The previous QISP® training and examination based on AiSP’s Information Security Body of Knowledge 1.0 is meant for entry to mid-level Information Security professionals, and any IT professionals who wish to gain more comprehensive knowledge in this field.

Course structure

For the QISP® examination based on BOK 2.0, it covers 22 core topics across six core domains in the Singapore-centric BOK 2.0:

  1. Governance & Management
  2. Physical Security, Business Continuity & Audit
  3. Security Architecture and Engineering
  4. Operation & Infrastructure Security
  5. Software Security
  6. Cyber Defence

Learning objectives

  1. Understand and attain knowledge in the various areas:
    1. Enterprise governance
    2. Risk analysis and management
    3. Security controls
    4. Security principles and lifecycle
    5. Business continuity planning
    6. Develop and Implement Security goals, objectives, strategies and programmes
    7. Maintain and Review Security operations

  2. Module 1: Governance and Management
    1. Review of Business alignments and Enterprise goals, objectives and business strategy
    2. Cybersecurity risk management principles and practices
    3. Risk management and the Cybersecurity framework
    4. Understand Security components and control
    5. Roles and Responsibilities
    6. Alignment of Security goals and business strategy
    7. Review of Enterprise goals, objectives and strategy
    8. Review of Standards and Expectations of Security services

  3. Module 2: Physical Security, Business Continuity and Audit
    1. Overview of implementing site and facility security controls, designing sites and facilities, and generally protecting things from physical threats.
    2. Design, develop, implement and document scope and plan Business Impact Analysis (BIA) and BCM
    3. Understand information system audits, develop and conduct, different types of IS audits and what happens during and after the audit.

  4. Module 3: Security Architecture & Engineering.
    1. Overview of how Cryptography helps to implement Security services
    2. Understand the importance of various security components interface with each other providing the essential structure to support the strategy
    3. Review standards and framework that can be used as a model or reference to achieve the Security architecture
    4. Establish a Business Justification of offering a new, change or retiring of Security Services

  5. Module 4: Operation and Infrastructure Security.
    1. Establish relationship with stakeholders to ensure security services are relevant to requirements
    2. Establish a business justification of offering a new, change or retiring of Security services
    3. Understand and support detection, respond and recovery in Security lifecycle
    4. Operate and maintain detective and preventative measures
    5. Design and implement secure infrastructure in network, endpoint components and cloud

  6. Module 5: Software Security
    1. Understand and integrate security in the Software Development Life Cycle (SDLC)
    2. Identify and apply Security by Design
    3. Define and apply secure coding guidelines and standards

  7. Module 6: Cyber Defence
    1. Overview on Threat intelligence, Vulnerability management and Penetration testing