Certified Information Security Systems Professional (CISSP)

1 - Security and Risk Management

• Security Governance Principles
• Compliance
• Professional Ethics
• Security Documentation
• Risk Management
• Threat Modeling
• Business Continuity Plan Fundamentals
• Acquisition Strategy and Practice
• Personnel Security Policies
• Security Awareness and Training

2 - Asset Security

• Asset Classification
• Privacy Protection
• Asset Retention
• Data Security Controls
• Secure Data Handling

3 - Security Engineering

• Security in the Engineering Lifecycle
• System Component Security
• Security Models
• Controls and Countermeasures in Enterprise Security
• Information System Security Capabilities
• Design and Architecture Vulnerability Mitigation
• Vulnerability Mitigation in Embedded, Mobile, and Web-Based Systems
• Cryptography Concepts
• Cryptography Techniques
• Site and Facility Design for Physical Security
• Physical Security Implementation in Sites and Facilities

4 - Information Security Management Goals

• Organizational Security
• The Application of Security Concepts

5 - Information Security Classification and Program Development

• Information Classification
• Security Program Development

6 - Risk Management and Ethics

• Risk Management
• Ethics

7 - Software Development Security

• Software Configuration Management
• Software Controls
• Database System Security

8 - Cryptography

• Ciphers and Cryptography
• Symmetric-Key Cryptography
• Asymmetric-Key Cryptography
• Hashing and Message Digests
• Email, Internet, and Wireless Security
• Cryptographic Weaknesses

9 - Physical Security

• Physical Access Control
• Physical Access Monitoring
• Physical Security Methods
• Facilities Security