Module 1 - Introduction to the CISSP
• Learn How to Pass the CISSP the first time
• How to deal with CISSP test anxiety
• Understanding the most recent changes to the CISSP exam format
Module 2 - Access Control
A collection of mechanisms that work together to create a security architecture to protect the assets of the information system.
Module 3 - Telecommunications and Network Security
Discusses network structures, transmission methods, transport formats and security measures used to provide availability, integrity and confidentiality.
• Network architecture and design
• Communication channels
• Network components
• Network attacks
Module 4 - Information Security Governance and Risk Management
The identification of an organization's information assets and the development, documentation and implementation of policies, standards, procedures and guidelines.
• Security governance and policy
• Information classification/ownership
• Contractual agreements and procurement processes
• Risk management concepts
• Personnel security
• Security education, training and awareness
• Certification and accreditation
Module 5 - Software Development Security
Refers to the controls that are included within systems and applications software and the steps used in their development.
• Systems development life cycle (SDLC)
• Application environment and security controls
• Effectiveness of application security
Module 6 - Cryptography
The principles, means and methods of disguising information to ensure its integrity, confidentiality and authenticity.
• Encryption concepts
• Digital signatures
• Cryptanalytic attacks
• Public Key Infrastructure (PKI)
• Information hiding alternatives
Module 7 - Security Architecture and Design
Contains the concepts, principles, structures and standards used to design, implement, monitor, and secure, operating systems, equipment, networks, applications, and those controls used to enforce various levels of confidentiality, integrity and availability.
• Fundamental concepts of security models
• Capabilities of information systems (e.g. memory protection, virtualization)
• Countermeasure principles
• Vulnerabilities and threats (e.g. cloud computing, aggregation, data flow control)
Module 8 - Operations Security
Used to identify the controls over hardware, media and the operators with access privileges to any of these resources.
• Resource protection
• Incident response
• Attack prevention and response
• Patch and vulnerability management
Module 9 - Business Continuity and Disaster Recovery Planning
Addresses the preservation of the business in the face of major disruptions to normal business operations.
• Business impact analysis
• Recovery strategy
• Disaster recovery process
• Provide training
Module 10 - Legal, Regulations, Investigations and Compliance
Addresses computer crime laws and regulations; the investigative measures and techniques which can be used to determine if a crime has been committed and methods to gather evidence.
• Legal issues
• Forensic procedures
• Compliance requirements/procedures
Module 11 - Physical (Environmental) Security
Addresses the threats, vulnerabilities and countermeasures that can be utilized to physically protect an enterprise's resources and sensitive information.
• Site/facility design considerations
• Perimeter security
• Internal security
• Facilities security
Module 12: Massive Review of All Ten Domains