CISSP Certification Exam Preparatory Course

Gain the foundational knowledge to fully prepare for the (ISC)2® Certified Information Systems Security Professional (CISSP®) exam, including a comprehensive understanding of the CISSP® CBK® 8 domains. Learn how to Protect resources using access control methods and cryptography and Plan a secure environment aligned with organizational objectives, compliance requirements, and industry-standard architectures.

Content

1. Security and Risk Management
• Aligning security and risk to organizational objectives
• Employing confidentiality, integrity, and availability security principles
• Managing security policies, standards and procedures
• Applying compliance
• Applying risk management concepts
• Assessing threats and vulnerabilities
• Performing risk analysis and control
• Defining qualitative and quantitative analysis
• Preserving the business
• Adhering to Business Continuity Management Code of Practice and Specifications
• Performing a business impact analysis
• Investigating legal measures and techniques
• Reviewing intellectual property, liability and law, and compliance
• Differentiating traditional and computer crime
• Addressing ethical behavior and compliance
2. Security Engineering
• Examining security models and frameworks
• The Information Security Triad and multi-level models
• Investigating industry standards
• Evaluating security model fundamental concepts
• Exploring system and component security concepts
• System design principles, capabilities, and limitations
• Certification and accreditation criteria and models
• Reviewing mobile systems vulnerabilities
• Protecting information by applying cryptography
• Detailing symmetric and asymmetric encryption systems
• Ensuring message integrity through hashing
• Uncovering threats to cryptographic systems
• Safeguarding physical resources
• Designing environments to resist hostile acts and threats
• Denying unauthorized access
3. Communication and Network Security
• Defining a secure network architecture
• TCP/IP and other protocol models
• Protecting from network attacks
• Reviewing secure network components and communication channels
• Examining secure networks and components
• Identifying wired and wireless technologies
• Implementing firewalls, secure communications, proxies, and tunnels
4. Asset Security
• Identifying, categorizing and prioritizing assets
• Applying security controls and asset classification
• Protecting data through proper handling, markings, labeling, and storage
• Addressing PII, privacy, and appropriate retention
5. Identity and Access Management
• Controlling access to protect assets
• Defining administrative, technical and physical controls
• Implementing centralized and decentralized approaches
• Investigating biometric and multi-factor authentication
• Identifying common threats
• Reviewing cloud services and architecture
6. Security Assessment and Testing
• Designing and conducting security assessment strategies
• Leveraging the role of testing and auditing to analyze the effectiveness of security controls
• Differentiating detection and protection systems
• Conducting logging and monitoring activities
• Defining administrative, technical and physical controls
• Distinguishing between the roles of internal and external audits
• Defining secure account management
7. Security Operations
• Maintaining operational resilience
• Managing security services effectively
• Leveraging and supporting investigations and incident response
• Differentiating detection and protection systems
• Implementing logging and monitoring
• Developing a recovery strategy
• Designing a disaster recovery plan
• Implementing test and maintenance processes
• Provisioning of resources
8. Software Development Security
• Securing the software development life cycle
• Highlighting threats: Cross-Site Scripting (XSS), XCRF, JavaScript attacks, and Buffer Overflow
• Applying software development methods and security controls
• Addressing database security concepts and issues
• Reviewing software security effectiveness and security impact