GIPMC
  • Contact Us
img

Certified Information Security Professional (CISP)

Course Description:

The Certified Information Security Professional (CISP)™ certification is for experienced people working in the information processing field. If you want to make a career in information security, which is a very important job these days, and you've been working in it for at least five years, then getting the CISP credential should be your goal. It's for professionals who make rules and plans for information security. Information security, also called InfoSec, is about keeping information safe from people who shouldn't have it. This includes all kinds of information, whether it's electronic or physical. Computers and the internet are everywhere now, which means there are more chances for people to cause harm. That's why it's important for security professionals to learn how to keep computers and information safe. This course teaches ways to create new systems for information security, how to figure out and manage security risks, and how to plan for security in a company. Governm

$ 800.00 $ 565.00
Add to Cart
Buy Now

Browse Certifications Info

Certification Overview

The Certified Information Security Professional (CISP)™ certification is for experienced people working in the information processing field. If you want to make a career in information security, which is a very important job these days, and you've been working in it for at least five years, then getting the CISP credential should be your goal. It's for professionals who make rules and plans for information security. Information security, also called InfoSec, is about keeping information safe from people who shouldn't have it. This includes all kinds of information, whether it's electronic or physical. Computers and the internet are everywhere now, which means there are more chances for people to cause harm. That's why it's important for security professionals to learn how to keep computers and information safe. This course teaches ways to create new systems for information security, how to figure out and manage security risks, and how to plan for security in a company. Governments, military, companies, banks, hospitals, and other businesses have a lot of secret information about their employees, customers, products, and money. Most of this information is stored on computers and sent over networks to other computers. Because the CISP certification exam is hard and requires a lot of knowledge, having the CISP title is really important in finding jobs. For IT professionals who want to move up in their careers, this certification can help them get into management positions.

E-Course Duration: 30 to 35 Hours

Download Sample Exam

Exam Information

  • The test has 100 multiple-choice questions. To pass, you need to get at least 70 of them right, which is 70% of the total.

  • You can take the exams online, and they're watched over using a webcam and a good internet connection. This means you can take the exams from anywhere and at any time.

  • The exam lasts for 2 hours, which is the same as 120 minutes.

  • During the exam at Pearson Vue Test Center, you can't use any outside sources of information. They'll give you more details about what you can use, like your ID.

  • If you don't pass the exam the second time, you have to wait at least fourteen (14) days before you can try again for the third time or any time after that. You can take the exam as many times as you need to.

  • The Certified Information Security Professional (CISP)™ is valid for 5 years. After that, the candidate needs to renew the certification once every 5 years to keep it valid.

  • CISP™ is a Trademark of GIPMC.

  • N/A

  • Note: You don't need to complete an E-Course from the GIPMCBok portal before getting the Certified Information Security Professional (CISP)™ Certification, but we strongly suggest doing it because many questions in the actual exam come from the E-Course.
Download Brochure

Course Outline

Module 1 - Introduction to Information Security

    • 1.2 More Than Just Computer Security
    • 1.2.1 Employee Mind-Set toward Controls
    • 1.3 Roles and Responsibilities
    • 1.3.1 Director, Design and Strategy
    • 1.4 Common Threats
    • 1.5 Policies and Procedures
    • 1.6 Risk Management
    • 1.7 Typical Information Protection Program

Module 2 - Threats to Information Security

     

    • 2.1 What Is Information Security?
    • 2.2 Common Threats
    • 2.2.1 Errors and Omissions
    • 2.2.2 Fraud and Theft
    • 2.2.3 Malicious Hackers
    • 2.2.4 Malicious Code
    • 2.2.5 Denial-of-Service Attacks
    • 2.2.6 Social Engineering
    • 2.2.7 Common Types of Social Engineering

Module 3 - The Structure of an Information Security Program

    • 3.1.1 Enterprisewide Security Program
    • 3.2 Business Unit Responsibilities
    • 3.2.1 Creation and Implementation of Policies and Standards
    • 3.2.2 Compliance with Policies and Standards
    • 3.3 Information Security Awareness Program
    • 3.3.1 Frequency
    • 3.3.2 Media
    • 3.4 Information Security Program Infrastructure
    • 3.4.1 Information Security Steering Committee
    • 3.4.2 Assignment of Information Security Responsibilities
    • 3.4.2.1 Senior Management
    • 3.4.2.2 Information Security Management
    • 3.4.2.3 Business Unit Managers
    • 3.4.2.4 First Line Supervisors
    • 3.4.2.5 Employeesa
    • 3.4.2.6 Third Parties

Module 4 - Information Security Policies

     

    • 4.1 Policy Is the Cornerstone
    • 4.2 Why Implement an Information Security Policy
    • 4.3 Corporate Policies
    • 4.4 Organizationwide (Tier 1) Policies
    • 4.4.1 Employment
    • 4.4.2 Standards of Conduct
    • 4.4.3 Conflict of Interest
    • 4.4.4 Performance Management
    • 4.4.5 Employee Discipline
    • 4.4.6 Information Security
    • 4.4.7 Corporate Communications
    • 4.4.8 Workplace Security
    • 4.4.9 Business Continuity Plans (BCPs)
    • 4.4.10 Procurement and Contracts
    • 4.4.11 Records Management
    • 4.4.12 Asset Classification
    • 4.5 Organizationwide Policy Document
    • 4.6 Legal Requirements
    • 4.6.1 Duty of Loyalty
    • 4.6.2 Duty of Care
    • 4.6.3 Federal Sentencing Guidelines for Criminal Convictions
    • 4.6.4 The Economic Espionage Act of 1996
    • 4.6.5 The Foreign Corrupt Practices Act (FCPA)
    • 4.6.5 Sarbanes–Oxley (SOX) Act
    • 4.6.6 Health Insurance Portability and Accountability Act (HIPAA)
    • 4.6.7 Gramm–Leach–Bliley Act (GLBA)
    • 4.7 Business Requirements
    • 4.8.1 Policy
    • 4.8.2 Standards
    • 4.8.3 Procedures
    • 4.8.4 Guidelines
    • 4.9 Policy Key Elements
    • 4.10 Policy Format
    • 4.10.1 Global (Tier 1) Policy
    • 4.10.1.1 Topic
    • 4.10.1.2 Scope
    • 4.10.1.3 Responsibilities
    • 4.10.1.4 Compliance or Consequences
    • 4.10.1.5 Sample Information Security Global Policies
    • 4.10.2 Topic-Specific (Tier 2) Policy
    • 4.10.2.1 Thesis Statement
    • 4.10.2.2 Relevance
    • 4.10.2.3 Responsibilities
    • 4.10.2.4 Compliance
    • 4.10.2.5 Supplementary Information
    • 4.10.3 Application-Specific (Tier 3) Policy

Module 5 - Asset Classification

     

    • 5.1 Introduction
    • 5.2 Overview
    • 5.3 Why Classify Information?
    • 5.4 What Is Information Classification?
    • 5.5 Where to Begin?
    • 5.6 Information Classification Category Examples
    • 5.6.1 Example 1
    • 5.6.2 Example 2
    • 5.6.3 Example 3
    • 5.6.4 Example 4
    • 5.7 Resist the Urge to Add Categories
    • 5.8 What Constitutes Confidential Information
    • 5.8.1 Copyright
    • 5.9 Employee Responsibilities
    • 5.9.1 Owner
    • 5.9.1.1 Information Owner
    • 5.9.2 Custodian
    • 5.9.3 User
    • 5.10 Classification Examples
    • 5.10.1 Classification: Example 1
    • 5.10.2 Classification: Example 2
    • 5.10.3 Classification: Example 3
    • 5.10.4 Classification: Example 4
    • 5.11 Declassification or Reclassification of Information
    • 5.12 Records Management Policy
    • 5.12.1 Sample Records Management Policy
    • 5.13 Information Handling Standards Matrix
    • 5.13.1 Printed Material
    • 5.13.2 Electronically Stored Information
    • 5.13.3 Electronically Transmitted Information
    • 5.13.4 Record Management Retention Schedule
    • 5.14 Information Classification Methodology
    • 5.15 Authorization for Access
    • 5.15.1 Owner
    • 5.15.2 Custodian
    • 5.15.3 User

Module 6 - Access Control

     

    • 6.1 Business Requirements for Access Control
    • 6.1.1 Access Control Policy
    • 6.2 User Access Management
    • 6.2.1 Account Authorization
    • 6.2.2 Access Privilege Management
    • 6.2.3 Account Authentication Management
    • 6.3 System and Network Access Control
    • 6.3.1 Network Access and Security Components
    • 6.3.2 System Standards
    • 6.3.3 Remote Access
    • 6.4 Operating System Access Controls
    • 6.4.1 Operating Systems Standards
    • 6.4.2 Change Control Management
    • 6.5 Monitoring System Access
    • 6.5.1 Event Logging
    • 6.5.2 Monitoring Standards
    • 6.5.3 Intrusion Detection Systems
    • 6.6 Cryptography
    • 6.6.1 Definitions
    • 6.6.2 Public Key and Private Key
    • 6.6.3 Block Mode, Cipher Block, and Stream Ciphers
    • 6.6.4 Cryptanalysis
    • 6.7 Sample Access Control Policy

Module 7 - Physical Security

     

    • 7.1 Data Center Requirements
    • 7.2 Physical Access Controls
    • 7.2.1 Assets to be Protected
    • 7.2.2 Potential Threats
    • 7.2.3 Attitude toward Risk
    • 7.2.4 Sample Controls
    • 7.3 Fire Prevention and Detection
    • 7.3.1 Fire Prevention
    • 7.3.2 Fire Detection
    • 7.3.3 Fire Fighting
    • 7.4 Verified Disposal of Documents
    • 7.4.1 Collection of Documents
    • 7.4.2 Document Destruction Options
    • 7.4.3 Choosing Services
    • 7.5 Agreements
    • 7.5.1 Duress Alarms
    • 7.6 Intrusion Detection Systems
    • 7.6.1 Purpose
    • 7.6.2 Planning
    • 7.6.3 Elements
    • 7.6.4 Procedures
    • 7.7 Sample Physical Security Policy

Target Audience

  • IT consultants
  • Managers
  • Security policy
  • Privacy officers
  • Information Security Officers
  • Network Administrators
  • Security Device Administrators
  • Security engineers
Subscribe

Join Our Newsletter Now

Subscribe to GIPMC mailing list to receive update on new Certifications, Special Offers and Discount Information.