This website uses cookies. If you don’t like cookies, please leave immediately. OK, I like cookies.


Network/Cyber/Information Security - Preparation for CISSP Certification


Fast facts

Positions in many large corporations and government agencies worldwide now require certification, and accredited practitioners. CISSP means higher earning potential and career advancement. The average search for cybersecurity professionals in job networks such as LinkedIn and JobStreet shows clear leaning towards CISSP/GISP according facilitator, Dr. Suresh Ramasamy who is a subject matter expert and an experienced trainer specialising in the study of Telecommunications, Technology & Network/Information Security ​​​​​​. He holds Professional Memberships with(ISC)2, ISACA, (ISC)2 Malaysia, IAPP, MSCR.

Dr Suresh is also the author and creator of Malaysian National Technical Standards on Information/Network Security given authority under Communications & Multimedia Act 1997 (CMA – MTSFB).  He is also an International keynote speaker and 




This five day classroom training courses provides an intensive and complete preparation for the CISSP examination which has been designed to maximize time effectiveness and reduce unnecessary time away from your work or the office.

This certification promotes international security practices and is the ideal credential for those with proven deep technical and managerial competence, skills, experience, and credibility to design, engineer, implement, and manage their overall information security program to protect organizations from growing sophisticated attacks.

This exclusive course is a comprehensive and complete review of information systems security concepts and industry best practices which also is essential as part of the preparation effort towards the challenging CISSP examination. 

Learning outcomes

This course aims to provide the necessary knowledge and skills to be an Information Security professional, based on (ISC)2 Common Body of Knowledge for the CISSP programme.



(ISC)2 Certified Information Systems Security Professional

(optional: Participants can also sit for GIAC Information Security Professional certification as it is common syllabus)

(Participants are only certified AFTER passing the examination)

Course contents







Security & Risk Management (Security, Risk, Compliance, Law, Regulations, and Business Continuity)

To understand the following subdomains

  • Confidentiality, integrity, and availability concepts
  • Security governance principles
  • Compliance
  • Legal and regulatory issues
  • Professional ethic
  • Security policies, standards, procedures and guidelines


To be able to apply the understanding in real world situations at work.



Asset Security (Protecting Security of Assets)

To understand the following subdomains

  • Information and asset classification
  • Ownership (e.g. data owners, system owners)
  • Protect privacy
  • Appropriate retention
  • Data security controls
  • Handling requirements (e.g. markings, labels, storage)

To be able to apply the understanding in real world situations at work.



















Security Engineering (Engineering and Management of Security)


To understand the following subdomains

  • Engineering processes using secure design principles
  • Security models fundamental concepts
  • Security evaluation models
  • Security capabilities of information systems
  • Security architectures, designs, and solution elements vulnerabilities
  • Web-based systems vulnerabilities
  • Mobile systems vulnerabilities
  • Embedded devices and cyber-physical systems vulnerabilities
  • Cryptography
  • Site and facility design secure principles
  • Physical security


To be able to apply the understanding in real world situations at work.



Communication and Network Security (Designing and Protecting Network Security)


To understand the following subdomains

  • Secure network architecture design (e.g. IP & non-IP protocols, segmentation)
  • Secure network components
  • Secure communication channels
  • Network attacks


To be able to apply the understanding in real world situations at work.
















Identity and Access Management (Controlling Access and Managing Identity)


To understand the following subdomains

  • Physical and logical assets control
  • Identification and authentication of people and devices
  • Identity as a service (e.g. cloud identity)
  • Third-party identity services (e.g. on-premise)
  • Access control attacks
  • Identity and access provisioning lifecycle (e.g. provisioning review)


To be able to apply the understanding in real world situations at work.



Security Assessment and Testing

To understand the following subdomains:

  • Assessment and test strategies
  • Security process data (e.g. management and operational controls)
  • Security control testing
  • Test outputs (e.g. automated, manual)
  • Security architectures vulnerabilities


To be able to apply the understanding in real world situations at work.



Security Operations (Foundational Concepts, Investigations, Incident Management, and Disaster Recovery)

To understand the following subdomains

  • Investigations support and requirements
  • Logging and monitoring activities
  • Provisioning of resources
  • Foundational security operations concepts
  • Resource protection techniques
  • Incident management
  • Preventative measures
  • Patch and vulnerability management
  • Change management processes
  • Recovery strategies
  • Disaster recovery processes and plans
  • Business continuity planning and exercises
  • Physical security
  • Personnel safety concerns


To be able to apply the understanding in real world situations at work



Software Development Security (Understanding, Applying and Enforcing Software Security)

To understand the following subdomains

  • Security in the software development lifecycle
  • Development environment security controls
  • Software security effectiveness
  • Acquired software security impact


To be able to apply the understanding in real world situations at work


Total Hours:






  1. Training workshops 

  2. Hands on activities
  3. One-on-one consultation with expert during the training
  4. Each participant (who attends a minimum of 90% of the Workshop) will be awarded a “Certificate of Attendance” at the end of the Workshop.

Who should attend?

This workshop is for: 

  • IT or Systems Security Managers
  • Project Managers
  • Systems or Network Engineers
  • Systems Analyst or Auditor
  • Systems or Network Consultant
  • Senior Systems or Database Administrators or Programmers
  • Anyone who wishes to refresh and broaden their knowledge in all domains to study for the CISSP® exam.


To qualify for CISSP certification, you must:

  • Have a minimum of five years’ experience in two or more of the eight CBK domains.
  • Pass the CISSP examination.
  • Complete the endorsement process and subscribe to the (ISC)² Code of Ethics.
  • Maintain certification through continuing professional education (CPE) credits.




1. I have not been to any security training for certification. Can I attend this training?

Yes, you can. The training gives you critical knowledge about Security that you will need for your work as well as the certification.


2. Is the exam cost part of the package?

No, the exam is to be signed up and purchased by yourself.


3. Can the training be shorter in the time frame?

While we want to make it shorter, the body of knowledge is extensive and covers a number of topics. 5 days is the most minimum timeframe you will require to get the necessary knowledge. We have received feedback from our previous participants that 5 days isn’t sufficient as there are vast areas based on the CBK provided.


4. What are the certifications I can pursue this training?

You have 2 options for certification. The first, being the (ISC)2 CISSP certification, and the next, being the SANS GISP. There is difference between these 2 certifications which will be discussed during the course.


5. Why should I get certified?

Certifications bring value to an individual as the holder. CISSP is regarded the gold standard in security certification and SANS is known for its deep technical know-how.


6. What is the minimum number of pax per session?

EBSB allocates a minimum of 10 pax per session and a maximum of 20.


7. How often is this training held?

It is usually held either once, or twice a year as a public course.


8. Is there any kind of rebate that I can apply?

If your organisation contributes to HRDF, you may claim from HRDF for your participation. If your organisation wishes to apply for HRDF SBL-Khas, please contact us for further information.

Max no. of participants

15 particpants


Enlightened Billionaire Sdn Bhd

Sign in to enrol now !

( In House Training )

In House Training Per Day Cost
MYR 5000
Public Training Per Pax Cost
Study Mode
One Session
Language Offered
Kuala Lumpur, Malaysia