WIXLIB

E-guideGetting your CISSPCertificationIntro to the 10 CISSP domains of the Common Body of Knowledge

E-guideIn this e-guide:In this e-guideThe Certified Information Systems Security Professional (CISSP) is anDomain 1p.3Domain 2p.4information security certification that was developed by the InternationalInformation Systems Security Certification Consortium, also known as(ISC)².Domain 3p.5Domain 4p.6Domain 5p.7Domain 6p.8Domain 7p.9Domain 8p.10Domain 9p.11Domain 10p.12Continue Reading AboutCertified Information SystemsSecurityp.13Page 1 of 14The CISSP exam covers 10 individual subject areas, which are referred toas domains. The 10 domains make up (ISC)² 's Common Body ofKnowledge (CBK), which is a framework and collection of informationsecurity best practices, methodologies, technologies and concepts.Jump to any of the 10 domains of the CISSP CBK listed in this guide:Domain 1: Information Security Governance and Risk ManagementDomain 2: Access ControlDomain 3: CryptographyDomain 4: Security Architecture and DesignDomain 5: Telecommunications and Network SecurityDomain 6: Software Development SecurityDomain 7: Business Continuity and Disaster Recover PlanningDomain 8: Legal, Regulations, Investigations, and ComplianceDomain 9: Physical SecurityDomain 10: Operations Security

E-guideSearchSecurity partnered with Logical Security and Shon Harris, theIn this e-guideinformation security leading certification preparation instructor, toDomain 1p.3create SearchSecurity's CISSP Essentials Security School.Domain 2p.4SearchSecurity’s CISSP Essentials Security School offers free trainingDomain 3p.5that covers critical topics in each of these 10 domains to helppractitioners prepare for the 6 hour exam which asks 250 questions.Domain 4p.6Domain 5p.7Domain 6p.8Domain 7p.9Domain 8p.10Domain 9p.11Domain 10p.12Each of the 10 lessons feature videos, tutorials and an exclusive quizoffering prep questions similar those on the real CISSP exam.For a deeper introduction to the (ISC)² CISSP certification in the areas of: CISSP: The "gold standard" of the information security industry CISSP exam subject areas Anatomy of the exam and its "interactive" evolution Mapping the exam to security models Why simply knowing the material isn't enoughGo to: An introduction to the CISSP security certification examContinue Reading AboutCertified Information SystemsSecurityp.13Page 2 of 14

E-guideIn this e-guideDomain 1p.3Domain 2p.4Domain 3p.5Domain 4p.6Domain 5p.7Domain 6p.8Domain 7p.9Domain 8p.10DOMAIN 1 - Information SecurityGovernance and Risk ManagementWhile hacking, new malware and computer crimes grab all the newsheadlines, sound organizational security practices and the development ofan enterprise security architecture are the foundations of any organization'ssecurity success. CISSP Domain 1 explores: Domain 9p.11Domain 10p.12 Continue Reading AboutCertified Information SystemsSecurityp.13Page 3 of 14Security management responsibilitiesAsset identification and classificationRisk managementInformation classificationPersonnel securitySecurity governanceEnterprise architectural developmentPolicies and proceduresSecurity embedded into vendor contractsSecurity education and awareness trainingGo to Domain 1: Information Security Governance and Risk Management

E-guideIn this e-guideDOMAIN 2 - Access ControlDomain 1p.3Domain 2p.4Domain 3p.5Domain 4p.6Domain 5p.7Domain 6p.8Domain 7p.9Domain 8p.10Domain 9p.11Domain 10p.12Continue Reading AboutCertified Information SystemsSecurityp.13Page 4 of 14A cornerstone of any information security program is controlling howresources are accessed by users, applications and other systems to ensurethey can be properly protected from unauthorized modification ordisclosure. CISSP Domain 2 tackles topics including: The fundamental principles of access control The concepts of "subjects" and "objects" Identity management The four steps of authentication Two-factor authentication User access vs. device access Intrusion prevention and detection systems Access control models Authentication protocolsGo to Domain 2: Access Control

E-guideIn this e-guideDOMAIN 3 - CryptographyDomain 1p.3Domain 2p.4Domain 3p.5Domain 4p.6Cryptography is one of the essential elements in the protection of electronicdata. Cryptography is built into almost every network protocol, softwareapplication, operating system, embedded systems and integrated more andmore at the chip and silicon level. Cryptography provides confidentiality,integrity and authenticity services. CISSP Essentials domain 3 covers: Cryptographic components and their relationshipsDomain 5p.7 Symmetric, asymmetric and hashing algorithm typesDomain 6p.8 Public key infrastructure (PKI) mechanismsDomain 7p.9 Cryptosystems implementation Cryptanalysis and attack typesDomain 8p.10Domain 9p.11Domain 10p.12Continue Reading AboutCertified Information SystemsSecurityp.13Page 5 of 14Go to Domain 3: Cryptography

E-guideIn this e-guideDomain 1p.3Domain 2p.4Domain 3p.5Domain 4p.6Domain 5p.7Domain 6Domain 7Architecting and implementing security into the design of various types ofsoftware, devices and enterprising is complex – but critical. Security must bedesigned, implemented, monitored and improved throughout each entity'slifecycle. CISSP Essentials domain 4 offers an in-depth review of: Formal system architecture development Kernel and trusted computing base securityp.8 Hardware and operating system architecturesp.9 Memory management and protection Security within virtualization and cloud computing Formal security control models Security criterion and ratings Certification and accreditation processesDomain 8p.10Domain 9p.11Domain 10p.12Continue Reading AboutCertified Information SystemsSecurityp.13Page 6 of 14DOMAIN 4 - Security Architecture andDesignGo to Domain 4: Security Architecture and Design

E-guideIn this e-guideDomain 1p.3Domain 2p.4Domain 3p.5Domain 4p.6Domain 5p.7Domain 6Domain 7DOMAIN 5 - Telecommunications andNetwork SecurityThis session prepares students for the CISSP exam by focusing on the"glue" of network security: how networks work, how data is transmitted fromone device to another, how protocols work, transmission methods andtransport formats. Topics to be featured in this session include: OSI model and protocol structure Security protocolsp.8 LAN, MAN and WAN technologiesp.9 Cabling and data transmission types Network devices and security services Network architecture and design Telecommunication protocols and devices Remote access methodologies and technologies Wireless, mobile, and cloud technologies Network attack typesDomain 8p.10Domain 9p.11Domain 10p.12Continue Reading AboutCertified Information SystemsSecurityp.13Go to Domain 5: Telecommunications and Network SecurityPage 7 of 14

E-guideIn this e-guideDomain 1p.3Domain 2p.4Domain 3p.5Domain 4p.6Domain 5p.7Domain 6Domain 7DOMAIN 6 - Software DevelopmentSecurityApplications and computer systems are usually developed for functionalityfirst, not security. But it's always more effective to build security into everysystem from the outset rather than "bolt" it on afterward. The exact reasonswhy are revealed in this CISSP domain through topics focused on: Systems development life cycle (SDLC) Secure coding and testingp.8 Programming languages and security issuesp.9 Database types and protection components Data warehousing and data mining Software life cycle development processes Web-based security Expert systems and artificial intelligence Software oriented threats and attacksDomain 8p.10Domain 9p.11Domain 10p.12Continue Reading AboutCertified Information SystemsSecurityp.13Go to Domain 6: Software Development SecurityPage 8 of 14

E-guideIn this e-guideDOMAIN 7 - Business Continuity andDisaster Recovery PlanningDomain 1p.3Domain 2p.4Domain 3p.5Domain 4p.6Domain 5p.7 Business impact analysisDomain 6p.8 Disruption types and associated threatsDomain 7p.9 Operational and financial ramifications Contingency and redundancy technologiesDomain 8p.10 Selecting, developing and implementing disaster and contingency plansDomain 9p.11 Backup and offsite facilitiesDomain 10p.12Continue Reading AboutCertified Information SystemsSecurityp.13Page 9 of 14One of the fundamental objectives of security is "availability" -- the ability toaccess data and computing environments whenever necessary. This sessionfocuses on one of the often overlooked but critical aspects of availability:business continuity planning and disaster recovery. Topics in this CISSPcertification prep section focus on:Go to Domain 7: Business Continuity and Disaster Recovery Planning

E-guideIn this e-guideDomain 1p.3Domain 2p.4Domain 3p.5Domain 4p.6Domain 5p.7Domain 6p.8Domain 7p.9Domain 8p.10Domain 9p.11Domain 10p.12Continue Reading AboutCertified Information SystemsSecurityp.13Page 10 of 14DOMAIN 8 - Legal, Regulations,Investigations, and ComplianceFraud, theft and embezzlement have always been an unfortunate fact of life,but the digital age has brought on new opportunities for a different and moremalicious set of thieves and criminals. While many security professionalsfocus on "preventing" cyber attacks, the CISSP CBK teaches that it's equallyimportant to understand how to investigate a computer crime and gatherevidence -- that's exactly what this session addresses. Additional topicshighlighted are information security regulations, laws and ethics that guidethe practice: Computer crimes and computer law International legal system types Forensics, investigation processes and evidence collection Incident-handling program development Prosecution process and associated threats Industry regulations and compliance requirements Ethics and best practices for security professionalsGo to Domain 8: Legal, Regulations, Investigations, and Compliance

E-guideIn this e-guideDOMAIN 9 - Physical SecurityDomain 1p.3Domain 2p.4Domain 3p.5Domain 4p.6Domain 5p.7Domain 6p.8Domain 7p.9Domain 8p.10Domain 9p.11Domain 10p.12Physical security has taken on added importance in the continuing wake ofSeptember 11, 2001. While most IT professionals are focused on digitalsystems—computers, networks, systems, devices—a comprehensivesecurity program must address critical physical risks, too. The convergenceof physical and digital systems makes this practice even more important.CISSP Essentials domain 9 covers: Administrative, technical and physical controls pertaining to physicalsecurity Facility location, construction and management Physical security risks, threats and countermeasures Fire prevention, detection and suppression Intrusion detection, CCTV, monitoring and lighting technologies Threat types and associated risksGo to Domain 9: Physical SecurityContinue Reading AboutCertified Information SystemsSecurityp.13Page 11 of 14

E-guideIn this e-guideDOMAIN 10 - Operations SecurityDomain 1p.3Domain 2p.4Domain 3p.5Domain 4p.6Domain 5p.7Domain 6p.8Domain 7p.9Domain 8p.10Domain 9p.11Domain 10p.12Operations security pertains to everything needed to keep a network,computer system and environment up and running in a secure and protectedmanner. Since networks are "evolutionary" and always changing, it'sessential that security pros understand the fundamental procedures formanaging security continuity and consistency in an operational environment.CISSP Essentials domain 10 reveals essential answers centered on keyoperations security topics: Resource, media and data protection technologies Incident response and situational awareness Patch, configuration and vulnerability management Operational assurance methods and measurements Trusted recovery technologies Attack prevention and response approachesGo to Domain 10: Operations SecurityContinue Reading AboutCertified Information SystemsSecurityp.13Page 12 of 14