Course Outline

Security and Risk Management for Government

  • Foundations of confidentiality, integrity, and availability (CIA)
  • Security governance, policies, and frameworks (ISO 27001, NIST CSF)
  • Risk analysis, assessment, and mitigation strategies for government
  • Business impact analysis, security awareness programs, and training initiatives for government employees
  • Legal, regulatory, compliance, and privacy issues (GDPR, HIPAA, local laws) relevant to government operations

Asset Security for Government

  • Information classification, ownership, and protection measures for government data
  • Data handling procedures for retention, deletion, backup, and secure transfer within government systems
  • Privacy protection and comprehensive data lifecycle management practices for government agencies
  • Secure use of assets and media control protocols for government operations

Security Engineering for Government

  • Principles of secure system and architecture design tailored for government applications
  • Cryptography techniques, including symmetric, asymmetric, hashing, PKI, and key management, for government use
  • Physical security considerations and the deployment of hardware security modules (HSMs) in government facilities
  • Secure virtualization practices, cloud-native security patterns, and secure API usage for government systems

Communications and Network Security for Government

  • Network models, protocols, and secure communications methods (TLS, VPN, IPSec) for government networks
  • Perimeter defenses, network segmentation, firewalls, IDS/IPS configurations for government infrastructure
  • Wireless security measures, remote access controls, and zero-trust network architectures for government environments
  • Secure design of network architectures in cloud and hybrid environments for government agencies

Identity and Access Management (IAM) for Government

  • Access control mechanisms: identification, authentication, authorization, and accountability for government users
  • Identity providers, federation services, SSO solutions, and access federation in cloud environments for government
  • Privileged access management (PAM) and role-based access control (RBAC) strategies for government systems
  • Lifecycle management of identities: provisioning, deprovisioning, and entitlement review processes for government personnel

Security Assessment and Testing for Government

  • Security control testing methodologies: SAST, DAST, penetration testing, and vulnerability scanning for government systems
  • Audit strategies and review frameworks tailored for government agencies
  • Log management, monitoring practices, and continuous assessment techniques for government operations
  • Red teaming, blue teaming, and adversary simulation exercises for government security teams

Security Operations for Government

  • Incident response planning, handling procedures, and forensic analysis for government incidents
  • Design of security operations centers (SOC), monitoring protocols, and integration of threat intelligence in government settings
  • Patching schedules, vulnerability management practices, and configuration management for government systems
  • Business continuity, disaster recovery, and resilience planning for government agencies

Software Development Security for Government

  • Secure software development lifecycle (SDLC) and DevSecOps practices for government applications
  • Identification and mitigation of common vulnerabilities beyond OWASP Top 10 in government software
  • Code review processes, static/dynamic analysis tools, and secure coding frameworks for government developers
  • Management of supply chain risks, dependency management, and runtime protection strategies for government software

Exam Strategy, Practice, and Wrap-Up for Government Professionals

  • CISSP exam format, question strategy, and time management tips for government professionals
  • Practice exams and domain-specific quizzes to prepare government candidates
  • Gap analysis techniques and personalized study plans for government employees
  • Recommended resources, communities, and continuous learning paths for ongoing professional development in government security roles

Summary and Next Steps for Government Professionals

Requirements

  • At least 5 years of cumulative, paid work experience in two or more of the (ISC)² CISSP domains or equivalent experience for government roles.
  • Foundational knowledge of information security concepts, networks, and software systems for government operations.
  • Familiarity with risk management, cryptography, and IT operations for government environments.

Audience

  • Information security professionals preparing for the CISSP exam to enhance their skills for government service.
  • Security architects, managers, and consultants working in or with government agencies.
  • IT leaders, auditors, and governance professionals focused on improving cybersecurity for government organizations.
 35 Hours

Number of participants


Price per participant

Runs with a minimum of 4 + people. For 1-to-1 or private group training, request a quote.

Testimonials (7)

Being approachable and pushing us into interaction

Daniel - EY GLOBAL SERVICES (POLAND) SP Z O O
Course - CISSP - Certified Information Systems Security Professional

the topic was interesting itself and we had opportunity to discuss it with different perspectives.

Marcin - EY GLOBAL SERVICES (POLAND) SP Z O O
Course - CISSP - Certified Information Systems Security Professional

trainer competence

Evghenii - Arctic Stream
Course - CISSP - Certified Information Systems Security Professional

Good material organization and understandable instructor's English.

Ion Temciuc - Arctic Stream
Course - CISSP - Certified Information Systems Security Professional

Good material organization and understandable instructor's English.

Hanny - Arctic Stream
Course - CISSP - Certified Information Systems Security Professional

His knowledge, the way he explains and his kindness

Marcelo Martinez - EY GLOBAL SERVICES (POLAND) SP Z O O
Course - CISSP - Certified Information Systems Security Professional

I liked mix of theory and practical case example. Very good overview of each topic then going through slides.

Leszek Wislowski - EY GLOBAL SERVICES (POLAND) SP Z O O
Course - CISSP - Certified Information Systems Security Professional

Upcoming Courses

CISSP Certification Preparation: Mastering the Eight Domains

2026-02-17 09:30
35 hours
Salt Lake City, UT - Regus at South Main Street Downtown
$ 5550 (Online)
$ 8550 (Classroom)

CISSP Certification Preparation: Mastering the Eight Domains

2026-03-03 09:30
35 hours
Santa Fe, NM - Regus at Washington Avenue
$ 5550 (Online)
$ 8550 (Classroom)

CISSP Certification Preparation: Mastering the Eight Domains

2026-03-17 09:30
35 hours
Sioux Falls, SD - Regus - CNA Building
$ 5550 (Online)
$ 8550 (Classroom)

CISSP Certification Preparation: Mastering the Eight Domains

2026-03-31 09:30
35 hours
Sioux Falls, SD
$ 5550 (Online)
$ 8550 (Classroom)

CISSP Certification Preparation: Mastering the Eight Domains

2026-04-14 09:30
35 hours
Louis, MO - Regus – Central West End
$ 5550 (Online)
$ 8550 (Classroom)

Related Courses

AI Security & Governance: Enterprise Implementation

 7 Hours

Course Description

This comprehensive course is tailored to address AI security, governance, compliance, and risk management in enterprise settings. It is specifically designed for security professionals, compliance officers, and technology leaders who are responsible for the secure deployment and governance frameworks of AI systems. The curriculum aligns with best practices and standards for government and industry, ensuring participants are well-equipped to manage AI-related risks and ensure compliance with regulatory requirements.

Read more...

BCS Practitioner Certificate in Information Risk Management (CIRM)

 35 Hours

Who is it for:

This program is designed for individuals involved in information security and information assurance, particularly those working in or supporting government agencies.

What will I learn:

Candidates should be able to demonstrate:

  • The ways in which managing information risk can bring significant benefits to public sector organizations.
  • The ability to explain and effectively utilize terminology related to information risk management for government use.
  • How to conduct threat and vulnerability assessments, business impact analyses, and risk assessments within a governmental context.
  • An understanding of the principles of controls and risk treatment in government settings.
  • The skill to present assessment results in a format that can serve as the foundation for a risk treatment plan tailored for government operations.
  • The application of information classification schemes appropriate for government agencies.
Read more...

Certified Chief Information Security Officer (CCISO)

 35 Hours
The EC-Council’s Certified Chief Information Security Officer (CCISO) Program has certified leading information security professionals across the globe. A distinguished group of high-level information security executives, known as the CCISO Advisory Board, played a crucial role in establishing the foundation of the program and defining its content, exam structure, body of knowledge, and training modules. Members of this board contributed in various capacities—some as authors, others as exam writers, quality assurance reviewers, and trainers. Each component of the program was meticulously crafted with the aspiring CISO in mind, aiming to transfer the invaluable knowledge of seasoned professionals to the next generation in critical areas essential for developing and maintaining a robust information security program. The Certified CISO (CCISO) program is a pioneering training and certification initiative designed to produce top-tier information security executives. Unlike other certifications that focus primarily on technical skills, the CCISO emphasizes the application of information security management principles from an executive perspective. This program was developed by current CISOs for government and industry professionals who are either serving in or aspiring to these roles.
Read more...

Certified Information System Security Professional (CISSP) CBK Review

 35 Hours
A Certified Information Systems Security Professional (CISSP) is an information assurance expert who defines, designs, manages, and implements controls to ensure the security of business environments. The extensive knowledge and experience required to pass the CISSP exam distinguish these professionals. This credential, provided by the (ISC)²® Common Body of Knowledge (CBK), demonstrates a globally recognized level of competence in critical security areas such as cloud computing, mobile security, application development security, risk management, and more. This course is designed to help participants review the 10 domains of information security practices. It serves as an essential learning tool for mastering concepts and topics related to all aspects of information systems security, ensuring readiness for government and private sector roles.

Objectives:

  • To review the main topics covered in the CISSP CBK (Common Body of Knowledge).
  • To prepare participants for the CISSP examination.
The course is tailored to enhance the skills necessary for government and private sector professionals, ensuring they are well-prepared to meet the rigorous demands of information security in various environments.
Read more...

Cloudflare Essentials: CDN, Security, and DDoS Mitigation

 14 Hours

This instructor-led, live training in US (online or onsite) is aimed at beginner to intermediate-level system administrators and security professionals who wish to learn how to implement Cloudflare for content delivery and cloud security, as well as mitigate DDoS attacks.

By the end of this training, participants will be able to:

  • Configure Cloudflare for their websites for government use.
  • Set up DNS records and SSL certificates in alignment with public sector standards.
  • Implement Cloudflare for content delivery and caching to enhance performance for government services.
  • Protect their websites from DDoS attacks, ensuring continuity of operations for government.
  • Implement firewall rules to restrict traffic to their websites, maintaining security and compliance for government systems.
Read more...

CRISC - Certified in Risk and Information Systems Control

 21 Hours

Description:

This course is designed as an intensive exam preparation for ISACA’s Certified Information Systems Auditor (CRISC) Examination. It covers the latest four domains of ISACA’s CRISC syllabus, with a strong emphasis on exam readiness. Participants will receive the Official ISACA CRISC Review Manual and the Question, Answer, and Explanation (Q&A&E) supplement. The Q&A&E is particularly valuable for helping delegates understand the style of questions posed by ISACA, the types of answers expected, and for facilitating rapid assimilation of the material.

The technical skills and practices promoted by ISACA within the CRISC certification are foundational to success in the field. Achieving the CRISC certification demonstrates a high level of expertise and commitment. With an increasing demand for professionals with risk and control knowledge, ISACA’s CRISC certification has become a preferred credential for individuals and organizations globally. The CRISC certification signifies a dedication to serving enterprises and the profession with distinction.

Objectives:

  • To assist participants in passing the CRISC examination on their first attempt.
  • To signify commitment to serving an enterprise with distinction through the possession of this certification.
  • To enable holders of this certification to secure better positions and salaries due to the growing demand for professionals with risk and control expertise.

You will learn:

  • How to help enterprises achieve their business objectives by designing, implementing, monitoring, and maintaining risk-based, efficient, and effective IS controls.
  • The technical skills and practices that CRISC promotes, which are essential for success in the field.
This course is tailored to support professionals in enhancing their capabilities and meeting the rigorous standards required for government service.
Read more...

CRISC - Certified in Risk and Information Systems Control - 4 Days

 28 Hours
This instructor-led, live training in US (online or onsite) is aimed at intermediate-level IT professionals who wish to enhance their skills in identifying and managing IT risk and implementing information systems controls, as well as prepare for the CRISC certification exam. By the end of this training, participants will be able to: - Understand the governance and risk management aspects of IT for government. - Conduct IT risk assessments and implement appropriate risk responses. - Design and implement effective information systems controls. - Prepare thoroughly for the CRISC certification exam.
Read more...

Managing Cyber Risks in the Supply Chain

 7 Hours

This instructor-led, live training in US (online or onsite) is aimed at supply chain professionals who wish to establish effective control and oversight of their supply chain, particularly as it pertains to cybersecurity for government.

By the end of this training, participants will be able to:

  • Understand the security oversights that can cause significant damage and disruption to a supply chain.
  • Decompose complex security issues into manageable and actionable components.
  • Address common supply chain vulnerabilities by identifying high-risk areas and collaborating with stakeholders.
  • Implement best practices in securing a supply chain for government operations.
  • Significantly reduce or eliminate the most significant risks to an organization's supply chain.
Read more...

Data Breach Management

 14 Hours
This instructor-led, live training in US (online or onsite) is designed for intermediate to advanced IT professionals and business leaders who aim to develop a structured approach to managing data breaches. By the end of this training, participants will be able to: - Understand the causes and consequences of data breaches. - Develop and implement effective data breach prevention strategies. - Establish an incident response plan to contain and mitigate breaches. - Conduct forensic investigations and evaluate the impact of breaches. - Ensure compliance with legal and regulatory requirements for breach notification. - Recover from data breaches and enhance security measures. This training is tailored to support professionals in aligning their practices with public sector workflows, governance, and accountability standards for government.
Read more...

HiTrust Common Security Framework Compliance

 14 Hours
This instructor-led, live training in US (online or onsite) is designed for developers and administrators who aim to produce software and products that comply with HiTRUST standards. By the end of this training, participants will be able to: - Grasp the essential concepts of the HiTrust Common Security Framework (CSF). - Recognize the HITRUST CSF administrative and security control domains. - Gain knowledge about the various types of HiTrust assessments and scoring methodologies. - Understand the certification process and requirements for achieving HiTrust compliance. - Learn best practices and tips for effectively adopting the HiTrust approach, ensuring alignment with public sector workflows, governance, and accountability for government.
Read more...

PECB ISO 27005 Risk Manager

 21 Hours
This training course provides comprehensive instruction on conducting risk assessments for information security by integrating the guidelines from ISO/IEC 27005:2022 and ISO/IEC 27001. In addition to theoretical knowledge, the course includes practical exercises, quizzes, and case studies, ensuring an engaging and interactive learning experience that aligns with best practices for government agencies.
Read more...

Business Continuity Management

 35 Hours

Description:

This is a 'Practitioner' course that emphasizes practical exercises designed to reinforce the concepts being taught and build participants' confidence in implementing business continuity management. The course also encourages debate and the sharing of knowledge and experience among students. Participants will benefit from the extensive, hands-on experiences of our trainers, who are active experts in business continuity management and ISO 22301:2019 specialists.

Participants will learn how to:

  • Explain the necessity of business continuity management (BCM) for all organizations
  • Define the business continuity lifecycle
  • Manage a business continuity program
  • Understand their organization sufficiently to identify mission-critical impact areas
  • Determine their organization's business continuity strategy
  • Establish a business continuity response
  • Exercise, maintain, and review plans
  • Embed business continuity within an organization
  • Define terms and definitions relevant to business continuity

By the end of the course, participants will have a comprehensive understanding of all key components of business continuity management and be equipped to return to their roles, making significant contributions to the business continuity management process for government.

Read more...

IBM Qradar SIEM: Beginner to Advanced

 14 Hours
This instructor-led, live training in US (online or onsite) is aimed at security engineers who wish to utilize IBM QRadar SIEM to address critical security use cases for government. By the end of this training, participants will be able to: - Achieve comprehensive visibility into enterprise data across both on-premise and cloud environments. - Automate security intelligence processes to effectively hunt threats and mitigate risks. - Detect, identify, and prioritize potential threats.
Read more...

Snyk

 14 Hours
This instructor-led, live training (available online or onsite) is designed for government developers who wish to integrate Snyk into their development tools to identify and resolve security vulnerabilities in their code. By the end of this training, participants will be able to: - Understand the capabilities and architecture of Snyk. - Utilize Snyk to detect and remediate code security issues. - Incorporate Snyk into a software development lifecycle for government.
Read more...

Understanding Modern Information Communication Technology

 7 Hours
This course provides an overview of fundamental security principles and IT security, with a focus on protecting against network threats. Participants will develop a comprehensive understanding of critical security protocols and the security aspects of web services. The curriculum will also examine recent attacks on cryptosystems and highlight associated vulnerabilities, ensuring that learners are well-informed about current challenges in the field for government and other sectors.
Read more...

Related Categories

Enterprise Security
Enterprise Security