CISSP - Certified Information Systems Security Professional


Our CISSP training prepares the student to the exam to become a Certified Security Expert from the ISC2 (International Information Systems Security Certification Consortium). The certification ensures the owner has a broad knowledge of the security matters and he/she keeps his/her knowledge up to date. The certification is world wide recognized as a foundation for any Security Expert.

ISC2 defines a Common Body of Knowledge (CBK ®). The CBK defines what a Security Professional should Master in every one of those 8 Chapters. The CBK defined chapters and required knowledge is defined upon what every Security Experts need to know for his/her day-to-day work. The Certification allows to standardize those knowledge. ISC2 requires more over to the CISSP certification owner to keep his/her knowledge up to date to retain his/her certification. The CBK covers not only theoretical aspects a Security Professional needs to know but also the also more practical details a Security Professional will encounter in his/her everyday job.

Our CISSP training is fully independent of any product or organisation, giving our student a true unbiased training.

Your pace

Depending of the session (one group is not another one) the training may be complete in 4 days and we are left with one full day of practice or Q&A.

Other arrangement have been found depending of the Customers.




As to be found on SANS web site :
  • Chief Information Security Officer
  • Chief Information Officer
  • Director of Security
  • IT Director/Manager
  • Security Systems Engineer
  • Security Analyst
  • Security Manager
  • Security Auditor
  • Security Architect
  • Security Consultant
  • Network Architect

SANS's Web site :


There is no specific requirement. However a good 2-7 years experience in IT (and or in IT - Security ) really helps to understand all the concnpts.


The training goes over the 1.200+ pages of the CBK book (official CBK ou "Official Study Guide" ).

Trainees will have to do the memorization work by themselves.



After the training ...

Students can always ask / call but the true nature of the CISSP is that ISC2 holds the questions and their style confidential.

Material provided

Every students receives either the Official CBK book plus a set of slides or an equivalent book (we recently decided not to go for the official book as it is really a terrible one to study).

Detailled program


We spend 5 days for 8 - 10 hours a day going over the training materials. At your pace... sometimes we make a difficult chapter in a couple of hours and sometimes we finish a supposedly easy chapter in one day. The trainer is available from 8h00 to 19h00 (depending of the facility openings hours).

Here is a possible day by day time table. It is give as indication and NOT as something cast in Iron.


  • Chapitre 0 : Consiste en une introduction où des éléments tels que :
    • Structure de la semaine
    • Evolution du contenu du CISSP et importance des différents chapîtres.
    • Structure de l'examen
    • Préparation de l'examen, conseils, recommendation, forme de certaines questions, CISSP Computerized Adaptive Testing
    • Examen en Français ou en Anglais ... ?
    • Le CISSP et après ?
    • CISSP code of Ethics
  • Domaine 1 : Security and Risk Management (Security, Risk, Compliance, Law, Regulations, and Business Continuity) Confidentiality, integrity, and availability concepts
    • Security governance principles
    • Compliance
    • Legal and regulatory issues
    • Professional ethic
    • Security policies, standards, procedures and guidelines


  • Domaine 1 (continued )
  • Domaine 2 : Asset Security (Protecting Security of Assets)
    • Information and asset classification
    • Ownership (e.g. data owners, system owners)
    • Protect privacy
    • Appropriate retention
    • Data security controls
    • Handling requirements (e.g. markings, labels, storage)


  • Domaine 3 : Security Engineering (Engineering and Management of Security)
    • Engineering processes using secure design principles
    • Security models fundamental concepts
    • Security evaluation models
    • Security capabilities of information systems
    • Security architectures, designs, and solution elements vulnerabilities
    • Web-based systems vulnerabilities
    • Mobile systems vulnerabilities
    • Embedded devices and cyber-physical systems vulnerabilities
    • Cryptography
    • Site and facility design secure principles
    • Physical security
  • Domaine 4 :
    • Communication and Network Security (Designing and Protecting Network Security) Secure network architecture design (e.g. IP & non-IP protocols, segmentation)
    • Secure network components
    • Secure communication channels
    • Network attacks


  • Domaine 4 (continued)
  • Domaine 5 : Identity & Access Management (Controlling Access and Managing Identity)
    • Physical and logical assets control
    • Identification and authentication of people and devices
    • Identity as a service (e.g. cloud identity)
    • Third-party identity services (e.g. on-premise)
    • Access control attacks
    • Identity and access provisioning lifecycle (e.g. provisioning review)
  • Domaine 6 : Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
    • Assessment and test strategies
    • Security process data (e.g. management and operational controls)
    • Security control testing
    • Test outputs (e.g. automated, manual)
    • Security architectures vulnerabilities


  • Domaine 7 : Security Operations (Foundational Concepts, Investigations, Incident Management, and Disaster Recovery)
    • Investigations support and requirements
    • Logging and monitoring activities
    • Provisioning of resources
    • Foundational security operations concepts
    • Resource protection techniques
    • Incident management
    • Preventative measures
    • Patch and vulnerability management
    • Change management processes
    • Recovery strategies
    • Disaster recovery processes and plans
    • Business continuity planning and exercises
    • Physical security
    • Personnel safety concerns
  • Domaine 8 : Software Development Security (Understanding, Applying, and Enforcing Software Security)
    • Security in the software development lifecycle
    • Development environment security controls
    • Software security effectiveness
    • Acquired software security impact

CISSP - Certified Information Systems Security Professional

Interrested by this training ? Please contact us for more details.