CISSP - The Complete Exam Guide

CISSP is the gold standard for security certifications. It covers the breadth of information security’s deep technical and managerial concepts. Learning to effectively design, engineer, and manage the overall security posture of an organization. This course covers Domain 1 - Security and Risk Management. This domain is one of the most important domains in the CISSP exam. It lays the foundation, covering security concepts that all the other domains build upon. Understanding exactly what security means and the core concepts around assessing and managing the wide array of risks we face is fundamental to every domain in the CISSP. Domain 2 - Asset Security. An asset is anything we value. When we have highly valued assets, such as sensitive data, securing those assets throughout their lifecycle is paramount. We will learn about data standards, classification, regulations, retention, and controls to protect organizational value. Domain 3 - Security Engineering. Engineering is about understanding and designing systems that work. Security is a fundamental part of any well-designed system. This domain will help you understand the engineering lifecycle and various models and security components required in data structures and physical facilities. We also learn how cryptography fits in to information security. Domain 4 - Communication and Network Security. Information is not just stored; it is also transmitted and must be secured in transit. Understanding networking models, protocols, hardware components, and possible attack vectors is vital to information security. It is one of the most important domains on the CISSP exam. Domain 5 - Identity and Access Management. Controlling who can access valuable resources can lead to proper confidentiality, integrity, and availability. A CISSP must understand mechanisms and techniques to verify a subject’s authenticity before authorizing access. They must be able to assure that only proper interactions have occurred and mitigate potential attacks. Domain 6 - Security Assessment and Testing. Understanding the effectiveness of your security measures is vital. As you collect and review logs, verify software development security, and undergo security audits and certification you can have some assurance and insight into your security status and needs. Domain 7- Security Operations. From incident response that involves investigation of evidence to facility access management and disaster recovery planning, testing, and implementation, this domain requires putting security principles and concepts into practice. Domain 8 - Security in the Software Development Life Cycle. Many of the most publicized security issues have stemmed from flaws in the software code. While a CISSP does not have to be a software developer, they must understand and be able to communicate software development security needs. In this domain you will learn important terminology and concepts of software development.