| Lesson 1: Security and Risk Management |
| Learning Objectives, Part 1 |
| 1.1: Examining Information Security Fundamentals |
| 1.2: Applying Security Governance Concepts–Part 1 |
| 1.3: Applying Security Governance Concepts–Part 2 |
| 1.4: Designing and Implementing Governance Documents |
| 1.5: Understanding Legal Systems and Related Laws–Part 1 |
| 1.6: Understanding Legal Systems and Related Laws–Part 2 |
| 1.7: Understanding Regulatory and Contractual Requirements–Part 1 |
| 1.8: Understanding Regulatory and Contractual Requirements–Part 2 |
| 1.9: Implementing Personnel Security |
| 1.10: Implementing Third-Party Security |
| Mid-Lesson Exam Review |
| Learning Objectives, Part 2 |
| 1.11: Understanding and Applying Threat Modeling |
| 1.12: Understanding & Implementing Risk Management Concepts |
| 1.13: Exploring Risk Assessment Methodologies |
| 1.14: Conducting a Quantitative Risk Assessment |
| 1.15: Conducting a Qualitative Risk Assessment |
| 1.16: Selecting Controls and Countermeasures |
| 1.17: Managing Supply Chain Risk |
| 1.18: Implementing Business Continuity Risk Management |
| End of Lesson Review |
| Lesson 2: Asset Security |
| Learning Objectives |
| 2.1: Classifying Assets |
| 2.2: Managing Assets |
| 2.3: Protecting Data Privacy |
| 2.4: Ensuring Appropriate Retention and Destruction |
| 2.5: Determining Data Security Controls |
| End of Lesson Review |
| Lesson 3: Security Engineering |
| Learning Objectives, Part 1 |
| 3.1: Implementing Secure Design Principles |
| 3.2: Understanding Security Models |
| 3.3: Selecting Controls Based on Systems Security Evaluation Models |
| 3.4: Recognizing Information Systems Security Capabilities |
| 3.5: Assessing and Mitigating Security Architecture Vulnerabilities |
| 3.6: Assessing and Mitigating Cloud Vulnerabilities |
| 3.7: Assessing and Mitigating Web Vulnerabilities |
| 3.8: Assessing and Mitigating Mobile and Remote Computing Vulnerabilities |
| Mid-Lesson Exam Review |
| Learning Objectives, Part 2 |
| 3.9: Introducing Cryptography |
| 3.10: Applying Cryptography–Encryption Part 1 |
| 3.11: Applying Cryptography–Encryption Part 2 |
| 3.12: Applying Cryptography–Public Key Infrastructure |
| 3.13: Applying Cryptography–Hashing and Digital Signature |
| 3.14: Applying Cryptography–Cryptographic Protocols |
| 3.15: Applying Cryptography–Crypto Attacks |
| 3.16: Applying Secure Principles to Site and Facility Design |
| 3.17: Securing Information Processing Facilities and Equipment |
| End of Lesson Review |
| Lesson 4: Communications and Network Security |
| Learning Objectives |
| 4.1: Reviewing OSI and TCP/IP Models |
| 4.2: Understanding IP Convergence and Extensibility |
| 4.3: Securing Wireless Networks |
| 4.4: Using Cryptography to Maintain Communication Security |
| 4.5: Securing Network Access |
| 4.6: Securing Data Transmissions |
| 4.7: Securing Multimedia Collaboration |
| 4.8: Securing Virtual Private Networks |
| 4.9: Securing Endpoints |
| 4.10: Preventing and Mitigating Network Attacks |
| End of Lesson Review |
| Lesson 5: Identity and Access Management |
| Learning Objectives |
| 5.1: Understanding Access Control Fundamentals |
| 5.2: Examining Identification Schemas |
| 5.3: Understanding Authentication Options |
| 5.4: Understanding Authentication Systems |
| 5.5: Implementing Access and Authorization Criteria |
| 5.6: Implementing Access Control Models |
| 5.7: Implementing Access Control Techniques and Technologies |
| 5.8: Identity and Access Provisioning |
| End of Lesson Review |
| Lesson 6: Security Assessment and Testing |
| Learning Objectives |
| 6.1: Testing and Examination (T&E) Overview |
| 6.2: Security Assessment Planning |
| 6.3: Conducting Security Examinations |
| 6.4: Security Assessment Testing–Target Identification |
| 6.5: Security Assessment Testing–Password Cracking |
| 6.6: Conducting Security Assessments–Penetration Testing |
| 6.7: Understanding Log Analysis |
| 6.8: Implementing Information Security Continuous Monitoring (ISCM) |
| 6.9: Understanding Third-Party Audits and Examinations |
| End of Lesson Review |
| Lesson 7: Security Operations |
| Learning Objectives, Part 1 |
| 7.1: Managing Privileged Accounts |
| 7.2: Operating and Maintaining Firewalls and IDS/IPS |
| 7.3: Conducting Logging and Monitoring Activities |
| 7.4: Implementing and Supporting Vulnerability and Patch Management |
| 7.5: Implementing and Supporting Malware Management |
| 7.6: Implementing and Supporting Media Management |
| 7.7: Participating in the Configuration Management Process |
| Mid-Lesson Exam Review |
| Learning Objectives, Part 2 |
| 7.8: Managing System Resilience and Fault Tolerance |
| 7.9: Implementing Disaster Recovery Processes |
| 7.10: Managing DR Plan Maintenance |
| 7.11: Understanding and Supporting Investigations |
| 7.12: Understanding Digital Forensics |
| 7.13: Supporting Incident Management |
| 7.14: Securing People and Places |
| End of Lesson Review |
| Lesson 8: Software Development Security |
| Learning Objectives |
| 8.1: Managing the Software Development Cycle |
| 8.2: Understanding Software Development Approaches, Models, and Tools |
| 8.3: Understanding Source Code Security Issues |
| 8.4: Managing Database Security |
| 8.5 Assessing the Security Impact of Acquired Software |
| End of Lesson Review |
| Lesson 9: Preparing for the Exam |
| Learning Objectives |
| 9.1: Security and Risk Management Domain: Review and Study Roadmap |
| 9.2: Asset Security Domain: Review and Study Roadmap |
| 9.3: Security Engineering Domain: Review and Study Roadmap |
| 9.4: Communications and Network Domain: Review and Study Roadmap |
| 9.5: Identity and Access Domain: Review and Study Roadmap |
| 9.6: Security Assessment and Testing Domain: Review and Study Roadmap |
| 9.7: Security Operations Domain: Review and Study Roadmap |
| 9.8: Software Development Security Domain: Review and Study Roadmap |
| 9.9: Taking the CISSP Examination |
| Summary |
| CISSP candidates must have a have a thorough understanding of cybersecurity fundamentals, the relationship between information security and business objectives, and the importance of risk management. Lesson 1, Security and Risk Management is divided into two parts. Part 1 explores a broad spectrum of security and privacy concepts, governance principles, global legal and regulatory environments, personnel security requirements, and third-party due diligence and oversight. Part 2 explores an array of risk management topics including threat modeling, quantitative and qualitative risk assessment methodologies, selecting controls and countermeasures, and business continuity. |
0 Response to "CISSP"
Post a Comment