InfoSec Institute CISSP Course Review

Certifications are very important in the field of information security. There are various organizations out there who provide different certificates that measure an individual’s skills from beginner to advance and which even include qualifications for the managerial aspects of information security. You might have heard about different certifications like skill sets such as ethical hacking, computer forensics, and most definitely, CISSP. A Certified Information Systems Security Professional (CISSP) is an individual who has acquired a skill set recognized internationally by the International Information Systems Security Certification Consortium; formally known as (ISC)2.

The CISSP is a well known and an important certificate that increases the value of a certificate holder. According a 2006 study by Certification Magazine, “The CISSP by (ISC)2 is a top paid certificate in IT.” Personally I believe that anyone who acquires basic penetration testing certification should then take the CISSP because it offers many advantages. In my case, I decided to take the CISSP exam but was worried about getting the right training. I spent a lot of time researching CISSP certification and training courses, and was particularly meticulous because there are so many online institutes available. This plethora of instructions means thatthe reputation of an institute is very important. After careful consideration, I decided to train at the . There were various factors that contributed to my decision to study at InfoSec Institute, and after completing the course, I decided to write a review so that others can learn what to do and what not to do.

I went to the CISSP certificate page of InfoSec Institute’s website, and I got a lot of information about the certificate. For example, I learned about the benefits of having the certificate, directions for a likely career path, and the expected salary level. The same page also contains information about the certification process and information regarding how to become a certificated CISSP professional, which is very helpful for anyone seeking general CISSP information. The InfoSec Institute program has over 93% success rate, which is a very good percentile. Of-course, I also went to the CISSP Boot Camp page, and learned that the Institute describes their program stating:

“You will leave the InfoSec Institute CISSP Boot Camp with the knowledge and domain expertise to successfully pass the CISSP exam the first time that you take it. We have ‘best-in-the- industry’ 93% pass-rate.”

On the same page I found out where they provide training, and even learned that they can provide the on-site training at your location. However, it was very difficult for me to physically travel to a training site so I decided to take CISSP Boot Camp Online Training, which allowed me to take the training at any time and at any location.

Right after the registration process, I went to the online portal of InfoSec Institute for CISSP training. They categorized each lecture in a form of a module, which was very helpful.

The Instructor

In any course, the instructor plays an important role, and I was worried about learning from an online instructor. I was concerned about his or her ability to deliver the proper course material, and about the methods adopted for online teaching (which I consider very important). The instructor of the course is J. Kenneth (Ken) Magee, and he has a very strong IT background. He is the president and owner of Data Security Consultation and Training, LLC and the senior instructor at InfoSec Institute. Prior to holding these positions, he was the chief information security officer for the entire Virginia Community College system, . Magee holds 20 certifications including: CISSP, CISA, ISO 27001 PA, Security+, and CDP.

The next most important thing for me is the course material. I wanted to know what the instructor going to teach me, so I went to the (ISC)2 official website review the basic information about the standard CISSP course. From this, I learned that the topics covered in the regular (non-online) course are: 

  • Access Control
  • Telecommunications and Network Security
  • Information Security Governance and Risk Management
  • Software Development Security
  • Cryptography
  • Security Architecture and Design
  • Operations Security
  • Business Continuity and Disaster Recovery Planning
  • Legal, Regulations, Investigations and Compliance
  • Physical (Environmental) Security

After comparing the online course to the regular course, I noted that similar modules are available through the online portal of InfoSec Institute’s CISSP program, which is very helpful for online students.


The first module is the introductory module which gives you information about the CISSP and (ISC)2. The most important part of the module is the exam overview, which covers the duration of the exam, the passing grade, total number of questions, types of the questions, and provides other relevant information. This module discusses the requirements for receiving the CISSP certificate, and explains what to bring and what not to bring to the examination.

Access Control:
This is the first domain of CISSP according to the (ISC)2 common body of knowledge and the second module of InfoSec Institute’s training portal. InfoSec Institute has divided this topic into three parts, which covers access control in depth. The overall module of the access control discusses the ways and techniques to create a security architecture that protects the information of any organization. The section also discusses how to create effective security mechanisms and possible attacks on the architecture. This module not only discusses logical security techniques, but also looks at physical ways to implement security measures, methods for controlling the flow of information, and best practices for implementing the most effective security mechanisms.

Telecommunications and Network Security:
Telecommunications and Network Security is the second module of CISSP and the third module covered by the InfoSec Institute portal. InfoSec Institute has divided this topic into three parts. This module primarily focuses on creating a secure network architecture and design. This is a very interesting topic because it includes both wired and wireless technology, IP addressing, and other logical and physical components of the network. Additionally, this topic discusses wireless
communication channels and their security. In summary, this course discusses integrity, availability, and confidentially.

Information Security Governance and Risk Management:

ISGRM (information security governance and risk management) is the third section according to (ISC)2 and the fourth module of InfoSec Institute’s Boot Camp portal. This class covers the roles and responsibilities of the CISSP certificate holder. The class also discusses security policies (how to implement and practice the policies), the risk management, and risk analysis. It includes information on security training and awareness and the standards of information security management. In short, the overall module discusses who owns what?

Software Development Security:

Software Development Security (which is also known as application system development security) is the fourth domain of the CISSP course according to (ISC)2’s common body of knowledge and the fifth module covered in InfoSec Institute’s portal. Software is always high risk, so the security of software is always a big concern. This module discusses the systems of a software development life cycle (how to apply the security in the overall software development process) and how to ensure the integrity and confidentially of data. This class also covers software testing techniques like black box testing and others.


Cryptography is equally important and is designated as the fifth focus of CISSP according to the (ISC)2 common body of knowledge. It is listed as the sixth module covered by InfoSec Institute’s portal. This class teaches the basics of cryptography including the goals of cryptography, digital signatures, and encryption techniques. The module also covers the various types of attacks that can be launched using cryptography and cryptanalysis. The class also discussed key distribution techniques and the history of cryptography. It is the very interesting module, and I really enjoyed the example of the symmetric block cipher and others.

Security Architecture and Design:
Security Architecture and Design is the sixth topic of CISSP course and InfoSec Institute has listed it as the seventh module. This class discusses hardware and software (including OS) architecture security
and models,. It also discusses internationally recognized guidelines for security implementation; for example, the PCI-DSS and ISO. The module also looks at the importance of integrity models like Biba and Clark-Wilson.

Operations Security:
Operations security is the seventh module from the (ISC)2 CISSP common body of knowledge and it is available as the eight module of InfoSec Institute’s Boot Camp. This class teaches us how to manage
an incident and how to response to a particular event. This module also focuses on preventative techniques to ward off attacks, patches, and vulnerability management. The module also discusses change and configuration management, and provides information on operation security responsibilities for effectively installing patches and managing a backup. Logs are also covered (including firewall logs, IDS logs, server logs, etc.), along with auditing and other relevant topics on operation security.

Business Continuity and Disaster Recovery Planning:

This is the eighth point in the CISSP course, and of course, it is the ninth module in the InfoSec Institute portal. I was very happy while viewing the video of this topic, and was very excited to learn about business cycles and the importance of information security. Additionally, I was excited to learn how information security affects a company’s overall business plan; and this module had the answers to all of my questions. This module is very important because it allows you to learn about business impact analysis (BIA) and business continuity planning (BCP). The exciting part of this module is learning about possible threats and the disaster recovery planning process.

Legal, Regulations, Investigations and Compliance:

It is the ninth topic emphasized by CISSP certification, and it is a very important class that covers legal issues. I really enjoyed learning about computer crime laws and regulations. The module discusses the legal issues of cyber crime, what the cyber crime laws are, and how to investigate a possible crime. The module also looks at different codes of ethics.

Physical Security:
Physical Security is last module of the CISSP course, and it is also a very interesting class. This section addresses the threats and vulnerabilities of physical security. I really appreciated the instructor’s approach to linking physical security with a hacker and logical security. The module discusses physical boundaries, walls, lightning, and other important parameters of physical security.


My experience with the InfoSec Institute regarding the CISSP course was very good. Although it is a very dry course (which I think all of you already know), I really enjoyed my journey and found it very informative. In my opinion, there is a need to add some practical examples into the course material; I mean, it would be very helpful the instructor could provide examples that he had faced in real life. The examples that were given throughout the course were enough to understand the concept, but extra examples can grab the attention of the student. Overall, the course has helped me to prepare for the exam and provided useful material. The teaching style and the valuable information presented in the first module really helped me to prepare myself for the CISSP exam.

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...