Certified Information Systems Security Professional (CISSP): Certified Information Systems Security Professional (CISSP) 2021
Certification Exam:
- 13 Courses | 11h 27m 38s
- 7 Books | 110h 24m
- Includes Lab
- 18 Courses | 12h 20m 25s
- 7 Books | 112h 58m
- Includes Lab
- 2 Audiobooks | 117h 13m 7s
- Includes Test Prep
- 23 Courses | 14h 8m 19s
- 3 Books | 42h 55m
Prepare for the CISSP certification by acquiring the knowledge to design, implement, and manage secure information systems.
GETTING STARTED
CISSP 2024: Professional Ethics & Security Concepts
-
36s
-
2m 19s
COURSES INCLUDED
(ISC)² & Security Fundamentals
What is (ISC)²? How does it help security? Find out from this course, which will introduce you to the (ISC)² organization, its Code of Professional Ethics, and its CISSP exam, which certifies competence in the eight domains of the (ISC)2(r) CISSP CBK(r). Next, you will study the CIA triad, and consider how to identify, classify, and determine ownership of information and assets. You'll also learn about data privacy protection requirements, such as HIPAA and PCI-DSS, as well as data loss prevention (DLP) methods. Conclude by familiarizing yourself with appropriate asset retention practices and data security controls, as well as information-handling and asset-handling requirements.
11 videos |
39m
Assessment
Badge
Cryptographic Client-based Systems
Gain an advanced knowledge of cryptographic systems, life cycles, techniques, and methodologies. This course introduces you to cryptology and cryptographic systems. It then examines integrity and hashing in relation to cryptography, explores cryptographic methods and techniques, and discusses the nature of cryptanalytic attacks. You will then learn about the phases of the cryptographic life cycle, digital signatures, and the use and function of public key infrastructure (PKI). From there, you will go on to consider key management practices, such as key stretching, pinning, key escrow, and hardware security modules (HSM). Finally, as a review exercise, you will list three types of ciphers, three types of cryptographic hashing, and three different hashing algorithms.
10 videos |
56m
Assessment
Badge
Communication & Network Security
Discover how to implement secure architectures and controls for communication and network security. In this course, you will learn about secure design principles for networks, secure network components, OSI TCP/IP models, multilayer and converged protocols. Other topics covered include the following: signal transmission media, Network Admission Control (NAC) endpoint security, content-distribution networks, unified communications, wireless networking, remote access technology, and virtualized network security. As you conclude, there will be a review exercise, where you will list four security architecture principles, name three common security components of network switches, list three types of proxies, name four features of unified communications, and list five SIEM system features.
12 videos |
1h 15m
Assessment
Badge
Identity and Access Management (IAM)
Explore domain topics related to management, control, deployment, and accountability of various identity and access services in the enterprise, as well as the provisioning life cycle.In this course, you will learn about control physical and logical asset access, identification and authentication of entities, identity integration, authorization mechanism implementation, access control models, identity management implementation, access review and provisioning, and Federated Services. As a review exercise, you will list three examples each of Federated Services, military asset classification labels, and commercial asset classification labels.
9 videos |
59m
Assessment
Badge
Site & Facility Security Controls
Explore the domain of physical security as it relates to the corporate facility and on-site locales. In this course, you will learn about wiring closets, intermediate distribution, security controls for server rooms and data centers, media storage facilities, and evidence storage techniques and practices. Other topics include restricted work area security, utilities and HVAC intrusion protection, environmental controls, and fire prevention, detection, and suppression techniques. As a review exercise, you will name three types of keyless locks, list for types of motion detectors, list three security best practices to store evidence, and list four security practices that the Kraken bitcoin exchange uses for administrative, technical, and physical controls.
9 videos |
33m
Assessment
Badge
CISSP: Security
Explore the domain areas concerning governance, compliance, and business continuity planning for the enterprise security practitioner and engineer. In this course, you will evaluate and apply security governance principles to various situations. You will learn how to determine contractual, legal, industry standard, and regulatory requirements. Then you will move on to review privacy principles, requirements, and legal/regulatory considerations. From there, you will see what is needed to develop, document, and implement security policies, standards, procedures, and guidelines, as well as business continuity and disaster recovery plans. Other topics include learning how to align security functions with business strategies and objectives; ensuring compliance with due care and due diligence; identifying and analyzing cybercrimes and data breaches; comparing import/export and transborder data controls. Finally, you will examine licensing, intellectual property, and privacy requirements.
13 videos |
1h
Assessment
Badge
CISSP: Risk Management
What roles do human resources and legal departments play in ensuring that an enterprise is run securely? During this course, you will explore the governance, compliance, and business continuity planning domains for the enterprise security practitioner and engineer. You will observe how these departments must work closely with the security policy steering committee to enforce personnel security policies and procedures. See how to apply risk assessment and analysis techniques; study how to respond to risks, including measurement and monitoring. Discover how to implement threat modeling concepts and methodologies. Learn to apply risk-based management concepts to the supply chain. Also learn to build and maintain security training programs. Finally, as a review exercise, you will examine various IT security controls.
7 videos |
41m
Assessment
Badge
Security Architecture and Engineering
Explore the world of security engineering, such as the engineering processes that use secure design principles. In this course, you will start by becoming familiar with security architecture and engineering practices. You will then compare various security models, such as the state machine, lattice, noninterference, information flow, Bell-LaPadula confidentiality, and Clark-Wilson integrity models. Next, you will learn how to select various technical controls based on a system's requirements. Other topics include: how to compare security capabilities of one system to another, and how to mitigate vulnerabilities in security architectures and designs. You will conclude the course with a review exercise on how to describe security engineering and design. In the exercise, you will list four principles of secure network design, name five common attributes of next generation firewalls, name four proxy types, and list three rules of the Bell-LaPadula model.
6 videos |
46m
Assessment
Badge
Vulnerability Assessment & Mitigation
Explore the domain of security assessment, design, and mitigation for web-based, mobile, and embedded systems. This course will start by examining common web-based attacks, such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), carjacking, clickjacking, and cookie exploits. Next, you will learn how to evaluate general strategies to mitigate vulnerability. The course then moves on to mitigation strategies fo rmobiles, such as containerization, sandboxes, wrappers, secure encrypted enclaves, TPM, and tokenization. You will then study enterprise mobility management methods, privacy concerns, and security issues. Other topics include how to assess vulnerabilities and common threats for embedded devices; and how to walk through methods to reduce embedded device vulnerability. Finally, as a review exercise, you will describe how to assess and mitigate systems vulnerabilities.
10 videos |
48m
Assessment
Badge
CISSP: Security Assessment & Testing
Find out what is involved with security assessment and testing. In this course, you will walk through steps you can take to support investigations. Examine resource provisioning and protection requirements, such as maintaining a chain of custody (CoC) to handle evidence. Learn key points about how to log and monitor operations, implement tests of security controls and processes, design and validate audit strategies, conduct security audits, and analyze test output. As a review exercise, you will describe how to effectively assess and test security.
8 videos |
51m
Assessment
Badge
CISSP: Security Operations
Explore the subject of security concerns and management tasks of continuous security operations and initiatives. During this course, you will review various operations security principles and see how to conduct or facilitate security audits. You will identify asset inventory measures and asset management controls. See how to manage configurations and changes and spot the differences between change management and configuration management. Compare features of privileged and service accounts. Finally, consider legal issues related to information security, such as service level agreements (SLAs), non-disclosure agreements (NDAs), and operational level agreements (NLAs).
9 videos |
36m
Assessment
Badge
Monitoring & Reporting
Discover security principles and management tasks of continuous security operations and initiatives. Learn about protocol analyzers, network scanners, vulnerability scanners, and other continuous monitoring systems. Review egress monitors as well as security information and event management (SIEM) systems. Examine various types of intrusion detection and prevention methods, such as NIDS and NIPS. Walk through forensic investigative processes. Explore digital forensics tools, tactics, and procedures. Observe reporting and documentation techniques, as part of a post-incident response, including root cause analysis and an after-action report of lessons learned.
9 videos |
51m
Assessment
Badge
Conducting Incident Management
Discover various methods for incident handling, disaster recovery, and business continuity, for enterprise. During this course, you will learn how to conduct detective and preventative measures, implement patch and vulnerability management, participate in change management processes, and setup a disaster recovery plan (DRP). You will observe how to test disaster recovery plans and identify elements of a business continuity plan (BCP). You will also examine physical security needs, such as confidentiality, integrity, and availability (CIA) requirements for an organization. From there you will observe how to assess environmental, man-made, supply system, and political threats, as well as their impacts; and consider protective measures for physical security, such as surveillance, lighting, tokens, biometrics, and Faraday cages. Finally, you will learn how to address personnel safety and security concerns.
12 videos |
1h 26m
Assessment
Badge
SHOW MORE
FREE ACCESS
COURSES INCLUDED
CISSP 2021: (ISC)2 & the CISSP Exam
In this introductory course of this CISSP training series, you will learn about the (ISC)2 code of professional ethics and organizational code of ethics that all CISSP candidates must attest to in order to be certified. These codes transcend the certification and should permeate every aspect of the life of a security practitioner, engineer, or architect. This course will also introduce the various characteristics of the 4-hour CAT and 6-hour linear CISSP examinations, including domain weightings. After completing this course, you'll have a foundational understanding of codes of ethics and aspects of the CISSP exam.
5 videos |
8m
Assessment
Badge
CISSP 2021: Fundamental Concepts & Principles
Even with several years of practical experience in the security field, knowledge and application of specific security concepts and principles may have eluded even the seasoned security professional. Use this course to brush up on some of the vital, core security principles, such as confidentiality, integrity, and non-repudiation. Be reminded of the critical role of security design in the ISO OSI 7-layer Reference Model and the 4-layer TCP/IP Reference Model. Upon completion of this course, you'll be fully attuned to the most fundamental aspects of security. Furthermore, you can use this course to prepare for the CISSP exam.
9 videos |
28m
Assessment
Badge
CISSP 2021: Secure Design Principles
Security design principles are crucial while designing any security mechanism for a system. This course will help you gain a better understanding of how these principles help develop a secure system, which prevents security flaws and also blocks unwanted access to it. Get familiar with security concepts and principles such as defense in depth, least privilege, and zero trust and explore them further with the help of real-world applications and use cases. After completing this course, you'll be aware of the significance of methodologies for implementing separation of duties, secure defaults, secure failure, and privacy by design while avoiding over-complexity.
11 videos |
40m
Assessment
Badge
CISSP 2021: Security Governance Principles
All security imitative begin at the top as an aspect of global corporate governance. The modern security architect must understand the role of security governance in the bigger picture as well as how it should align with the value proposition of the organization. This course will help you get familiar with the principles of security governance, aspects of compliance and industry standards, and the components of conducting investigations. After you are done with this course, you will be able to recognize and assess issues related to security governance, compliance, and regulations. Further, this course will help you prepare for the CISSP exam.
8 videos |
42m
Assessment
Badge
CISSP 2021: Security Policy
The written and published security policy is a critical aspect of security governance in all sizes and types of organizations. Use this course to gain a better understanding of security policy development and implementation. Delve into employment and personnel policies, third-party policies and agreements, as well as security awareness and training. Upon finishing this course, you'll have a foundational knowledge of security governance and will be able to prepare for the CISSP exam.
9 videos |
37m
Assessment
Badge
CISSP 2021: Asset Classification & Lifecycle
Before a security practitioner can even begin to implement security controls and countermeasures, they must have a good understanding of the types and valuation of organizational assets, both tangible and intangible. Data exists in various states and different locations, and it must be handled and treated according to pre-established policies. Explore methods for classifying, prioritizing, handling assets throughout the entire lifecycle to disposition using this course. Examine various aspects of the lifecycle: data and asset states and classification, information and asset handling requirements, data roles, and asset destruction and sanitation. After completing this course, you will have a knowledge of organizational assets and how to classify them. Further, you can also use this course to prepare for the CISSP exam.
9 videos |
42m
Assessment
Badge
CISSP 2021: Risk Management
A security professional must be familiar with risk management concepts to be able to apply them effectively. Use this course to explore the management of risks to tangible and intangible assets. Get familiar with the details of vulnerability and risk assessment, countermeasure selection and implementation, and risk frameworks. This course will also help you examine the monitoring, measuring, and reporting of risk and delve further into threat modeling and supply chain risk management (SCRM). You'll have an understanding of risk management fundamentals and how to apply them after completing this course. Moreover, you can also use this course to prepare for the CISSP exam.
12 videos |
1h 3m
Assessment
Badge
CISSP 2021: Practical Cryptography
Cryptology is crucial to network security as it secures data, information, and communication. Take this course to build a strong foundation in cryptography and cryptanalysis - the two aspects of cryptology. This course will help you gain a better understanding of two objectives of the security architecture and engineering domain: selecting and determining cryptographic solutions and understanding methods of cryptanalytic attacks. These will support your exploration of controls and countermeasures to be implemented going forward in the security lifecycle. You'll be able to outline practical cryptographic solutions and cryptanalysis and prepare for the CISSP exam after completing this course.
10 videos |
40m
Assessment
Badge
CISSP 2021: Identity and Access Management Principles
Identity and access management (IAM) is crucial for businesses in order to identify and mitigate security violations, define user identity, and manage access privileges and authorization. Gain a better understanding of critical concepts, terms, and models needed to build a strong foundation in IAM using this course. Explore different areas of physical and logical control and learn more about security models like Biba and Bell-LaPadula. You will also delve deeper into authorization mechanisms, such as MAC, RBAC, DAC, and ABAC. You will have a better understanding of authentication and authorization fundamentals after completing this course. Further, you can also use this course to prepare for the CISSP exam.
11 videos |
34m
Assessment
Badge
CISSP 2021: Deploying Identity & Access Management (IAM)
If implemented properly, Identity Access Management mechanisms and protocols can greatly improve an enterprise's visibility and security. This course will help you delve deeper into the practical implementation of identity and access management controls and mechanisms. Explore the implementation of authentication systems like SAML, investigate the management of the identity and access provisioning lifecycle, and discover how the identification of people, devices, and services are managed. You'll also examine authentication and authorization protocols, provisioning and deprovisioning, and accounting, registration, and proofing of identity. After finishing this course, you'll have an understanding of how to effectively use and execute identity and access mechanisms within your organization. Moreover, you can also use this course to prepare for the CISSP exam.
12 videos |
44m
Assessment
Badge
CISSP 2021: Architecture, Design, & Solutions Vulnerabilities
A security professional needs to be acquainted with security architecture and engineering as they determine the design, implementation, monitoring, and securing of systems and networks of an organization. Use this course to explore the fundamentals of security architecture and engineering. Learn more about client-server, databases, and distributed systems, examine IoT, containers, serverless, and microservices, and explore embedded system security and constraints in detail. You'll also get familiar with TPM, HPC, and edge computing security. Upon completion of this course, you'll be able to assess and mitigate the vulnerabilities of modern security architectures, designs, and solutions, as well as understanding the capabilities of securing information systems. Further, you can also use this course to prepare for the CISSP exam.
12 videos |
51m
Assessment
Badge
CISSP 2021: Site & Facility Security
In past iterations of the CISSP exam, physical security was a domain in itself. In the recent version of CISSP, this topic is found in the Security Architecture and Engineering domain. Use this course to explore security principles and for site and facility design and examine various site and facility security controls. Discover how to navigate the essentials of facility and site security, investigate common physical controls, and get familiar with the physical defense-in-depth approach. You'll also learn about the prevention, detection and, suppression of fire in greater detail. After completing this course, you'll be able to assess issues with the security design of a site or facility and implement appropriate controls to address them. Moreover, you can also use this course to prepare for the CISSP exam.
12 videos |
42m
Assessment
Badge
CISSP 2021: Communication & Network Security
Some CISSP domains have evolved further than the others over the past few years, and the communication and network security domain is a prime example. Explore cutting-edge technologies, such as converged protocols, micro-segmentation, 5G, and content distribution networks (CDN) using this course. Examine secure protocols, wireless and cellular networking, and secure communication channels. This course will also help you investigate the mechanisms involved in endpoint security. After completing this course, you'll be acquainted with the fundamentals of security concerns in network channels. You can also use this course to prepare for the CISSP exam.
10 videos |
1h 6m
Assessment
Badge
CISSP 2021: Security Operations
The security operations domain represents 13% of the CISSP exam and is one of the most important areas of practice for the security engineer and architect. Use this course to gain an in-depth theoretical comprehension of core security concepts, such as configuration, change, and patch management, logging and monitoring, vulnerability assessment and management, incident response, BCP, BIA, DRP, and forensic investigations. After completing this course, you'll be familiar with the processes, best practices, and tools to put these security concepts in place. If you're preparing for the CISSP exam, this course will help you.
10 videos |
1h 2m
Assessment
Badge
CISSP 2021: Business Continuity Planning
Business impact and continuity planning form part of the most crucial topics in security operations. They involve identifying risks, foreseeing potential threats and the impact on business operations if disasters occur, and planning accordingly to prevent and recover from these possible occurrences. Use this course to learn how to develop a business impact analysis plan. Examine what's involved in business continuity planning and continuity of operations processes. Explore various backup storage and recovery strategies. Also, learn how to conduct multiple types of tests on disaster recovery plans. Upon completion of this course, you'll be able to plan for recovery from various types of disasters and know how to document all processes before and after the fact correctly. Furthermore, you'll be a step closer to being prepared for the CISSP exam.
8 videos |
35m
Assessment
Badge
CISSP 2021: Security Assessment & Testing
For an organization to achieve continual improvement and attain a higher level of security maturity, a solid plan for security assessment and testing must be in place. Explore the fundamental aspects of security assessment and testing through this course. You will delve deeper into designing and validating assessment, test and audit strategies, and data collection. This course will also give you a deeper insight into performing security testing, analyzing the output, generating reports, and facilitating audits. After completing this course, you will possess the skills and knowledge to implement appropriate security assessment and testing measures within your organization. Further, you can also use this course to prepare for the CISSP 2021 exam.
6 videos |
29m
Assessment
Badge
CISSP 2021: Software Development Lifecycles & Ecosystems
Security has become an integral element of the software development lifecycle (SDLC). A security professional needs to be aware of software development methodologies and ecosystems to safeguard their business against data breaches and other security threats. Use this course to learn more about different aspects of software development lifecycles, such as development methodologies, maturity models, security controls, SOAR and SCM in application security, and application security testing. Having completed this course, you'll have a foundational understanding of the different elements of SDLC. Moreover, you can also use this course to prepare for the CISSP 2021 exam.
8 videos |
36m
Assessment
Badge
CISSP 2021: Software Development Security
Securing software development should be an area of focus for business owners and security professionals because it reduces business risk, protects the data stored in business applications, and ensures ongoing compliance with governing security laws and regulations. Use this course to gain a deeper understanding of software development security. Learn more about assessing built and acquired software security, cloud deployment types and their relationship to security, and software diversity. You'll also examine weaknesses in source code and APIs and secure coding techniques. Upon completion of this course, you'll have the skills and knowledge to implement secure practices while developing software. You'll also be a step closer in your preparation for the CISSP 2021 exam.
8 videos |
32m
Assessment
Badge
SHOW MORE
FREE ACCESS
COURSES INCLUDED
CISSP 2024: Professional Ethics & Security Concepts
Regardless of the guidance that one is following as a security professional, one common theme is that architects must be held to a high ethical standard based on their responsibility to manage risk to all assets. In this course, you will explore the International Information System Security Certification Consortium (ISC2) Code of Professional Ethics. Then you will discover organizational codes of ethics, which establish an integral aspect of a mission and model adopted by an organization. Finally, you will focus on the Five Pillars of information security - confidentiality, integrity, availability, authenticity, and non-repudiation. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
9 videos |
18m
Assessment
Badge
CISSP 2024: Security Governance & Compliance Issues
Security governance is the set of practices exercised by executive management to offer strategic direction, ensuring that objectives are achieved, determining that risks are managed properly, and verifying that the organizations' resources are used responsibly. Begin this course by discovering how to align security governance with organizational goals and objectives. Then you will explore organizational processes like acquisitions, divestitures, and governance committees, as well as organizational roles and responsibilities. You will investigate security control frameworks like including the International Organization for Standardization (ISO), the National Institute of Standards and Technology (NIST) and learn about due diligence, due care, cybercrimes, and data breaches. Next, you will examine licensing and intellectual property requirements, import and export controls, transborder data flow, and privacy-related issues. Finally, you will focus on contractual, legal, industry standards and regulatory requirements. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
12 videos |
42m
Assessment
Badge
CISSP 2024: Investigations & Policies
Cybercrime investigation is a critical practice in a modern security landscape. In this field, skilled security professionals from agencies like the FBI use digital forensics to track, analyze, and dismantle various types of cybercrime and cyber threats. This course covers several CISSP exam objectives. You will begin by exploring the requirements for administrative, criminal, civil, regulatory, and industry investigations. You will then learn to develop, document, and implement security policy, standards, procedures, and guidelines. Finally, you will discover considerations for the enforcement of personnel security policies and procedures. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
7 videos |
32m
Assessment
Badge
CISSP 2024: Risk Management Concepts
Security risk management involves the continual process of identifying security risks and implementing strategy and tactics to mitigate them. It is a vital component of any organization's strategy to protect its assets, ensure regulatory compliance, maintain operational continuity, and safeguard its reputation. Begin this course by exploring threat and vulnerability identification, as well as risk analysis, assessment, and response. Next, you will discover control categories, types, and assessments. Then you will investigate continuous monitoring and measurement and risk management reporting. Finally, you will examine continuous improvement and risk frameworks as you gain the essential skills to protect and secure your organization's critical resources. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
11 videos |
45m
Assessment
Badge
CISSP 2024: Threat Modeling, SCRM, & Security Awareness
Threat modeling uses hypothetical scenarios, system and data flow diagrams, and testing to assist in securing systems, applications and data. In this course, the learner will explore threat modeling concepts and methodologies, supply chain risk management (SCRM) concepts, and ways to establish and maintain a security awareness, education, and training program. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
8 videos |
29m
Assessment
Badge
CISSP 2024: Asset Classification, Handling, & Provisioning
It is an established principle that before risk can be assessed and analyzed, an organization must know what physical and software resources they have. This enables businesses to categorize and allocate their assets effectively, thus mitigating risks, optimizing usage, and potentially saving costs. Begin this course by exploring general asset classification, types of assets, and restricted, confidential, internal, and public data. Then you will discover information and asset handling requirements and secure provisioning of assets. Next, you will investigate different use cases for asset ownership. Finally, you will examine tangible and intangible asset inventory and asset management per International Organization for Standardization (ISO) guidelines. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
9 videos |
23m
Assessment
Badge
CISSP 2024: Data Lifecycle, Controls, & Compliance
Data is one of the highest-priority assets that most organizations possess. For CISSP professionals, understanding the data lifecycle to ensure that security measures are applied at each stage to protect sensitive information, controls, and compliance is crucial. Together, these elements form the backbone of a robust security strategy, ensuring that data is managed securely throughout its lifecycle, mitigating risks through effective controls, and meeting legal and regulatory requirements. Begin this course by exploring various data roles like owner, controllers, and processors, as well as in use, in transit, and at rest data states. Then you will delve into the phases of the data lifecycle, including data collection, data location, data maintenance, data retention and remanence, and data destruction. Next, you will compare data scoping to data tailoring and learn how to select appropriate data security and privacy standards. Finally, you will focus on data protection methods, including digital rights management (DRM), data loss prevention (DLP), and cloud access security brokers (CASBs). This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
12 videos |
34m
Assessment
Badge
CISSP 2024: Secure Design Principles & Models
For the CISSP exam, one must be able to understand a variety of security design principles and practices. The topics in this course cover the following Domain 3 objectives: research, implement, and manage engineering processes using secure design principles and understand the fundamental concepts of security models. Begin by exploring the importance of least privilege and defense in depth to create multi-layered security defenses and restrict access to sensitive information. You will then look at concepts of segregation of duties (SOD), keeping it simple and small, and privacy by default and design. Next, you will consider how the shared responsibility model is crucial for participants to grasp the roles and accountability in cloud and collaborative environments. You will also explore threat modeling techniques to identify, evaluate, and mitigate potential security threats. Finally, you will compare zero trust vs. trust, explore the secure access service edge (SASE) framework, and consider the fundamental concepts of security models such as Bell-LaPadula, Biba, Star, and Clark-Wilson. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
12 videos |
40m
Assessment
Badge
CISSP 2024: Vulnerabilities of Architectures, Designs, & Solution Elements
A security vulnerability is a weakness, flaw, or error found within a security element that has the potential to be leveraged by a threat agent in order to compromise a secure network, system, or application. The goal of this course is to prepare the CISSP candidate to assess and mitigate the vulnerabilities of security architectures, designs, and solution elements. In this course, you will begin by considering the potential vulnerabilities of various systems including client-based, server-based, database, cryptographic, industrial control (ICS), embedded, virtualized, cloud-based, and distributed systems and how you might mitigate these issues. Next, you will walk through ways to lessen vulnerabilities in Internet of Things (IoT) devices and discover how to assess and mitigate vulnerabilities in containerized systems and microservices including application programming interface (API) calls. You will also look at the potential weaknesses in serverless technologies, high-performance computing, and edge computing and how to alleviate these issues. Finally, you will explore the security capabilities of Information Systems like memory protection, Trusted Platform Module (TPM), and encryption/decryption.
14 videos |
55m
Assessment
Badge
CISSP 2024: Cryptographic Solutions & Cryptanalytic Attacks
Cryptology is the science of securing all communications. Cryptography generates messages with hidden meaning whereas cryptanalysis is the science of breaking those encrypted messages to recover their meaning. In this course, we will begin by defining several cryptographic methods such as symmetric, asymmetric, elliptic curves, and quantum and explore the cryptographic life cycle. Next, we will compare key management practices like generation and rotation and look at digital signatures and digital certificates for non-repudiation and integrity. We will then explore public key infrastructure (PKI), including quantum key distribution, and compare several types of brute force attacks. Finally, we will delve into implementation attacks, side-channel attacks, Kerberos exploitation, and ransomware attacks. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
12 videos |
48m
Assessment
Badge
CISSP 2024: Site & Facility Security
Physical security consists of tested practices for protecting building sites and equipment (and all information and software contained therein) from theft, vandalism, natural disaster, human-caused catastrophes, and accidental damage, thereby maintaining overall organizational security. Begin this course by exploring site and facility security design principles, as well as perimeter and internal security controls to gain insights into safeguarding both the outer and inner layers of infrastructure. Then you will investigate security concerns for wiring closets, distribution frames, server rooms, data centers, and media and evidence storage facilities. Next, you will examine security issues for restricted and work areas, utilities, and heating, ventilation, and air conditioning (HVAC) systems. Additionally, you will focus on environmental topics, including fire prevention, detection, and suppression. Finally, you will discover power issues and controls, including redundancy and backup, and personnel safety concerns including insider threats, social media impacts, two-factor authentication (2FA) fatigue, emergency management, and duress. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
13 videos |
46m
Assessment
Badge
CISSP 2024: Secure Design Principles in Network Architectures (Part 1)
In the digital era, understanding network protocols and their impact on performance is crucial for IT professionals tasked with maintaining robust and efficient communication systems. This course is the first of two courses that cover a large part of CISSP Domain 4. In this course the learner will focus on several aspects of secure design principles in network architectures including OSI and TCP/IP protocols for IPv4 and IPv6, secure protocols, multilayer protocol implications, converged protocols, transport architectures, performance metrics, and traffic flows. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
10 videos |
47m
Assessment
Badge
CISSP 2024: Secure Design Principles in Network Architectures (Part 2)
In today's increasingly complex threat landscape, securing physical sites and facilities is paramount for safeguarding assets, data, and personnel. This course covers secure design principles in network architectures beginning with an exploration of physical and logical segmentation and microsegmentation. Next you will dig into edge networks, including peering and ingress/egress. You will compare types of wireless networks and explore cellular and mobile networks. Next you will discover the roles of content distribution networks (CDNs), software-defined networks (SDNs), and virtual private clouds (VPCs) in security design. Finally, you will explore security monitoring and management. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
12 videos |
47m
Assessment
Badge
CISSP 2024: Securing Network Components & Communication Channels
Evaluate the best data communications solutions for your organizations based on factors such as reliability, cost, and security. In this course, you'll explore how to design and deploy infrastructure that meets the requirements of modern businesses. Learn how to evaluate infrastructure solutions based on factors such as reliability, scalability, and cost-effectiveness, explore the best practices for maintaining that infrastructure, and learn about the different types of transmission media, including physical security and signal propagation quality. Next, you'll discover different transmission media solutions, Network Access Control (NAC) systems, and gain an understanding of how to design and deploy NAC solutions that provide comprehensive security to network endpoints. Finally, explore the different types of data communications, including backhaul networks, satellite, and third-party connectivity such as telecom providers and hardware support. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
10 videos |
34m
Assessment
Badge
CISSP 2024: Controlling Asset Access, Device Identification, and Authentication
Traditionally, access control has been described as AAA services. Authentication, authorization, and accounting (AAA) is a security framework that controls access to computer resources, enforces policies, and audits usage. This course explores classic and evolving approaches to controlling asset access and device identification and authentication. Topics include physical and logical access, groups and roles, AAA services, session management, registration, proofing, identity, federated identity management (FIM), credential management systems, single sign-on (SSO), Just-In-Time (JIT), authentication systems, and federated identity. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
13 videos |
45m
Assessment
Badge
CISSP 2024: Authorization Mechanisms & Identity Management
While authentication is technically mandatory, authorization is optional, and if all principals had root or administrative access in a small organization, there would be no need for different access layers. This scenario, however, is quite rare and is a violation of modern identity management and zero-trust initiatives. In this course, learn about the implementation and management of authorization mechanisms and control of the identity and access provisioning lifecycle, including rule-based, role-based, discretionary, mandatory, attribute-based, and risk-based access controls. Next, compare attribute-based access control (ABAC) with RBAC and explore access policy enforcement, account access review, and provisioning/deprovisioning. Finally, examine role definitions and transitions, privilege escalation, and service accounts management. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
13 videos |
35m
Assessment
Badge
CISSP 2024: Security Audit & Controls Testing
A security audit is a comprehensive assessment of an organization's information systems. Typically, they measure the systems and applications against an audit checklist of industry best practices, externally established standards, and/or federal regulations. In this course, differentiate internal, external, and third-party auditing and learn about locations for auditing and controls testing, the purpose of a vulnerability assessment, and the basics of penetration testing. Next, explore log reviews and log data, code review and testing techniques, and compare synthetic transactions, benchmark, and misuse case testing. Finally, examine coverage analysis concepts, compare interface testing methods, and discover the purpose of compliance checks. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
12 videos |
34m
Assessment
Badge
CISSP 2024: Collecting & Analyzing Security Process Data
Collecting and analyzing security process data is a key aspect of maintaining and improving the overall security of a business or organization, and there is a vast array of sources and metrics that must be considered. In this course, learn about account management process data collection, management review and approval data collection, and key concepts of security management key performance indicators (KPI) and key risk indicators (KRIs). Next, examine data backup verification best practices, training and awareness process data, and disaster recovery (DR) and business continuity (BC) process data. Finally, discover how to analyze test output and generate reports, and explore best practices for proper security audit reporting. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
10 videos |
22m
Assessment
Badge
CISSP 2024: Logging, Monitoring, & Investigations
In the realm of cybersecurity, logging, monitoring, and investigations play a critical role in ensuring the integrity, confidentiality, and availability of information systems. These processes help to safeguard an organization's digital assets from potential threats. In this course, learn about log management, intrusion detection and prevention systems (IDPS), and compare security information and event management (SIEM) and security orchestration, automation, and response (SOAR). Next, explore continuous monitoring and tuning, threat intelligence and hunting concepts, and user and entity behavior analytics. Finally, examine cyber forensics collection and handling, the forensic analysis process and activities, and forensic reporting and documentation. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
12 videos |
33m
Assessment
Badge
CISSP 2024: Foundational Security Operations & Resource Protection
Different organizations have varying definitions of change management and configuration management in IT. In this course, learn the differences between IT change management and configuration management, compare need to know and least privilege, and explore segregation of duties (SoD) and privileged account management (PAM). Next, learn about job rotation, service-level agreements (SLAs), and how to apply resource protection for media management. Finally, examine the processes of the incident management life cycle, including preparation, detection, response, mitigation, reporting, recovery, remediation, and lessons learned. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
14 videos |
36m
Assessment
Badge
CISSP 2024: Operating Detection & Preventative Measures
A firewall system is designed to prevent fires from spreading from one zone or domain to another. Patch management, on the other hand, can stop a fire from ever starting. In this course, examine operating detection and preventative measures, including intrusion detection systems (IDS) and intrusion prevention systems (IPS) and whitelisting and blacklisting. Next, learn about third-party security services, sandboxing, and honeypots and honeynets. Finally, explore antimalware systems, machine learning (ML) and AI-based tools, and how to implement and support patch and vulnerability management. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
11 videos |
36m
Badge
CISSP 2024: Business Continuity Planning & Exercises
Business continuity planning is a systematic and comprehensive strategy and set of tactics for ensuring that an organization can prevent or quickly recover from a significant disruption to its operations at a pre-determined acceptable level. In this course, discover methods to identify, assess, prioritize, and implement business continuity requirements. Learn about the business continuity plan (BCP) and business impact analysis (BIA). Next, explore how to implement recovery strategies using backup storage and recovery sites. Finally, learn about the importance of system and design resilience, high availability, and fault tolerance. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
9 videos |
35m
Badge
CISSP 2024: Implement Disaster Recovery
Generally speaking, disaster recovery (DR) involves securely replicating and backing up critical data and workloads to another or multiple sites. In this course, learn about disaster recovery response, personnel involved in the disaster recovery process, communications methods for disaster recovery, and disaster recovery plan (DRP) assessments. Next, explore the restoration from disasters process, various methods for testing the disaster recovery plan, and documenting lessons learned in disaster recovery. Finally, examine how to communicate test results and best practices for training and awareness for disaster recovery planning. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
11 videos |
21m
Badge
CISSP 2024: Securing the SDLC & Software Development Ecosystems
According to Amazon Web Services (AWS), the Software Development Life Cycle (SDLC) is a cost-effective and time-efficient development team process used to design and build high-quality software. The goal of the SDLC is minimizing project risks through forward planning so software during production and beyond meets customer expectations. In this course, explore various development methodologies and maturity models and DevOps operations, maintenance, and change management concepts. Next, explore integrated product teams (IPTs), apply security controls in various scenarios, and work with integrated development environments (IDEs) and toolsets. Finally, learn how to apply security controls in CI/CD and code repositories, software configuration management (SCM) benefits, and application security testing techniques. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
12 videos |
42m
Assessment
Badge
SHOW MORE
FREE ACCESS
EARN A DIGITAL BADGE WHEN YOU COMPLETE THESE COURSES
Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.
Digital badges are yours to keep, forever.BOOKS INCLUDED
Book
The Official (ISC)2 Guide to the CISSP CBK Reference, 5th EditionWhether you've earned your CISSP credential or are looking for a valuable resource to help advance your security career, this comprehensive guide offers everything you need to apply the knowledge of the most recognized body of influence in information security.
18h 50m
By John Warsinske, et al.
Book
CISSP: Certified Information Systems Security Professional Study Guide, Eighth EditionCovering 100% of all exam objectives, this book will help you prepare for the exam smarter and faster thanks to expert content, real-world examples, advice on passing each section of the exam, and much more.
24h 22m
By Darril Gibson, James Michael Stewart, Mike Chapple
Book
CISSP All-in-One Exam Guide, Eighth EditionFeaturing learning objectives at the beginning of each chapter, exam tips, practice questions, and in-depth explanation, this completely up-to-date self-study system helps you pass the exam with ease and also serves as an essential on-the-job reference.
30h 39m
By Fernando Maymí, Shon Harris
Book
CISSP Practice Exams, Fifth EditionDesigned to help you pass the test with ease, this thorough resource offers complete coverage of all eight CISSP exam domains and each chapter features practice exam questions, a quick answer key, and in-depth answer explanations to reinforce what you've learned.
7h 20m
By Jonathan Ham, Shon Harris
Book
CISSP for Dummies, 6th EditionIf you're a security professional seeking your CISSP certification, this expert guide is a perfect way to prepare for the exam.
9h 25m
By Lawrence C. Miller, Peter H. Gregory
Book
(ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests, Second EditionGiving you the advantage of full and complete preparation, this in-depth study guide provides 1,300 unique questions with detailed answers and explanations to help you solidify your knowledge in advance of taking the CISSP exam.
14h 27m
By David Seidl, Mike Chapple
Book
70 Tips and Tricks for Mastering the CISSP ExamLearn how to think and apply knowledge in a practical way. Tackling the CISSP exam is vastly different from simply understanding the subject matter.
5h 21m
By R. Sarma Danturthi
SHOW MORE
FREE ACCESS
BOOKS INCLUDED
Book
CISSP All-in-One Exam Guide, Ninth EditionThis book features learning objectives at the beginning of each chapter, exam tips, practice questions, and in-depth explanations.
28h 8m
By Fernando Maymi
Book
(ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests, 3rd EditionIn this book, you'll learn Security and Risk Management, Asset Security, Security Architecture and Engineering, Communication and Network Security, Identity and Access Management (IAM), Security Assessment and Testing, Security Operations, and Software Development Security.
15h 46m
By Darril Gibson, David Seidl, James Michael Stewart, Mike Chapple
Book
(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide, 9th EditionIn this book, you'll learn to prepare for the exam smarter and faster with Sybex thanks to expert content, knowledge from our real-world experience, advice on mastering this adaptive exam, access to the Sybex online interactive learning environment, and much more.
28h 53m
By Darril Gibson, James Michael Stewart, Mike Chapple
Book
70 Tips and Tricks for Mastering the CISSP ExamLearn how to think and apply knowledge in a practical way. Tackling the CISSP exam is vastly different from simply understanding the subject matter.
5h 21m
By R. Sarma Danturthi
Book
CISSP Passport, 1st EditionThis quick review study guide offers 100% coverage of every topic on the latest version of the CISSP exam.
9h 29m
By Bobby E. Rogers
Book
The Official (ISC)2 CISSP CBK Reference, Sixth EditionThoroughly updated for 2021 and beyond, this is the authoritative common body of knowledge (CBK) from (ISC)2 for information security professionals charged with designing, engineering, implementing, and managing the overall information security program to protect organizations from increasingly sophisticated attacks.
13h 34m
By Aaron Kraus, Arthur J. Deane
Book
CISSP Study Guide, Fourth EditionCISSP(r) Study Guide, Fourth Edition provides the latest updates on CISSP(r) certification, the most prestigious, globally-recognized, vendor neutral exam for information security professionals.
11h 47m
By Eric Conrad, Joshua Feldman, Seth Misenar
SHOW MORE
FREE ACCESS
BOOKS INCLUDED
Book
CISSP Exam Certification Companion: 1000+ Practice Questions and Expert Strategies for Passing the CISSP ExamThis is a comprehensive guide for individuals preparing for the Certified Information Systems Security Professional (CISSP) exam. The book's main focus is to provide readers with a wealth of practice questions and expert tips to help them pass the CISSP exam.
8h 28m
By Mohamed Aly Bouke
Book
ISC2 CISSP Certified Information Systems Security Professional: Official Practice Tests, Fourth EditionThe CISSP credential signifies a body of knowledge and a set of guaranteed skills that put you in demand in the marketplace. This book is your ticket to achieving this prestigious certification, by helping you test what you know against what you need to know.
8h 38m
By David Seidl, Mike Chapple
Book
ISC2 CISSP Certified Information Systems Security Professional Official Study Guide, Tenth EditionThe book's co-authors bring decades of experience as cybersecurity practitioners and educators, integrating real-world expertise with the practical knowledge you'll need to successfully prove your CISSP mastery. Combined, they've taught cybersecurity concepts to millions of students through their books, video courses, and live training programs.
25h 49m
By Darril Gibson, James Michael Stewart, Mike Chapple
AUDIOBOOKS INCLUDED
Audiobook
CISSP All-in-One Exam Guide, Ninth EditionCovers all eight CISSP domains: security and risk management, asset security, security architecture and engineering, communication and network security, identity and access management (IAM), security assessment and testing, security operations, and software development security.
51h 34m 18s
By Fernando Maymi, Shon Harris
Audiobook
(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide 9th Edition(ISC)2 Certified Information Systems Security Professional (CISSP) Official Study Guide, 9th Edition has been completely updated based on the latest 2021 CISSP Exam Outline. This bestselling Sybex study guide covers 100% of the exam objectives.
65h 38m 49s
By Darril Gibson, James Michael Stewart, Mike Chapple
SKILL BENCHMARKS INCLUDED
CISSP: Asset Security Proficiency (Advanced Level)
The CISSP: Asset Security Proficiency benchmark will measure your ability to recognize key terms and concepts related to asset security. You will be evaluated on asset classification, lifecycle, and change management practices as they relate to security best practices. A learner who scores high on this benchmark demonstrates that they have the skills related to understanding key asset security terminology and concepts.
30m
| 15 questions
CISSP: Communication and Network Security Proficiency (Advanced Level)
The CISSP: Communication and Network Security Proficiency benchmark will measure your ability to recognize key terms and concepts related to communication and network security. You will be evaluated on security governance, communication and network security, and network hardening. A learner who scores high on this benchmark demonstrates that they have an understanding of communication and network security terminology and concepts.
30m
| 15 questions
CISSP: Identity and Access Management (IAM) Proficiency (Advanced Level)
The CISSP: Identity and Access Management (IAM) Proficiency benchmark will measure your ability to recognize key terms and concepts related to identity and access management. You will be evaluated on identity and access management principles and deploying identity and access management. A learner who scores high on this benchmark demonstrates that they have the skills related to understanding key identity and access management terminology and concepts.
20m
| 25 questions
CISSP: Security and Risk Management Proficiency (Advanced Level)
The CISSP: Security and Risk Management Proficiency benchmark will measure your ability to recognize key terms and concepts related to security and risk management. You will be evaluated on security and risk principles, security governance principles, security policies, risk management, and business continuity planning. A learner who scores high on this benchmark demonstrates that they have the skills related to understanding key security and risk management terminology and concepts.
30m
| 30 questions
CISSP: Security Architecture and Engineering Proficiency (Advanced Level)
The CISSP: Security Architecture and Engineering Proficiency benchmark will measure your ability to recognize key terms and concepts related to security architecture and engineering. You will be evaluated on secure design principles, cryptography, design vulnerabilities, and site and facility security. A learner who scores high on this benchmark demonstrates that they have the skills related to understanding security architecture and engineering terminology and concepts.
30m
| 30 questions
CISSP: Security Assessment and Testing Proficiency (Advanced Level)
The CISSP: Security Assessment and Testing Proficiency benchmark will measure your ability to recognize key terms and concepts related to security assessment and testing proficiency. You will be evaluated on security assessments and testing, pen testing, and software assessment. A learner who scores high on this benchmark demonstrates that they have the skills related to security assessment and testing proficiency terminology and concepts.
15m
| 15 questions
CISSP: Security Operations Proficiency (Advanced Level)
The CISSP: Security Operations Proficiency benchmark will measure your ability to recognize key terms and concepts related to security operations concepts. You will be evaluated on security concepts for site and facility security, security operations, and business continuity planning. A learner who scores high on this benchmark demonstrates that they have the skills related to understanding key security operations terminology and concepts.
15m
| 15 questions
CISSP: Software Development Security Proficiency (Advanced Level)
The CISSP: Software Development Security Proficiency benchmark will measure your ability to recognize key terms and concepts related to software development security. You will be evaluated on software development lifecycles and ecosystems, and software development security. A learner who scores high on this benchmark demonstrates that they have an understanding of key software development security terminology and concepts.
30m
| 20 questions
SHOW MORE
FREE ACCESS