back

Certified Information Systems Security Professional (UPDATED 2018)

CISSP81 H 14 M

The Certified Information Systems Security Professional exam prep course helps you review the security skills needed to be pass the CISSP exam.

This course has a virtual lab
This course has a practice test
Episodes
Episodes
  • Security and Risk Management
    • Overview
    • Confidentiality, Integrity, Availability (CIA)
    • Confidentiality, Integrity, Availability (CIA) Pt2
    • Evaluate, Apply Security Governance Principles
    • Evaluate, Apply Security Goverance Principles Pt2
    • Determine Compliance Requirements
    • Determine Compliance Requirements Part 2
    • Determine Compliance Requirements Part 3
    • Understand Legal and Regulatory Issues
    • Understand Legal and Regulatory Issues Part 2
    • Understand, adhere to and promote ethics
    • Policy, Standards, Procedures and Guidelines
    • Understand Business Continuity Requirements
    • Understand Business Continuity Requirements Part 2
    • Understand Business Continuity Requirements Part 3
    • Personnel, Security Policies and Procedures
    • Understand/Apply Risk Management Concepts
    • Understand/Apply Risk Management Concepts Part 2
    • Understand/Apply Risk Management Concepts Part 3
    • Understand/Apply Risk Management Concepts Part 4
    • Understand/Apply Risk Management Concepts Part 5
    • Understanding/Apply Threat Modeling Concepts
    • Apply Risk Management to the Supply Chain
    • Security Awareness/Education and Training
    • Security and Risk Management - Key Points
    • CIA Deep Dive
    • Organizational Roles and Responsibilities
    • Risk Terminology and Concepts
  • Asset Security
    • Identify and Classify Information and Assets
    • Determine and Maintain Information/Asset Ownership
    • Protect Privacy
    • Protect Privacy Part 2
    • Ensure Appropriate Asset Retention
    • Determine Data Security Controls
    • Determine Data Security Controls Part 2
    • Determine Data Security Controls Part 3
    • Establish Asset Handling Requirements
    • Asset Security - Key Points
  • Security Architecture and Engineering
    • Implement and Manage Engineering Processes
    • Fundamental Concepts of Systems and Security
    • Fundamental Concepts of Systems and Security Pt.2
    • Fundamental Concepts of Systems and Security Pt.3
    • Fundamental Concepts of Systems and Security Pt.4
    • Fundamental Concepts of Systems and Security Pt.5
    • Controls Based on Security Requirements
    • Controls Based on Security Requirements Part 2
    • Vulnerabilities of Security Architecture
    • Vulnerabilities of Security Architecture Part 2
    • Vulnerabilities of Security Architecture Part 3
    • Vulnerabilities of Security Architectures Part 4
    • Vulnerabilities in Web-Based Systems
    • Vulnerabilities in Web-Based Systems Part 2
    • Vulnerabilities in Mobile Systems
    • Vulnerabilities in Embedded Devices
    • Apply Cryptography
    • Apply Cryptography Part 2
    • Apply Cryptography Part 3
    • Apply Cryptography Part 4
    • Apply Cryptography Part 5
    • Apply Cryptography Part 6
    • Apply Cryptography Part 7
    • Apply Cryptography Part 8
    • Apply Cryptography Part 9
    • Apply Cryptography Part 10
    • Apply Cryptography Part 11
    • Apply Cryptography Part 12
    • Apply Cryptography Part 13
    • Site/Facility Design and Security
    • Site/Facility Design and Security Part 2
    • Site/Facility Design and Security Part 3
    • Site/Facility Design and Security Part 4
    • Security Architecture and Engineering - Key Points
  • Communication and Network Security
    • Secure Design Principles in Networks
    • Secure Design Principles in Networks Part 2
    • Secure Design Principles in Networks Part 3
    • Secure Design Principles in Networks Part 4
    • Secure Design Principles in Networks Part 5
    • Secure Design Principles in Networks Part 6
    • Secure Design Principles in Networks Part 7
    • Secure Design Principles in Networks Part 8
    • Secure Design Principles in Networks Part 9
    • Secure Design Principles in Networks Part 10
    • Secure Design Principles in Networks Part 11
    • Secure Design Principles in Networks Part 12
    • Secure Network Components
    • Secure Network Components Part 2
    • Secure Network Components Part 3
    • Secure Network Components Part 4
    • Secure Network Components Part 5
    • Implement Secure Communication Channels
    • Implement Secure Communication Channels Part 2
    • Implement Secure Communication Channels Part 3
    • Implement Secure Communication Channels Part 4
    • Implement Secure Communication Channels Part 5
    • Implement Secure Communication Channels Part 6
    • Communication and Network Security - Key Points
  • Identity and Access Management (IAM)
    • Control Physical and Logical Access to Assets
    • Control Physical and Logical Access to Assets Pt 2
    • Manage Identification and Authentication
    • Manage Identification and Authentication Part 2
    • Manage Identification and Authentication Part 3
    • Integrate Identity as a Third-Party Service
    • Implement/Manage Authorization Mechanisms
    • Implement/Manage Authorization Mechanisms Pt.2
    • Manage Identity and Access Provisioning Lifecycle
    • Access Control Attacks
    • Access Control Attacks Part 2
    • Identity and Access Management - Key Points
  • Security Assessment and Testing
    • Assessment, Test and Audit
    • Assessment, Test and Audit Part 2
    • Conduct Security Control Testing
    • Conduct Security Control Testing Part 2
    • Conduct Security Control Testing Part 3
    • Collect Security Process Data
    • Security Assessment and Testing - Key Points
  • Security Operations
    • Understand and Support Investigations
    • Conduct Logging and Monitoring Activities
    • Provisioning and Protecting Resources
    • Provisioning and Protecting Resources Part 2
    • Apply Foundational Security Operation Concepts
    • Conduct Incident Management
    • Detective and Preventative Measures
    • Detective and Preventative Measures Part 2
    • Patch and Vulnerability Management
    • Understand Change Management
    • Implement Recovery Strategies
    • Implement Recovery Strategies Part 2
    • Implement Recovery Strategies Part 3
    • Implement Recovery Strategies Part 4
    • Implement Recovery Strategies Part 5
    • Implement and Test BCDR
    • Implement and Test BCDR Part 2
    • Implement and Test BCDR Part 3
    • Implement and Manage Physical Security
    • Implement and Manage Physical Security Part 2
    • Personnel Safety and Security Concerns
    • Security Operations - Key Points
  • Software Development Security
    • Security in the SDLC
    • Security in the SDLC Part 2
    • Security in the SDLC Part 3
    • Security in the SDLC Part 4
    • Security in the SDLC Part 5
    • Security in the SDLC Part 6
    • Security Controls in Dev Environments
    • Security Controls in Dev Environments Part 2
    • Security Controls in Dev Environments Part 3
    • Security Controls in Dev Environments Part 4
    • Security Controls in Dev Environments Part 5
    • Security Controls in Dev Environments Part 6
    • Security Controls in Dev Environments Part 7
    • Security Controls in Dev Environments Part 8
    • Security Controls in Dev Environments Part 9
    • Assess Effectiveness of Software Security
    • Assess Security Impact of Acquired Software
    • Secure Coding Guidelines and Standards
    • Databases and Data Warehouses
    • Databases and Data Warehouses Part 2
    • Types of Storage
    • Knowledge-based Systems
    • Software Development Security - Key Points

Overview

6 M

  • Episode Description
  • Transcript

The Certified Information Systems Security Professional (CISSP) certification is the gold standard in the IT Security field. Security professionals that have achieved their CISSP designation are regarded as some of the most talented and knowledgeable people in their field. The certification demonstrates that the holder has been working in IT Security for over five years, has a broad range of knowledge in ten domains related to creating, supporting and maintaining a secure IT infrastructure and can implement things like risk management and risk identification.

[MUSIC] In this episode we'd like to take a few moments to tell you what you can expect in the upcoming CISSP series. And here with our overview is Adam Gordon. Adam, how are we doing today? >> Doing well, doing well. How about you? >> I'm doing good. What can we expect in the upcoming series? >> A whole bunch of stuff having to do with CISSP. >> Very good [CROSSTALK]. >> Let's be a little bit more specific than that. So if you're joining us for the CISSP show, all the episodes that will make it up. You hopefully are aware of the fact that in April of 2018, ISC Squared announced as they do every three years, that there will be a revision in some form to the knowledge base. What we call the CBK, the common body of knowledge. Currently made up of 8 domains actually currently since 2015 since the last major revision from 10 domains down to 8. The 2015 to 2018 revision, to 8 domains has for the most part held true going into the 2018 revision, those same 8 domains are still there, we've modified the name a little bit in one or more of them. We've mixed and matched and reordered some of the topics that make up each of the domains and moved them around, but really not a huge, seismic shift the way it was going into the 2015 update as the move from 10 domains down to 8, so that part is good. We will address all eight domains and address them in the order that the ISC-Squared CISSP blueprint or the exam signifies, meaning if you join me here, we'll quickly show you what we are doing. We're going to start with Security and Risk Management. And all I've done, you'll see me use this document throughout all of the episodes. Is taken the exam blueprint listing of domains and subtopics and just in the same order they are produced by ISC Squared. Put them into a word document, simply highlighting what we're doing at every stage of our discussion so you always start every episode knowing where we are. We'll start with the Security and Risk Management Domain. There are 12 sub topic areas that we will go through there. You can see them on the screen but we're not too worried about the detail right now. You'll get a chance to see them in depth and up close as we go through all of the discussions. We'll move into Asset Security, one of the smaller domains overall. We'll deal with Security Architecture and Engineering. This is one of the larger domains, also one of the ones that a lot of people get a little put off by in the sense that they get a little scared by. Because it does contain cryptography which was a discussion area under network and communication security in the old ten domain mapping. So obviously a very important aspect of what we do. It also deals with a lot of the system architecture that sometimes throws people for a bit of a loop. We'll try to make that as painless as possible for you I promise. But it is actually a very exciting area and one that, as we peel back the layers of complexity around. Most people tend to find that they actually have a fairly good grasp of, even though they don't know always see that going in. Because it deals with a lot of the fundamentals of what we actually do in the pursuit of everyday jobs and roles in IT, regardless of what our focus maybe over all. So, we'll spend some time there certainly. We're also going to go through Communication and Network Security. This has now became a very short domain. Actually the shortest of all the domains just in terms of the number of topics, but still incredibly important to what we do. This is the bread and butter of most, if not all of the IT professionals that come into the realm of CISSP looking to ultimately certify. Because almost without exception, all of us come from some sort of a background regardless of what we do that has a fundamental understanding of the terms and the techniques we will discuss here. Identity and Access Management will be very important, especially these days in the world of web services and the Cloud. So domain Five overall. Domain six, Security Assessment and Testing, that's the one that sometimes people get a little put off by because they don't feel they have a lot of knowledge in. And unlike domain three for Systems Architecture and Engineering, where our security architecture and engineering, where we do find that we do have a background as we get into it. If you haven't really done assessment and testing work before, you can feel a little strange and a little bit of an alien like environment for us to be discussing, but rest assured it's actually very straightforward conversation, that'll be domain six. Domain seven, Security Operations by far in a way the largest of all the domains as you can see, very, very big, lots of stuff there. But again, a fairly straightforward conversation. We see some oldies and goodies like BCDR, business continuity disaster recovery planning appear there. Physical security, things of that nature. And then rounding out with domain eight Software Development Security, where we discuss development life cycles, development methodologies and discuss a variety of different things associated with how we can understand what happens. From a development perspective with regard to the software that many of us take for granted all the time. We use, but we don't necessarily understand the security. So we'll have some interesting conversations associated with that. All together all up, those eight domains make up the CISSP CBK common body of knowledge. We will spend time going through each and every one of them, looking in all the nooks and crannies and all the different corners associated with those conversations. At the end of every one of those domain blocks of knowledge, we've instituted a wrap up or key points additional episode that kind of reviews and hits the highlights for you and reinforces those key points you should go back and make sure you're studying so you have a nice way of wrapping all that knowledge up. We also have a block of resources, both show notes and often additional supplementary documentary material that we will refer to in many of our episodes and that we make available to you downloadable as part of the show notes and the attachment to the episode. So make sure you look for that. It's got all sorts of documents. It's got all the NIST standards that we reference that are freely available and any other things that I think may be valuable that will be helpful for you. Including a glossary of terms, you have a vocabulary list. That you can use to study there and make flash cards from. And you'll hear me refer to the importance of flash cards time and again. So I look forward, as I know Wes does as well, to spending time with you. You'll see some new faces popping in here from time to time. It won't just be Wes. We'll have Daniel join us and maybe one or two other surprise guests. We'll see how that goes. But certainly look for myself, look for all of us. And we look forward to seeing you as we discuss CISSP and the CBK that makes up the knowledge base associated with it. [MUSIC]

Just you? Training a whole team? There's an ITProTV plan that fits.

With more than 4,000 hours of engaging video training for IT professionals, you'll find the courses you and your team need to stay current and get the latest certifications.