CISSP Certification Exam Preparatory Course
Gain the foundational knowledge to fully prepare for the (ISC)2® Certified Information Systems Security Professional (CISSP®) exam, including a comprehensive understanding of the CISSP® CBK® 8 domains. Learn how to Protect resources using access control methods and cryptography and Plan a secure environment aligned with organizational objectives, compliance requirements, and industry-standard architectures.
Content
- Security and Risk Management
- Aligning security and risk to organizational objectives
- Employing confidentiality, integrity, and availability security principles
- Managing security policies, standards and procedures
- Applying compliance
- Applying risk management concepts
- Assessing threats and vulnerabilities
- Performing risk analysis and control
- Defining qualitative and quantitative analysis
- Preserving the business
- Adhering to Business Continuity Management Code of Practice and Specifications
- Performing a business impact analysis
- Investigating legal measures and techniques
- Reviewing intellectual property, liability and law, and compliance
- Differentiating traditional and computer crime
- Addressing ethical behavior and compliance
- Security Engineering
- Examining security models and frameworks
- The Information Security Triad and multi-level models
- Investigating industry standards
- Evaluating security model fundamental concepts
- Exploring system and component security concepts
- System design principles, capabilities, and limitations
- Certification and accreditation criteria and models
- Reviewing mobile systems vulnerabilities
- Protecting information by applying cryptography
- Detailing symmetric and asymmetric encryption systems
- Ensuring message integrity through hashing
- Uncovering threats to cryptographic systems
- Safeguarding physical resources
- Designing environments to resist hostile acts and threats
- Denying unauthorized access
- Communication and Network Security
- Defining a secure network architecture
- TCP/IP and other protocol models
- Protecting from network attacks
- Reviewing secure network components and communication channels
- Examining secure networks and components
- Identifying wired and wireless technologies
- Implementing firewalls, secure communications, proxies, and tunnels
- Asset Security
- Identifying, categorizing and prioritizing assets
- Applying security controls and asset classification
- Protecting data through proper handling, markings, labeling, and storage
- Addressing PII, privacy, and appropriate retention
- Identity and Access Management
- Controlling access to protect assets
- Defining administrative, technical and physical controls
- Implementing centralized and decentralized approaches
- Investigating biometric and multi-factor authentication
- Identifying common threats
- Reviewing cloud services and architecture
- Security Assessment and Testing
- Designing and conducting security assessment strategies
- Leveraging the role of testing and auditing to analyze the effectiveness of security controls
- Differentiating detection and protection systems
- Conducting logging and monitoring activities
- Defining administrative, technical and physical controls
- Distinguishing between the roles of internal and external audits
- Defining secure account management
- Security Operations
- Maintaining operational resilience
- Managing security services effectively
- Leveraging and supporting investigations and incident response
- Differentiating detection and protection systems
- Implementing logging and monitoring
- Developing a recovery strategy
- Designing a disaster recovery plan
- Implementing test and maintenance processes
- Provisioning of resources
- Software Development Security
- Securing the software development life cycle
- Highlighting threats: Cross-Site Scripting (XSS), XCRF, JavaScript attacks, and Buffer Overflow
- Applying software development methods and security controls
- Addressing database security concepts and issues
- Reviewing software security effectiveness and security impact