Video description
This course equips IT professionals with the knowledge and skills needed to pass the CISSP certification exam and excel in information security. Aligned with the 2024 CISSP curriculum, it covers key domains such as Security and Risk Management, Asset Security, Security Architecture and Engineering, and Secure Software Development. Each section is meticulously structured to provide deep insights into critical security concepts, from secure communication and identity management to mastering cryptography and secure software deployment.
Throughout the course, you'll explore the foundations of information security, focusing on governance principles, legal regulations, and global compliance issues. Gain hands-on experience with threat modeling, risk analysis, and security control implementation, preparing you to tackle real-world cybersecurity challenges. This course emphasizes practical knowledge, ensuring you're not just ready to pass the CISSP exam but also equipped to implement robust security solutions in any organization.
By the end, you'll thoroughly understand the CISSP domains and be well-prepared for the certification exam. Whether enhancing your current role or transitioning to a new one, this course offers comprehensive training for success in cybersecurity.
What you will learn
- Identify critical information security principles and concepts.
- Analyze security risks and implement appropriate risk treatments.
- Evaluate security control frameworks and their application.
- Apply secure design to create robust security architectures.
- Assess and mitigate vulnerabilities in various system environments.
- Implement effective identity and access management strategies.
Audience
This course is ideal for IT professionals, cybersecurity analysts, and network administrators who have a solid understanding of basic networking and security concepts. It’s recommended that learners have at least five years of experience in information security roles to fully benefit from the course content.
About the Authors
ACI Learning: ACI Learning trains leaders in Cybersecurity, Audit, and Information Technology. Whether starting an IT career, mastering a profession, or developing a team, they provide essential support at every step.
Robin Abernathy: Robin Abernathy's path to the IT world was filled with unexpected turns. Initially resistant to writing and computer careers, she ended up managing a computer store, igniting her passion for IT. With over two decades in the field, she's specialized in cybersecurity, project management, and CompTIA training materials. Joining ACI Learning in 2022, Robin overcame her aversion to her southern accent to present on camera. Robin holds a BS in Communications, focusing on Technical Writing, and boasts certifications including CompTIA's A+, Network+, Security+, and more. Her distinctions include BS in Communications, Author and certifications include CompTIA A+, Network+, Security+, Project+, Server+, CASP+, ITIL v3, CAPM, MCP.
Lauren Deal: With a decade of in-classroom teaching experience, work as a national television host on the Home Shopping Network, and a background as a talk show producer and host, Lauren Deal possesses a perfect blend of skills and interests in IT. This unique combination makes her an ideal learner advocate for ACI Learning training. She excels in asking clarifying questions related to exam objectives and enthusiastically learns alongside ACI Learning audiences. Additionally, Lauren has been studying the evolving use of AI technology and the development process of Augmented and Virtual Reality. Her certifications include AWS Certified Cloud Practitioner.
Table of contents
-
Chapter 1 : Security Risk and Management
- Course Overview
- Five Pillars of Information Security
- Security Concepts for Organizations
- Security Governance Principles
- Security Control Frameworks Foundation
- ISO and NIST Security Control Frameworks
- Other Security Control Frameworks
- Legal Systems
- United States Laws and Regulations
- International Laws and Regulations
- Legal, Regulatory, and Compliance Issues
- Investigation Types
- Compliance
- Security Documentation
- Personnel Policies and Ethics
- Security Awareness
- Business Continuity Concepts
- Business Impact Analysis (BIA)
- Business Continuity Process
- Risk Management Concepts
- Threat and Vulnerability Identification
- Risk Analysis
- Risk Response-Treatment
- Control Implementation
- Risk Reporting and Continuous Monitoring
- Risk Frameworks
- Threat Modeling
- Supply Chain Risk Management
- Chapter 2 : Asset Security
-
Chapter 3 : Security Architecture and Engineering
- Using Secure Design Principles
- Security Model Basics
- Security Modes
- Security Model Types
- Bell-LePadula
- Biba
- Clark-Wilson
- Other Security Models
- Choosing Security Controls
- Memory Protection
- Trusted Platform Module
- Encryption and Decryption
- Client Vulnerabilities
- Server Vulnerabilities
- Database Vulnerabilities
- Cloud Vulnerabilities
- Industrial Control System Vulnerabilities
- IoT Embedded and Edge Computing Vulnerabilities
- Virtualization and Container Vulnerabilities
- Distributed Microservices and Serverless Vulnerabilities
- High Performance Computing Vulnerabilities
- Cryptography Basics
- PKI
- Digital Signatures
- Classic Cryptanalytic Attacks
- Side Channel Attacks
- Other Cryptanalytic Attacks
- Secure Site and Facility Design Basics
- Utilizing Natural Access Controls
- Planning for Physical Security
- Common Types of Facilities and Sites
- Facilities and Sites Security Controls
- Information System Life Cycle Management
-
Chapter 4 : Communication and Network Security
- Video, Voice, and Collaboration Technologies
- OSI and TCP-IP Models
- Network Transmission Media
- Transport Architecture
- Multilayer and Converged Protocols
- Network Performance Metrics and Traffic Flows
- Data and Third-party Communications
- Endpoint Security
- Monitoring and Management Technologies
- IPv4 Addressing Protocol
- Remote Access Technologies
- Virtual Private Clouds
- Wireless Network Security
- Cellular and Satellite Communications
- Micro-Segmentation
- Edge Networks and CDNs
- Wireless Network Architecture
- Operations of Infrastructure
- Software Defined Networking
- Secure Protocol Implementations
- Physical and Logical Network Segmentation
- IPv6 Addressing Protocol
- Network Access Control Systems
-
Chapter 5 : Identity and Access Management (IAM)
- Control Physical and Logical Access
- Types of Access Controls
- Groups and Roles
- AAA
- Session Management
- Registration and Proofing
- FIM
- Credential Management
- SSO and Just-in-Time
- Role-Rule Based Access Control
- MAC-DAC
- Other Access Control Methods
- Access Policy Enforcement
- Account Access Review
- Provisioning - Deprovisioning
- Role Definition - Privilege Escalation
- Service Accounts Management
- OAuth-OIDC
- SAML-Kerberos
- RADIUS-TACACS+
- Chapter 6 : Security Assessment Testing
-
Chapter 7 : Security Operations
- Understand and Comply with Investigations
- Logging and Monitoring Activities
- Configuration Management
- Foundational Security Operations Concepts
- Apply Resource and Media Protection
- Conduct Incident Management
- Detection and Preventative Measures
- Implement Patch and Vulnerability Management
- Change Management Processes
- Implement Recovery Strategies
- Implement Disaster Recovery Processes
- Test Disaster Recovery Plan
- Business Continuity Planning
- Implement and Manage Physical Security
- Personnel Safety and Security
-
Chapter 8 : Secure Software Development
- Introducing Software Development Security
- Choosing a Software Development Methodology
- Considering Process Driven Methodologies
- Considering Agile-Based Methodologies
- Integrating the Capability Maturity Model in the SDLC
- Adopting SAMM into your Software Development
- Improving Product with an Integrated Product Team
- Managing Post-deployment Product Expectations
- Introducing Security Controls in Software Development
- Minimizing Programming Language risks in the SDLC
- Developing, Deploying, and Maintaining Secure Software
- Integrating Software Configuration Management
- Incorporating Application Security Testing
- Implementing Auditing and Logging of Software Changes
- Focusing on Risk Analysis and Mitigation in the SDLC
- Evaluating COTS and Third-party Software Security
- Evaluating Managed Service and Open-source Software Security
- Evaluating Cloud Services Security
- Introducing Coding Languages and Tools
- Identifying Security Flaws at Source-code Level
- Securing APIs
- Integrating SDN and SDSec
Product information
- Title: CISSP: Certified Information Systems Security Professional (2024)
- Author(s):
- Release date: January 2024
- Publisher(s): Packt Publishing
- ISBN: 9781835880784
You might also like
book
CC Certified in Cybersecurity All-in-One Exam Guide
This new self-study system delivers complete coverage of every topic on the Certified in Cybersecurity exam …
book
CCNP and CCIE Security Core SCOR 350-701 Official Cert Guide
Trust the best-selling Official Cert Guide series from Cisco Press to help you learn, prepare, and …
book
CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide
CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide presents you with an organized test preparation routine …
video
CCSP Certified Cloud Security Professional Preparation
The complete Certified Cloud Security Professional video course with CCSK extras by Dean Bushmiller Domain 1 …