LDR414: SANS Training Program for CISSP® Certification™

GIAC Information Security Professional (GISP)
GIAC Information Security Professional (GISP)
  • In Person (6 days)
  • Online
52 CPEs

LDR414 is fully updated for the current 2024 CISSP exam! LDR414: SANS Training Program for CISSP Certification is an accelerated review course to prepare you to pass the exam. The course, designed by expert practitioners and SANS Fellows, Eric Conrad and Seth Misenar, prepares students to navigate all types of questions included on the new version of the exam. SANS' unique offering allows you to not only pass the test, but also to learn from the best.

What You Will Learn

Need Training for the CISSP® Exam?

SANS LDR414: SANS Training Program for CISSP® Certification is an accelerated review course that is specifically designed to prepare students to successfully pass the CISSP® exam.

The course focuses solely on the 8 domains of knowledge, as determined by (ISC)2, that form a critical part of the CISSP® exam. Each domain of knowledge is dissected into its critical components, and those components are then discussed in terms of their relationship with one another and with other areas of information security.

By taking this CISSP® training course, students will have a detailed coverage of the 8 domains of knowledge, the analytical skills required to pass the CISSP® exam, the technical skills required to understand each question, and the foundational information needed to become a Certified Information Systems Security Professional (CISSP®)

"This course really pulled a lot together for me and it's been hugely valuable. I know parts of this course are going to impact my approach to my work from the first day back." - Merewyn Boak, Apple

Business Takeaways

  • Achieve a globally recognized industry-standard certification
  • Demonstrate baseline knowledge of security personnel
  • Achieve DoD 8140 Baseline Certification satisfying: IAT Level III; IAM Level II, III; IASAE Level II

Skills Learned

  • Pass the CISSP® exam
  • Gain a broad foundational knowledge of critical information security concepts
  • Learn information security from a leadership perspective
  • Understand the 8 domains of knowledge that are covered on the CISSP® exam.
  • Analyze questions on the exam and be able to select the correct answer.
  • Apply the knowledge and testing skills learned in class to pass the CISSP® exam.
  • Understand and explain all of the concepts covered in the 8 domains of knowledge.
  • Apply the skills learned across the 8 domains to solve security problems when you return to work.

Additional Free Resources

What You Will Receive

  • Printed and electronic course books for each of the 8 domains
  • 320 questions to test knowledge and preparation for each domain
  • MP3 audio files of the complete course lectures
  • Unlimited access to all practice questions that never expires
  • A digital index for quick-reference to all material

External Product Notice

The CISSP® exam itself is not hosted by SANS. You will need to make separate arrangements to take the CISSP® exam. Please note as well that the GISP exam offered by GIAC is NOT the same as the CISSP® exam offered by (ISC)2.

Syllabus (52 CPEs)

Download PDF
  • Overview

    In this first section, LDR414 introduces the specific requirements needed to obtain CISSP® certification. The 2024 exam update will be discussed in detail. We will cover the general security principles needed to understand the 8 domains of knowledge, with specific examples for each domain. The first of the 8 domains, Security and Risk Management, will be discussed using real-world scenarios to illustrate the critical points.

    Topics
    • Introductory Material
      • Overview of the exam
      • Focus of 2024 exam updates
      • What is required to become a CISSP®?
      • Maintaining a CISSP®
      • Exam overview
      • Test-taking tips and tricks
    • Overview of the 8 Domains
      • Domain 1: Security and Risk Management
      • Domain 2: Asset Security
      • Domain 3: Security Engineering
      • Domain 4: Communication and Network Security
      • Domain 5: Identity and Access Management (IAM)
      • Domain 6: Security Assessment and Testing
      • Domain 7: Security Operations
      • Domain 8: Software Development Security
    • Domain 1: Security and Risk Management
      • Confidentiality, integrity, availability, authenticity, and non-repudiation
      • Security governance principles
      • Compliance
      • Supply Chain Risk Management (SCRM) concepts
      • Legal and regulatory Issues
      • General Data Protection Regulation (GDPR)
      • California Consumer Privacy Act
      • Personal Information Protection Law
      • Software Bill of Materials (SBOM)
      • Ethics
      • Policies, standards, procedures, and guidelines
      • Risk management concepts
      • Product tampering and counterfeits
      • Threat modeling
      • Security champions
      • Gamification
      • Security Operations Center (SOC) reports
      • Education, training, and awareness
  • Overview

    Understanding asset security is critical to building a solid information security program. The Asset Security domain, the initial focus of the second course section, describes data classification programs, including those used by governments, the military, and the private sector. We will also discuss ownership, covering owners ranging from business/mission owners to data and system owners. We will examine data retention and destruction in detail, including secure methods to purge data from electronic media. We then turn to the first part of the Security Engineering domain, including exam newer topics such as Data Loss Prevention (DLP), Cloud Access Security Brokers (CASB), microservices, containerization, serverless, High-Performance Computing (HPC) systems, and much more.

    Topics
    • Domain 2: Asset Security
      • Data and asset classification
      • Tangible and intangible assets
      • Data owners
      • System owners
      • Business/Mission owners
      • Privacy
      • Data processors
      • Data remanence
      • Limitation on collection of sensitive data
      • Digital Rights Management (DRM)
      • Data retention
      • Data destruction
      • Data Loss Prevention (DLP)
      • Cloud Access Security Broker (CASB)
      • Baselines
      • Scoping and Tailoring
    • Domain 3: Security Engineering (Part 1)
      • Secure design principles
      • Security models
      • Controls and countermeasures
      • Virtualization
      • Microservices
      • Containerization
      • Serverless
      • Trusted Platform Module (TPM)
      • Industrial Control Systems (ICS)
      • Embedded systems
      • Database security
      • Cloud computing
      • Secure Access Service Edge(SASE)
      • Supervisory Control and Data Acquisition (SCADA)
      • eXtensible Markup Language (XML)
      • OWASP
      • The Internet of Things
  • Overview

    This section continues the discussion of the Security Engineering domain, including a deep dive into cryptography. The focus is on real-world implementation of core cryptographic concepts, including the three types of cryptography: symmetric, asymmetric, and hashing. Quantum cryptography and fault injection will be discussed, as well as salts and rainbow tables. This domain covers new topics added to the 2024 exam, including Secure Access Service Edge (SASE). We will round out Domain 3 with a look at physical security before turning to Domain 4, Communication and Network Security. The discussion will cover a range of protocols and technologies, from the Open Systems Interconnection (OSI) model to storage area networks. Newer exam topics for the will be discussed, including micro-segmentation, Virtual eXtensible Local Area Network (VXLAN), Software-Defined Wide Area Network (SD-WAN). This domain also covers new topics added to the 2024 exam, including Infiniband, Compute Express Link, Network Functions Virtualization (NFV), virtual domains, and distributed firewalls.

    Topics
    • Domain 3: Security Engineering (Part 2)
      • Cryptography
        • Symmetric
        • Asymmetric
        • Hash
        • Quantum cryptography
        • Public Key Infrastructure (PKI)
        • Digital signatures
        • Non-repudiation
        • Salts
        • Rainbow tables
        • Pass the hash
        • Cryptanalysis
        • Fault injection
        • Implementation attacks
    • Facility design considerations
    • Physical security
      • Safety
      • Data center security
      • Handling evidence
      • HVAC
      • Fire prevention and suppression
    • Domain 4: Communication and Network Security
      • Network architecture
      • OSI model
      • TCP/IP
      • Multilayer protocols
      • Storage protocols
        • Network Attached Storage (NAS)
        • Fibre Channel over Ethernet (FCoE)
        • iSCSI
        • Infiniband
        • Compute Express Link (CXL)
    • Voiceover IP
    • Wireless
      • 802.11
      • WPA2 and WPA3
      • Zigbee
    • Network devices
      • Switches
      • Routers
      • Firewalls
      • Distributed Firewalls
      • Proxies
    • Content distribution networks
    • Virtual routing and forwarding
    • Virtual domain
    • Network Functions Virtualization (NFV)
    • Remote meeting technology
    • Telecommuting
    • Remote access and VPN
      • SSH
      • VPN
      • IPsec
      • SSL/TLS
    • Port isolation
    • VLANs
    • Software-defined networks
    • Micro-segmentation
    • Virtual eXtensible Local Area Network (VXLAN)
    • Software-Defined Wide Area Network (SD-WAN)
  • Overview

    Controlling access to data and systems is one of the primary objectives of information security. Domain 5, Identity and Access Management, strikes at the heart of access control by focusing on the identification, authentication, and authorization of accounts. Password-based authentication represents a continued weakness, so Domain 5 stresses multi-factor authentication, biometrics, and secure credential management. The 2024 CISSP® exam underscores the increased role of external users and service providers, and mastery of Domain 5 requires an understanding of credential management systems, federated identity, SSO, SAML, cloud identity, and third-party identity and authorization services like OpenID Connect (OIDC) and Open Authorization (Oauth)

    Topics
    • Domain 5: Identity and Access Management (IAM)
      • Physical and logical access
      • Credential management systems
      • Just-In-Time (JIT)
      • SSO
      • LDAP
      • Multi-factor authentication
      • Password-less authentication
      • Biometrics
      • Accountability
      • Session management
      • SAML
      • Credential management
    • Third-party identity services
    • On-premise, cloud, and hybrid identity
    • Authorization mechanisms
      • MAC
      • DAC
      • Rule-based
      • RBAC
      • ABAC
    • Provisioning
  • Overview

    This course section covers Domain 6 (Security Assessment) and Domain 7 (Security Operations). Security Assessment covers types of security tests, testing strategies, and security processes. Security Operations covers investigatory issues, including eDiscovery, logging and monitoring, and provisioning. We will discuss cutting-edge technologies such as cloud, and we'll wrap up the section with a deep dive into disaster recovery.

    Topics
    • Domain 6: Security Assessment
      • Assessment and test strategies
      • Security control testing
        • Vulnerability assessment
        • Penetration testing
        • Log reviews
        • Synthetic transactions and benchmarks
        • Misuse case testing
        • Test coverage analysis
        • Responsible disclosure
    • Security testing strategies
      • Interface testing
      • Breach attack simulations
      • Red, blue, and purple team exercises
    • Security process
      • Account management
      • Management review
      • Training and awareness
      • Disaster recovery and business continuity
      • Exception handling
    • Internal and third-party audits
    • Domain 7: Security Operations
      • Investigations
        • Evidence collection and handling
        • Reporting and documenting
        • Forensics
    • Operational, criminal, civil, and regulatory investigations
    • eDiscovery
    • Logging and monitoring
      • Intrusion detection and prevention
      • SIEM
      • Continuous monitoring
      • Egress monitoring
      • User and Entity Behavior Analytics (UEBA)
      • Tools based on machine learning and Artificial Intelligence (AI)
    • Provisioning
      • Asset inventory
      • Configuration management
      • Physical, virtual, and cloud assets
      • Software as a Service (SaaS)
    • Security operations
      • Need-to-know and least privilege
      • Service-level agreements
      • System resilience
      • Quality of Service (QoS)
      • Threat feeds
      • Threat hunting
    • Incident management
    • Firewalls
    • IDS and IPS
    • Honeypots and honeynets
    • Vulnerability management
    • Change management processes
    • Recovery strategies
    • Disaster recovery processes
    • Disaster recovery plans
  • Overview

    The final course section examines Domain 8 (Software Development Security), which describes the requirements for secure software. Security should be "baked in" as part of network design from day one, since it is always less effective when it is added later to a poor design. We will discuss classic development models, including waterfall and spiral methodologies. We will then turn to more modern models, including agile software development methodologies. New content for the 2024 CISSP® exam update will be discussed, including DevSecOps and Interactive Application Security Test (IAST). We will wrap up 414.6 by discussing security vulnerabilities, secure coding strategies, and testing methodologies.

    Topics
    • Domain 8: Software Development Security
      • Software development lifecycle
      • Software development methodologies
        • Waterfall
        • Spiral
        • Agile
        • Integrated Product Team (IPT)
    • Software capability maturity models
      • Capability Maturity Model Integration (CMMi)
      • Software Assurance Maturity Model (SAMM)
    • Change management
    • DevOps
    • DevSecOps
    • Scaled Agile Framework (SAFe)
    • Software Component/Composition Analysis (SCA)
    • Interactive Application Security Test (IAST)
    • Continuous Integration/Continuous Delivery (CI/CD)
    • Security Orchestration, Automation, and Response (SOAR)
    • Security vulnerabilities
      • Bounds checking
      • Input/output validation
      • Buffer overflow
      • Privilege escalation
    • Secure coding
    • Code repositories
    • Programming interfaces
    • Software-defined security
    • Assessing software security
      • Black box testing
      • White box testing
      • Fuzzing
    • Security of Application Programming Interfaces (APIs)

GIAC Information Security Professional

The GIAC Information Security Professional (GISP) certification validates a practitioner's knowledge of the 8 domains of cybersecurity knowledge as determined by ISC2 that form a critical part of CISSP® exam. GISP certification holders will be able to demonstrate knowledge of asset security, communications and network security, identity and access management, security and risk management, security assessment and testing, security engineering, security operation, and software development security.

  • Asset Security
  • Communications and Network Security
  • Identity and Access Management
  • Security Assessment and Testing
  • Security Engineering
  • Security Operation
  • Security and Risk Management
  • Software Development Security
More Certification Details

Author Statement

"The CISSP® certification has been around for 30 years. The exam is designed to test your understanding of the Common Body of Knowledge, which may be thought of as the universal language of information security professionals. It is often said to be a mile wide and two inches deep. The CISSP® exam covers a lot of theoretical information that is critical for a security professional to understand. However, this material can be dry, and since most students do not see the direct applicability to their jobs, they find it boring. The goal of this course is to bring the 8 domains of knowledge of the CISSP® to life. The practical workings of this information can be discovered by explaining important topics with stories, examples, and case studies. I challenge you to attend the SANS CISSP® training course and find the exciting aspect of the 8 domains of knowledge!" - Eric Conrad and Seth Misenar

"It is very clear that Eric has a wealth of knowledge on not only the content covered in the course but the study tips and tricks to pass the exam itself - I'm looking forward to more of his stories as the course progresses!" - Neaka Balloge, NYU Langone Health

Reviews

I like the detailed information provided. Easy to digest.
Sean G.
Federal Reserve Richmond
This course gave me high confidence in my ability to pass the CISSP on the first try.
Corey Melhus
Farewar Stores
Excellent preparation to pass the CISSP.
Alexandra Salgado
Beckman

    Register for LDR414

    Learn about Group Pricing

    Prices below exclude applicable taxes and shipping costs. If applicable, these will be shown on the last page of checkout.

    Loading...