ISC2 Certified Information Systems Security Professional (CISSP)

Learners should have at least five years of cumulative, paid work experience across two or more CISSP domains. This course is best suited to professionals who already understand core information security concepts and want to validate and deepen that knowledge through structured exam preparation. Familiarity with security operations, risk management, network security, and access control will help learners get the most value from the course.

Target audience

This course is designed for professionals with at least five years of cumulative, paid experience in two or more of the CISSP domains.

It is particularly suitable for:

• Security consultants
• Security managers
• IT directors and managers
• Security auditors
• Security architects
• Security analysts
• Security systems engineers
• Chief information security officers
• Security directors
• Network architects

By the end of this course, learners will be able to:

• Apply core concepts of information security across organisational environments
• Align security strategies with business goals and operational requirements
• Protect organisational assets throughout their lifecycle
• Design and implement secure architectures across systems and networks
• Apply cryptographic principles to secure data and communications
• Evaluate physical, technical, and administrative security controls
• Implement identity and access management solutions
• Conduct effective security testing, auditing, and assessment
• Manage security operations including incident response and continuity planning
• Mitigate risks associated with software and system vulnerabilities

Module 1: Security and risk management

• Understand governance, compliance, and legal frameworks
• Apply principles of confidentiality, integrity, and availability
• Explore professional ethics and organisational responsibility
• Analyse risk management concepts and methodologies
• Evaluate regulatory and contractual requirements

Module 2: Asset security

• Classify and categorise information assets
• Manage data lifecycle and ownership responsibilities
• Apply data protection methods across different states
• Select and implement appropriate security controls
• Align data handling with compliance requirements

Module 3: Security architecture and engineering

• Apply secure design principles to IT systems
• Evaluate security models and frameworks
• Implement cryptographic solutions and key management
• Assess vulnerabilities in hardware, firmware, and systems
• Design secure architectures aligned with business needs

Module 4: Communication and network security

• Analyse secure network architecture and design
• Understand OSI model layers and associated risks
• Secure network components and communication channels
• Evaluate wireless and remote access security
• Assess emerging technologies such as SDN and virtualisation

Module 5: Identity and access management

• Implement identity lifecycle management
• Compare access control models and mechanisms
• Apply authentication, authorisation, and accountability
• Secure identity stores and credential management
• Integrate IAM into organisational security strategies

Module 6: Security assessment and testing

• Design and implement security testing strategies
• Conduct vulnerability assessments and penetration testing
• Apply ethical and professional standards in testing
• Interpret results to support risk-based decision making
• Manage internal and external audit processes

Module 7: Security operations

• Monitor and analyse security events and data
• Implement incident response processes and procedures
• Apply change and configuration management controls
• Ensure business continuity and disaster recovery readiness
• Manage operational security controls and environments

Module 8: Software development security

• Identify vulnerabilities in software and applications
• Apply secure coding practices and standards
• Integrate security into development lifecycles
• Evaluate database and application security risks
• Implement testing and mitigation strategies

Module 9: Integrated security practices

• Align governance with operational security controls
• Conduct digital forensic investigations
• Strengthen organisational awareness and training programmes
• Manage supply chain and third-party risks
• Integrate security across all business functions

What's included

• Expert-led instruction delivered by an authorised ISC2 instructor
• Official ISC2 student training guide
• Scenario-based learning with applied activities
• Facilitated discussions to encourage peer engagement
• Hands-on activities including six case studies
• End-of-chapter quizzes with detailed explanations
• Official ISC2 CISSP exam voucher

Exams and assessments

This course includes a comprehensive range of assessments designed to reinforce learning, validate understanding, and prepare learners for the CISSP certification exam.

• Official ISC2 CISSP exam is included at no additional cost, taken post class
• Exam duration of three hours
• Computer adaptive testing format with 100 to 150 questions
• Question styles include multiple-choice and advanced item types
• Passing score set at 700 out of 1000

Learners will leave the course with a clear understanding of their strengths and areas for further study, ensuring a focused and effective approach to exam readiness.

Hands-on learning

This course emphasises practical application through immersive, scenario-based learning designed to reflect real-world cybersecurity challenges.

• A comprehensive applied scenario spanning the course with nine structured activities
• Realistic exercises simulating tasks performed by practising security professionals
• Interactive flashcards to support active recall and knowledge reinforcement
• Guided problem-solving activities across all eight CISSP domains
• Case studies exploring security incidents, risk management, and control implementation
• Instructor-led walkthroughs of complex security concepts and solutions
• Peer discussions to explore different approaches to security challenges