📞 (800) 555-2678 Sales & enrollment, Mon–Fri
BoosteLearning IT Certification Training · Live Labs
Free Trial Contact Sales
(ISC)² Cybersecurity

CISSP Online Training & Certification Prep

Comprehensive CISSP preparation across all eight CBK domains, combining deep conceptual instruction with scenario-based practice for the world's leading security management credential.

Pass Guarantee Live Labs Available SCORM / xAPI (ISC)² Aligned
CISSP Online Training & Certification Prep

Course Overview

The Certified Information Systems Security Professional (CISSP) is the gold standard for senior security practitioners. Issued by (ISC)², it validates broad and deep competency across eight knowledge domains—from security and risk management through to software development security—and is widely required or preferred for Director, CISO, Security Architect, and senior consultant roles. As of 2024, the exam uses a Computerized Adaptive Testing (CAT) format for English-language sittings, which means question difficulty scales dynamically and the exam ends when (ISC)² can determine with statistical confidence whether you have passed.

Boost eLearning’s CISSP course covers the full 2024 (ISC)² Common Body of Knowledge (CBK) across 64 hours of instruction. Because CISSP is a management-level certification, the emphasis is on thinking like a manager and risk advisor, not a technician—a distinction that separates candidates who pass from those who don’t. Our Certified Partner instructors are practicing CISOs and security architects who contextualize each domain with real-world policy decisions, risk trade-offs, and architectural choices rather than theoretical checklists.

The course is delivered in online self-paced, live virtual, and on-site formats. All sittings include our Pass Guarantee. CISSP is conceptually intensive rather than hands-on technical, so our lab component is deliberately selective—focused on network architecture diagrams, access control modeling exercises, and crypto algorithm selection scenarios rather than CLI drills. This matches what the exam actually tests.

CISSP requires five years of paid work experience in at least two of the eight CBK domains before you can be certified (or four years with a qualifying degree). Candidates who do not yet meet this requirement can sit the exam and become an Associate of (ISC)² while accruing the remaining experience. This course is appropriate for both tracks.

What You'll Learn

  • Apply security and risk management principles including asset classification, risk treatment, and legal/regulatory compliance
  • Design and evaluate physical and logical access controls using need-to-know, least privilege, and separation of duties principles
  • Assess security architecture models (Bell-LaPadula, Biba, Clark-Wilson) and apply them to system design decisions
  • Select, deploy, and manage cryptographic systems including symmetric/asymmetric algorithms, PKI, and key lifecycle management
  • Design secure network architectures including segmentation, OSI/TCP-IP security controls, and converged protocols
  • Evaluate identity and access management frameworks: directory services, federation, PAM, and zero-trust models
  • Plan and execute security assessment and testing programs: vulnerability management, penetration testing, and audit reviews
  • Build and manage a security operations capability: incident response, BCP/DR, forensics, and logging/monitoring
  • Apply software development security: SDLC integration, code review, OWASP Top 10, and DevSecOps pipelines
  • Manage physical security controls: site selection, perimeter defense, and environmental threats

Who This Course Is For

  • Senior security professionals targeting CISO, Security Director, or Security Architect roles
  • IT Managers and IT Auditors formalizing security program knowledge
  • Security consultants and risk advisors seeking the market's most recognized credential
  • Experienced network or systems engineers moving into security leadership
  • Associates of (ISC)² completing exam prep before accruing full experience

Course Outline

Module 1: Security & Risk Management (Domain 1)10 hours
  • Principles of CIA triad, due care/due diligence, and ethics
  • Legal and regulatory environments: GDPR, HIPAA, PCI-DSS, SOX, and cross-border data issues
  • Risk management frameworks: NIST RMF, ISO 31000, quantitative (ALE/ARO/SLE) and qualitative analysis
  • Security policies, standards, procedures, and baselines: structure and governance
  • Business continuity concepts: BIA, MTTR/MTBF, and recovery strategy selection
  • Personnel security: hiring controls, separation of duties, and security awareness programs
Module 2: Asset Security (Domain 2)5 hours
  • Data lifecycle: collection, storage, use, sharing, archiving, and destruction
  • Asset classification schemes and ownership models
  • Data privacy protections: minimization, anonymization, pseudonymization
  • Data retention policies and secure destruction methods (media sanitization standards)
Module 3: Security Architecture & Engineering (Domain 3)10 hours
  • Security models: Bell-LaPadula, Biba, Clark-Wilson, Brewer-Nash, and lattice-based models
  • Enterprise security architecture frameworks: SABSA, TOGAF security overlay, and Zachman
  • Cryptography in depth: stream vs. block ciphers, ECC, quantum-safe considerations, and HSMs
  • Physical security design: site selection, perimeter controls, and environmental threats (fire/flood/power)
  • Secure hardware design: TPM, secure boot, hardware security modules, and supply-chain integrity
Module 4: Communication & Network Security (Domain 4)8 hours
  • OSI and TCP/IP model security implications at each layer
  • Network component security: switches, routers, firewalls, proxies, load balancers, and SD-WAN
  • Secure protocols: TLS, IPSec, SSH, and 802.1X authentication
  • Network segmentation strategies: DMZ, microsegmentation, and zero-trust networking
  • Wireless security: WPA3, EAP variants, and rogue AP detection
Module 5: Identity & Access Management (Domain 5)6 hours
  • Physical and logical access control categories and models (MAC, DAC, RBAC, ABAC)
  • Identity management: provisioning, deprovisioning, and directory services (LDAP, AD)
  • Authentication protocols: Kerberos, OAuth 2.0, SAML, and OpenID Connect
  • Privileged access management (PAM) and just-in-time access
  • Identity federation and single sign-on across organizational boundaries
Module 6: Security Assessment & Testing (Domain 6)6 hours
  • Assessment and test strategy design: coverage, frequency, and scope
  • Vulnerability assessments vs. penetration testing: when to use each
  • Log reviews, synthetic transactions, and code review methodologies
  • Audit trails and security metrics: KPIs, KRIs, and reporting to leadership
  • Third-party audit coordination and SOC 1/SOC 2 report interpretation
Module 7: Security Operations (Domain 7)10 hours
  • Incident management lifecycle and CSIRT/SOC organizational models
  • Digital forensics: evidence collection, chain of custody, and legal admissibility
  • Disaster recovery planning: site selection (hot/warm/cold), replication, and test types
  • Patch and vulnerability management programs
  • Change management and configuration management controls
  • Physical security operations: guard forces, CCTV, and access control systems
Module 8: Software Development Security (Domain 8) & Exam Strategy9 hours
  • Secure SDLC models: waterfall, Agile, and DevSecOps security integration points
  • Application security controls: OWASP Top 10, input validation, error handling, and secure APIs
  • Database security: inference attacks, aggregation, and polyinstantiation
  • Software supply-chain security and open-source dependency risk
  • CAT exam strategy: manager mindset, best-answer techniques, and domain-weighted practice
  • Full-length adaptive practice exam with per-domain performance analysis

About the Certification Exam

Exam code
CISSP
Length
4 hours
Questions
125u2013175 (Computerized Adaptive Testing for English; linear 250-question for other languages)
Passing score
700 on a scale of 0u20131000
Exam cost
~$749 USD
Where
Pearson VUE testing center or online proctored

The certification exam fee is paid separately to the testing provider and is not included in the course price unless stated otherwise.

Live Labs Included

Hands-on practice on real environments

This course includes Live Labs — direct access to real hardware and cloud environments so you build the skills the exam actually tests.

  • Model a network security architecture using segmentation and DMZ zones for a simulated enterprise scenario
  • Design an access control matrix applying MAC, DAC, and RBAC to a defined asset classification scheme
  • Evaluate and document a cryptographic algorithm selection decision for data-at-rest and data-in-transit use cases
  • Conduct a tabletop BCP/DR exercise using a provided BIA and score recovery strategy trade-offs

Pass Guarantee Included

Complete this course and if you don't pass the certification exam on your first attempt, we'll refund your course fee or give you a free retake — your choice.

Read the guarantee →

Frequently Asked Questions

You need five years of paid, full-time work experience in at least two of the eight CBK domains. A four-year degree (or approved credential from the (ISC)² list) waives one year. Candidates without the required experience can pass the exam and become an Associate of (ISC)², then earn certification once experience is met.
In CAT mode (English-language exam), the exam adapts question difficulty based on your running performance and stops once it has sufficient statistical confidence. This means you may pass after 125 questions or be tested up to 175. Studying broad coverage across all eight domains—rather than cramming a few—is more important under CAT than under a fixed-length exam.
Candidates with 5–10 years of security experience typically spend 100–200 hours studying. Our 64-hour course covers the full CBK; adding practice exams, flash-card review, and the included lab exercises usually puts serious candidates at exam-ready within 8–16 weeks of part-time study.
CISSP tests managerial and risk-based thinking, not only technical recall. Many questions have two technically correct answers; the right answer is the one a senior manager or CISO would choose given risk, business impact, and completeness. Candidates who study by memorizing controls rather than understanding risk frameworks often struggle.
CISSP is commonly required or strongly preferred for CISO, Security Director, Security Architect, Senior Security Consultant, IT Risk Manager, and Security Program Manager roles. It is also listed in many DoD 8570/8140 IASAE Level II and III position requirements.
(ISC)²'s Cybersecurity Workforce Study reports CISSP as one of the highest-compensating certifications in the field. U.S. CISSP holders commonly earn between $130,000–$185,000 depending on role seniority, industry, and location; CISO-level roles in large enterprises often exceed $200,000.
CISSP requires 120 Continuing Professional Education (CPE) credits over a three-year cycle, with at least 40 CPE earned in each year. An annual maintenance fee of $125 USD is also required. CPEs can be earned through training, publishing, volunteering, and attending security conferences.
Yes. CISSP is a prerequisite for the CISSP concentrations—ISSAP (Architecture), ISSEP (Engineering), and ISSMP (Management)—which are available to active CISSP holders and demonstrate deeper specialization within specific career tracks.

Related Certifications

CompTIA
CompTIA Security+ (SY0-701) Online Training & Certification Prep
40 hours
CompTIA
CompTIA CySA+ (CS0-003) Online Training & Certification Prep
48 hours
CompTIA
CompTIA Server+ (SK0-005) Online Training & Certification Prep
36 hours

Related Reading