CISSP Certified Information System Security Professional + Agiles Projektmanagement

CISSP (Certified Information Systems Security Professional) von (ISC)² gilt als Goldstandard der IT-Security-Zertifizierungen — DoD 8570 IAM Level II/III anerkannt, Pflicht für viele Senior-Security-Stellen. Kombination mit Scrum Foundation für agile DevSecOps-Settings. CISSP (10 Tage / 2 Wochen): 8 Domänen (Common Body of Knowledge CBK) — 1. Security and Risk Management (16%) — CIA-Triade, Governance (Policies, Standards, Procedures, Guidelines), Compliance (Laws, Regulations, Standards), Professional Ethics (ISC2 Code of Ethics), Business Continuity Planning (BCP), Risk Management (Risk Identification, Risk Assessment, Risk Treatment, Risk Monitoring), Threat Modeling (STRIDE, PASTA, DREAD), Security Awareness und Training. 2. Asset Security (10%) — Information Classification, Data Ownership, Privacy Protection, Asset Retention, Data Security Controls, Data Lifecycle. 3. Security Architecture and Engineering (13%) — Security Engineering Models (Bell-LaPadula für Confidentiality, Biba für Integrity, Clark-Wilson, Brewer-Nash Chinese Wall), Trusted Computing Base, Security Modes (Dedicated, System High, Compartmented, Multilevel), Cryptography (Symmetric AES/DES, Asymmetric RSA/ECC, Hashing SHA-256/SHA-3, PKI), Physical Security. 4. Communication and Network Security (13%) — OSI-Modell, TCP/IP, IPv4/IPv6, Network-Topologies, Wireless Security (WPA2/WPA3, RADIUS), Network-Security-Components (Firewalls, IDS/IPS, VPN, Proxies, Bastion Hosts). 5. Identity and Access Management (13%) — Identification, Authentication (Something you know/have/are), Authorization (DAC, MAC, RBAC, ABAC), Accountability (Auditing, Logging), Federated Identity (SAML, OAuth, OpenID Connect), Single Sign-On (SSO). 6. Security Assessment and Testing (12%) — Audit Strategies (Internal vs. Third-Party), Security Control Testing (Vulnerability Assessment, Penetration Testing, Log Review, Code Review, Security Audit), Test Outputs (Reports, Metrics), Collect Security Process Data (KPIs, KRIs). 7. Security Operations (13%) — Investigations (Forensics, Chain of Custody, Evidence-Collection), Logging und Monitoring (SIEM, Continuous Monitoring), Incident Management Lifecycle, Disaster Recovery Planning. 8. Software Development Security (10%) — Security in SDLC, Source Code Reviews, OWASP Top 10, Database Security, DevSecOps. Examen CISSP: 100-150 adaptive Multiple-Choice + Drag-and-Drop, 4h, 700/1000 Pass. Voraussetzung Zertifikats-Award: 5 Jahre Berufserfahrung in 2+ CISSP-Domänen (1 Jahr Substitution mit Bachelor möglich). Scrum Foundation (1 Woche): PeopleCert. CISSP gilt als anspruchsvollste IT-Security-Zertifizierung — Pass-Quote ~50%. Mit CISSP qualifizieren Sie sich für CISO, Senior Security Architect, Security Director-Rollen mit Top-Gehältern.