SlideShare a Scribd company logo

Explore the comprehensive CISSP Certification Course syllabus with InfosecTrain's

InfosecTrain Education
InfosecTrain Education

Explore the comprehensive CISSP Certification Course syllabus with InfosecTrain's CISSP Online Training. Covering eight domains essential for Information Security Professionals, our program delves into topics like Security and Risk Management, Asset Security, Communication and Network Security, Identity and Access Management, Security Assessment and Testing, Security Operations, Software Development Security, and Security Architecture and Engineering. With our expert-led training, you'll acquire the knowledge and skills needed to ace the CISSP exam and excel in the field of cybersecurity.

Education
1 of 13
Download to read offline
www.infosectrain.com | sales@infosectrain.com 01 Overview The information security architect plays a vital role to implement a sound security program in the organizations as an expert shouldering the role between a C-suite and upper managerial level. As an information security architect or analyst, this role involves executing diverse information security consultative and analytical processes. The CISSP- ISSAP is an all-embracing certification that validates your technical skills in security architecture and grants the globally accepted credentials of chief security architect or analyst. This extensive certification evaluates your proficiency to develop, design and analyze various security solutions and instills skills to provide risk-based guidance to the higher management inaddressing various organizational goals.
www.infosectrain.com | sales@infosectrain.com 02 Target Audience CISSP-ISSAP training helps advancing the technical competencies of: Pre-Requisite A minimum of 2 years of full-time and cumulative paid work experience in at least one of the six CISSP-ISSAP CBK domains • System Architects • Business Analysts • System and Network Designers • Chief Security Officers • Chief Technology Officers
17% 21% 15% Architect for Governance, Compliance and Risk Management DOMAIN 1 Infrastructure Security Architecture DOMAIN 3 13% Architect for Application Security DOMAIN 5 Security Architecture Modeling DOMAIN 2 16% Identity and Access Management (IAM) Architecture DOMAIN 4 18% Security Operations Architecture DOMAIN 4 www.infosectrain.com | sales@infosectrain.com 03
DOMAIN 1 Architect for Governance, Compliance and Risk Management 1.1 Determine legal, regulatory, organizational and industry requirements • Determine applicable information security standards and guidelines • Identify third-party and contractual obligations (e.g., supply chain, outsourcing, partners) • Determine applicable sensitive/personal data standards, guidelines and privacy regulations • Design for auditability (e.g., determine regulatory, legislative, forensic requirements, segregation, high assurance systems) • Coordinate with external entities (e.g., law enforcement, public relations, independent assessor) 1.2 Manage Risk • Identify and classify risks • Assess risk • Recommend risk treatment (e.g., mitigate, transfer, accept, avoid) • Risk monitoring and reporting www.infosectrain.com | sales@infosectrain.com 04
DOMAIN 2 Security Architecture Modeling 2.1 Identify security architecture approach • Types and scope (e.g., enterprise, network, Service-Oriented Architecture (SOA), cloud, Internet of Things (IoT), Industrial Control Systems (ICS)/Supervisory Control and Data Acquisition (SCADA)) • Frameworks (e.g., Sherwood Applied Business Security Architecture (SABSA), Service-Oriented Modeling Framework (SOMF)) • Reference architectures and blueprints • Security configuration (e.g., baselines, benchmarks, profiles) • Network configuration (e.g., physical, logical, high availability, segmentation, zones) 2.2 Verify and validate design (e.g., Functional Acceptance Testing (FAT), regression) • Validate results of threat modeling (e.g., threat vectors, impact, probability) • Identify gaps and alternative solutions • Independent Verification and Validation (IV&V) (e.g., tabletop exercises, modeling and simulation, manual review of functions) www.infosectrain.com | sales@infosectrain.com 05
DOMAIN 3 Infrastructure Security Architecture • On-premise, cloud-based, hybrid • Internet of Things (IoT), zero trust • Management networks • Industrial Control Systems (ICS) security • Network security • Operating systems (OS) security • Database security • Container security • Cloud workload security • Firmware security • User security awareness considerations 3.1 Develop infrastructure security requirements 3.2 Design defense-in-depth architecture 3.3 Secure shared services (e.g., wireless, e-mail, Voice over Internet Protocol (VoIP), Unified Communications (UC), Domain Name System (DNS), Network Time Protocol (NTP)) 3.4 Integrate technical security controls 3.5 Design and integrate infrastructure monitoring • Network visibility (e.g., sensor placement, time reconciliation, span of control, record compatibility) • Active/Passive collection solutions (e.g., span port, port mirroring, tap, inline, flow logs) • Security analytics (e.g., Security Information and Event Manage- ment (SIEM), log collection, machine learning, User Behavior Analytics (UBA)) • Design boundary protection (e.g., firewalls, Virtual Private Network (VPN), airgaps, software defined perimeters, wireless, cloud-native) • Secure device management (e.g., Bring Your Own Device (BYOD), mobile, server, endpoint, cloud instance, storage) www.infosectrain.com | sales@infosectrain.com 06
3.6 Design infrastructure cryptographic solutions • Determine cryptographic design considerations and constraints • Determine cryptographic implementation (e.g., in-transit, in-use, at-rest) • Plan key management lifecycle (e.g., generation, storage, distribution) • Map physical security requirements to organizational needs (e.g., perime- ter protection and internal zoning, fire suppression) • Validate physical security controls 3.7 Design secure network and communication infrastructure (e.g., Virtual Private Network (VPN), Internet Protocol Security (IPsec), Transport Layer Security (TLS)) 3.8 Evaluate physical and environmental security requirements www.infosectrain.com | sales@infosectrain.com 07
DOMAIN 4 Identity and Access Management (IAM) Architecture 4.1 Design identity management and lifecycle • Establish and verify identity • Assign identifiers (e.g., to users, services, processes, devices) • Identity provisioning and de-provisioning • Define trust relationships (e.g., federated, standalone) • Define authentication methods (e.g., Multi-Factor Authentication (MFA), risk-based, location-based, knowledge-based, object-based, characteristicsbased) • Authentication protocols and technologies (e.g., Security Assertion Markup Language (SAML), Remote Authentication Dial-In User Service (RADIUS), Kerberos) 4.2 Design access control management and lifecycle • Access control concepts and principles (e.g., discretionary/mandato- ry, segregation/Separation of Duties (SoD), least privilege) • Access control configurations (e.g., physical, logical, administrative) • Authorization process and workflow (e.g., governance, issuance, periodic review, revocation) • Roles, rights, and responsibilities related to system, application, and data access control (e.g., groups, Digital Rights Management (DRM), trust relationships) • Management of privileged accounts • Authorization (e.g., Single Sign-On (SSO), rulebased, role-based, attribute- based) www.infosectrain.com | sales@infosectrain.com 08
4.3 Design identity and access solutions • Access control protocols and technologies (e.g., eXtensible Access Control Markup Language (XACML), Lightweight Directory Access Protocol (LDAP)) • Credential management technologies (e.g., password management, certificates, smart cards) • Centralized Identity and Access Management (IAM) architecture (e.g., cloud-based, on-premise, hybrid) • Decentralized Identity and Access Management (IAM) architecture (e.g., cloud-based, on-premise, hybrid) • Privileged Access Management (PAM) implementation (for users with elevated privileges) • Accounting (e.g., logging, tracking, auditing) www.infosectrain.com | sales@infosectrain.com 09
DOMAIN 5 Architect for Application Security 5.1 Integrate Software Development Life Cycle (SDLC) with application security architecture (e.g., Requirements Traceability Matrix (RTM), security architecture documentation, secure coding) • Assess code review methodology (e.g., dynamic, manual, static) • Assess the need for application protection (e.g., Web Application Firewall (WAF), anti-malware, secure Application Programming Interface (API), secure Security Assertion Markup Language (SAML)) • Determine encryption requirements (e.g., at-rest, in-transit, in-use) • Assess the need for secure communications between applications and databases or other endpoints • Leverage secure code repository 5.2 Determine application security capability requirements and strategy (e.g., open source, Cloud Service Providers (CSP), Software as a Service (SaaS)/Infrastructure as a Service (IaaS)/ Platform as a Service (PaaS) environments) 5.3 Identify common proactive controls for applications (e.g., Open Web Application Security Project (OWASP)) • Review security of applications (e.g., custom, Commercial Off-the-Shelf (COTS), in-house, cloud) • Determine application cryptographic solutions (e.g., cryptographic Application Programming Interface (API), Pseudo Random Number Generator (PRNG), key management) • Evaluate applicability of security controls for system components (e.g., mobile and web client applications; proxy, application, and database services) www.infosectrain.com | sales@infosectrain.com 10
DOMAIN 6 Security Operations Architecture 6.1 Gather security operations requirements (e.g., legal, compliance, organizational, and business requirements) 6.2 Design information security monitoring (e.g., Security Information and Event Management (SIEM), insider threat, threat intelligence, user behavior analytics, Incident Response (IR) procedures) 6.4 Validate Business Continuity Plan (BCP)/Disaster Recovery Plan (DRP) architecture 6.5 Design Incident Response (IR) management 6.3 Design Business Continuity (BC) and resiliency solutions • Detection and analysis • Proactive and automated security monitoring and remediation (e.g., vulnerability management, compliance audit, penetration testing) • Preparation (e.g., communication plan, Incident Response Plan (IRP), training) • Identification • Containment • Eradication • Recovery • Review lessons learned • Incorporate Business Impact Analysis (BIA) • Determine recovery and survivability strategy • Identify continuity and availability solutions (e.g., cold, warm, hot, cloud backup) • Define processing agreement requirements (e.g., provider, reciprocal, mutual, cloud, virtualization) • Establish Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) • Design secure contingency communication for operations (e.g., backup communication channels, Out-of-Band (OOB)) www.infosectrain.com | sales@infosectrain.com 11
www.infosectrain.com | sales@infosectrain.com

Recommended

Cissp exam-outline
Cissp exam-outlineCissp exam-outline
Cissp exam-outline
Ahmet E
 
Precisely why is ccsp useful for cloud computing (vocal media)
Precisely why is ccsp useful for cloud computing (vocal media)Precisely why is ccsp useful for cloud computing (vocal media)
Precisely why is ccsp useful for cloud computing (vocal media)
PankajNagla1
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
Priyanka Aash
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptx
GenericName6
 
Resume_STrofimov
Resume_STrofimovResume_STrofimov
Resume_STrofimov
Silviu Trofimov
 
Microsoft azure architect design exam code az-301
Microsoft azure architect design exam code az-301Microsoft azure architect design exam code az-301
Microsoft azure architect design exam code az-301
Zabeel Institute
 
Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...
Ryan Hodgin
 
Cloud Security Assessment Methods.pptx
Cloud Security Assessment Methods.pptxCloud Security Assessment Methods.pptx
Cloud Security Assessment Methods.pptx
AdityaChawan4
 

Recommended

Cissp exam-outline
Cissp exam-outlineCissp exam-outline
Cissp exam-outline
Ahmet E
 
Precisely why is ccsp useful for cloud computing (vocal media)
Precisely why is ccsp useful for cloud computing (vocal media)Precisely why is ccsp useful for cloud computing (vocal media)
Precisely why is ccsp useful for cloud computing (vocal media)
PankajNagla1
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
Priyanka Aash
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptx
GenericName6
 
Resume_STrofimov
Resume_STrofimovResume_STrofimov
Resume_STrofimov
Silviu Trofimov
 
Microsoft azure architect design exam code az-301
Microsoft azure architect design exam code az-301Microsoft azure architect design exam code az-301
Microsoft azure architect design exam code az-301
Zabeel Institute
 
Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...
Ryan Hodgin
 
Cloud Security Assessment Methods.pptx
Cloud Security Assessment Methods.pptxCloud Security Assessment Methods.pptx
Cloud Security Assessment Methods.pptx
AdityaChawan4
 
Comptia security-sy0-601-exam-objectives-(2-0)
Comptia security-sy0-601-exam-objectives-(2-0)Comptia security-sy0-601-exam-objectives-(2-0)
Comptia security-sy0-601-exam-objectives-(2-0)
Rogerio Ferraz
 
Data Privacy By Design with AWS
Data Privacy By Design with AWSData Privacy By Design with AWS
Data Privacy By Design with AWS
Krzysztof Kąkol
 
EISA Considerations for Web Application Security
EISA Considerations for Web Application SecurityEISA Considerations for Web Application Security
EISA Considerations for Web Application Security
Larry Ball
 
Select CCSP Exam Dumps For Prep
Select CCSP Exam Dumps For PrepSelect CCSP Exam Dumps For Prep
Select CCSP Exam Dumps For Prep
Ancedarephe
 
Protecting microservices using secure design patterns 1.0
Protecting microservices using secure design patterns 1.0Protecting microservices using secure design patterns 1.0
Protecting microservices using secure design patterns 1.0
Trupti Shiralkar, CISSP
 
Security for developers
Security for developersSecurity for developers
Security for developers
Abdelrhman Shawky
 
Notes_from_a_clouds_security_journey
Notes_from_a_clouds_security_journeyNotes_from_a_clouds_security_journey
Notes_from_a_clouds_security_journey
Olivier Busolini
 
Introduction to the Microsoft Security Development Lifecycle (SDL).ppsx
Introduction to the Microsoft Security Development Lifecycle (SDL).ppsxIntroduction to the Microsoft Security Development Lifecycle (SDL).ppsx
Introduction to the Microsoft Security Development Lifecycle (SDL).ppsx
MardhaniAR
 
Designing for Privacy in AWS cloud
Designing for Privacy in AWS cloudDesigning for Privacy in AWS cloud
Designing for Privacy in AWS cloud
Krzysztof Kąkol
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slides
Steve Arnold
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applications
kanimozhin
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public Cloud
CloudHesive
 
Security Incident machnism Security Incident machnismSecurity Incident machni...
Security Incident machnism Security Incident machnismSecurity Incident machni...Security Incident machnism Security Incident machnismSecurity Incident machni...
Security Incident machnism Security Incident machnismSecurity Incident machni...
karthikvcyber
 
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Deborah Schalm
 
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
DevOps.com
 
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
DevOps for Enterprise Systems
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat Modeling
Narudom Roongsiriwong, CISSP
 
Winning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our TimeWinning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our Time
CloudHesive
 
TIANQIANG_Carl_Network_Security
TIANQIANG_Carl_Network_SecurityTIANQIANG_Carl_Network_Security
TIANQIANG_Carl_Network_Security
carl yu
 
Data Defense Squad-Tools for Security.pdf
Data Defense Squad-Tools for Security.pdfData Defense Squad-Tools for Security.pdf
Data Defense Squad-Tools for Security.pdf
InfosecTrain Education
 
𝐂𝐑𝐈𝐒𝐂 𝐌𝐢𝐧𝐝 𝐌𝐚𝐩 𝐟𝐨𝐫 𝐄𝐟𝐟𝐞𝐜𝐭𝐢𝐯𝐞 𝐑𝐢𝐬𝐤 𝐆𝐨𝐯𝐞𝐫𝐧𝐚𝐧𝐜𝐞.pdf
𝐂𝐑𝐈𝐒𝐂 𝐌𝐢𝐧𝐝 𝐌𝐚𝐩 𝐟𝐨𝐫 𝐄𝐟𝐟𝐞𝐜𝐭𝐢𝐯𝐞 𝐑𝐢𝐬𝐤 𝐆𝐨𝐯𝐞𝐫𝐧𝐚𝐧𝐜𝐞.pdf𝐂𝐑𝐈𝐒𝐂 𝐌𝐢𝐧𝐝 𝐌𝐚𝐩 𝐟𝐨𝐫 𝐄𝐟𝐟𝐞𝐜𝐭𝐢𝐯𝐞 𝐑𝐢𝐬𝐤 𝐆𝐨𝐯𝐞𝐫𝐧𝐚𝐧𝐜𝐞.pdf
𝐂𝐑𝐈𝐒𝐂 𝐌𝐢𝐧𝐝 𝐌𝐚𝐩 𝐟𝐨𝐫 𝐄𝐟𝐟𝐞𝐜𝐭𝐢𝐯𝐞 𝐑𝐢𝐬𝐤 𝐆𝐨𝐯𝐞𝐫𝐧𝐚𝐧𝐜𝐞.pdf
InfosecTrain Education
 

More Related Content

Similar to Explore the comprehensive CISSP Certification Course syllabus with InfosecTrain's

EISA Considerations for Web Application Security
EISA Considerations for Web Application SecurityEISA Considerations for Web Application Security
EISA Considerations for Web Application Security
Larry Ball
 
Introduction to the Microsoft Security Development Lifecycle (SDL).ppsx
Introduction to the Microsoft Security Development Lifecycle (SDL).ppsxIntroduction to the Microsoft Security Development Lifecycle (SDL).ppsx
Introduction to the Microsoft Security Development Lifecycle (SDL).ppsx
MardhaniAR
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slides
Steve Arnold
 
TIANQIANG_Carl_Network_Security
TIANQIANG_Carl_Network_SecurityTIANQIANG_Carl_Network_Security
TIANQIANG_Carl_Network_Security
carl yu
 

Similar to Explore the comprehensive CISSP Certification Course syllabus with InfosecTrain's (20)

Comptia security-sy0-601-exam-objectives-(2-0)
Comptia security-sy0-601-exam-objectives-(2-0)Comptia security-sy0-601-exam-objectives-(2-0)
Comptia security-sy0-601-exam-objectives-(2-0)
 
Data Privacy By Design with AWS
Data Privacy By Design with AWSData Privacy By Design with AWS
Data Privacy By Design with AWS
 
EISA Considerations for Web Application Security
EISA Considerations for Web Application SecurityEISA Considerations for Web Application Security
EISA Considerations for Web Application Security
 
Select CCSP Exam Dumps For Prep
Select CCSP Exam Dumps For PrepSelect CCSP Exam Dumps For Prep
Select CCSP Exam Dumps For Prep
 
Protecting microservices using secure design patterns 1.0
Protecting microservices using secure design patterns 1.0Protecting microservices using secure design patterns 1.0
Protecting microservices using secure design patterns 1.0
 
Security for developers
Security for developersSecurity for developers
Security for developers
 
Notes_from_a_clouds_security_journey
Notes_from_a_clouds_security_journeyNotes_from_a_clouds_security_journey
Notes_from_a_clouds_security_journey
 
Introduction to the Microsoft Security Development Lifecycle (SDL).ppsx
Introduction to the Microsoft Security Development Lifecycle (SDL).ppsxIntroduction to the Microsoft Security Development Lifecycle (SDL).ppsx
Introduction to the Microsoft Security Development Lifecycle (SDL).ppsx
 
Designing for Privacy in AWS cloud
Designing for Privacy in AWS cloudDesigning for Privacy in AWS cloud
Designing for Privacy in AWS cloud
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slides
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applications
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public Cloud
 
Security Incident machnism Security Incident machnismSecurity Incident machni...
Security Incident machnism Security Incident machnismSecurity Incident machni...Security Incident machnism Security Incident machnismSecurity Incident machni...
Security Incident machnism Security Incident machnismSecurity Incident machni...
 
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
 
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
 
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat Modeling
 
Winning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our TimeWinning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our Time
 
TIANQIANG_Carl_Network_Security
TIANQIANG_Carl_Network_SecurityTIANQIANG_Carl_Network_Security
TIANQIANG_Carl_Network_Security
 

More from InfosecTrain Education

Data Defense Squad-Tools for Security.pdf
Data Defense Squad-Tools for Security.pdfData Defense Squad-Tools for Security.pdf
Data Defense Squad-Tools for Security.pdf
InfosecTrain Education
 
𝐄𝐧𝐡𝐚𝐧𝐜𝐞 𝐘𝐨𝐮𝐫 𝐓𝐡𝐫𝐞𝐚𝐭 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 𝐒𝐤𝐢𝐥𝐥𝐬 𝐰𝐢𝐭𝐡 𝐓𝐡𝐞𝐬𝐞 𝐏𝐫𝐨 𝐓𝐢𝐩𝐬
𝐄𝐧𝐡𝐚𝐧𝐜𝐞 𝐘𝐨𝐮𝐫 𝐓𝐡𝐫𝐞𝐚𝐭 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 𝐒𝐤𝐢𝐥𝐥𝐬 𝐰𝐢𝐭𝐡 𝐓𝐡𝐞𝐬𝐞 𝐏𝐫𝐨 𝐓𝐢𝐩𝐬𝐄𝐧𝐡𝐚𝐧𝐜𝐞 𝐘𝐨𝐮𝐫 𝐓𝐡𝐫𝐞𝐚𝐭 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 𝐒𝐤𝐢𝐥𝐥𝐬 𝐰𝐢𝐭𝐡 𝐓𝐡𝐞𝐬𝐞 𝐏𝐫𝐨 𝐓𝐢𝐩𝐬
𝐄𝐧𝐡𝐚𝐧𝐜𝐞 𝐘𝐨𝐮𝐫 𝐓𝐡𝐫𝐞𝐚𝐭 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 𝐒𝐤𝐢𝐥𝐥𝐬 𝐰𝐢𝐭𝐡 𝐓𝐡𝐞𝐬𝐞 𝐏𝐫𝐨 𝐓𝐢𝐩𝐬
InfosecTrain Education
 
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdf
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdfUnlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdf
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdf
InfosecTrain Education
 

More from InfosecTrain Education (20)

Data Defense Squad-Tools for Security.pdf
Data Defense Squad-Tools for Security.pdfData Defense Squad-Tools for Security.pdf
Data Defense Squad-Tools for Security.pdf
 
𝐂𝐑𝐈𝐒𝐂 𝐌𝐢𝐧𝐝 𝐌𝐚𝐩 𝐟𝐨𝐫 𝐄𝐟𝐟𝐞𝐜𝐭𝐢𝐯𝐞 𝐑𝐢𝐬𝐤 𝐆𝐨𝐯𝐞𝐫𝐧𝐚𝐧𝐜𝐞.pdf
𝐂𝐑𝐈𝐒𝐂 𝐌𝐢𝐧𝐝 𝐌𝐚𝐩 𝐟𝐨𝐫 𝐄𝐟𝐟𝐞𝐜𝐭𝐢𝐯𝐞 𝐑𝐢𝐬𝐤 𝐆𝐨𝐯𝐞𝐫𝐧𝐚𝐧𝐜𝐞.pdf𝐂𝐑𝐈𝐒𝐂 𝐌𝐢𝐧𝐝 𝐌𝐚𝐩 𝐟𝐨𝐫 𝐄𝐟𝐟𝐞𝐜𝐭𝐢𝐯𝐞 𝐑𝐢𝐬𝐤 𝐆𝐨𝐯𝐞𝐫𝐧𝐚𝐧𝐜𝐞.pdf
𝐂𝐑𝐈𝐒𝐂 𝐌𝐢𝐧𝐝 𝐌𝐚𝐩 𝐟𝐨𝐫 𝐄𝐟𝐟𝐞𝐜𝐭𝐢𝐯𝐞 𝐑𝐢𝐬𝐤 𝐆𝐨𝐯𝐞𝐫𝐧𝐚𝐧𝐜𝐞.pdf
 
Guarding Against Digital Intruders Spyware & Malware Awareness
Guarding Against Digital Intruders Spyware & Malware AwarenessGuarding Against Digital Intruders Spyware & Malware Awareness
Guarding Against Digital Intruders Spyware & Malware Awareness
 
Differences Between Qualitative and Quantitative Risk Management
Differences Between Qualitative and Quantitative Risk ManagementDifferences Between Qualitative and Quantitative Risk Management
Differences Between Qualitative and Quantitative Risk Management
 
𝐄𝐧𝐡𝐚𝐧𝐜𝐞 𝐘𝐨𝐮𝐫 𝐓𝐡𝐫𝐞𝐚𝐭 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 𝐒𝐤𝐢𝐥𝐥𝐬 𝐰𝐢𝐭𝐡 𝐓𝐡𝐞𝐬𝐞 𝐏𝐫𝐨 𝐓𝐢𝐩𝐬
𝐄𝐧𝐡𝐚𝐧𝐜𝐞 𝐘𝐨𝐮𝐫 𝐓𝐡𝐫𝐞𝐚𝐭 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 𝐒𝐤𝐢𝐥𝐥𝐬 𝐰𝐢𝐭𝐡 𝐓𝐡𝐞𝐬𝐞 𝐏𝐫𝐨 𝐓𝐢𝐩𝐬𝐄𝐧𝐡𝐚𝐧𝐜𝐞 𝐘𝐨𝐮𝐫 𝐓𝐡𝐫𝐞𝐚𝐭 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 𝐒𝐤𝐢𝐥𝐥𝐬 𝐰𝐢𝐭𝐡 𝐓𝐡𝐞𝐬𝐞 𝐏𝐫𝐨 𝐓𝐢𝐩𝐬
𝐄𝐧𝐡𝐚𝐧𝐜𝐞 𝐘𝐨𝐮𝐫 𝐓𝐡𝐫𝐞𝐚𝐭 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 𝐒𝐤𝐢𝐥𝐥𝐬 𝐰𝐢𝐭𝐡 𝐓𝐡𝐞𝐬𝐞 𝐏𝐫𝐨 𝐓𝐢𝐩𝐬
 
All You Want to Know About CEH v12 Certification pdf
All You Want to Know About CEH v12 Certification pdfAll You Want to Know About CEH v12 Certification pdf
All You Want to Know About CEH v12 Certification pdf
 
How to Implement Data Privacy in Your Organization
How to Implement Data Privacy in Your OrganizationHow to Implement Data Privacy in Your Organization
How to Implement Data Privacy in Your Organization
 
Exploring Password Attacks: Understanding Different Types.pdf
Exploring Password Attacks: Understanding Different Types.pdfExploring Password Attacks: Understanding Different Types.pdf
Exploring Password Attacks: Understanding Different Types.pdf
 
What is Enterprise Risk Management (ERM)
What is Enterprise Risk Management (ERM)What is Enterprise Risk Management (ERM)
What is Enterprise Risk Management (ERM)
 
The Ultimate Guide to Ethical Hacking Careers with C|EH
The Ultimate Guide to Ethical Hacking Careers with C|EHThe Ultimate Guide to Ethical Hacking Careers with C|EH
The Ultimate Guide to Ethical Hacking Careers with C|EH
 
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdf
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdfUnlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdf
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdf
 
Common Security Attacks in the OSI Layer Model
Common Security Attacks in the OSI Layer ModelCommon Security Attacks in the OSI Layer Model
Common Security Attacks in the OSI Layer Model
 
TOP CHALLENGES IN OT SECURITY IN 2024.pdf
TOP CHALLENGES IN OT SECURITY IN 2024.pdfTOP CHALLENGES IN OT SECURITY IN 2024.pdf
TOP CHALLENGES IN OT SECURITY IN 2024.pdf
 
CompTIA Security+ (Plus) Certification Training Course
CompTIA Security+ (Plus) Certification Training CourseCompTIA Security+ (Plus) Certification Training Course
CompTIA Security+ (Plus) Certification Training Course
 
Unmasking the Cunning Ways Computer Viruses
Unmasking the Cunning Ways Computer VirusesUnmasking the Cunning Ways Computer Viruses
Unmasking the Cunning Ways Computer Viruses
 
Navigating the Landscape of AI-Powered Cybersecurity Threats
Navigating the Landscape of AI-Powered Cybersecurity ThreatsNavigating the Landscape of AI-Powered Cybersecurity Threats
Navigating the Landscape of AI-Powered Cybersecurity Threats
 
Trojan viruses: Digital foes with deceptive tactics. Stealthy and cunning, th...
Trojan viruses: Digital foes with deceptive tactics. Stealthy and cunning, th...Trojan viruses: Digital foes with deceptive tactics. Stealthy and cunning, th...
Trojan viruses: Digital foes with deceptive tactics. Stealthy and cunning, th...
 
CISA Certification : How To Prepare For The Exam?
CISA Certification : How To Prepare For The Exam?CISA Certification : How To Prepare For The Exam?
CISA Certification : How To Prepare For The Exam?
 
Enhanced data encryption, Zero Trust adoption, and multi-cloud security strat...
Enhanced data encryption, Zero Trust adoption, and multi-cloud security strat...Enhanced data encryption, Zero Trust adoption, and multi-cloud security strat...
Enhanced data encryption, Zero Trust adoption, and multi-cloud security strat...
 
Incident Response: Best Practices for Common Attack Scenarios
Incident Response: Best Practices for Common Attack ScenariosIncident Response: Best Practices for Common Attack Scenarios
Incident Response: Best Practices for Common Attack Scenarios
 

Recently uploaded

1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
heathfieldcps1
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
discovermytutordmt
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 

Recently uploaded (20)

social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 

Explore the comprehensive CISSP Certification Course syllabus with InfosecTrain's

  • 1.
  • 2. www.infosectrain.com | sales@infosectrain.com 01 Overview The information security architect plays a vital role to implement a sound security program in the organizations as an expert shouldering the role between a C-suite and upper managerial level. As an information security architect or analyst, this role involves executing diverse information security consultative and analytical processes. The CISSP- ISSAP is an all-embracing certification that validates your technical skills in security architecture and grants the globally accepted credentials of chief security architect or analyst. This extensive certification evaluates your proficiency to develop, design and analyze various security solutions and instills skills to provide risk-based guidance to the higher management inaddressing various organizational goals.
  • 3. www.infosectrain.com | sales@infosectrain.com 02 Target Audience CISSP-ISSAP training helps advancing the technical competencies of: Pre-Requisite A minimum of 2 years of full-time and cumulative paid work experience in at least one of the six CISSP-ISSAP CBK domains • System Architects • Business Analysts • System and Network Designers • Chief Security Officers • Chief Technology Officers
  • 4. 17% 21% 15% Architect for Governance, Compliance and Risk Management DOMAIN 1 Infrastructure Security Architecture DOMAIN 3 13% Architect for Application Security DOMAIN 5 Security Architecture Modeling DOMAIN 2 16% Identity and Access Management (IAM) Architecture DOMAIN 4 18% Security Operations Architecture DOMAIN 4 www.infosectrain.com | sales@infosectrain.com 03
  • 5. DOMAIN 1 Architect for Governance, Compliance and Risk Management 1.1 Determine legal, regulatory, organizational and industry requirements • Determine applicable information security standards and guidelines • Identify third-party and contractual obligations (e.g., supply chain, outsourcing, partners) • Determine applicable sensitive/personal data standards, guidelines and privacy regulations • Design for auditability (e.g., determine regulatory, legislative, forensic requirements, segregation, high assurance systems) • Coordinate with external entities (e.g., law enforcement, public relations, independent assessor) 1.2 Manage Risk • Identify and classify risks • Assess risk • Recommend risk treatment (e.g., mitigate, transfer, accept, avoid) • Risk monitoring and reporting www.infosectrain.com | sales@infosectrain.com 04
  • 6. DOMAIN 2 Security Architecture Modeling 2.1 Identify security architecture approach • Types and scope (e.g., enterprise, network, Service-Oriented Architecture (SOA), cloud, Internet of Things (IoT), Industrial Control Systems (ICS)/Supervisory Control and Data Acquisition (SCADA)) • Frameworks (e.g., Sherwood Applied Business Security Architecture (SABSA), Service-Oriented Modeling Framework (SOMF)) • Reference architectures and blueprints • Security configuration (e.g., baselines, benchmarks, profiles) • Network configuration (e.g., physical, logical, high availability, segmentation, zones) 2.2 Verify and validate design (e.g., Functional Acceptance Testing (FAT), regression) • Validate results of threat modeling (e.g., threat vectors, impact, probability) • Identify gaps and alternative solutions • Independent Verification and Validation (IV&V) (e.g., tabletop exercises, modeling and simulation, manual review of functions) www.infosectrain.com | sales@infosectrain.com 05
  • 7. DOMAIN 3 Infrastructure Security Architecture • On-premise, cloud-based, hybrid • Internet of Things (IoT), zero trust • Management networks • Industrial Control Systems (ICS) security • Network security • Operating systems (OS) security • Database security • Container security • Cloud workload security • Firmware security • User security awareness considerations 3.1 Develop infrastructure security requirements 3.2 Design defense-in-depth architecture 3.3 Secure shared services (e.g., wireless, e-mail, Voice over Internet Protocol (VoIP), Unified Communications (UC), Domain Name System (DNS), Network Time Protocol (NTP)) 3.4 Integrate technical security controls 3.5 Design and integrate infrastructure monitoring • Network visibility (e.g., sensor placement, time reconciliation, span of control, record compatibility) • Active/Passive collection solutions (e.g., span port, port mirroring, tap, inline, flow logs) • Security analytics (e.g., Security Information and Event Manage- ment (SIEM), log collection, machine learning, User Behavior Analytics (UBA)) • Design boundary protection (e.g., firewalls, Virtual Private Network (VPN), airgaps, software defined perimeters, wireless, cloud-native) • Secure device management (e.g., Bring Your Own Device (BYOD), mobile, server, endpoint, cloud instance, storage) www.infosectrain.com | sales@infosectrain.com 06
  • 8. 3.6 Design infrastructure cryptographic solutions • Determine cryptographic design considerations and constraints • Determine cryptographic implementation (e.g., in-transit, in-use, at-rest) • Plan key management lifecycle (e.g., generation, storage, distribution) • Map physical security requirements to organizational needs (e.g., perime- ter protection and internal zoning, fire suppression) • Validate physical security controls 3.7 Design secure network and communication infrastructure (e.g., Virtual Private Network (VPN), Internet Protocol Security (IPsec), Transport Layer Security (TLS)) 3.8 Evaluate physical and environmental security requirements www.infosectrain.com | sales@infosectrain.com 07
  • 9. DOMAIN 4 Identity and Access Management (IAM) Architecture 4.1 Design identity management and lifecycle • Establish and verify identity • Assign identifiers (e.g., to users, services, processes, devices) • Identity provisioning and de-provisioning • Define trust relationships (e.g., federated, standalone) • Define authentication methods (e.g., Multi-Factor Authentication (MFA), risk-based, location-based, knowledge-based, object-based, characteristicsbased) • Authentication protocols and technologies (e.g., Security Assertion Markup Language (SAML), Remote Authentication Dial-In User Service (RADIUS), Kerberos) 4.2 Design access control management and lifecycle • Access control concepts and principles (e.g., discretionary/mandato- ry, segregation/Separation of Duties (SoD), least privilege) • Access control configurations (e.g., physical, logical, administrative) • Authorization process and workflow (e.g., governance, issuance, periodic review, revocation) • Roles, rights, and responsibilities related to system, application, and data access control (e.g., groups, Digital Rights Management (DRM), trust relationships) • Management of privileged accounts • Authorization (e.g., Single Sign-On (SSO), rulebased, role-based, attribute- based) www.infosectrain.com | sales@infosectrain.com 08
  • 10. 4.3 Design identity and access solutions • Access control protocols and technologies (e.g., eXtensible Access Control Markup Language (XACML), Lightweight Directory Access Protocol (LDAP)) • Credential management technologies (e.g., password management, certificates, smart cards) • Centralized Identity and Access Management (IAM) architecture (e.g., cloud-based, on-premise, hybrid) • Decentralized Identity and Access Management (IAM) architecture (e.g., cloud-based, on-premise, hybrid) • Privileged Access Management (PAM) implementation (for users with elevated privileges) • Accounting (e.g., logging, tracking, auditing) www.infosectrain.com | sales@infosectrain.com 09
  • 11. DOMAIN 5 Architect for Application Security 5.1 Integrate Software Development Life Cycle (SDLC) with application security architecture (e.g., Requirements Traceability Matrix (RTM), security architecture documentation, secure coding) • Assess code review methodology (e.g., dynamic, manual, static) • Assess the need for application protection (e.g., Web Application Firewall (WAF), anti-malware, secure Application Programming Interface (API), secure Security Assertion Markup Language (SAML)) • Determine encryption requirements (e.g., at-rest, in-transit, in-use) • Assess the need for secure communications between applications and databases or other endpoints • Leverage secure code repository 5.2 Determine application security capability requirements and strategy (e.g., open source, Cloud Service Providers (CSP), Software as a Service (SaaS)/Infrastructure as a Service (IaaS)/ Platform as a Service (PaaS) environments) 5.3 Identify common proactive controls for applications (e.g., Open Web Application Security Project (OWASP)) • Review security of applications (e.g., custom, Commercial Off-the-Shelf (COTS), in-house, cloud) • Determine application cryptographic solutions (e.g., cryptographic Application Programming Interface (API), Pseudo Random Number Generator (PRNG), key management) • Evaluate applicability of security controls for system components (e.g., mobile and web client applications; proxy, application, and database services) www.infosectrain.com | sales@infosectrain.com 10
  • 12. DOMAIN 6 Security Operations Architecture 6.1 Gather security operations requirements (e.g., legal, compliance, organizational, and business requirements) 6.2 Design information security monitoring (e.g., Security Information and Event Management (SIEM), insider threat, threat intelligence, user behavior analytics, Incident Response (IR) procedures) 6.4 Validate Business Continuity Plan (BCP)/Disaster Recovery Plan (DRP) architecture 6.5 Design Incident Response (IR) management 6.3 Design Business Continuity (BC) and resiliency solutions • Detection and analysis • Proactive and automated security monitoring and remediation (e.g., vulnerability management, compliance audit, penetration testing) • Preparation (e.g., communication plan, Incident Response Plan (IRP), training) • Identification • Containment • Eradication • Recovery • Review lessons learned • Incorporate Business Impact Analysis (BIA) • Determine recovery and survivability strategy • Identify continuity and availability solutions (e.g., cold, warm, hot, cloud backup) • Define processing agreement requirements (e.g., provider, reciprocal, mutual, cloud, virtualization) • Establish Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) • Design secure contingency communication for operations (e.g., backup communication channels, Out-of-Band (OOB)) www.infosectrain.com | sales@infosectrain.com 11