Course Overview

The Certified Information Systems Security Professional (CISSP®) certification, awarded by the International Information System Security Certification Consortium ((ISC)²), is one of the most respected and globally recognised credentials in the field of information security. Achieving CISSP® certification demonstrates a professional’s ability to design, implement, manage, and oversee a comprehensive cybersecurity programme that supports organisational objectives and risk management requirements.

The CISSP® Training Programme by Transformentors Academy is designed for experienced cybersecurity and information security professionals seeking to strengthen their strategic, managerial, and technical expertise. The programme provides comprehensive coverage of the CISSP® Common Body of Knowledge (CBK), helping participants develop the knowledge required to address complex security challenges across modern organisations.

Through practical discussions, real-world scenarios, and examination-focused learning, participants will explore key areas of security governance, risk management, asset security, security architecture, identity and access management, security operations, and software development security. The programme also equips participants with the skills needed to develop security policies, guide organisational security initiatives, and support regulatory compliance.

By the end of the programme, participants will be better prepared to pursue CISSP® certification, strengthen organisational security programmes, and take on leadership roles in cybersecurity, risk management, and information security governance.

Agenda

Day — 1

Introduction to CISSP and Security Concepts

• Understanding the CISSP® certification and the role of (ISC)² in information security.
• Exploring the CISSP domains and their relationship within enterprise security programmes.
• Understanding security governance principles and organisational risk management practices.
• Examining data classification methods and information handling requirements.
• Understanding the importance of protecting information assets through effective security controls.

Security and Risk Management

• Understanding the fundamental principles of security and risk management.
• Applying risk assessment and risk management methodologies to organisational environments.
• Exploring security governance frameworks, policies, and management practices.
• Understanding legal, regulatory, and compliance requirements affecting information security.
• Aligning security management activities with organisational objectives and risk tolerance.

Day — 2

Asset Security, Security Architecture and Engineering

• Understanding asset classification and ownership responsibilities.
• Applying data handling, retention, and information protection practices.
• Exploring privacy protection requirements and data security principles.
• Implementing secure asset disposal and information destruction methods.
• Understanding security models, frameworks, and architectural concepts.
• Examining secure system and network architecture design principles.
• Applying security controls to strengthen infrastructure and application security.
• Understanding security requirements throughout the software development lifecycle (SDLC).

Communication and Network Security

• Understanding network protocols and secure communication mechanisms.
• Exploring network architecture design and segmentation strategies.
• Implementing secure remote access solutions and Virtual Private Networks (VPNs).
• Understanding wireless network security principles and protection measures.
• Applying network security controls to safeguard organisational communications.

Day — 3

Identity and Access Management (IAM)

• Understanding the principles and components of Identity and Access Management (IAM).
• Exploring authentication methods and identity verification mechanisms.
• Applying authorisation models and access control techniques to protect resources.
• Managing identity lifecycle processes, including provisioning and deprovisioning.
• Implementing IAM practices to strengthen organisational security and compliance.

Security Assessment and Testing

• Understanding vulnerability assessment processes and vulnerability management practices.
• Exploring penetration testing methodologies used to evaluate security controls.
• Conducting security control testing and auditing activities.
• Understanding incident response processes and security event management.
• Applying assessment and testing techniques to identify and address security weaknesses.

Day — 4

Software Development Security

• Understanding the Secure Software Development Lifecycle (SDLC) and its security requirements.
• Applying code review and security testing techniques to identify vulnerabilities.
• Evaluating security risks associated with third-party software and external components.
• Implementing secure coding practices to develop resilient and secure applications.
• Integrating security controls throughout the software development process.

Security Operations

• Understanding security operations processes and continuous security monitoring activities.
• Managing incident response and recovery procedures for security events.
• Developing business continuity and disaster recovery plans to support organisational resilience.
• Applying logging, monitoring, and event management best practices.
• Strengthening operational security through effective detection, response, and recovery capabilities.

Day — 5

Security Operations Best Practices

• Understanding security controls and countermeasures used to protect organisational assets.
• Implementing security awareness and training programmes to strengthen security culture.
• Exploring collaboration practices with law enforcement and external security agencies.
• Applying security operations metrics and reporting techniques to measure security performance.
• Supporting continuous improvement through monitoring, reporting, and security governance.

Review and Exam Preparation

• Reviewing key CISSP® concepts and domains covered throughout the programme.
• Practising with CISSP®-style mock examinations and assessment questions.
• Understanding examination techniques, strategies, and best practices.
• Identifying areas for further study and certification preparation.
• Preparing effectively for the CISSP® certification examination.

Learning Outcomes

By the end of this programme, participants will be able to:

• Understand the core principles of information security, risk management, access control, and software development security.
• Prepare effectively for the CISSP® certification examination with greater knowledge and confidence.
• Design and manage comprehensive security programmes aligned with organisational objectives and risk requirements.
• Develop capabilities in incident management, business continuity, and recovery from security breaches.
• Apply legal, regulatory, and compliance requirements within information security programmes.
• Implement effective identity and access management practices, including authentication, authorisation, and identity lifecycle management.
• Strengthen security operations through monitoring, incident response, and compliance management activities.
• Understand secure software development principles and apply security practices throughout the software development lifecycle.

Who Should Attend

This programme is ideal for experienced cybersecurity and information security professionals, including:

• Chief Information Security Officers (CISOs).
• Cybersecurity Auditors.
• Security Administrators.
• Information Systems Security Officers.
• IT Security Engineers.
• Data Governance Managers.
• Senior Security Consultants.
• Information Assurance Analysts.
• Security and Risk Management Professionals.
• Individuals preparing for leadership and management roles in cybersecurity and information security.