Certified Information Systems Security Professional (CISSP)

Introduction

• Overview of the CISSP Exam
• The Elements of This Study Guide
• Study Guide Exam Objectives
• Objective Map

Security Governance Through Principles and Policies

• Security 101
• Understand and Apply Security Concepts
• Security Boundaries
• Evaluate and Apply Security Governance Principles
• Manage the Security Function
• Security Policy, Standards, Procedures, and Guidelines
• Threat Modeling
• Supply Chain Risk Management
• Summary
• Study Essentials

Personnel Security and Risk Management Concepts

• Personnel Security Policies and Procedures
• Understand and Apply Risk Management Concepts
• Social Engineering
• Establish and Maintain a Security Awareness, Education, and Training Program
• Summary
• Study Essentials

Business Continuity Planning

• Planning for Business Continuity
• Project Scope and Planning
• Business Impact Analysis
• Continuity Planning
• Plan Approval and Implementation
• Summary
• Study Essentials

Laws, Regulations, and Compliance

• Categories of Laws
• Laws
• State Privacy Laws
• Compliance
• Contracting and Procurement
• Summary
• Study Essentials

Protecting Security of Assets

• Identifying and Classifying Information and Assets
• Establishing Information and Asset Handling Requirements
• Data Protection Methods
• Understanding Data Roles
• Using Security Baselines
• Summary
• Study Essentials

Cryptography and Symmetric Key Algorithms

• Cryptographic Foundations
• Modern Cryptography
• Symmetric Cryptography
• Cryptographic Life Cycle
• Summary
• Study Essentials

PKI and Cryptographic Applications

• Asymmetric Cryptography
• Hash Functions
• Digital Signatures
• Public Key Infrastructure
• Asymmetric Key Management
• Hybrid Cryptography
• Applied Cryptography
• Cryptographic Attacks
• Summary
• Study Essentials

Principles of Security Models, Design, and Capabilities

• Secure Design Principles
• Techniques for Ensuring CIA
• Understand the Fundamental Concepts of Security Models
• Select Controls Based on Systems Security Requirements
• Understand Security Capabilities of Information Systems
• Summary
• Study Essentials

Security Vulnerabilities, Threats, and Countermeasures

• Shared Responsibility
• Data Localization and Data Sovereignty
• Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements
• Client-Based Systems
• Server-Based Systems
• Industrial Control Systems
• Distributed Systems
• High-Performance Computing (HPC) Systems
• Real-Time Operating Systems
• Internet of Things
• Edge and Fog Computing
• Embedded Devices and Cyber-Physical Systems
• Microservices
• Infrastructure as Code
• Immutable Architecture
• Virtualized Systems
• Containerization
• Mobile Devices
• Essential Security Protection Mechanisms
• Common Security Architecture Flaws and Issues
• Summary
• Study Essentials

Physical Security Requirements

• Apply Security Principles to Site and Facility Design
• Implement Site and Facility Security Controls
• Implement and Manage Physical Security
• Summary
• Study Essentials

Secure Network Architecture and Components

• OSI Model
• TCP/IP Model
• Analyzing Network Traffic
• Common Application Layer Protocols
• Transport Layer Protocols
• Domain Name System
• Internet Protocol (IP) Networking
• ARP Concerns
• Secure Communication Protocols
• Implications of Multilayer Protocols
• Segmentation
• Edge Networks
• Wireless Networks
• Satellite Communications
• Cellular Networks
• Content Distribution Networks (CDNs)
• Secure Network Components
• Summary
• Study Essentials

Secure Communications and Network Attacks

• Protocol Security Mechanisms
• Secure Voice Communications
• Remote Access Security Management
• Multimedia Collaboration
• Monitoring and Management
• Load Balancing
• Manage Email Security
• Virtual Private Network
• Switching and Virtual LANs
• Network Address Translation
• Third-Party Connectivity
• Switching Technologies
• WAN Technologies
• Fiber-Optic Links
• Prevent or Mitigate Network Attacks
• Summary
• Study Essentials

Managing Identity and Authentication

• Controlling Access to Assets
• The AAA Model
• Implementing Identity Management
• Managing the Identity and Access Provisioning Life Cycle
• Summary
• Study Essentials

Controlling and Monitoring Access

• Comparing Access Control Models
• Implementing Authentication Systems
• Zero-Trust Access Policy Enforcement
• Understanding Access Control Attacks
• Summary
• Study Essentials

Security Assessment and Testing

• Building a Security Assessment and Testing Program
• Performing Vulnerability Assessments
• Testing Your Software
• Training and Exercises
• Implementing Security Management Processes and Collecting Security Process Data
• Summary
• Exam Essentials

Managing Security Operations

• Apply Foundational Security Operations Concepts
• Address Personnel Safety and Security
• Provision Information and Assets Securely
• Apply Resource Protection
• Managed Services in the Cloud
• Perform Configuration Management (CM)
• Manage Change
• Manage Patches and Reduce Vulnerabilities
• Summary
• Study Essentials

Preventing and Responding to Incidents

• Conducting Incident Management
• Implementing Detection and Preventive Measures
• Logging and Monitoring
• Automating Incident Response
• Summary
• Study Essentials

Disaster Recovery Planning

• The Nature of Disaster
• Understand System Resilience, High Availability, and Fault Tolerance
• Recovery Strategy
• Recovery Plan Development
• Training, Awareness, and Documentation
• Testing and Maintenance
• Summary
• Study Essentials

Investigations and Ethics

• Investigations
• Major Categories of Computer Crime
• Ethics
• Summary
• Study Essentials

Software Development Security

• Introducing Systems Development Controls
• Establishing Databases and Data Warehousing
• Storage Threats
• Understanding Knowledge-Based Systems
• Summary
• Study Essentials

Malicious Code and Application Attacks

• Malware
• Malware Prevention
• Application Attacks
• Injection Vulnerabilities
• Exploiting Authorization Vulnerabilities
• Exploiting Web Application Vulnerabilities
• Application Security Controls
• Secure Coding Practices
• Summary
• Study Essentials

Flashcards

Practice 1

Practice 2

Practice 3

Practice 4