Курс CISSP - Certified Information Systems Security Professional

Курс охоплює 8 основних доменів кібербезпеки, включаючи розробку стратегій, оцінку ризиків та управління кіберзахистом. Навчальна програма глибоко розкриває теми з управління ризиками, захисту даних, мережевої безпеки та планування аварійного відновлення. Програма CISSP поєднує теоретичні знання та практичні кейси, дозволяючи слухачам опанувати реальні сценарії загроз. Завдяки детальній розробці кожного домену слухачі отримують глибоке розуміння всіх аспектів управління безпекою.

Програма курсу

Domain 01. Security and Risk Management

This module establishes the foundational principles of cybersecurity and information assurance. It focuses on understanding confidentiality, integrity, and availability (CIA triad), as well as the legal, regulatory, and compliance aspects of cybersecurity. You'll learn how to identify, assess, and manage risks, apply governance frameworks, and align security policies with organizational goals. The module also covers professional ethics, critical for maintaining trust and integrity in the field.

Hands-On Practice:

• Real-world case studies on risk assessment and mitigation
• Developing and analyzing security policies
• Practical exercises in applying governance models

Key topics covered:

• CIA triad and security concepts
• Security governance principles
• Risk management and assessment
• Compliance and regulatory requirements
• Professional ethics and ISC2 Code of Ethics
• Business continuity planning and disaster recovery basics

Domain 02. Asset Security

This domain focuses on protecting organizational assets by teaching how to identify, classify, and manage information and resources throughout their lifecycle. You will gain a deep understanding of data governance, ownership, and privacy, as well as the implementation of proper security controls to safeguard sensitive information. By the end of this domain, you will be able to design and apply security strategies that align with business objectives and regulatory requirements.

Hands-on practice:

• Practical exercises in data classification and labeling
• Designing access controls based on asset value and sensitivity
• Case studies on data retention, handling, and secure disposal

Key topics covered:

• Information and asset classification
• Data ownership and lifecycle management
• Protecting privacy and sensitive data
• Implementing data security controls
• Compliance with legal and regulatory requirements
• Secure data handling, storage, and destruction

Domain 03. Security Architecture and Engineering

This module dives deep into the design and implementation of secure IT environments, focusing on the principles of security architecture and engineering. You will learn how to apply security models, understand system vulnerabilities, and build resilient infrastructures that protect critical assets against evolving cyber threats. The module also covers the security of hardware, software, and cloud services, while exploring advanced concepts like cryptography, physical security, and emerging technologies.

Hands-on practice:

• Designing secure network and system architectures
• Applying cryptographic solutions to protect data
• Analyzing real-world breaches to identify design flaws

Key topics covered:

• Core security architecture principles and frameworks
• Secure design for hardware, software, and cloud environments
• Cryptography fundamentals and applications
• Security models and controls
• Physical security and environmental controls
• Mitigating vulnerabilities in systems and infrastructure
• Emerging technologies and security considerations

Domain 04. Communication and Network Security

This domain focuses on designing and protecting network architecture, ensuring secure communication channels, and defending against network-based threats. You will gain an in-depth understanding of how data flows across networks, the vulnerabilities that exist, and how to implement strong controls to safeguard information in transit. It also covers secure network design, endpoint protection, and modern communication technologies, including wireless and cloud environments.

Hands-on practice:

• Designing secure network topologies
• Implementing and configuring secure communication protocols
• Analyzing network traffic to detect vulnerabilities and threats

Key topics covered: 

• Network architecture fundamentals and design principles
• Secure communication protocols (SSL/TLS, IPSec, VPNs, etc.)
• Network segmentation, zoning, and isolation techniques
• Detecting and preventing common network attacks
• Wireless network security controls
• Securing cloud and virtualized environments
• Endpoint and data-in-transit protection strategies

Domain 05. Identity and Access Management (IAM)

This domain explores the frameworks and technologies used to manage digital identities and control access to critical systems and data. You will learn how to design and implement identity management solutions, enforce authentication and authorization mechanisms, and ensure that access policies align with organizational security goals. By mastering IAM, you'll be able to minimize insider threats, strengthen regulatory compliance, and protect sensitive resources from unauthorized use.

Hands-on practice:

• Configuring multi-factor authentication (MFA) and single sign-on (SSO)
• Creating and auditing role-based access control (RBAC) policies
• Simulating real-world access breach scenarios and remediation steps

Key topics covered:

• Identity lifecycle management and governance
• Authentication, authorization, and accountability
• Federated identity management and SSO
• Privileged account management (PAM)
• Access control models (DAC, MAC, RBAC, ABAC)
• Implementing strong authentication mechanisms
• Managing and mitigating identity-related risks

Domain 06. Security Assessment and Testing

This domain teaches you how to plan, execute, and analyze security assessments to identify vulnerabilities, evaluate defenses, and ensure systems meet compliance requirements. You will gain the skills to design effective testing strategies that strengthen an organization's overall security posture. It covers everything from vulnerability assessments and penetration testing to auditing and continuous monitoring, ensuring you can detect weaknesses before attackers do.

Hands-on practice:

• Conducting vulnerability scans and interpreting results
• Performing penetration testing simulations
• Designing and implementing a security audit plan
• Building continuous monitoring processes for ongoing protection

Key topics covered:

• Security control testing methodologies
• Vulnerability assessment and management
• Penetration testing strategies and techniques
• Security audits and compliance reviews
• Log reviews and monitoring tools
• Metrics and reporting for security effectiveness
• Integrating testing into the software development lifecycle (SDLC)

Domain 07. Security Operations

This domain provides the knowledge and skills to manage and oversee the day-to-day operations of enterprise security, ensuring that policies, processes, and technologies are working effectively to protect critical assets. You'll learn how to detect, respond to, and recover from incidents, as well as how to manage resources, investigate events, and ensure business continuity. It focuses on building resilient operations, implementing monitoring strategies, and coordinating security functions across the organization to maintain a strong defense posture.

Hands-on practice:

• Simulating real-world incident response scenarios
• Designing and testing disaster recovery and business continuity plans
• Conducting security investigations and digital forensics exercises
• Setting up monitoring and logging tools for continuous protection

Key topics covered:

• Security operations processes and frameworks
• Incident detection, analysis, and response
• Business continuity and disaster recovery planning
• Digital forensics and evidence handling
• Physical security and personnel safety measures
• Logging, monitoring, and reporting
• Managing third-party services and supply chain security
• Operational resilience and continuous improvement

Domain 08. Software Development Security

This domain covers the principles and practices of secure software development, helping you understand how to design, build, and maintain applications with security in mind at every stage of the Software Development Lifecycle (SDLC). You will explore common software vulnerabilities, secure coding standards, and how to integrate security testing into development workflows to reduce risks and prevent exploitation.

Hands-on practice:

• dentifying and mitigating vulnerabilities in code
• Applying secure coding techniques to real-world scenarios
• Implementing security controls in DevOps and Agile environments
• Performing code reviews and application security testing

Key topics covered:

• Secure software development lifecycle (SSDLC)
• Common software vulnerabilities (OWASP Top 10)
• Secure coding principles and best practices
• Application security testing and verification
• DevOps and CI/CD security integration
• Software environment configuration and hardening
• Change management and version control for security
• Threat modeling and risk assessment in development processes

Вимоги до рівня знань студента

• Глибоке розуміння принципів кібербезпеки, включаючи конфіденційність, цілісність та доступність (тріада ЦРУ)
• Знайомство з концепціями управління ризиками, відповідності та корпоративного управління
• Усвідомлення політик безпеки, процедур та засобів контролю, що використовуються для захисту інформаційних систем
• Досвід роботи з основами мереж, такими як IP-адресація, маршрутизація, брандмауери та протоколи безпеки (наприклад, SSL/TLS, VPN)
• Знання системної архітектури апаратного, програмного та хмарного середовищ. Здатність виявляти поширені загрози та вразливості в ІТ-системах
• Не менше 5 років сукупного оплачуваного досвіду роботи у двох або більше з восьми доменів CISSP (як того вимагає ISC2)
• Відповідний досвід роботи на таких посадах, як ІТ-аналітик безпеки, мережевий адміністратор, системний інженер або аналогічні

Особливості курсу

• Комплексне навчання, що охоплює всі 8 доменів CISSP ISC2 CBK
• Офіційні навчальні матеріали ISC2, розроблені творцями сертифікації CISSP
• Заняття під керівництвом експертів із сертифікованими інструкторами ISC2
• Понад 70 інтерактивних завдань, тематичних досліджень та прикладних сценаріїв для реальної практики
• 180-питальна оцінка після курсу для перевірки готовності до іспиту CISSP
• Отримайте всесвітньо визнаний сертифікат, якому довіряють провідні організації по всьому світу
• Розвивайте передові навички для проектування, впровадження та управління безпечними ІТ-системами
• Ідеально підходить для фахівців, які прагнуть обійняти посади CISO, менеджера з безпеки або архітектора безпеки