Die Certified Information Systems Security Professional (CISSP) von (ISC)2 ist eine der weltweit führenden Zertifizierungen im Bereich Cybersecurity.Sie bescheinigt fundiertes Fachwissen in Sicherheitskonzepten und die Fähigkeit, komplexe Sicherheitsherausforderungen zu meistern. Die CISSP-Zertifizierung hat sich einen hervorragen den Ruf erarbeitet und wird von vielen Arbeitgebern als entscheidender Faktor bei der Auswahl von Bewerbern angesehen. Laut verschiedenen Studien und Berichten, wie etwa von (ISC)2 selbst, sind CISSP-zertifizierte Fachleute in der Lage, höhere Gehälter zu erzielen und haben bessere Karrierechancen im Vergleich zu ihren nicht-zertifizierten Kollegen.

• IT-Sicherheitsprofis, Manager und Consultants, IT-Sicherheitsarchitekten C-Level- Manager (z. B. CISO, CIO)
• Fachleute in Banken, Behörden und IT-Dienstleistungen

Domain 1: Security and Risk Management

1.1 Grasp and apply the principles of confidentiality, integrity, and availability.

1.2 Assess and apply security governance principles:

• Aligning security with business objectives

• Security control frameworks: strategy, mission, goals, and objectives

• Due care and due diligence

• Organizational processes (e.g., acquisitions, divestitures, governance)

• Defining roles and responsibilities

1.3 Identify and adhere to compliance requirements:

• Legal, regulatory, contractual, and industry standards

• Privacy obligations

1.4 Understand global legal and regulatory aspects of information security:

• Cybercrime and breaches

• Cross-border data transfers

• Licensing and IP requirements

• Import/export restrictions

1.5 Uphold and promote professional ethics:

• ISC2 Code of Professional Ethics

• Organizational codes of conduct

1.6 Develop, document, and implement policies, standards, procedures, and guidelines.

1.7 Identify, assess, and prioritize Business Continuity (BC) needs:

• Scope and planning

• Business Impact Analysis (BIA)

1.8 Support and enforce personnel security measures:

• Hiring and onboarding

• Policy adherence

• Termination protocols

• Third-party agreements

1.9 Understand and apply risk management:

• Threat/vulnerability identification

• Security Control Assessment (SCA)

• Risk analysis, mitigation, and reporting

• Control selection and frameworks

1.10 Apply threat modeling methodologies and principles.

1.11 Manage supply chain risks:

• Hardware/software/service risks

• Third-party assessments

• Minimum security standards

1.12 Build and maintain a security awareness and training program:

• Delivery methods

• Content updates

• Effectiveness evaluation

Domain 2: Asset Security

2.1 Classify and identify assets and information.

2.2 Define and maintain asset ownership.

2.3 Ensure privacy protection:

• Data ownership

• Remanence

• Processing practices

• Collection limitations

2.4 Establish proper asset retention protocols.

2.5 Select appropriate data security controls:

• Data states and protection techniques

• Scoping and tailoring

• Standards selection

2.6 Define requirements for information and asset handling.

Domain 3: Security Architecture and Engineering

3.1 Apply secure design principles in engineering processes.

3.2 Understand foundational security model concepts.

3.3 Select controls based on system requirements.

3.4 Evaluate system security capabilities (e.g., TPM, encryption, memory protection).

3.5 Identify and mitigate architectural and design vulnerabilities:

• Systems (client/server, databases, cloud, ICS, IoT)

• Cryptographic solutions

3.6-3.8 Evaluate and address vulnerabilities in web, mobile, and embedded systems.

3.9 Implement cryptographic solutions:

• Key management

• PKI

• Digital signatures, integrity, non-repudiation

• Secure algorithms and attack resistance

3.10 Design secure sites and facilities.

3.11 Implement physical site security controls.

Domain 4: Communication and Network Security

4.1 Apply secure design principles to network architectures:

• OSI/TCP-IP models

• Software-defined networking

• Wireless and converged networks

4.2 Secure network infrastructure and components.

4.3 Deploy secure communication channels:

• Remote access

• Voice and multimedia

• Virtual networks

Domain 5: Identity and Access Management (IAM)

5.1 Control physical and logical access.

5.2 Manage identity verification for users/devices/services:

• Multi-factor authentication

• Identity proofing

• Session and credential management

5.3 Integrate third-party identity solutions (on-premises/cloud).

5.4 Implement authorization mechanisms:

• RBAC, DAC, ABAC, MAC

5.5 Manage the access lifecycle:

• Reviews

• Provisioning/deprovisioning

Domain 6: Security Assessment and Testing

6.1 Design and validate test/audit strategies (internal/external/third-party).

6.2 Conduct testing:

• Pen testing, vulnerability scans, code reviews

• Log and misuse analysis

6.3 Collect process data for auditing.

6.4 Analyze results and report findings.

6.5 Conduct/facilitate audits.

Domain 7: Security Operations

7.1 Support investigations:

• Evidence handling

• Digital forensics

• Documentation

7.2 Understand investigation types.

7.3 Monitor and log activities:

• SIEM

• Intrusion detection

• Egress monitoring

7.4 Manage resource provisioning.

7.5 Apply foundational operational concepts:

• Least privilege

• Separation of duties

• Privileged access

7.6 Implement resource protection.

7.7 Handle incident response and management.

7.8 Maintain security measures:

• Firewalls, IDS/IPS, sandboxing, etc.

7.9 Execute patch and vulnerability management.

7.10 Participate in change management.

7.11 Implement recovery solutions:

• Backup and fault tolerance

• High availability

7.12 Develop disaster recovery processes.

7.13 Test DR plans via multiple approaches.

7.14 Engage in business continuity planning.

7.15 Implement physical security measures.

7.16 Address personnel safety/security.

Domain 8: Software Development Security

8.1 Integrate security throughout the SDLC:

• Methodologies

• Change and configuration management

8.2 Secure the development environment.

8.3 Evaluate software security effectiveness.

8.4 Analyze the impact of acquired software.

8.5 Apply secure coding standards and best practices:

• API security

• Code-level vulnerability mitigation

Mehr unter: https://www.isc2.org/certifications/cissp

• Dauer: Wahlweise 5, 6  Tage Intensivkurs (Präsenz) oder Self-Paced Training
• Empfohlene Vorbereitung: 1-2 Monate Selbststudium mit unseren Materialien
• (ISC)2 Unterlagen

• Mindestens 5 Jahre Berufserfahrung in 2 der 8 CISSP-Domains
• Die Prüfung kann auch ohne die vollen 5 Jahre abgelegt werden, fehlende Erfahrung wird später nachgereicht.

• Internationale Anerkennung für Cybersecurity-Fachleute
• Attraktive Gehälter von durchschnittlich über 130.000 CHF jährlich(CH), D und AT jeweils etwa 100.000 Euro
• Hohe Nachfrage in IT, Banken und öffentlichen Einrichtungen

Der Preis für die Zertifizierung beträgt 6700 CHF (inkl. 8.1% MWSt) (6 Tage Training) und umfasst folgende Leistungen:
• Kursgebühren, Prüfungsgebühr für den ersten Versuch
• Zweite Prüfung Gratis, falls der erste Versuch nicht bestanden wird
• Original (ISC)2-Schulungsmaterialien
• Probeexamen für eine realistische Prüfungssimulation
• 24/7-Forum und LMS-Zugang

Self-Paced Training: 1390 CHF (inkl. 8.1% MWSt)

5 Tage Training mit einem Versuch: 6270 CHF

Im Rahmen des Intensivtrainings absolvieren Sie die CISSP-Prüfung direkt in Zürich.

Dauer: 3 Stunden

• Fragenanzahl: 100–150

• Format: Multiple Choice und innovative Frageformen

• Bestehensgrenze: 70 % (700 von 1000 Punkten)

• Sprachen: Englisch, Deutsch, Spanisch, Chinesisch, Japanisch

Prüfungsinhalte:

• Domain 1: 16 %

• Domain 2: 10 %

• Domain 3: 13 %

• Domain 4: 13 %

• Domain 5: 13 %

• Domain 6: 12 %

• Domain 7: 13 %

• Domain 8: 10 %