SlideShare a Scribd company logo

CISSP Preview - For the next generation of Security Leaders

N
NUS-ISS

The document outlines the eight domains of the CISSP Common Body of Knowledge (CBK), covering key areas such as security and risk management, asset security, security engineering, communications and network security, identity and access management, security assessment and testing, security operations, and software development security. Each domain has a specific weight in terms of exam questions, totaling 100%, and provides foundational concepts essential for information security. Additionally, it offers exam preparation tools and resources, including official study guides and training methods.

Technology
Related topics:
Information Security
1 of 33
Downloaded 87 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
CISSP Preview - For the next generation of Security Leaders
OVERVIEW OF 8 DOMAINS A look into the 8 domains in the CISSP CBK
3 CISSP 8 Domains 1. Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity) 2. Asset Security (Protecting Security of Assets) 3. Security Engineering (Engineering and Management of Security) 4. Communications and Network Security (Designing and Protecting Network Security) 5. Identity and Access Management (Controlling Access and Managing Identity) 6. Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing) 7. Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery) 8. Software Development Security (Understanding, Applying, and Enforcing Software Security) Effective April 15, 2015
4 CISSP Domain & Weights Domains Weight 1. Security and Risk Management 16% 2. Asset Security 10% 3. Security Engineering 12% 4. Communication and Network Security 12% 5. Identity and Access Management 13% 6. Security Assessment and Testing 11% 7. Security Operations 16% 8. Software Development Security 10% Total 100%
5 Security & Risk Management The Security and Risk Management provides you with the framework and policies, concepts, principles, structures, and standards used to establish criteria for the protection of information assets and to assess the effectiveness of that protection. It includes issues of governance, organizational behavior, and security awareness.
6 Security & Risk Management • Understand and apply concepts of confidentiality, integrity and availability • Apply security governance principles • Compliance • Understand legal and regulatory issues that pertain to information security in a global context • Understand professional ethics • Develop and implement documented security policy, standards, procedures, and guidelines
7 Security & Risk Management • Understand business continuity requirements • Contribute to personnel security policies • Understand and apply risk management concepts • Understand and and apply threat modeling • Integrate security risk considerations into acquisition strategy and practice • Establish and manage information security education, training, and awareness
8 Asset Security The Asset Security domain provides you with the concepts, principles, structures, and standards used to monitor and secure assets and those controls used to enforce various levels of confidentiality, integrity, and availability.
9 Asset Security • Classify information and supporting assets • Determine and maintain ownership • Protect privacy • Ensure appropriate retention • Determine data security controls • Establish handling requirements
10 Security Engineering The Security Engineering domain provides you with the concepts, principles, structures, and standards used to design, implement, monitor, and secure operating systems, equipment, networks, applications, and those controls used to enforce various levels of confidentiality, integrity, and availability.
11 Security Engineering • Implement and manage engineering processes using secure design principles • Understand the fundamental concepts of security models • Select controls and countermeasures based upon systems security evaluation models • Understand security capabilities of information systems • Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements
12 Security Engineering • Assess and mitigate the vulnerabilities in web-based systems • Assess and mitigate vulnerabilities in mobile systems • Assess and mitigate vulnerabilities in embedded devices and cyber-physical systems • Apply cryptography • Apply secure principles to site and facility design • Design and implement physical security
13 Communications & Network Security The Communications and Network Security domain provides you with an understanding of network security related to structures, methods, formats, and measures for the transmission of information.
14 Communications & Network Security • Apply secure design principles to network architecture • Secure network components • Design and establish secure communication channels • Prevent or mitigate network attacks
15 Identity and Access Management The Identity and Access Management domain provides the basis for the understanding how access management works, why it is a key security discipline, and how each individual component to be discussed in this chapter relates to the overall access management universe. The most fundamental and significant concept to master is a precise definition of the term “access control”.
16 Identity and Access Management • Control physical and logical access to assets • Manage identification and authentication of people and devices • Integrate identity as a service • Integrate third-party identity services • Implement and manage authorization mechanisms • Prevent or mitigate access control attacks • Manage the identity and access provisioning lifecycle
17 Security Assessment and Testing The Security Assessment and Testing domain provides you with the knowledge to assist in managing the risks involved in developing, producing, operating, and sustaining systems and capabilities.
18 Security Assessment and Testing • Design and validate assessment and test strategies • Conduct security control testing • Collect security process data • Analyze and report test outputs • Understand the vulnerabilities of security architectures
19 Security Operations The Security Operations domain covers operations security and security operations. Operations security is primarily concerned with the protection and control of information processing assets in centralized and distributed environments. Security operations is primarily concerned with the daily tasks required to keep security services operating reliably and efficiently.
20 Security Operations • Understand and support investigations • Understand requirements for investigation types • Conduct logging and monitoring activities • Secure the provisioning of resources • Understand and apply foundational security operations concepts • Employ resource protection techniques • Conduct incident management • Operate and maintain preventative measures
21 Security Operations • Implement and support patch and vulnerability management • Participate in and understand change management processes • Implement recovery strategies • Implement disaster recovery processes • Test disaster recover plans • Participate in business continuity planning and exercises • Implement and manage physical security • Participate in addressing personnel safety concerns
22 Software Security Development The Software Security Development domain provides you with the abilities required to ensure that the focus of the enterprise security architecture includes application development, since many information security incidents involve software vulnerabilities in one form or another.
23 Software Development Security • Understand and apply security in the software development lifecycle • Enforce security controls in development environments • Assess the effectiveness of software security • Assess security impact of acquired software
24 CISSP Exam • 250 Questions – 225 questions are graded • Multiple choice questions – One answer is correct or is the “BEST” answer • 6 hours given to complete the exam • Passing grade is 700 out of 1000 points
PREPARING FOR THE EXAM
26 (ISC)² Education Official (ISC)² Education Products Official (ISC)² Guide to the CISSP CBK Textbook Official (ISC)² CISSP Study Guide CISSP for Dummies CISSP Practice Tests Official Study App Exam Outline Official (ISC)² Training Interactive Flashcards For details: https://www.isc2.org/cissp-exam-prep/
27 CISSP Exam Preparation • Self-Study Tools – CISSP Exam Outline – Official (ISC)² Guide to the CISSP CBK, 4th Edition – Official (ISC)² CISSP Study Guide, 7th Edition – CISSP for Dummies, 5th Edition – Official (ISC)² CISSP Practice Tests – Official CISSP Study App – Official (ISC)² CISSP Flash Cards
28 CISSP Exam Preparation • Training Methods – Classroom-based – Private, On-site – Live OnLine – OnDemand
29 Download the Exam Outline • Provides a comprehensive overview of the domains and key areas of knowledge • Examination qualification requirements • Includes a suggested reference list • Download >> www.isc2.org/exam-outline
30 Official (ISC)² Guide to the CISSP CBK, Fourth Edition • Aligns with the 8 domains • Real work examples • Glossary with over 400 terms • End of domain review questions • Only textbook endorsed by (ISC)² • Available in hard cover, iTunes, and Kindle • Learn more >> www.isc2.org/official-isc2-textbooks
31 Official (ISC)² Training Seminar • Official (ISC)² courseware • Taught by an authorized (ISC)² instructor • Student handbook • Real-world learning activities and scenarios • Interactive and engaging learning techniques • Available online, in classroom, or private on-site • Learn more >> www.isc2.org/cissprevsem
32 Official Training Provider Find your nearest official training provider: www.isc2.org/educationaffiliates.aspx
QUESTIONS?

More Related Content

PPT
isms-presentation.ppt
HasnolAhmad2
 
PDF
ISO 27001
n|u - The Open Security Community
 
PPTX
Information Security Governance and Strategy
Dam Frank
 
PDF
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
PPT
Security policy
Dhani Ahmad
 
PPT
Information Assurance And Security - Chapter 1 - Lesson 4
MLG College of Learning, Inc
 
PPT
ISO 27001 - Information Security Management System
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
PPSX
Security policies
Nishant Pahad
 
isms-presentation.ppt
HasnolAhmad2
 
ISO 27001
n|u - The Open Security Community
 
Information Security Governance and Strategy
Dam Frank
 
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Security policy
Dhani Ahmad
 
Information Assurance And Security - Chapter 1 - Lesson 4
MLG College of Learning, Inc
 
ISO 27001 - Information Security Management System
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Security policies
Nishant Pahad
 

What's hot (20)

PDF
Introduction to Cybersecurity
Krutarth Vasavada
 
PDF
Cyber Threat Intelligence
ZaiffiEhsan
 
PDF
Threat Intelligence
Deepak Kumar (D3)
 
PDF
Enterprise Cybersecurity: From Strategy to Operating Model
Eryk Budi Pratama
 
PPTX
Information Security Governance and Strategy - 3
Dam Frank
 
PDF
ISO/IEC 27001:2013 An Overview
Ahmed Riad .
 
PDF
ISO 27001:2022 Introduction
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
PDF
MITRE ATT&CK Framework
n|u - The Open Security Community
 
PPTX
Basic introduction to iso27001
Imran Ahmed
 
PDF
Governance of security operation centers
Brencil Kaimba
 
PDF
NQA ISO 27001 Implementation Guide
NQA
 
PPTX
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
 
PPT
Overview of ISO 27001 ISMS
Akhil Garg
 
PPT
ISO 27001 Benefits
Dejan Kosutic
 
PDF
HITRUST 101: All the basics you need to know
➲ Stella Bridges
 
PDF
ISO 27001:2022 What has changed.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
PPTX
What's changing with ITIL® 4?
ILX Group
 
PDF
Building an effective Information Security Roadmap
Elliott Franklin
 
PDF
Why ISO27001 For My Organisation
Vigilant Software
 
PPTX
The Zero Trust Model of Information Security
Tripwire
 
Introduction to Cybersecurity
Krutarth Vasavada
 
Cyber Threat Intelligence
ZaiffiEhsan
 
Threat Intelligence
Deepak Kumar (D3)
 
Enterprise Cybersecurity: From Strategy to Operating Model
Eryk Budi Pratama
 
Information Security Governance and Strategy - 3
Dam Frank
 
ISO/IEC 27001:2013 An Overview
Ahmed Riad .
 
ISO 27001:2022 Introduction
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
MITRE ATT&CK Framework
n|u - The Open Security Community
 
Basic introduction to iso27001
Imran Ahmed
 
Governance of security operation centers
Brencil Kaimba
 
NQA ISO 27001 Implementation Guide
NQA
 
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
 
Overview of ISO 27001 ISMS
Akhil Garg
 
ISO 27001 Benefits
Dejan Kosutic
 
HITRUST 101: All the basics you need to know
➲ Stella Bridges
 
ISO 27001:2022 What has changed.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
What's changing with ITIL® 4?
ILX Group
 
Building an effective Information Security Roadmap
Elliott Franklin
 
Why ISO27001 For My Organisation
Vigilant Software
 
The Zero Trust Model of Information Security
Tripwire
 
Ad

Similar to CISSP Preview - For the next generation of Security Leaders (20)

PPTX
How to Prepare for the CISSP Exam
koidis
 
PDF
(eBook PDF) Information Security: Principles and Practices 2nd Edition
rrnohojhxx852
 
PPT
Chapter 5
Dr. Muath Asmar
 
PPTX
CS5300 class presentation on managing information systems
zenhubris
 
PDF
CISSP Certification Training By Edvistaar
khushishokeen26681
 
PDF
cissp-course content.pdf & cissp description
Mansi Kandari
 
PDF
CISSP _Course _Description and course overview
priyanshamadhwal2
 
PDF
1. Security and Risk Management
Sam Bowne
 
PPTX
ch1.pptx Chapter 1 of CISSP ch1.pptx Chapter 1 of CISSPch1.pptx Chapter 1 of ...
drsajjad13
 
PPT
Information Technology Security Basics
Mohan Jadhav
 
PDF
Explore the comprehensive CISSP Certification Course syllabus with InfosecTra...
InfosecTrain Education
 
PDF
Security audit
Rahul Bhargava
 
PDF
CNIT 125: Ch 2. Security and Risk Management (Part 1)
Sam Bowne
 
PPTX
Untitled (1).pptx
kabirbhandari241203
 
PPTX
Untitled (1).pptx
kabirbhandari241203
 
PPTX
Starting your Career in Information Security
Ahmed Sayed-
 
PPTX
CISSP-Certified.pptx
ssuser645549
 
PDF
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
Sam Bowne
 
PDF
1 info sec+risk-mgmt
madunix
 
PPTX
Security management concepts and principles
Divya Tiwari
 
How to Prepare for the CISSP Exam
koidis
 
(eBook PDF) Information Security: Principles and Practices 2nd Edition
rrnohojhxx852
 
Chapter 5
Dr. Muath Asmar
 
CS5300 class presentation on managing information systems
zenhubris
 
CISSP Certification Training By Edvistaar
khushishokeen26681
 
cissp-course content.pdf & cissp description
Mansi Kandari
 
CISSP _Course _Description and course overview
priyanshamadhwal2
 
1. Security and Risk Management
Sam Bowne
 
ch1.pptx Chapter 1 of CISSP ch1.pptx Chapter 1 of CISSPch1.pptx Chapter 1 of ...
drsajjad13
 
Information Technology Security Basics
Mohan Jadhav
 
Explore the comprehensive CISSP Certification Course syllabus with InfosecTra...
InfosecTrain Education
 
Security audit
Rahul Bhargava
 
CNIT 125: Ch 2. Security and Risk Management (Part 1)
Sam Bowne
 
Untitled (1).pptx
kabirbhandari241203
 
Untitled (1).pptx
kabirbhandari241203
 
Starting your Career in Information Security
Ahmed Sayed-
 
CISSP-Certified.pptx
ssuser645549
 
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
Sam Bowne
 
1 info sec+risk-mgmt
madunix
 
Security management concepts and principles
Divya Tiwari
 
Ad

More from NUS-ISS (20)

PDF
Designing Impactful Services and User Experience - Lim Wee Khee
NUS-ISS
 
PDF
Upskilling the Evolving Workforce with Digital Fluency for Tomorrow's Challen...
NUS-ISS
 
PDF
The Importance of Cybersecurity for Digital Transformation
NUS-ISS
 
PDF
Architecting CX Measurement Frameworks and Ensuring CX Metrics are fit for Pu...
NUS-ISS
 
PDF
Understanding GenAI/LLM and What is Google Offering - Felix Goh
NUS-ISS
 
PDF
Digital Product-Centric Enterprise and Enterprise Architecture - Tan Eng Tsze
NUS-ISS
 
PDF
Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica...
NUS-ISS
 
PDF
Beyond the Hype: What Generative AI Means for the Future of Work - Damien Cum...
NUS-ISS
 
PDF
Supply Chain Security for Containerised Workloads - Lee Chuk Munn
NUS-ISS
 
PDF
Future of Learning - Yap Aye Wee.pdf
NUS-ISS
 
PDF
Future of Learning - Khoong Chan Meng
NUS-ISS
 
PPTX
Site Reliability Engineer (SRE), We Keep The Lights On 24/7
NUS-ISS
 
PDF
Product Management in The Trenches for a Cloud Service
NUS-ISS
 
PDF
Overview of Data and Analytics Essentials and Foundations
NUS-ISS
 
PDF
Predictive Analytics
NUS-ISS
 
PDF
Feature Engineering for IoT
NUS-ISS
 
PDF
Master of Technology in Software Engineering
NUS-ISS
 
PDF
Master of Technology in Enterprise Business Analytics
NUS-ISS
 
PDF
Diagnosing Complex Problems Using System Archetypes
NUS-ISS
 
PPTX
Satisfying the ‘-ilities’ of an Enterprise Cloud Service
NUS-ISS
 
Designing Impactful Services and User Experience - Lim Wee Khee
NUS-ISS
 
Upskilling the Evolving Workforce with Digital Fluency for Tomorrow's Challen...
NUS-ISS
 
The Importance of Cybersecurity for Digital Transformation
NUS-ISS
 
Architecting CX Measurement Frameworks and Ensuring CX Metrics are fit for Pu...
NUS-ISS
 
Understanding GenAI/LLM and What is Google Offering - Felix Goh
NUS-ISS
 
Digital Product-Centric Enterprise and Enterprise Architecture - Tan Eng Tsze
NUS-ISS
 
Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica...
NUS-ISS
 
Beyond the Hype: What Generative AI Means for the Future of Work - Damien Cum...
NUS-ISS
 
Supply Chain Security for Containerised Workloads - Lee Chuk Munn
NUS-ISS
 
Future of Learning - Yap Aye Wee.pdf
NUS-ISS
 
Future of Learning - Khoong Chan Meng
NUS-ISS
 
Site Reliability Engineer (SRE), We Keep The Lights On 24/7
NUS-ISS
 
Product Management in The Trenches for a Cloud Service
NUS-ISS
 
Overview of Data and Analytics Essentials and Foundations
NUS-ISS
 
Predictive Analytics
NUS-ISS
 
Feature Engineering for IoT
NUS-ISS
 
Master of Technology in Software Engineering
NUS-ISS
 
Master of Technology in Enterprise Business Analytics
NUS-ISS
 
Diagnosing Complex Problems Using System Archetypes
NUS-ISS
 
Satisfying the ‘-ilities’ of an Enterprise Cloud Service
NUS-ISS
 

Recently uploaded (20)

PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
GamePlan Trading System Review: Professional Trader's Honest Take
SOFTTECHHUB
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
GDG Cloud Iasi [PUBLIC] Florian Blaga - Unveiling the Evolution of Cybersecur...
athlonica
 
PPTX
breach-and-attack-simulation-cybersecurity-india-chennai-defenderrabbit-2025....
defencerabbit Team
 
PDF
solutions_manual_-_materials___processing_in_manufacturing__demargo_.pdf
AbdullahSani29
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Advanced Soft Computing BINUS July 2025.pdf
University of Hertfordshire
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Approach and Philosophy of On baking technology
30anthuong17
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
GamePlan Trading System Review: Professional Trader's Honest Take
SOFTTECHHUB
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
GDG Cloud Iasi [PUBLIC] Florian Blaga - Unveiling the Evolution of Cybersecur...
athlonica
 
breach-and-attack-simulation-cybersecurity-india-chennai-defenderrabbit-2025....
defencerabbit Team
 
solutions_manual_-_materials___processing_in_manufacturing__demargo_.pdf
AbdullahSani29
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Advanced Soft Computing BINUS July 2025.pdf
University of Hertfordshire
 

CISSP Preview - For the next generation of Security Leaders

  • 2. OVERVIEW OF 8 DOMAINS A look into the 8 domains in the CISSP CBK
  • 3. 3 CISSP 8 Domains 1. Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity) 2. Asset Security (Protecting Security of Assets) 3. Security Engineering (Engineering and Management of Security) 4. Communications and Network Security (Designing and Protecting Network Security) 5. Identity and Access Management (Controlling Access and Managing Identity) 6. Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing) 7. Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery) 8. Software Development Security (Understanding, Applying, and Enforcing Software Security) Effective April 15, 2015
  • 4. 4 CISSP Domain & Weights Domains Weight 1. Security and Risk Management 16% 2. Asset Security 10% 3. Security Engineering 12% 4. Communication and Network Security 12% 5. Identity and Access Management 13% 6. Security Assessment and Testing 11% 7. Security Operations 16% 8. Software Development Security 10% Total 100%
  • 5. 5 Security & Risk Management The Security and Risk Management provides you with the framework and policies, concepts, principles, structures, and standards used to establish criteria for the protection of information assets and to assess the effectiveness of that protection. It includes issues of governance, organizational behavior, and security awareness.
  • 6. 6 Security & Risk Management • Understand and apply concepts of confidentiality, integrity and availability • Apply security governance principles • Compliance • Understand legal and regulatory issues that pertain to information security in a global context • Understand professional ethics • Develop and implement documented security policy, standards, procedures, and guidelines
  • 7. 7 Security & Risk Management • Understand business continuity requirements • Contribute to personnel security policies • Understand and apply risk management concepts • Understand and and apply threat modeling • Integrate security risk considerations into acquisition strategy and practice • Establish and manage information security education, training, and awareness
  • 8. 8 Asset Security The Asset Security domain provides you with the concepts, principles, structures, and standards used to monitor and secure assets and those controls used to enforce various levels of confidentiality, integrity, and availability.
  • 9. 9 Asset Security • Classify information and supporting assets • Determine and maintain ownership • Protect privacy • Ensure appropriate retention • Determine data security controls • Establish handling requirements
  • 10. 10 Security Engineering The Security Engineering domain provides you with the concepts, principles, structures, and standards used to design, implement, monitor, and secure operating systems, equipment, networks, applications, and those controls used to enforce various levels of confidentiality, integrity, and availability.
  • 11. 11 Security Engineering • Implement and manage engineering processes using secure design principles • Understand the fundamental concepts of security models • Select controls and countermeasures based upon systems security evaluation models • Understand security capabilities of information systems • Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements
  • 12. 12 Security Engineering • Assess and mitigate the vulnerabilities in web-based systems • Assess and mitigate vulnerabilities in mobile systems • Assess and mitigate vulnerabilities in embedded devices and cyber-physical systems • Apply cryptography • Apply secure principles to site and facility design • Design and implement physical security
  • 13. 13 Communications & Network Security The Communications and Network Security domain provides you with an understanding of network security related to structures, methods, formats, and measures for the transmission of information.
  • 14. 14 Communications & Network Security • Apply secure design principles to network architecture • Secure network components • Design and establish secure communication channels • Prevent or mitigate network attacks
  • 15. 15 Identity and Access Management The Identity and Access Management domain provides the basis for the understanding how access management works, why it is a key security discipline, and how each individual component to be discussed in this chapter relates to the overall access management universe. The most fundamental and significant concept to master is a precise definition of the term “access control”.
  • 16. 16 Identity and Access Management • Control physical and logical access to assets • Manage identification and authentication of people and devices • Integrate identity as a service • Integrate third-party identity services • Implement and manage authorization mechanisms • Prevent or mitigate access control attacks • Manage the identity and access provisioning lifecycle
  • 17. 17 Security Assessment and Testing The Security Assessment and Testing domain provides you with the knowledge to assist in managing the risks involved in developing, producing, operating, and sustaining systems and capabilities.
  • 18. 18 Security Assessment and Testing • Design and validate assessment and test strategies • Conduct security control testing • Collect security process data • Analyze and report test outputs • Understand the vulnerabilities of security architectures
  • 19. 19 Security Operations The Security Operations domain covers operations security and security operations. Operations security is primarily concerned with the protection and control of information processing assets in centralized and distributed environments. Security operations is primarily concerned with the daily tasks required to keep security services operating reliably and efficiently.
  • 20. 20 Security Operations • Understand and support investigations • Understand requirements for investigation types • Conduct logging and monitoring activities • Secure the provisioning of resources • Understand and apply foundational security operations concepts • Employ resource protection techniques • Conduct incident management • Operate and maintain preventative measures
  • 21. 21 Security Operations • Implement and support patch and vulnerability management • Participate in and understand change management processes • Implement recovery strategies • Implement disaster recovery processes • Test disaster recover plans • Participate in business continuity planning and exercises • Implement and manage physical security • Participate in addressing personnel safety concerns
  • 22. 22 Software Security Development The Software Security Development domain provides you with the abilities required to ensure that the focus of the enterprise security architecture includes application development, since many information security incidents involve software vulnerabilities in one form or another.
  • 23. 23 Software Development Security • Understand and apply security in the software development lifecycle • Enforce security controls in development environments • Assess the effectiveness of software security • Assess security impact of acquired software
  • 24. 24 CISSP Exam • 250 Questions – 225 questions are graded • Multiple choice questions – One answer is correct or is the “BEST” answer • 6 hours given to complete the exam • Passing grade is 700 out of 1000 points
  • 26. 26 (ISC)² Education Official (ISC)² Education Products Official (ISC)² Guide to the CISSP CBK Textbook Official (ISC)² CISSP Study Guide CISSP for Dummies CISSP Practice Tests Official Study App Exam Outline Official (ISC)² Training Interactive Flashcards For details: https://www.isc2.org/cissp-exam-prep/
  • 27. 27 CISSP Exam Preparation • Self-Study Tools – CISSP Exam Outline – Official (ISC)² Guide to the CISSP CBK, 4th Edition – Official (ISC)² CISSP Study Guide, 7th Edition – CISSP for Dummies, 5th Edition – Official (ISC)² CISSP Practice Tests – Official CISSP Study App – Official (ISC)² CISSP Flash Cards
  • 28. 28 CISSP Exam Preparation • Training Methods – Classroom-based – Private, On-site – Live OnLine – OnDemand
  • 29. 29 Download the Exam Outline • Provides a comprehensive overview of the domains and key areas of knowledge • Examination qualification requirements • Includes a suggested reference list • Download >> www.isc2.org/exam-outline
  • 30. 30 Official (ISC)² Guide to the CISSP CBK, Fourth Edition • Aligns with the 8 domains • Real work examples • Glossary with over 400 terms • End of domain review questions • Only textbook endorsed by (ISC)² • Available in hard cover, iTunes, and Kindle • Learn more >> www.isc2.org/official-isc2-textbooks
  • 31. 31 Official (ISC)² Training Seminar • Official (ISC)² courseware • Taught by an authorized (ISC)² instructor • Student handbook • Real-world learning activities and scenarios • Interactive and engaging learning techniques • Available online, in classroom, or private on-site • Learn more >> www.isc2.org/cissprevsem
  • 32. 32 Official Training Provider Find your nearest official training provider: www.isc2.org/educationaffiliates.aspx