Certified Information Systems Security Professional (CISSP)- OnDemand

Overview of the CISSP Exam
The Elements of This Study Guide
Interactive Online Learning Environment and TestBank
Study Guide Exam Objectives
Objective Map

Security 101
Understand and Apply Security Concepts
Security Boundaries
Evaluate and Apply Security Governance Principles
Manage the Security Function
Security Policy, Standards, Procedures, and Guidelines
Threat Modeling
Supply Chain Risk Management
Summary
Exam Essentials
Written Lab

Personnel Security Policies and Procedures
Understand and Apply Risk Management Concepts
Social Engineering
Establish and Maintain a Security Awareness, Education, and Training Program
Summary
Exam Essentials
Written Lab

Planning for Business Continuity
Project Scope and Planning
Business Impact Analysis
Continuity Planning
Plan Approval and Implementation
Summary
Exam Essentials
Written Lab

Categories of Laws
Laws
State Privacy Laws
Compliance
Contracting and Procurement
Summary
Exam Essentials
Written Lab

Identifying and Classifying Information and Assets
Establishing Information and Asset Handling Requirements
Data Protection Methods
Understanding Data Roles
Using Security Baselines
Summary
Exam Essentials
Written Lab

Cryptographic Foundations
Modern Cryptography
Symmetric Cryptography
Cryptographic Lifecycle
Summary
Exam Essentials
Written Lab

Asymmetric Cryptography
Hash Functions
Digital Signatures
Public Key Infrastructure
Asymmetric Key Management
Hybrid Cryptography
Applied Cryptography
Cryptographic Attacks
Summary
Exam Essentials
Written Lab

Secure Design Principles
Techniques for Ensuring CIA
Understand the Fundamental Concepts of Security Models
Select Controls Based on Systems Security Requirements
Understand Security Capabilities of Information Systems
Summary
Exam Essentials
Written Lab

Shared Responsibility
"Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution
Elements"
Client-Based Systems
Server-Based Systems
Industrial Control Systems
Distributed Systems
High-Performance Computing (HPC) Systems
Internet of Things
Edge and Fog Computing
Embedded Devices and Cyber-Physical Systems
Specialized Devices
Microservices
Infrastructure as Code
Virtualized Systems
Containerization
Serverless Architecture
Mobile Devices
Essential Security Protection Mechanisms
Common Security Architecture Flaws and Issues
Summary
Exam Essentials
Written Lab

Apply Security Principles to Site and Facility Design
Implement Site and Facility Security Controls
Implement and Manage Physical Security
Summary
Exam Essentials
Written Lab

OSI Model
TCP/IP Model
Analyzing Network Traffic
Common Application Layer Protocols
Transport Layer Protocols
Domain Name System
Internet Protocol (IP) Networking
ARP Concerns
Secure Communication Protocols
Implications of Multilayer Protocols
Microsegmentation
Wireless Networks
Other Communication Protocols
Cellular Networks
Content Distribution Networks (CDNs)
Secure Network Components
Summary
Exam Essentials
Written Lab

Protocol Security Mechanisms
Secure Voice Communications
Remote Access Security Management
Multimedia Collaboration
Load Balancing
Manage Email Security
Virtual Private Network
Switching and Virtual LANs
Network Address Translation
Third-Party Connectivity
Switching Technologies
WAN Technologies
Fiber-Optic Links
Security Control Characteristics
Prevent or Mitigate Network Attacks
Summary
Exam Essentials
Written Lab

Controlling Access to Assets
Managing Identification and Authentication
Implementing Identity Management
Managing the Identity and Access Provisioning Lifecycle
Summary
Exam Essentials
Written Lab

Comparing Access Control Models
Implementing Authentication Systems
Understanding Access Control Attacks
Summary
Exam Essentials
Written Lab

Building a Security Assessment and Testing Program
Performing Vulnerability Assessments
Testing Your Software
Implementing Security Management Processes
Summary
Exam Essentials
Written Lab

Apply Foundational Security Operations Concepts
Addressing Personnel Safety and Security
Provision Resources Securely
Apply Resource Protection
Managed Services in the Cloud
Perform Configuration Management (CM)
Managing Change
Managing Patches and Reducing Vulnerabilities
Summary
Exam Essentials
Written Lab

Conducting Incident Management
Implementing Detective and Preventive Measures
Logging and Monitoring
Automating Incident Response
Summary
Exam Essentials
Written Lab

The Nature of Disaster
Understand System Resilience, High Availability, and Fault Tolerance
Recovery Strategy
Recovery Plan Development
Training, Awareness, and Documentation
Testing and Maintenance
Summary
Exam Essentials
Written Lab

Investigations
Major Categories of Computer Crime
Ethics
Summary
Exam Essentials
Written Lab

Introducing Systems Development Controls
Establishing Databases and Data Warehousing
Storage Threats
Understanding Knowledge-Based Systems
Summary
Exam Essentials
Written Lab

Malware
Malware Prevention
Application Attacks
Injection Vulnerabilities
Exploiting Authorization Vulnerabilities
Exploiting Web Application Vulnerabilities
Application Security Controls
Secure Coding Practices
Summary
Exam Essentials
Written Lab