Course Outline
- The CISSP Certification Exam (3 Questions)
- Lesson 1 Introduction
- Assessing Exam Readiness
- Lesson 2 Introduction
- Basic Security Principles
- Data Management: Determining and Maintaining Ownership
- Data Governance Policies
- Roles and Responsibilities
- Data Ownership
- Data Custodians
- Data Documentation and Organization
- Data Warehousing
- Data Mining
- Knowledge Management
- Data Standards
- Data Lifecycle Control
- Data Audits
- Data Storage and Archiving
- Data Security, Protection, Sharing, and Dissemination
- Privacy Impact Assessment
- Information Handling Requirements
- Record Retention and Destruction
- Data Remanence and Decommissioning
- Classifying Information and Supporting Asset Classification
- Data Classification
- Asset Management and Governance
- Software Licensing
- The Equipment Lifecycle
- Determining Data Security Controls
- Data at Rest
- Data in Transit
- Endpoint Security
- Baselines
- Lesson 2 Exam Prep Questions (15 Questions)
- Lesson 2 Need to Know More?
- Lesson 2 2024 Exam Refresh Updates
- Lesson 3 Introduction
- Security Governance
- U.S. Legal System and Laws
- Relevant U.S. Laws and Regulations
- International Legal Systems and Laws
- International Laws to Protect Intellectual Property
- Global Legal and Regulatory Issues
- Computer Crime and Hackers
- Sexual Harassment
- U.S. Governance
- International Governance
- Risk Management Concepts
- Risk Management Frameworks
- Risk Assessment
- Risk Management Team
- Selecting Countermeasures
- Threat Modeling Concepts and Methodologies
- Threat Modeling Steps
- Threat Modeling Tools and Methodologies
- Managing Risk with the Supply Chain and Third Parties
- Reducing Risk in Organization Processes
- Identifying and Prioritizing Business Continuity Requirements Based on Risk
- Project Management and Initiation
- Business Impact Analysis
- Developing and Implementing Security Policy
- Security Policy
- Standards
- Baselines
- Guidelines
- Procedures
- Types of Controls
- Administrative Controls
- Technical Controls
- Physical Controls
- Access Control Categories
- Implementing Personnel Security
- New-Hire Agreements and Policies
- Separation of Duties
- Job Rotation
- Least Privilege
- Mandatory Vacations
- Termination
- Security Education, Training, and Awareness
- Security Awareness
- Social Engineering
- Professional Ethics Training and Awareness
- (ISC)² Code of Ethics
- Computer Ethics Institute
- Internet Architecture Board
- NIST SP 800-14
- Common Computer Ethics Fallacies
- Regulatory Requirements for Ethics Programs
- Lesson 3 Exam Prep Questions (20 Questions)
- Lesson 3 Need to Know More?
- Lesson 3 2024 Exam Refresh Updates
- Lesson 4 Introduction
- Secure Design Guidelines and Governance Principles
- Enterprise Architecture
- Regulatory Compliance and Process Control
- Fundamental Concepts of Security Models
- Central Processing Unit
- Storage Media
- I/O Bus Standards
- Virtual Memory and Virtual Machines
- Computer Configurations
- Security Architecture
- Protection Rings
- Trusted Computing Base
- Open and Closed Systems
- Security Modes of Operation
- Operating States
- Recovery Procedures
- Process Isolation
- Common Formal Security Models
- State Machine Model
- Information Flow Model
- Noninterference Model
- Confidentiality
- Integrity
- Other Models
- Product Security Evaluation Models
- The Rainbow Series
- Information Technology Security Evaluation Criteria (ITSEC)
- Common Criteria
- System Validation
- Certification and Accreditation
- Vulnerabilities of Security Architectures
- Buffer Overflows
- Backdoors
- State Attacks
- Covert Channels
- Incremental Attacks
- Emanations
- Web-Based Vulnerabilities
- Mobile System Vulnerabilities
- Cryptography
- Algorithms
- Cipher Types and Methods
- Symmetric Encryption
- Data Encryption Standard (DES)
- Triple DES (3DES)
- Advanced Encryption Standard (AES)
- International Data Encryption Algorithm (IDEA)
- Rivest Cipher Algorithms
- Asymmetric Encryption
- Diffie-Hellman
- RSA
- El Gamal
- Elliptical Curve Cryptosystem (ECC)
- Merkle-Hellman Knapsack
- Review of Symmetric and Asymmetric Cryptographic Systems
- Hybrid Encryption
- Public Key Infrastructure and Key Management
- Certificate Authorities
- Registration Authorities
- Certificate Revocation Lists
- Digital Certificates
- The Client’s Role in PKI
- Integrity and Authentication
- Hashing and Message Digests
- Digital Signatures
- Cryptographic System Review
- Cryptographic Attacks
- Site and Facility Security Controls
- Lesson 4 Exam Prep Questions (20 Questions)
- Lesson 4 Need to Know More?
- Lesson 4 2024 Exam Refresh Updates
- Lesson 5 Introduction
- Secure Network Design
- Network Models and Standards
- OSI Model
- Encapsulation/De-encapsulation
- TCP/IP
- Network Access Layer
- Internet Layer
- Host-to-Host (Transport) Layer
- Application Layer
- LANs and Their Components
- LAN Communication Protocols
- Network Topologies
- LAN Cabling
- Network Types
- Network Storage
- Communication Standards
- Network Equipment
- Repeaters
- Hubs
- Bridges
- Switches
- Mirrored Ports and Network Taps
- VLANs
- Routers
- Gateways
- Routing
- WANs and Their Components
- Packet Switching
- Circuit Switching
- Cloud Computing
- Software-Defined WAN (SD-WAN)
- Securing Email Communications
- Pretty Good Privacy (PGP)
- Other Email Security Applications
- Securing Voice and Wireless Communications
- Secure Communications History
- Voice over IP (VoIP)
- Cell Phones
- 802.11 Wireless Networks and Standards
- Securing TCP/IP with Cryptographic Solutions
- Application/Process Layer Controls
- Host-to-Host Layer Controls
- Internet Layer Controls
- Network Access Layer Controls
- Link and End-to-End Encryption
- Network Access Control Devices
- Firewalls
- Demilitarized Zone (DMZ)
- Remote Access
- Point-to-Point Protocol (PPP)
- Remote Authentication Dial-in User Service (RADIUS)
- Terminal Access Controller Access Control System (TACACS)
- Internet Protocol Security (IPsec)
- Message Privacy and Multimedia Collaboration
- Lesson 5 Exam Prep Questions (15 Questions)
- Lesson 5 Need to Know More?
- Lesson 6 Introduction
- Perimeter Physical Control Systems
- Fences
- Gates
- Bollards
- Additional Physical Security Controls
- CCTV Cameras
- Lighting
- Guards and Dogs
- Locks
- Employee Access Control
- Badges, Tokens, and Cards
- Biometric Access Controls
- Identification, Authentication, and Authorization
- Authentication Techniques
- Identity Management Implementation
- Single Sign-On (SSO)
- Kerberos
- SESAME
- Authorization and Access Control Techniques
- Discretionary Access Control (DAC)
- Mandatory Access Control (MAC)
- Role-Based Access Control (RBAC)
- Attribute-Based Access Control
- Rule-Based Access Control
- Other Types of Access Control
- Centralized and Decentralized Access Control Models
- Centralized Access Control
- Decentralized Access Control
- Audits and Monitoring
- Monitoring Access and Usage
- Intrusion Detection Systems (IDSs)
- Intrusion Prevention Systems (IPSs)
- Network Access Control (NAC)
- Keystroke Monitoring
- Lesson 6 Exam Prep Questions (20 Questions)
- Suggested Reading and Resources
- Lesson 6 2024 Exam Refresh Updates
- Lesson 7 Introduction
- Security Assessments and Penetration Test Strategies
- Audits
- Root Cause Analyses
- Log Reviews
- Network Scanning
- Vulnerability Scans and Assessments
- Penetration Testing
- Test Techniques and Methods
- Security Threats and Vulnerabilities
- Threat Actors
- Attack Methodologies
- Network Security Threats and Attack Techniques
- Session Hijacking
- Sniffing
- Wiretapping
- DoS and DDoS Attacks
- Botnets
- Other Network Attack Techniques
- Access Control Threats and Attack Techniques
- Unauthorized Access
- Access Aggregation
- Password Attacks
- Spoofing
- Eavesdropping and Shoulder Surfing
- Identity Theft
- Social-Based Threats and Attack Techniques
- Malicious Software Threats and Attack Techniques
- Viruses
- Worms
- Logic Bombs
- Backdoors and Trojans
- Rootkits
- Exploit Kits
- Advanced Persistent Threats (APTs)
- Ransomware
- Investigating Computer Crime
- Computer Crime Jurisdiction
- Incident Response
- Disaster Recovery and Business Continuity
- Investigations
- Search, Seizure, and Surveillance
- Interviews and Interrogations
- Lesson 7 Exam Prep Questions (15 Questions)
- Lesson 7 Need to Know More?
- Lesson 7 2024 Exam Refresh Updates
- Lesson 8 Introduction
- Foundational Security Operations Concepts
- Managing Users and Accounts
- Privileged Entities
- Controlling Access
- Clipping Levels
- Resource Protection
- Due Care and Due Diligence
- Asset Management
- System Hardening
- Change and Configuration Management
- Trusted Recovery
- Remote Access
- Media Management, Retention, and Destruction
- Telecommunication Controls
- Cloud Computing
- Whitelisting, Blacklisting, and Graylisting
- Firewalls
- Phone, Fax, and PBX
- Anti-malware
- Honeypots and Honeynets
- Patch Management
- System Resilience, Fault Tolerance, and Recovery Controls
- Recovery Controls
- Monitoring and Auditing Controls
- Auditing User Activity
- Monitoring Application Transactions
- Security Information and Event Management (SIEM)
- Network Access Control
- Keystroke Monitoring
- Emanation Security
- Perimeter Security Controls and Risks
- Natural Disasters
- Human-Caused Threats
- Technical Problems
- Facility Concerns and Requirements
- CPTED (Crime Prevention Through Environmental Design)
- Area Concerns (Location, Construction, Doors, Walls, Windows, and Ceilings)
- Environmental Controls
- Heating, Ventilating, and Air Conditioning (HVAC)
- Electrical Power
- Uninterruptible Power Supplies (UPSs)
- Fire Prevention, Detection, and Suppression
- Fire-Detection Equipment
- Fire Suppression
- Alarm Systems
- Intrusion Detection Systems (IDSs)
- Monitoring and Detection
- Intrusion Detection and Prevention Systems
- Investigations and Incidents
- Incident Response
- Digital Forensics, Tools, Tactics, and Procedures
- Standardization of Forensic Procedures
- Digital Forensics
- The Disaster Recovery Lifecycle
- Teams and Responsibilities
- Recovery Strategy
- Fault Tolerance
- Backups
- Plan Design and Development
- Implementation
- Testing
- Monitoring and Maintenance
- Lesson 8 Exam Prep Questions (26 Questions)
- Lesson 8 Need to Know More?
- Lesson 8 2024 Exam Refresh Updates
- Lesson 9 Introduction
- Integrating Security into the Development Lifecycle
- Avoiding System Failure
- The Software Development Lifecycle
- Development Methodologies
- The Waterfall Model
- The Spiral Model
- Joint Application Development (JAD)
- Rapid Application Development (RAD)
- Incremental Development
- Prototyping
- Modified Prototype Model (MPM)
- Computer-Aided Software Engineering (CASE)
- Agile Development Methods
- Maturity Models
- Scheduling
- Change Management
- Database Management
- Database Terms
- Integrity
- Transaction Processing
- Database Vulnerabilities and Threats
- Artificial Intelligence and Expert Systems
- Programming Languages, Secure Coding Guidelines, and Standards
- Object-Oriented Programming (OOP)
- CORBA
- Security of the Software Environment
- Mobile Code
- Buffer Overflow
- Financial Attacks
- Change Detection
- Viruses and Worms
- Lesson 9 Exam Prep Questions (15 Questions)
- Lesson 9 Need to Know More?
- Lesson 9 2024 Exam Refresh Updates
- CISSP MeasureUP Practice Exam
- Get Certified!
- Lesson 1 Videos
- Lesson 2 Videos
- Lesson 3 Videos
- Lesson 4 Videos
- Lesson 5 Videos
- Lesson 6 Videos
- Lesson 7 Videos
- Lesson 8 Videos
- Lesson 9 Videos
- Bonus Videos
