CISSP: Certified Information Systems Security Professional (2024)

Video description

This course equips IT professionals with the knowledge and skills needed to pass the CISSP certification exam and excel in information security. Aligned with the 2024 CISSP curriculum, it covers key domains such as Security and Risk Management, Asset Security, Security Architecture and Engineering, and Secure Software Development. Each section is meticulously structured to provide deep insights into critical security concepts, from secure communication and identity management to mastering cryptography and secure software deployment.

Throughout the course, you'll explore the foundations of information security, focusing on governance principles, legal regulations, and global compliance issues. Gain hands-on experience with threat modeling, risk analysis, and security control implementation, preparing you to tackle real-world cybersecurity challenges. This course emphasizes practical knowledge, ensuring you're not just ready to pass the CISSP exam but also equipped to implement robust security solutions in any organization.

By the end, you'll thoroughly understand the CISSP domains and be well-prepared for the certification exam. Whether enhancing your current role or transitioning to a new one, this course offers comprehensive training for success in cybersecurity.

What you will learn

  • Identify critical information security principles and concepts.
  • Analyze security risks and implement appropriate risk treatments.
  • Evaluate security control frameworks and their application.
  • Apply secure design to create robust security architectures.
  • Assess and mitigate vulnerabilities in various system environments.
  • Implement effective identity and access management strategies.

Audience

This course is ideal for IT professionals, cybersecurity analysts, and network administrators who have a solid understanding of basic networking and security concepts. It’s recommended that learners have at least five years of experience in information security roles to fully benefit from the course content.

About the Authors

ACI Learning: ACI Learning trains leaders in Cybersecurity, Audit, and Information Technology. Whether starting an IT career, mastering a profession, or developing a team, they provide essential support at every step.

Robin Abernathy: Robin Abernathy's path to the IT world was filled with unexpected turns. Initially resistant to writing and computer careers, she ended up managing a computer store, igniting her passion for IT. With over two decades in the field, she's specialized in cybersecurity, project management, and CompTIA training materials. Joining ACI Learning in 2022, Robin overcame her aversion to her southern accent to present on camera. Robin holds a BS in Communications, focusing on Technical Writing, and boasts certifications including CompTIA's A+, Network+, Security+, and more. Her distinctions include BS in Communications, Author and certifications include CompTIA A+, Network+, Security+, Project+, Server+, CASP+, ITIL v3, CAPM, MCP.

Lauren Deal: With a decade of in-classroom teaching experience, work as a national television host on the Home Shopping Network, and a background as a talk show producer and host, Lauren Deal possesses a perfect blend of skills and interests in IT. This unique combination makes her an ideal learner advocate for ACI Learning training. She excels in asking clarifying questions related to exam objectives and enthusiastically learns alongside ACI Learning audiences. Additionally, Lauren has been studying the evolving use of AI technology and the development process of Augmented and Virtual Reality. Her certifications include AWS Certified Cloud Practitioner.

Table of contents

  1. Chapter 1 : Security Risk and Management
    1. Course Overview
    2. Five Pillars of Information Security
    3. Security Concepts for Organizations
    4. Security Governance Principles
    5. Security Control Frameworks Foundation
    6. ISO and NIST Security Control Frameworks
    7. Other Security Control Frameworks
    8. Legal Systems
    9. United States Laws and Regulations
    10. International Laws and Regulations
    11. Legal, Regulatory, and Compliance Issues
    12. Investigation Types
    13. Compliance
    14. Security Documentation
    15. Personnel Policies and Ethics
    16. Security Awareness
    17. Business Continuity Concepts
    18. Business Impact Analysis (BIA)
    19. Business Continuity Process
    20. Risk Management Concepts
    21. Threat and Vulnerability Identification
    22. Risk Analysis
    23. Risk Response-Treatment
    24. Control Implementation
    25. Risk Reporting and Continuous Monitoring
    26. Risk Frameworks
    27. Threat Modeling
    28. Supply Chain Risk Management
  2. Chapter 2 : Asset Security
    1. Asset Classification
    2. Data Classification
    3. Information and Asset Handling
    4. Provisioning Information and Assets
    5. Data Roles
    6. Data Lifecycle Phases
    7. Asset Retention
    8. Data States
    9. Scoping and Tailoring
    10. Standards Selection
    11. Data Protection Methods
  3. Chapter 3 : Security Architecture and Engineering
    1. Using Secure Design Principles
    2. Security Model Basics
    3. Security Modes
    4. Security Model Types
    5. Bell-LePadula
    6. Biba
    7. Clark-Wilson
    8. Other Security Models
    9. Choosing Security Controls
    10. Memory Protection
    11. Trusted Platform Module
    12. Encryption and Decryption
    13. Client Vulnerabilities
    14. Server Vulnerabilities
    15. Database Vulnerabilities
    16. Cloud Vulnerabilities
    17. Industrial Control System Vulnerabilities
    18. IoT Embedded and Edge Computing Vulnerabilities
    19. Virtualization and Container Vulnerabilities
    20. Distributed Microservices and Serverless Vulnerabilities
    21. High Performance Computing Vulnerabilities
    22. Cryptography Basics
    23. PKI
    24. Digital Signatures
    25. Classic Cryptanalytic Attacks
    26. Side Channel Attacks
    27. Other Cryptanalytic Attacks
    28. Secure Site and Facility Design Basics
    29. Utilizing Natural Access Controls
    30. Planning for Physical Security
    31. Common Types of Facilities and Sites
    32. Facilities and Sites Security Controls
    33. Information System Life Cycle Management
  4. Chapter 4 : Communication and Network Security
    1. Video, Voice, and Collaboration Technologies
    2. OSI and TCP-IP Models
    3. Network Transmission Media
    4. Transport Architecture
    5. Multilayer and Converged Protocols
    6. Network Performance Metrics and Traffic Flows
    7. Data and Third-party Communications
    8. Endpoint Security
    9. Monitoring and Management Technologies
    10. IPv4 Addressing Protocol
    11. Remote Access Technologies
    12. Virtual Private Clouds
    13. Wireless Network Security
    14. Cellular and Satellite Communications
    15. Micro-Segmentation
    16. Edge Networks and CDNs
    17. Wireless Network Architecture
    18. Operations of Infrastructure
    19. Software Defined Networking
    20. Secure Protocol Implementations
    21. Physical and Logical Network Segmentation
    22. IPv6 Addressing Protocol
    23. Network Access Control Systems
  5. Chapter 5 : Identity and Access Management (IAM)
    1. Control Physical and Logical Access
    2. Types of Access Controls
    3. Groups and Roles
    4. AAA
    5. Session Management
    6. Registration and Proofing
    7. FIM
    8. Credential Management
    9. SSO and Just-in-Time
    10. Role-Rule Based Access Control
    11. MAC-DAC
    12. Other Access Control Methods
    13. Access Policy Enforcement
    14. Account Access Review
    15. Provisioning - Deprovisioning
    16. Role Definition - Privilege Escalation
    17. Service Accounts Management
    18. OAuth-OIDC
    19. SAML-Kerberos
    20. RADIUS-TACACS+
  6. Chapter 6 : Security Assessment Testing
    1. Designing Security Tests
    2. Vulnerability Assessments
    3. Penetration Testing
    4. Other Common Tests
    5. Collecting Security Process Data
    6. Analyzing Test Output
    7. Conducting Security Audits
  7. Chapter 7 : Security Operations
    1. Understand and Comply with Investigations
    2. Logging and Monitoring Activities
    3. Configuration Management
    4. Foundational Security Operations Concepts
    5. Apply Resource and Media Protection
    6. Conduct Incident Management
    7. Detection and Preventative Measures
    8. Implement Patch and Vulnerability Management
    9. Change Management Processes
    10. Implement Recovery Strategies
    11. Implement Disaster Recovery Processes
    12. Test Disaster Recovery Plan
    13. Business Continuity Planning
    14. Implement and Manage Physical Security
    15. Personnel Safety and Security
  8. Chapter 8 : Secure Software Development
    1. Introducing Software Development Security
    2. Choosing a Software Development Methodology
    3. Considering Process Driven Methodologies
    4. Considering Agile-Based Methodologies
    5. Integrating the Capability Maturity Model in the SDLC
    6. Adopting SAMM into your Software Development
    7. Improving Product with an Integrated Product Team
    8. Managing Post-deployment Product Expectations
    9. Introducing Security Controls in Software Development
    10. Minimizing Programming Language risks in the SDLC
    11. Developing, Deploying, and Maintaining Secure Software
    12. Integrating Software Configuration Management
    13. Incorporating Application Security Testing
    14. Implementing Auditing and Logging of Software Changes
    15. Focusing on Risk Analysis and Mitigation in the SDLC
    16. Evaluating COTS and Third-party Software Security
    17. Evaluating Managed Service and Open-source Software Security
    18. Evaluating Cloud Services Security
    19. Introducing Coding Languages and Tools
    20. Identifying Security Flaws at Source-code Level
    21. Securing APIs
    22. Integrating SDN and SDSec

Product information

  • Title: CISSP: Certified Information Systems Security Professional (2024)
  • Author(s): ACI Learning, Robin Abernathy, Lauren Deal
  • Release date: January 2024
  • Publisher(s): Packt Publishing
  • ISBN: 9781835880784