Certified Information Systems Security Tester (CISST)

Certification Overview

Certified Information Systems Security Tester (CISST)

Exam Code: CISST-001

Information security, sometimes shortened to InfoSec, is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (e.g. electronic, physical).

Information Security Testing and Assessment is a process of identifying different security vulnerabilities in your technology infrastructure. The risks found in the vulnerability assessment are issues that may be exploited by a malicious individual or program to gain access to your confidential and proprietary data.

Security testing is a process intended to reveal flaws in the security mechanisms of an information system that protect data and maintain functionality as intended. Due to the logical limitations of security testing, passing security testing is not an indication that no flaws exist or that the system adequately satisfies the security requirements.

Typical security requirements may include specific elements of confidentiality, integrity, authentication, availability, authorization and non-repudiation. Actual security requirements tested depend on the security requirements implemented by the system. Security testing as a term has a number of different meanings and can be completed in a number of different ways. As such a Security Taxonomy helps us to understand these different approaches and meanings by providing a base level to work from.

E-Course Duration: 30 to 35 Hours

Exam Information

The exam comprises of 100 Multiple Choice Questions out of which the candidate needs to score 80% (80 out of 100 correct) to pass the exam.

The total duration of the exam is 2 hours (120 Minutes).

  • The exam is conducted in a non-proctored mode and can be taken anytime and anywhere within an eight-month validity period.
  • Upon purchasing the Premium Package or an Exam Voucher Code, a voucher code with two attempts will be assigned to your login profile under the "My Vouchers" tab. You can then take the exam through the "My Exam(s)" tab in your profile. To take the exam, simply apply the voucher code.
  • The Exam Voucher included in the Premium Package or purchased separately is valid for two (2) attempts. If you are unable to pass the exam within these two attempts, you can purchase a new voucher code, which will grant you an additional two attempts.
  • Kindly Note: The voucher will not be valid for a second attempt if you pass the exam on your first attempt.

The Certified Information Systems Security Tester (CISST)® is valid for life.

CISST® is a Registered Trademark of GAQM.

Note: The Certified Information Systems Security Tester (CISST)® Certification requires a mandatory E-Course completion requirement. Once the candidate completes the E-Course, they will receive a GAQM Learner ID. 

Download Sample Exam

Course Outline

Module Information - 1

  • Module 1 - Security Risks
  • Module 2 - Asset Identification
  • Module 3 - Assessing Risk Analysis Effectiveness
  • Module 4 - Information Security Policies and Procedures
  • Module 5 - Analysis of Information Security Policies and Procedures
  • Module 6 - Security Auditing and Its Role in Security Testing
  • Module 7 - Security Risk Assessment
  • Module 8 - Security Triad
  • Module 9 - Introduction to Security Testing
  • Module 10 - The Purpose of Security Testing
  • Module 11 - The Organizational Context
  • Module 12 - Security Testing Objectives
  • Module 13 - The Difference between Information Assurance and Security Testing
  • Module 14 - The Scope and Coverage of Security Testing Objectives
  • Module 15 - Analysis of Security Approaches
  • Module 16 - Analysis of Failures in Security Test Approaches
  • Module 17 - Stakeholder Identification

Module Information - 2

  • Module 18 - Improving the Security Testing Practices
  • Module 19 - Security Test Process Definition
  • Module 20 - Lifecycle Alignment and Security Testing Tasks
  • Module 21 - Security Test Planning
  • Module 22 - Security Test Design
  • Module 23 - Implementing Policy-Based Security Tests
  • Module 24 - Security Test Execution
  • Module 25 - Security Test Evaluation
  • Module 26 - Security Test Maintenance
  • Module 27 - Role of Security Testing in a Lifecycle
  • Module 28 - The Role of Security Testing in Design
  • Module 29 - The Role of Security Testing in Implementation Activities
  • Module 30 - Component Test Analysis & Design
  • Module 31 - Analyzing Component Test Results
  • Module 32 - Component Integration Test Analysis & Design
  • Module 33 - The Role of Security Testing in System and Acceptance Test Activities
  • Module 34 - Definition of Security-Oriented Acceptance Criteria


Module Information - 3

  • Module 35 - The Role of Security Testing in Maintenance
  • Module 36 - Testing the Effectiveness of System Hardening
  • Module 37 - Authentication and Authorization
  • Module 38 - Firewalls and Network Zones
  • Module 39 - Encryption, Intrusion Detection, Malware Scanning and Data Obfuscation
  • Module 40 - Training
  • Module 41 - Security Awareness
  • Module 42 - Attack Motivations
  • Module 43 - Social Engineering and Security Awareness
  • Module 44 - Revising Security Expectations
  • Module 45 - Security Test Reporting
  • Module 46 - Reporting Security Test Status
  • Module 47 - Reporting Security Test Results
  • Module 48 - Types and Purposes of Security Test Tools
  • Module 49 - Tool Selection
  • Module 50 - Open Source Tools
  • Module 51 - Benefits of Standards
  • Module 52 - Applying Security Standards
Download Brochure

Target Audience

  • This certification is the most advanced information systems testing training in Information Security industry for IT managers, security consultants, security analysts, IT professionals, network engineers and anyone having prior ethical hacking knowledge.
  • People in managerial positions related to PCI DSS compliance, Project managers, Fraud management and prevention staff, Information security managers and officers, payment application vendors.

Registration Process for E-Course or E-Book and Exam

Premium Package
(E-Course Version)

  • Self Explanatory
  • Valid for 40 days
  • This package provides a voucher code granting eligibility for two (2) exam attempts.
  • Includes E-certificate and Digital Badge if you qualify in the exam.
  • Course Duration: 40 Days
  • Price: 230 USD

Exam
Voucher

  • Validity: 240 Days
  • Price: 190 USD
  • Please Read Carefully:

    1) The Exam Voucher is valid for two (2) attempts.

    2) You will receive your voucher code within 24 business hours.

    3) Once you receive the voucher code, you can take the exam via the "My Exam(s)" tab in your login profile.

GAQM

Test-Takers

Policies & Disclosures

Follow Us

GAQM, All rights Reserved.
Copyright © 2024