Preparation for the (ISC)² CISSP Certification

DifficultyAdvanced
AVG Duration24h
Students1357
Ratings
4.8/5
starstarstarstarstar-half
Content
course 29 exam 8

Description

Learning Path Overview

The Certified Information Systems Security Professional (CISSP) is one of the most globally recognized certifications in the information security profession. 

The first version of the Common Body of Knowledge (CBK) was finalized in 1992 and the CISSP credential was launched two years later. The initial groups that joined together to form the consortium included the Canadian Information Processing Society, The Computer Security Institute, The Data Processing Management Association and two of its special interest groups. Idaho State University, The Information Systems Security Association and the International Federation for Information Processing. Well, it's been a long time since 1992, 1994 timeframe and with more than 116,000 certified professionals worldwide, it has earned its place among these credentials through quality of work performed by his distinguished holders and based on the work of the founders. 

Intended Audience

This Learning Path is suitable for anyone wanting to become certified as a Certified Information Systems Security Professional (CISSP)

Prerequisites of the Certifications

The CISSP continues to be the most in-demand information security professional certification currently available. So as you would expect, there are some qualifications that have to be met for any holder. Before you take the exam, each candidate should look at their own background. Their working history to be eligible for the CISSP should include:

  • Five years full time paid work experience
  • Four years of experience with a recent college degree or four years of experience with an approved security certification. Some examples include the CAP also from (ISC)², the CISM or the CISA, both from ISACA, Security+, CCNA Security, the MCSA or MCSE and the GIAC or any of its certifications from the SANS Institute 
  • If you haven't met quite the level of those qualifications, taking the exam and being successful will make you an associate of (ISC)²  

Learning Objectives

A CISSP Professional will be required to demonstrate proficiency and sound security knowledge across 8 different domains that construct the CISSP curriculum. These domains are set out as follows:

  1. Security and risk management
  2. Asset security
  3. Security architecture and engineering
  4. Communication and network security
  5. Identity and access management
  6. Security assessment and testing
  7. Security operations 
  8. Software development security

Agenda

This learning path on its release 'Preview' contains the CISSP learning Path introduction and content for Domain 1. Over the next few weeks, content for the remaining domains will be added to ensure you are ready and prepared to tackle this much sought after security certification. 

CISSP Introduction

We begin with an introduction to the certification and what you can expect from the content contained within this learning path. This introduction allows you to gain further insight into:

  • The history of the certification
  • The prerequisites required for obtaining the CISSP certification
  • The 8 different domains which construct the certification
  • The exam format
  • How to register for the exam
  • How to become involved within the community once you have obtained your CISSP certification

DOMAIN 1 - Security and Risk Management

Module 1:

  • An understanding of what confidentiality, integrity, and availability is and how it applies to information security and how to apply those concepts in the real world
  • How to apply security governance principles
  • An understanding of compliance, and how it plays a huge role within security and risk management
  • How legal and regulatory issues that pertain to cybersecurity within a global context

Module 2:

  • Understanding professional ethics 
  • How to develop and implement documented security policies, standards, procedures, and guidelines and the differences between them 
  • Understand the fundamentals of business continuity requirements How to contribute to personnel security policies 
  • Understanding personnel security policies

Module 3:

  • An introduction to risk, including qualitative and quantitative risk assessments
  • How to identify threats and vulnerabilities
  • The risk assessment analysis process, including risk assignment or acceptance
  • The different security and audit frameworks and methodologies, and how to implement the program elements
  • Risk frameworks

Module 4:

  • Threat modeling and how to apply these modes within your environment
  • How to integrate security risk considerations into acquisitions strategy and practice
  • How to establish and manage security education, training, and awareness within your organization

DOMAIN 2 - Asset security

Module 1:

  • Classifying Information and Supporting Assets
  • Determine and Maintain Ownership
  • Protect Privacy

Module 2:

  • Ensure Appropriate Retention
  • Determine Data Security Controls
  • Establish Handling Requirements

Module 3:

  • Conducting or facilitating internal and third-party audits

Domain 3 - Security Architecture and Engineering

Module 1:

  • Implement and manage an engineering life cycle using security design principles
  • Understand fundamental concepts of security models
  • Security Frameworks

Module 2:

  • Capturing and assessing requirements
  • Select controls and countermeasures based upon information systems security standards
  • Understand the security capabilities of information systems

Module 3:

  • Vulnerabilities of system architectures
  • Cloud Computing
  • Key encryption and ciphers
  • Symmetric and asymmetric cryptography

Module 4:

  • The history of cryptography
  • Principles and life-cycles of cryptography
  • Public key infrastructure (PKI)
  • Digital signatures and digital rights management

Module 5:

  • Common attacks against cryptography
  • Assess and mitigate vulnerabilities in web-based systems
  • Assess and mitigate vulnerabilities in mobile systems

Module 6:

  • Assess and mitigate vulnerabilities in embedded devices and cyber-physical systems
  • Apply secure principles to site and facility design
  • Design and implement facility security

DOMAIN 4 - Communication and network security

Module 1:

  • Apply secure design principles and network architecture
  • IP Version 6, ports, protocols and network categories
  • Wireless networks, network scaling, security issues and network segmentation

Module 2:

  • Securing network components
  • Instant messaging, VPNs, In-transit encryption and remote access
  • Casting, network topologies, VLANs, SDN/SDS architecture

Module 3:

  • Prevent or mitigate network attacks
  • IDS/IPS, network scanning and network attacks

DOMAIN 5 - Identity and access management

Module 1:

  • Identity and access management
  • Managing identification and authentication of people and devices

Module 2:

  • Managing systems features supporting and enforcing access control
  • Accountability

Module 3:

  • Identity as a Service 
  • Integrating third-party identity services
  • Implementing and managing authorization mechanisms
  • Preventing or mitigating access control attacks
  • Managing the identity and access provisioning life-cycle

 

DOMAIN 6 - Security assessment and testing

Module 1:

  • Security assessment and testing
  • Security control testing

Module 2:

  • Security throughout the development life-cycle
  • Maintenance tasks
  • Collecting security process data

Module 3:

  • Conducting or facilitating internal and third-party audits

DOMAIN 7 - Security operations 

Module 1:

  • Understanding and supporting investigations
  • Understanding requirements for investigation types
  • Conducting logging and monitoring activities
  • Securing provisioning of resources through configuration management
  • Understanding and applying foundational security operations concepts

Module 2:

  • Employing resource protection techniques
  • Conducting incident response
  • Operating and maintaining preventative measures
  • Implementing and supporting patch and vulnerability management
  • Participating in and understanding change management processes

Module 3:

  • Implementing recovery strategies
  • Implementing disaster recovery processes
  • Testing the disaster recovery plan

Module 4:

  • Participating in business continuity planning
  • Implementing and managing physical security
  • Participating in personnel safety

DOMAIN 8 - Software Development Security

Module 1:

  • Understanding and applying security in the software development life cycle
  • Enforcing security controls in the development environment

Module 2:

  • The Database environment
  • Software Development and the world of the web

Module 3:

  • Considerations or secure software development
  • Assessing the effectiveness of software security
  • Assessing software acquisition security

Feedback

We welcome all feedback and suggestions - please contact us at support@cloudacademy.com if you are unsure about where to start or if would like help getting started.

Certificate

Your certificate for this learning path
lock

Training Content

1
course
Course - Beginner - 12m
CISSP: Introduction
This course provides an introduction to the CISSP certification, allowing to you gain a clear understanding of what the certification covers, how to prepare and some tips for the exam day itself.
2
course
Course - Advanced - 48m
CISSP: Domain 1 - Security and Risk Management - Module 1
This course covers the first of 4 modules of Domain 1 of the CISSP, covering security and risk management. It will focus on the CIA Triad, governance principles, compliance, and legal issues.
3
course
Course - Advanced - 42m
CISSP: Domain 1 - Security and Risk Management - Module 2
This course is the 2nd of four modules of Domain 1 of the CISSP, covering security and risk management.
4
course
Course - Advanced - 1h 7m
CISSP: Domain 1 - Security and Risk Management - Module 3
This course covers the third of 4 modules in Domain 1 of the CISSP, covering security and risk management.
5
course
Course - Advanced - 33m
CISSP: Domain 1 - Security and Risk Management - Module 4
This course concludes the final module of Domain 1 of the CISSP, covering security and risk management.
6
exam
Exam - 40m
Knowledge Check: CISSP Domain 1 - Security and Risk Assessment
Knowledge Check: CISSP Domain 1 - Security and Risk Assessment
7
course
Course - Advanced - 1h 3m
CISSP: Domain 2 - Asset Security - Module 1
This course is the first of two modules of Domain 2 of the CISSP, covering asset security.
8
course
Course - Advanced - 50m
CISSP: Domain 2 - Asset Security - Module 2
This course is the 2nd and final module of two modules within Domain 2 of the CISSP, covering asset security.
9
exam
Exam - 35m
Knowledge Check: CISSP Domain 2 - Asset Security
Knowledge Check: CISSP Domain 2 - Asset Security
10
course
Course - Advanced - 1h 11m
CISSP: Domain 3 - Security Architecture & Engineering - Module 1
This course is the 1st of 6 modules within Domain 3 of the CISSP, covering security architecture and engineering.
11
course
Course - Advanced - 44m
CISSP: Domain 3 - Security Architecture & Engineering - Module 2
This course is the 2nd of 6 modules within Domain 3 of the CISSP, covering security architecture and engineering.
12
course
Course - Advanced - 1h 22m
CISSP: Domain 3 - Security Architecture & Engineering - Module 3
This course is the 3rdof 6 modules within Domain 3 of the CISSP, covering security architecture and engineering.
13
course
Course - Advanced - 48m
CISSP: Domain 3 - Security Architecture & Engineering - Module 4
This course is the 4th of 6 modules within Domain 3 of the CISSP, covering security architecture and engineering.
14
course
Course - Advanced - 37m
CISSP: Domain 3 - Security Architecture & Engineering - Module 5
This course is the 5th of 6 modules within Domain 3 of the CISSP, covering security architecture and engineering.
15
course
Course - Advanced - 43m
CISSP: Domain 3 - Security Architecture & Engineering - Module 6
This course is the final module of Domain 3 of the CISSP, covering security architecture and engineering.
16
exam
Exam - 50m
Knowledge Check: CISSP Domain 3 - Security Architecture and Engineering
Knowledge Check: CISSP Domain 3 - Security Architecture and Engineering
17
course
Course - Advanced - 43m
CISSP: Domain 4 - Communication and Network Security - Module 1
This course is the first module of Domain 4 of the CISSP, covering communication and network security.
18
course
Course - Advanced - 54m
CISSP: Domain 4 - Communication and Network Security - Module 2
This course is the 2nd of 3 modules in Domain 4 of the CISSP, covering communication and network security.
19
course
Course - Advanced - 34m
CISSP: Domain 4 - Communication and Network Security - Module 3
This course is the final module of Domain 4 of the CISSP, covering communication and network security.
20
exam
Exam - 30m
Knowledge Check: CISSP Domain 4 - Communication and Network Security
Knowledge Check: CISSP Domain 4 - Communication and Network Security
21
course
Course - Intermediate - 39m
CISSP: Domain 5 - Identity and Access Management (IAM) - Module 1
This course is the first of 3 modules of Domain 5 of the CISSP, covering Identity and Access Management.
22
course
Course - Intermediate - 39m
CISSP: Domain 5 - Identity and Access Management (IAM) - Module 2
This course is the 2nd of 3 modules of Domain 5 of the CISSP, covering Identity and Access Management.
23
course
Course - Intermediate - 52m
CISSP: Domain 5 - Identity and Access Management (IAM) - Module 3
This course is the final module of Domain 5 of the CISSP, covering Identity and Access Management.
24
exam
Exam - 20m
Knowledge Check: CISSP Domain 5 - Identity and Access Management
Knowledge Check: CISSP Domain 5 - Identity and Access Management
25
course
Course - Intermediate - 40m
CISSP: Domain 6 - Security Testing and Assessment - Module 1
This course is the first of 3 modules of Domain 6 of the CISSP, covering Security Testing and Assessment.
26
course
Course - Intermediate - 45m
CISSP: Domain 6 - Security Testing and Assessment - Module 2
This course is the 2nd of 3 modules of Domain 6 of the CISSP, covering Security Testing and Assessment.
27
course
Course - Intermediate - 21m
CISSP: Domain 6 - Security Testing and Assessment - Module 3
This course is the final module of Domain 6 of the CISSP, covering Security Testing and Assessment.
28
exam
Exam - 35m
Knowledge Check: CISSP Domain 6 - Security Testing and Assessment
Knowledge Check: CISSP Domain 6 - Security Testing and Assessment
29
course
Course - Intermediate - 47m
CISSP: Domain 7 - Security Operations - Module 1
This course is the first of 4 modules of Domain 7 of the CISSP, covering Security Operations.
30
course
Course - Intermediate - 37m
CISSP: Domain 7 - Security Operations - Module 2
This course is the 2nd of 4 modules of Domain 7 of the CISSP, covering Security Operations.
31
course
Course - Intermediate - 44m
CISSP: Domain 7 - Security Operations - Module 3
This course is the 3rd of 4 modules of Domain 7 of the CISSP, covering Security Operations.
32
course
Course - Intermediate - 21m
CISSP: Domain 7 - Security Operations - Module 4
This course is the final module of Domain 7 of the CISSP, covering Security Operations.
33
exam
Exam - 35m
Knowledge Check: CISSP Domain 7 - Security Operations
Knowledge Check: CISSP Domain 7 - Security Operations
34
course
Course - Intermediate - 45m
CISSP: Domain 8 - Software Development Security - Module 1
This course makes up module one of CISSP Domain 8, Software Development Security.
35
course
Course - Intermediate - 44m
CISSP: Domain 8 - Software Development Security - Module 2
The course makes up module two of CISSP Domain 8, Software Development Security.
36
course
Course - Intermediate - 35m
CISSP: Domain 8 - Software Development Security - Module 3
This course makes up module three of CISSP Domain 8, Software Development Security.
37
exam
Exam - 35m
Knowledge Check: CISSP Domain 8 - Software Development Security
Knowledge Check: CISSP Domain 8 - Software Development Security
About the Author
Students2892
Courses44
Learning paths6

Mr. Leo has been in Information System for 38 years, and an Information Security professional for over 36 years.  He has worked internationally as a Systems Analyst/Engineer, and as a Security and Privacy Consultant.  His past employers include IBM, St. Luke’s Episcopal Hospital, Computer Sciences Corporation, and Rockwell International.  A NASA contractor for 22 years, from 1998 to 2002 he was Director of Security Engineering and Chief Security Architect for Mission Control at the Johnson Space Center.  From 2002 to 2006 Mr. Leo was the Director of Information Systems, and Chief Information Security Officer for the Managed Care Division of the University of Texas Medical Branch in Galveston, Texas.

 

Upon attaining his CISSP license in 1997, Mr. Leo joined ISC2 (a professional role) as Chairman of the Curriculum Development Committee, and served in this role until 2004.   During this time, he formulated and directed the effort that produced what became and remains the standard curriculum used to train CISSP candidates worldwide.  He has maintained his professional standards as a professional educator and has since trained and certified nearly 8500 CISSP candidates since 1998, and nearly 2500 in HIPAA compliance certification since 2004.  Mr. leo is an ISC2 Certified Instructor.

Covered Topics