What you'll learn:
- Prepare for the of the 2021 Certified Information Systems Security Processionals (CISSP) exam
- Full understanding of the objectives that relate to Domain 1 (Security and Risk Management) of the CISSP exam
- Full understanding of the objectives that relate to Domain 2 (Asset Security) of the CISSP exam
- Full understanding of the objectives that relate to Domain 3 (Security Architecture and Engineering) of the CISSP exam
- Full understanding of the objectives that relate to Domain 4 (Communication and Network Security) of the CISSP exam
- Security management perspectives from the view of a Chief Information Security Officer (CISO)
- How to begin on the CISSP certification journey along with practical real-world experiences providing knowledge and context
- Learn the benefits and rewards for gaining your CISSP certification, and what it will provide to your career
In this CISSP Domain 1, 2, 3, and 4 video training course, I will provide you the knowledge, experience and practical skills you need to pass the CISSP certification. In addition, you will get my years of experience (Over 18 years) as I translate CISSP training requirements into real-world examples.
Included in this course:
CISSP Domain 1 Videos
13 Sections - 31 Videos
10 CISSP practice questions
CISSP Domain 2 Videos
5 Sections - 9 Videos
10 CISSP practice questions
CISSP Domain 3 Videos
11 Sections - 16 Videos
10 CISSP practice questions
CISSP Domain 4 Videos
3 Sections - 7 Videos
10 CISSP practice questions
The curriculum in this course covers the content that will be on the most current CISSP exam (April 2021). Each objective that is required for the CISSP exam will be covered in varying degrees of complexity and competency. The next upgrade to the CISSP curriculum/exam will occur in 2023.
In Domain 1 we will cover:
Introduction
Introduction
Purpose
ISC2
Understand and apply concepts of confidentiality, integrity and availability
Confidentiality
Integrity
Availability
Evaluate and apply security governance principles
Alignment of security function to business strategy, goals, mission, and objectives
Organizational processes (e.g., acquisitions, divestitures, governance committees
Organizational roles and responsibilities
Security control frameworks
Due care/due diligence
Determine compliance requirements
Contractual, legal, industry standards, and regulatory requirements
Privacy requirements
Understand legal and regulatory issues that pertain to information security in a global context
Cyber crimes and data breaches
Licensing and intellectual property requirements
Import/export controls
Trans-border data flow
Privacy
Understand, adhere to, and promote professional ethics
(ISC)² Code of Professional Ethics
Organizational code of ethics
Develop, document, and implement security policy, standards, procedures, and guidelines
Identify, analyze, and prioritize Business Continuity (BC) requirement
Develop and document scope and plan
Business Impact Analysis (BIA)
Contribute to and enforce personnel security policies and procedures
Candidate screening and hiring
Employment agreements and policies
Onboarding and termination processes
Vendor, consultant, and contractor agreements and controls
Compliance policy requirements
Privacy policy requirements
Understand and apply risk management concepts
Identify threats and vulnerabilities
Risk assessment/analysis
Risk response
Countermeasure selection and implementation
Applicable types of controls (e.g., preventive, detective, corrective)
Security Control Assessment (SCA)
Monitoring and measurement
Asset valuation
Reporting
Continuous improvement
Risk frameworks
Understand and apply threat modeling concepts and methodologies
Threat modeling methodologies
Threat modeling concepts
Apply risk-based management concepts to the supply chain
Risks associated with hardware, software, and services
Third-party assessment and monitoring
Minimum security requirements
Service-level requirements
Establish and maintain a security awareness, education, and training program
Methods and techniques to present awareness and training
Periodic content reviews
Program effectiveness evaluation
In Domain 2 we will cover:
Identify and classify information and assets
Data Classification
Asset Classification
Determine and maintain information and asset ownership
Protect privacy
Data owners
Data processors
Data remanence
Collection limitation
Ensure appropriate asset retention
Determine data security controls
Understand data states
Scoping and tailoring
Standards selection
Data protection methods
Establish information and asset handling requirements
In Domain 3 we will cover:
Implementation and management of engineering processes using secure design principles
Asset Retention
Confinement
Understanding of the fundamental concepts of security models
Selection of controls based upon systems security requirements
Security capabilities of information systems
Assessment and mitigation of vulnerabilities within a security architecture
Client-based systems
Server-based systems
Database systems
Cryptographic systems
Industrial Control Systems (ICS)
Cloud-based systems
Distributed systems
Internet of Things (IoT)
Assessment and mitigation in web-based systems
Assessment and mitigation in mobile-based systems
Assessment and mitigation in embedded devices
Apply cryptographic methods
Cryptographic life-cycle
Cryptographic methods
Public Key Infrastructure
Key management practices
Digital Signatures
Non-repudiation
Integrity (e.g. Hashing)
Cryptographic attacks
Digital Rights Management (DRM)
Application of security principles to sites and facility design
Implementation of site and facility security controls
Wiring closets/intermediate distribution facilities
Server rooms/data centers
Media storage facilities
Evidence storage
Restricted and work area security
Utilities and Heating, Ventilation, and Air Conditioning (HVAC)
Environmental issues
Fire prevention, detection, and suppression
In Domain 4 we will cover:
Implement secure design principles in network architectures
Open System Interconnection (OSI) and Transmission Control Protocol/Internet Protocol (TCP/IP) models
Internet Protocol (IP) networking
Implications of multil-ayer protocols
Converged protocols
Software-defined networks
Wireless networks
Secure network components
Operation of hardware
Transmission media
Network Access Control (NAC) devices
Endpoint security
Content-distribution networks
Implement secure communication channels according to design
Voice
Multimedia collaboration
Remote access
Data communications
Virtualized networks
Notes / Disclaimers:
In order for you to pass the CISSP test you need to have the substantial knowledge through experience and knowledge.
The test was originally written in English, but there are other language versions available
Answering the questions you need to consider the "perfect world" scenario and that work around options may be technically correct, but they may not meet (ISC)2 point of view
You need to be able to spot the keywords (DR, BCP, Policy, Standards, etc.) as well as the indicators (First, Best, Last, Least, Most)
Understand and answer every question from the Manager, CISO, or Risk Advisers Point of View (PoV). Answering the questions from a CIO or technical perspective will place your thinking too high or down in the weeds too far.
Understand that you are to answer the questions based on being proactive within your environment. Enable a Vulnerability Management Program before you have vulnerability issues.
The English version of the CISSP exam, utilizes the Computerized Adaptive Testing (CAT) format and is 3 hours long with 100-150 questions
Most people studying for CISSP certification will various media sources, test banks, and various books to enhance their test taking experience.
Don’t rely on one source to teach you all that you need to know for the CISSP….Invest in multiple training opportunities. The future payoff is worth the time and energy.