CISSP Certification Prep Course

1: Security Governance Through Principles and Policies

• Security 101
• Understand and Apply Security Concepts
• Security Boundaries
• Evaluate and Apply Security Governance Principles
• Manage the Security Function
• Security Policy, Standards, Procedures, and Guidelines
• Threat Modeling
• Supply Chain Risk Management

2: Personnel Security and Risk Management Concepts

• Personnel Security Policies and Procedures
• Understand and Apply Risk Management Concepts
• Social Engineering
• Establish and Maintain a Security Awareness, Education, and Training Program

3: Business Continuity Planning

• Planning for Business Continuity
• Project Scope and Planning
• Business Impact Analysis
• Continuity Planning
• Plan Approval and Implementation

4: Laws, Regulations, and Compliance

• Categories of Laws
• Laws
• State Privacy Laws
• Compliance
• Contracting and Procurement

5: Protecting Security of Assets

• Identifying and Classifying Information and Assets
• Establishing Information and Asset Handling Requirements
• Data Protection Methods
• Understanding Data Roles
• Using Security Baselines

6: Cryptography and Symmetric Key Algorithms

• Cryptographic Foundations
• Modern Cryptography
• Symmetric Cryptography
• Cryptographic Lifecycle

7: PKI and Cryptographic Applications

• Asymmetric Cryptography
• Hash Functions
• Digital Signatures
• Public Key Infrastructure
• Asymmetric Key Management
• Hybrid Cryptography
• Applied Cryptography
• Cryptographic Attacks

8: Principles of Security Models, Design, and Capabilities

• Secure Design Principles
• Techniques for Ensuring CIA
• Understand the Fundamental Concepts of Security Models
• Select Controls Based on Systems Security Requirements
• Understand Security Capabilities of Information Systems

9: Security Vulnerabilities, Threats, and Countermeasures

• Shared Responsibility
• Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements
• Client-Based Systems
• Server-Based Systems
• Industrial Control Systems
• Distributed Systems
• High-Performance Computing (HPC) Systems
• Internet of Things
• Edge and Fog Computing
• Embedded Devices and Cyber-Physical Systems
• Specialized Devices
• Microservices
• Infrastructure as Code
• Virtualized Systems
• Containerization
• Serverless Architecture
• Mobile Devices
• Essential Security Protection Mechanisms
• Common Security Architecture Flaws and Issues

10: Physical Security Requirements

• Apply Security Principles to Site and Facility Design
• Implement Site and Facility Security Controls
• Implement and Manage Physical Security

11: Secure Network Architecture and Components

• OSI Model
• TCP/IP Model
• Analyzing Network Traffic
• Common Application Layer Protocols
• Transport Layer Protocols
• Domain Name System
• Internet Protocol (IP) Networking
• ARP Concerns
• Secure Communication Protocols
• Implications of Multilayer Protocols
• Microsegmentation
• Wireless Networks
• Other Communication Protocols
• Cellular Networks
• Content Distribution Networks (CDNs)
• Secure Network Components

12: Secure Communications and Network Attacks

• Protocol Security Mechanisms
• Secure Voice Communications
• Remote Access Security Management
• Multimedia Collaboration
• Load Balancing
• Manage Email Security
• Virtual Private Network
• Switching and Virtual LANs
• Network Address Translation
• Third-Party Connectivity
• Switching Technologies
• WAN Technologies
• Fiber-Optic Links
• Security Control Characteristics
• Prevent or Mitigate Network Attacks

13: Managing Identity and Authentication

• Controlling Access to Assets
• Managing Identification and Authentication
• Implementing Identity Management
• Managing the Identity and Access Provisioning Lifecycle

14: Controlling and Monitoring Access

• Comparing Access Control Models
• Implementing Authentication Systems
• Understanding Access Control Attacks

15: Security Assessment and Testing

• Building a Security Assessment and Testing Program
• Performing Vulnerability Assessments
• Testing Your Software
• Implementing Security Management Processes

16: Managing Security Operations

• Apply Foundational Security Operations Concepts
• Addressing Personnel Safety and Security
• Provision Resources Securely
• Apply Resource Protection
• Managed Services in the Cloud
• Perform Configuration Management (CM)
• Managing Change
• Managing Patches and Reducing Vulnerabilities

17: Preventing and Responding to Incidents

• Conducting Incident Management
• Implementing Detective and Preventive Measures
• Logging and Monitoring
• Automating Incident Response

18: Disaster Recovery Planning

• The Nature of Disaster
• Understand System Resilience, High Availability, and Fault Tolerance
• Recovery Strategy
• Recovery Plan Development
• Training, Awareness, and Documentation
• Testing and Maintenance

19: Investigations and Ethics

• Investigations
• Major Categories of Computer Crime
• Ethics

20: Software Development Security

• Introducing Systems Development Controls
• Establishing Databases and Data Warehousing
• Storage Threats
• Understanding Knowledge-Based Systems

21: Malicious Code and Application Attacks

• Malware
• Malware Prevention
• Application Attacks
• Injection Vulnerabilities
• Exploiting Authorization Vulnerabilities
• Exploiting Web Application Vulnerabilities
• Application Security Controls
• Secure Coding Practices