• Security practitioners, architects, managers, or consultants who aim to lead security programs
• Experienced IT professionals responsible for safeguarding organizational assets
• Professionals preparing to take the CISSP certification exam
• Individuals seeking to validate and formalize their knowledge across a broad spectrum of security disciplines

• Minimum five years of cumulative, full-time professional experience in at least two of the eight CISSP domains.
• Note: One year of experience may be waived with a relevant bachelor’s degree or approved credential.
• Strong familiarity with information security concepts, risk management, security architecture, operations, and governance
• Some experience in security assessment, network security, application security, or identity & access management

• Design, implement, and manage an enterprise-wide information security program
• Apply governance, risk, and compliance frameworks aligned with business objectives
• Classify, protect, and manage data and information assets across their lifecycle
• Architect and design secure systems, using cryptography and established security models
• Secure networks and communications, deploy and defend network infrastructures
• Manage identity and access for users, services, and privileged accounts
• Perform assessments, audits, and testing to validate security postures
• Operate robust security operations: incident response, monitoring, forensics
• Integrate application security into software lifecycles and mitigate software vulnerabilities
• Confidently sit for and pass the CISSP certification exam

• Professional ethics, (ISC)² Code of Ethics

• Confidentiality, Integrity, Availability (CIA triad) and related security principles • Governance frameworks (ISO, NIST, COBIT, etc.)

• Risk analysis, threat modeling, vulnerability assessment

• Security policies, standards, procedures

• Legal, compliance, regulatory issues (e.g. GDPR, privacy laws)

• Business continuity planning, disaster recovery, supply chain risk management

• Asset classification, ownership, and handling
• Data lifecycle: retention, disposal
• Privacy, data protection controls
• Secure data handling and responsibilities

• Security models and design principles
• System architecture: OS, hardware, virtualization
• Cryptography: public key, symmetric, key management
• Security in emerging architectures: secure hardware, side channels, trusted computing
• Physical security controls

• Secure network architecture and protocols
• Network devices: routers, switches, firewalls, IDS/IPS
• Secure communication channels: TLS, VPN, IPsec
• Network attacks and defenses

• Access control models (RBAC, ABAC, MAC, etc.)
• Identity lifecycle, authentication mechanisms, Single Sign-On, Federation
• Privileged access management, account management
• Authorization, review, monitoring

• Vulnerability assessment and penetration testing practices
• Audit strategies, security control testing
• Continuous monitoring, log reviews, security metrics
• Tools for assessment and scanning

• Incident response, forensic investigations, handling breaches
• Logging, monitoring, threat detection
• Patch and vulnerability management
• Business continuity, disaster recovery operations
• Secure maintenance, change management

• Secure software development lifecycle (SDLC)
• Application security controls, input validation, error handling
• Threat modeling in software, secure code practices
• Software vulnerabilities: OWASP, buffer overflows, injection attacks