CISSP Study Guide 8th edition

(CIS-502)
Lessons
Lab
TestPrep
Get A Free Trial

Skills You’ll Get

Download Course Outline

1

Introduction

  • Overview of the CISSP Exam
  • Notes on This Course's Organization
2

Security Governance Through Principles and Policies

  • Understand and Apply Concepts of Confidentiality, Integrity, and Availability
  • Evaluate and Apply Security Governance Principles
  • Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines
  • Understand and Apply Threat Modeling Concepts and Methodologies
  • Apply Risk-Based Management Concepts to the Supply Chain
  • Summary
  • Exam Essentials
  • Written Lab
3

Personnel Security and Risk Management Concepts

  • Personnel Security Policies and Procedures
  • Security Governance
  • Understand and Apply Risk Management Concepts
  • Establish and Maintain a Security Awareness, Education, and Training Program
  • Manage the Security Function
  • Summary
  • Exam Essentials
  • Written Lab
4

Business Continuity Planning

  • Planning for Business Continuity
  • Project Scope and Planning
  • Business Impact Assessment
  • Continuity Planning
  • Plan Approval and Implementation
  • Summary
  • Exam Essentials
  • Written Lab
5

Laws, Regulations, and Compliance

  • Categories of Laws
  • Laws
  • Compliance
  • Contracting and Procurement
  • Summary
  • Exam Essentials
  • Written Lab
6

Protecting Security of Assets

  • Identify and Classify Assets
  • Determining Ownership
  • Using Security Baselines
  • Summary
  • Exam Essentials
  • Written Lab
7

Cryptography and Symmetric Key Algorithms

  • Historical Milestones in Cryptography
  • Cryptographic Basics
  • Modern Cryptography
  • Symmetric Cryptography
  • Cryptographic Lifecycle
  • Summary
  • Exam Essentials
  • Written Lab
8

PKI and Cryptographic Applications

  • Asymmetric Cryptography
  • Hash Functions
  • Digital Signatures
  • Public Key Infrastructure
  • Asymmetric Key Management
  • Applied Cryptography
  • Cryptographic Attacks
  • Summary
  • Exam Essentials
  • Written Lab
9

Principles of Security Models, Design, and Capabilities

  • Implement and Manage Engineering Processes Using Secure Design Principles
  • Understand the Fundamental Concepts of Security Models
  • Select Controls Based On Systems Security Requirements
  • Understand Security Capabilities of Information Systems
  • Summary
  • Exam Essentials
  • Written Lab
10

Security Vulnerabilities, Threats, and Countermeasures

  • Assess and Mitigate Security Vulnerabilities
  • Client-Based Systems
  • Server-Based Systems
  • Database Systems Security
  • Distributed Systems and Endpoint Security
  • Internet of Things
  • Industrial Control Systems
  • Assess and Mitigate Vulnerabilities in Web-Based Systems
  • Assess and Mitigate Vulnerabilities in Mobile Systems
  • Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical Systems
  • Essential Security Protection Mechanisms
  • Common Architecture Flaws and Security Issues
  • Summary
  • Exam Essentials
  • Written Lab
11

Physical Security Requirements

  • Apply Security Principles to Site and Facility Design
  • Implement Site and Facility Security Controls
  • Implement and Manage Physical Security
  • Summary
  • Exam Essentials
  • Written Lab
12

Secure Network Architecture and Securing Network Components

  • OSI Model
  • TCP/IP Model
  • Converged Protocols
  • Wireless Networks
  • Secure Network Components
  • Cabling, Wireless, Topology, Communications, and Transmission Media Technology
  • Summary
  • Exam Essentials
  • Written Lab
13

Secure Communications and Network Attacks

  • Network and Protocol Security Mechanisms
  • Secure Voice Communications
  • Multimedia Collaboration
  • Manage Email Security
  • Remote Access Security Management
  • Virtual Private Network
  • Virtualization
  • Network Address Translation
  • Switching Technologies
  • WAN Technologies
  • Miscellaneous Security Control Characteristics
  • Security Boundaries
  • Prevent or Mitigate Network Attacks
  • Summary
  • Exam Essentials
  • Written Lab
14

Managing Identity and Authentication

  • Controlling Access to Assets
  • Comparing Identification and Authentication
  • Implementing Identity Management
  • Managing the Identity and Access Provisioning Lifecycle
  • Summary
  • Exam Essentials
  • Written Lab
15

Controlling and Monitoring Access

  • Comparing Access Control Models
  • Understanding Access Control Attacks
  • Summary
  • Exam Essentials
  • Written Lab
16

Security Assessment and Testing

  • Building a Security Assessment and Testing Program
  • Performing Vulnerability Assessments
  • Testing Your Software
  • Implementing Security Management Processes
  • Summary
  • Exam Essentials
  • Written Lab
17

Managing Security Operations

  • Applying Security Operations Concepts
  • Securely Provisioning Resources
  • Managing Configuration
  • Managing Change
  • Managing Patches and Reducing Vulnerabilities
  • Summary
  • Exam Essentials
  • Written Lab
18

Preventing and Responding to Incidents

  • Managing Incident Response
  • Implementing Detective and Preventive Measures
  • Logging, Monitoring, and Auditing
  • Summary
  • Exam Essentials
  • Written Lab
19

Disaster Recovery Planning

  • The Nature of Disaster
  • Understand System Resilience and Fault Tolerance
  • Recovery Strategy
  • Recovery Plan Development
  • Training, Awareness, and Documentation
  • Testing and Maintenance
  • Summary
  • Exam Essentials
  • Written Lab
20

Investigations and Ethics

  • Investigations
  • Major Categories of Computer Crime
  • Ethics
  • Summary
  • Exam Essentials
  • Written Lab
21

Software Development Security

  • Introducing Systems Development Controls
  • Establishing Databases and Data Warehousing
  • Storing Data and Information
  • Understanding Knowledge-Based Systems
  • Summary
  • Exam Essentials
  • Written Lab
22

Malicious Code and Application Attacks

  • Malicious Code
  • Password Attacks
  • Application Attacks
  • Web Application Security
  • Reconnaissance Attacks
  • Masquerading Attacks
  • Summary
  • Exam Essentials
  • Written Lab

1

Security Governance Through Principles and Policies

  • Identifying protection mechanisms
  • Identifying security management plans
  • Identifying steps in a classification scheme
  • Identifying risk actions
2

Personnel Security and Risk Management Concepts

  • Understanding elements of risk
  • Identifying steps in quantitative risk analysis
  • Understanding agents
3

Business Continuity Planning

  • Identifying phases in BCP process
  • Identifying man-made threats
4

Laws, Regulations, and Compliance

  • Identifying CFAA provisions
5

Cryptography and Symmetric Key Algorithms

  • Checking the integrity of messages through MAC values
  • Identifying asymmetric algorithms
6

PKI and Cryptographic Applications

  • Backing up an encryption certificate and key
7

Principles of Security Models, Design, and Capabilities

  • Identifying Information models
  • Identifying TCSEC categories
8

Physical Security Requirements

  • Identifying terms associated with power issues
  • Identifying primary stages of fire
  • Identifying physical access control mechanisms
9

Secure Network Architecture and Securing Network Components

  • Identifying application layer protocols
  • Identifying steps in the encapsulation/decapsulation process
  • Identifying OSI layer functions
  • Identifying OSI layers
  • Identifying connectionless communication
  • Identifying abbreviations for various Internet layer protocols
  • Identifying TCP/IP protocol layers
  • Identifying TCP/IP layers
  • Identifying flag bit designator
  • Configuring IPv4 address
  • Configuring SSID
  • Creating and configuring a network
  • Identifying gateway firewalls
  • Identifying hardware devices
  • Connecting Systems to the Internet Through a Firewall Router
  • Identifying network topologies
  • Identifying UTP categories
  • Identifying steps in CSMA technology
  • Identifying LAN sub technologies
  • Identifying types of cable
  • Identifying components of a coaxial cable
10

Secure Communications and Network Attacks

  • Identifying secure communication protocols
  • Identifying authentication protocols
  • Identifying phreaker tools
  • Identifying security solutions
  • Connecting to a server using Remote Desktop Connection
  • Creating a dial-up connection
  • Creating a remote access VPN connection
  • Identifying VPN protocols
  • Installing Windows Virtual PC
  • Creating a virtual PC machine
  • Understanding NAT
  • Identifying switching technology properties
  • Identifying specialized protocols
  • Understanding transparency
  • Understanding security boundaries
11

Managing Identity and Authentication

  • Creating a password for account
  • Configuring password policies
  • Enabling and disabling password expiration
  • Configuring NPS network policy
  • Identifying drawbacks of Kerberos authentication
  • Identifying components of the Kerberos authentication protocol
  • Identifying authentication services
  • Configuring NPS to provide RADIUS authentication
  • Identifying responsibilities
12

Controlling and Monitoring Access

  • Identifying authorization mechanisms
  • Viewing password hashes
13

Managing Security Operations

  • Identifying steps within an effective patch management program
  • Identifying security reviews
  • Identifying steps in incident response management
14

Preventing and Responding to Incidents

  • Configuring audit policies
  • Viewing different event details
  • Identifying log types
  • Filtering entries in Event Viewer
15

Disaster Recovery Planning

  • Identifying processing sites in disaster recovery plan
  • Identifying disaster recovery plan tests
16

Investigations and Ethics

  • Identifying computer crime types
17

Software Development Security

  • Identifying stages in a waterfall lifecycle model
  • Identifying generations of languages
  • Understanding object-oriented programming terms
  • Identifying levels in Software Capability Maturity Model
  • Identifying testing methods
  • Identifying keys in a database
  • Identifying storage types
18

Malicious Code and Application Attacks

  • Installing the AVG antivirus and scanning a drive
  • Understanding application attacks
  • Identifying types of viruses
We use cookies for improving site experience and analytics. Learn More