Certified Information Systems Security Professional (CISSP) Online Course
About the course
The Certified Information Systems Security Professional (CISSP) certification is the most valuable IT security certification that will help you to reach greater heights in the IT security and cybersecurity field. This is a complete course that will help you to build a solid foundation for the certification exam. The course starts by illustrating the reasons why CISSP certification is important in IT security.
Next, you will get an overview of the eight domains that make up the CISSP Common Body Knowledge (CBK). Moving ahead, you will dive deep into the security and risk management domain of CISSP and then we will take you through all the eight domains one by one.
Course Curriculum
Introduction
- Introduction
- Why should you want to get the CISSP certification?
- The 8 CISSP domains or CBKs (Common Bodies of Knowledge)
- Links, important topics and where to focus on my slides
Domain 1: Security and Risk Management
- Domain 1 - What we will be covering
- The CIA Triad
- IAAA
- Governance, Management, standards, and frameworks
- Laws and regulations
- Intellectual property
- US laws, European laws and international treaties
- GDPR (General Data Protection Regulation)
- Ethics
- Policies, procedures, guidelines, and frameworks
- Access control
- Risk analysis, attackers and attacks
- What we covered in Domain 1
Domain 2: Asset Security
- Domain 2 - What we will be covering
- Data classification and clearance
- Sensitive information and media security
- Mission, data, and system owners and data custodians
- Memory and data remanence
- Data remanence and destruction
- Data security frameworks
- What we covered in Domain 2
Domain 3: Security Architecture and Engineering
- Domain 3 - What we will be covering
- Security models and concepts
- Security evaluation models
- Secure system design concepts
- Hardware architecture
- Secure operating systems and software architecture
- Virtualization
- IOT (Internet Of Things)
- System vulnerabilities, threats, and countermeasures
- Web architecture and attacks
- Database security
- Mobile device security
- Industrial Control Systems
- Introduction to Cryptography
- The history of cryptography
- Symmetric encryption
- Asymmetric encryption
- Hashing
- Attacks on our cryptography
- Digital signatures
- IPSec and PGP
- MAC, HMAC, SSL, and TLS
- Physical security part 1
- Physical security part 2
- Physical security part 3
- Site selection
- Media storage
- Electricity
- Fire suppression and hot and cold aisles
- Personnel safety
- The fire triangle and fire suppression
- Domain 3 - What we covered
Domain 4: Communication and Network Security
- Domain 4 - What we will be covering
- Networking basics and definitions
- The OSI model
- The TCP-IP model
- IP addresses and port numbers part 1
- IP addresses and port numbers part 2
- IP support protocols
- Cable types
- LAN topologies
- WAN protocols
- SAN and VoIP protocols
- WIFI
- Bluetooth
- Layer 1 to 3 networking devices
- Layer 3 routing protocols
- Firewalls
- Modems
- Network authentication protocols
- Secure communications
- What we covered in Domain 4
Domain 5: Identity and Access Management (IAM)
- Domain 5 - What we will be covering
- Introduction to Access Control
- Type 1 authentication - "Something you know" or "Knowledge factors"
- Type 2 authentication - "Something you have" or "Possession factors"
- Type 3 authentication - "Something you are" or "Biometrics"
- Authorization
- Accountability
- Access control systems
- Identity and access provisioning
- Authentication protocols
- What we covered in Domain 5
Domain 6: Security Assessment and Testing
- Domain 6 - What we will be covering
- Domain 6 key concepts
- Security Assessments
- Security Audits
- Security Audit Logs
- Vulnerability scanners
- Penetration testing
- Social Engineering attacks
- Penetration testing tools
- Software testing
- What we covered in Domain 6
Domain 7: Security Operations
- Domain 7 - What we will be covering
- Domain 7 key concepts
- Administrative personnel controls
- Digital forensics
- Spinning disk forensics
- Network and Software forensics
- Incident Management definitions
- Incident Management
- Intrusion detection and prevention systems
- SIEM (Security Information and Event Management)
- Application white-listing
- Honeynets and Honeypots
- Configuration Management
- Patch Management
- Change management
- 0-day attacks
- Backups
- RAID (Redundant Array of Independent Disks)
- Redundancy
- BCP and DRP
- Warfare, terrorism, sabotage, and ransomware
- Personnel
- DRP basics
- Developing our BCP and DRP
- BIA (Business Impact Analysis)
- Supply and infrastructure redundancy
- Disaster Recovery sites
- Other BCP sub plans
- Employee redundancy
- Testing the plans
- After a disruption
- What we covered in Domain 7
Domain 8: Software Development Security
- Domain 8 - What we will be covering
- Designing security into our software
- Programming concepts
- Software development methodologies part 1
- Software development methodologies part 2
- Databases part 1
- Databases part 2
- OWASP part 1
- OWASP part 2
- Software vulnerabilities and Attacks
- Capability Maturity Model (CMM)
- Buying software from other companies
- Artificial intelligence (AI)
- What we covered in Domain 8