O'Reilly logo
live online training icon Live Online training

CISSP exam preparation

Web Platform

Building a practice of mapping threats to controls

Dean Bushmiller

CISSP is the gold standard of vendor-neutral cybersecurity certifications. If your organization is subject to PCI, GDPR, HIPAA, SOX, ISO 27001, or similar regulations, you need the CISSP certification to understand cybersecurity from a management viewpoint.

Many people try to brute-force the exam but fail because it requires finesse, a CISSP management way of thinking, and a clear study plan. Join expert Dean Bushmiller to learn how to fix cybersecurity business problems (threats) using tools that directly address the problem (controls). You’ll map each threat to each control and work to identify as many threats and controls as possible across all domains.

This is the first in a series of four courses on CISSP exam preparation, followed by Practicing the CISO Skill Set Using Case-Based Learning.

What you'll learn-and how you can apply it

By the end of this live online course, you’ll understand:

  • How to process articles via case-based best practices and how to process 15%–20% of all cybersecurity business questions
  • Recognize what a CISSP exam question is asking
  • How to be a true security professional and how to manage your organization’s cybersecurity

And you’ll be able to:

  • Avoid cybersecurity technical brute-force traps
  • Build a plan for growing your managerial decision-making process
  • Write CISSP case solutions

This training course is for you because...

This course is for you because…

  • You need to prepare for CISSP certification.
  • You’re moving from a security support role to a management position.
  • You’re a security designer, administrator, or engineer.
  • You need to maintain your continuing professional education (CPE) or continuing education unit (CEU).
  • You’re a security consultant, analyst, manager, or auditor.

Prerequisites

Prerequisites:

  • A basic understanding of (ISC)2’s CISSP requirements of certification 4–6 years in information system security and 1–2 years in each domain of the CISSP (per CISSP exam requirements)

Recommended preparation:

Recommended follow-up:

About your instructor

  • Dean Bushmiller has taught the CISSP for 15 years, with a lifetime instructor approval rating of over 90%. He’s a leader of cybersecurity subject-matter experts and has over 1,000 hours of recorded training. He built the CISSP Mind Map workbooks and hosts a free weekly discussion on cybersecurity at Expandingsecurity.com. Dean has held the following certifications: CISSP, CFR, CVLP, CEH, ISSMP, CRISC, ISSAP, CCSK, CCSP, Exin Cloud, CHFI, CASP, GSEC, CCNA, MCSE 2K Charter, MCDBA, MCSA, MCP, MCT, CISM, PLCOP, PLA, PLCT, AWR-138-W, Cloud+, CEI, LPIC-1, and Security+. Though Dean is nonmilitary, he’s had the honor to train the US military since 1999; in recognition for outstanding service in the information assurance field, he’s received eight mission coins.

    He has held the following certifications: CISSP, CFR, CVLP, CEH, ISSMP, CRISC, ISSAP, CCSK, CCSP, Exin Cloud, CHFI, CASP, GSEC, CCNA, MCSE 2K Charter, MCDBA, MCSA, MCP, MCT, CISM, PLCOP, PLA, PLCT, AWR-138-W, Cloud+, CEI, LPIC-1, Security+

    Outlets for his training include: SANS, FED-VTE, Software Engineering Institute - Carnegie Mellon University, (ISC)2, and Expanding Security.

    Though Dean is non-military, he has had the honor to train the U.S. military since 1999. In recognition for outstanding service in the Information Assurance field, he has received 8 mission coins.

Schedule

The timeframes are only estimates and may vary according to how the class is progressing

Day 1

Threats and controls process (20 minutes)

  • Lecture: Why you should listen; threats and controls process; spoofing, tampering, repudiation, information disclosure, denial of service, elevation of privilege (STRIDE)
  • Hands-on exercise: Navigate shared content on O’Reilly online learning
  • Q&A

Break (5 minutes)

OWASP (25 minutes)

  • Lecture: OWASP top 10
  • Hands-on exercise

Break (5 minutes)

Center for Internet Security (CIS) (25 minutes)

  • Lecture: Controls CIS
  • Hands-on exercise: Find a threat using CIS

Break (5 minutes)

Controls (25 minutes)

  • Lecture: Controls 800-53
  • Hands on exercise: Find a threat using an 800-53 control

Break (5 minutes)

Categories (60 minutes)

  • Lecture: Adding categories to improve processes
  • Hands-on exercises: Categorize given threats and controls; provide a threat, control, and category given a domain and subtopics

Break (5 minutes)

Improve process and next session (20 minutes)

  • Lecture: Improving process; preparing for the next session
  • Hands-on exercise: Vote on three domains and five subtopics; find threats, controls, and categories on your own
  • Q&A

Day 2

Review (5 minutes)

  • Lecture: Review day 1

Activity 1 (25 minutes)

  • Hands-on exercise: Add more threats; supply controls; supply category; add ranking; add narrow scope

Break (5 minutes)

Activity 2 (25 minutes)

  • Hands-on exercise: Add more threats; supply controls; supply category; add ranking; add narrow scope

Break (5 minutes)

Activity 3 (25 minutes)

  • Hands-on exercise: Add more threats; supply controls; supply category; add ranking; add narrow scope

Break (5 minutes)

Activity 4 (25 minutes)

  • Hands-on exercise: Add more threats; supply controls; supply category; add ranking; add narrow scope

Break (5 minutes)

Activity 5 (25 minutes)

  • Hands-on exercise: Add more threats; supply controls; supply category; add ranking; add narrow scope

Break (5 minutes)

Activity 6 (25 minutes)

  • Hands-on exercise: Add more threats; supply controls; supply category; add ranking; add narrow scope

Break (5 minutes)

Activity 7 (25 minutes)

  • Hands-on exercise: Add more threats; supply controls; supply category; add ranking; add narrow scope

Break (5 minutes)

Activity 8 (25 minutes)

  • Hands-on exercise: Add more threats; supply controls; supply category; add ranking; add narrow scope