the different types and categories of information security controls and their use.
- • Select data security standards to meet organizational compliance requirements.
Chapter 3: Identity and Access Management (IAM)
- • Explain the identity lifecycle as it applies to human and nonhuman users.
- • Compare and contrast access control models, mechanisms, and concepts.
- • Explain the role of authentication, authorization, and accounting in achieving information security goals and objectives.
- • Explain how IAM implementations must protect physical and logical assets.
- • Describe the role of credentials and the identity store in IAM systems.
Chapter 4: Security Architecture and Engineering
- • Describe the major components of security engineering standards.
- • Explain major architectural models for information security.
- • Explain the security capabilities implemented in hardware and firmware.
- • Apply security principles to different information systems architectures and their environments.
- • Determine the best application of cryptographic approaches to solving organizational information security needs.
- • Manage the use of certificates and digital signatures to meet organizational information security needs.
- • Discover the implications of the failure to use cryptographic techniques to protect the supply chain.
- • Apply different cryptographic management solutions to meet the organizational information security needs.
- • Verify cryptographic solutions are working and meeting the evolving threat of the real world.
- • Describe defenses against common cryptographic attacks.
- • Develop a management checklist to determine the organization’s cryptologic state of health and readiness.
Chapter 5: Communication and Network Security
- • Describe the architectural characteristics, relevant technologies, protocols and security considerations of each of the layers in the OSI model.
- • Explain the application of secure design practices in developing network infrastructure.
- • Describe the evolution of methods to secure IP communications protocols.
- • Explain the security implications of bound (cable and fiber) and unbound (wireless) network environments.
- • Describe the evolution of, and security implications for, key network devices.
- • Evaluate and contrast the security issues with voice communications in traditional and VoIP infrastructures.
- • Describe and contrast the security considerations for key remote access technologies.
- • Explain the security implications of software-defined networking (SDN) and network virtualization technologies.
Chapter 6: Software Development Security
- • Recognize the many software elements that can put information systems security at risk.
- • Identify and illustrate major causes of security weaknesses in source code.
- • Illustrate major causes of security weaknesses in database and data warehouse systems.
- • Explain the applicability of the OWASP framework to various web architectures.
- • Select malware mitigation strategies appropriate to organizational information security needs.
- • Contrast the ways that different software development methodologies, frameworks, and guidelines contribute to systems security.
- • Explain the implementation of security controls for software development ecosystems.
- • Choose an appropriate mix of security testing, assessment, controls, and management methods for different systems and applications environments.
Chapter 7: Security Assessment and Testing
- • Describe the purpose, process, and objectives of formal and informal security assessment and testing.
- • Apply professional and organizational ethics to security assessment and testing.
- • Explain internal, external, and third-party assessment and testing.
- • Explain management and governance issues related to planning and conducting security assessments.
- • Explain the role of assessment in data-driven security decision-making.
Chapter 8: Security Operations
- • Show how to efficiently and effectively gather and assess security data.
- • Explain the security benefits of effective change management and change control.
- • Develop incident response policies and plans.
- • Link incident response to needs for security controls and their operational use.
- • Relate security controls to improving and achieving required availability of information assets and systems.
- • Understand the security and safety ramifications of various facilities, systems, and infrastructure characteristics.
Chapter 9: Putting It All Together
- • Explain how governance frameworks and processes relate to the operational use of information security controls.
- • Relate the process of conducting forensic investigations to information security operations.
- • Relate business continuity and disaster recovery preparedness to information security operations.
- • Explain how to use education, training, awareness, and engagement with all members of the organization as a way to strengthen and enforce information security processes.
- • Show how to operationalize information systems and IT supply chain risk management.
Note: Throughout this course, exam domains may be covered in several chapters. Included in the course is a table indicating where the exam outline objectives are covered in this course. Unique icons are also used through the course materials to identify exam outline objectives.
The following are system requirements needed to enhance your overall learning experience.
A stable and continuous internet connection is required. In order to record your completion of the online learning courses, please ensure you are connected to the internet at all times while taking the course.
- • Processor 2 GHz +
- • RAM 4 GB +
- • Monitor minimum resolution (1024 x 768)
- • Video Card
- • Keyboard and Mouse or other assistive technology
- • Speakers/Headphones – (Noise-cancelling headset is recommended)
- • Microphone
- • Camera (recommended)
Supported Operating Systems
- • Macintosh OS X 10.10 to present
- • Windows 10 to present
- • Google Chrome
- • Microsoft Edge
- • Mozilla Firefox
- • Adobe Reader: https://get.adobe.com/reader/
Requirements for Completion:
In order to complete the course, receive a certificate of completion and earn (ISC)2 continuing professional education (CPE) credits, learners must:
- • Complete all learning activities within the course.
- • Complete a course evaluation.
- • Score 70% or higher on the end of chapter quizzes and final assessment.
Certificate of Completion:
An electronic Certificate of Completion will be provided once you have completed the course by meeting all the requirements. We recommend that you download and retain the certificate of completion as proof of credits earned.
To download a PDF version of the certificate, go to the "Awards" tab of (ISC)2Learn (top menu), select the course and then "Generate Certificate."
40 CPE Credits
CPE credits for (ISC)2 credentials must be self-reported by members and associates through the (ISC)2 CPE Portal accessible via www.isc2.org using your member login credentials.
CPE credits earned for this course may be eligible for continuing professional education credits for non-(ISC)² certifications. Please visit the continuing education requirements established by the credentialing organization for eligibility.
For specific questions related to your CPE credits or the CPE portal please contact member support - firstname.lastname@example.org.
The Official (ISC)2 CBK Training Seminar for the CISSP has earned ACE CREDIT. Students who complete the course can apply for two hours of lower division credit at participating universities and colleges. Find out more at ACE.
Refunds for any (ISC)2 courses will not be provided.
Access to course content: 180 days.
Pricing available at checkout.
Have Questions About Purchasing?
Interested in purchasing this course on behalf of someone, or want to learn about team discounts?
Please contact your regional office:
(ISC)2 Americas Regional Office
Phone: +1-866-331-ISC2 (4722) ext. 2
(ISC)2 EMEA Regional Office
Phone: +44 (0)203.960.7800
(ISC)2 APAC Regional Office