ISC2 Certified Information Systems Security Professional (CISSP) (2024) Cert Prep

سرفصل های دوره

In this course, instructor and cybersecurity expert Mike Chapple covers the entire set of information you need to know as you prepare for the ISC2 Certified Information Systems Security Professional (CISSP) certification. The CISSP is one of the most in-demand certifications for security professionals. Learn about security and risk management and asset security. Explore security architecture and engineering. Learn about communication and network security, as well as identity and access management (IAM). Go over security assessment, testing, and operations. Plus, gain valuable insights into software development security. This course gets your preparations for the CISSP exam off to a great start.

This course was created by Mike Chapple. We are pleased to host this training in our library.

01 - Introduction

01 - Earning your CISSP

02 - What you should know

03 - Study resources

02 - 1. The CISSP Exam

01 - The CISSP exam

02 - Is the CISSP right for you

03 - Careers in information security

04 - Value of certification

03 - 2. Inside the CISSP Exam

01 - Registering for the exam

02 - Exam environment

03 - Question types

04 - Computerized adaptive testing

05 - Passing the exam

04 - 3. Preparing for the Exam

01 - Exam tips

02 - Practice tests

05 - 4. Experience Requirement

01 - Meeting the experience requirement

02 - Continuing education requirements

06 - 5. Domain 1 Security and Risk Management

01 - Overview of the Security and Risk Management domain

07 - 6. Security Fundamentals

01 - The five pillars of information security

02 - Confidentiality

03 - Integrity

04 - Availability

05 - Authenticity and nonrepudiation

08 - 7. Security Governance

01 - Aligning security with the business

02 - Organizational processes

03 - Security roles and responsibilities

04 - Control and risk frameworks

09 - 8. Compliance and Ethics

01 - Legal and compliance risks

02 - Data privacy

03 - General Data Protection Regulation (GDPR)

04 - California privacy law

05 - National data privacy laws

06 - Computer crimes

07 - Software licensing

08 - Intellectual property

09 - Import and export controls

10 - Data breaches

11 - Ethics

10 - 9. Security Policy

01 - Security policy framework

02 - Security policies

11 - 10. Business Continuity

01 - Business continuity planning

02 - Business continuity controls

03 - High availability and fault tolerance

12 - 11. Personnel Security

01 - Personnel security

02 - Security in the hiring process

03 - Employee termination process

04 - Employee privacy

05 - Social networking

13 - 12. Risk Management

01 - Risk analysis, assessment, and scope

02 - Quantitative risk assessment

03 - Risk treatment

04 - Security control selection and implementation

05 - Continuous monitoring, measurement, and tuning

06 - Risk management frameworks

07 - Risk visibility and reporting

14 - 13. Threat Modeling

01 - Threat intelligence

02 - Managing threat indicators

03 - Intelligence sharing

04 - Threat research

05 - Identifying threats

06 - Automating threat intelligence

07 - Threat hunting

15 - 14. Supply Chain Risk Management

01 - Managing vendor relationships

02 - Vendor agreements

03 - Vendor information management

04 - Cloud audits

16 - 15. Awareness and Training

01 - Security awareness training

02 - Compliance training

03 - User habits

04 - Measuring compliance and security posture

17 - 16. Domain 2 Asset Security

01 - Overview of the Asset Security domain

18 - 17. Data Security

01 - Understanding data security

02 - Data security policies

03 - Data security roles

04 - Limiting data collection

05 - The data lifecycle

19 - 18. Data Security Controls

01 - Developing security baselines

02 - Leveraging industry standards

03 - Customizing security standards

04 - Cloud storage security

05 - Information classification

06 - Digital rights management

07 - Data loss prevention

20 - 19. Change and Configuration Management

01 - Change management

02 - Configuration and asset management

03 - Physical asset management

04 - Supply chain risks and mitigations

21 - 20. Domain 3 Security Engineering

01 - Overview of the Security Architecture and Engineering domain

22 - 21. Secure Design

01 - Secure design principles

02 - Security models

03 - Security evaluation models

04 - Segregation of duties

05 - Privacy by design

06 - Secure defaults

07 - Information system lifecycle

23 - 22. Virtualization and Cloud Computing

01 - What is the cloud

02 - Cloud computing roles

03 - Drivers for cloud computing

04 - Security service providers

05 - Multitenant computing

06 - Virtualization

07 - Desktop and application virtualization

08 - Cloud compute resources

09 - Containerization

10 - Cloud activities and the cloud reference architecture

11 - Cloud deployment models

12 - Cloud service categories

13 - Edge and fog computing

24 - 23. Hardware Security

01 - Memory protection

02 - Hardware encryption

03 - Hardware and firmware security

25 - 24. Server Security Issues

01 - Server and database security

02 - NoSQL databases

03 - Distributed and high-performance computing

26 - 25. Embedded Systems Security

01 - Industrial control systems and operational technology

02 - Internet of things

03 - Securing smart devices

04 - Secure networking for smart devices

05 - Embedded systems

06 - Communications for embedded devices

27 - 26. Encryption

01 - Understanding encryption

02 - Symmetric and asymmetric cryptography

03 - Goals of cryptography

04 - Codes and ciphers

05 - Cryptographic math

06 - Choosing encryption algorithms

07 - The perfect encryption algorithm

08 - The cryptographic lifecycle

28 - 27. Symmetric Cryptography

01 - Data encryption standard

02 - 3DES

03 - AES, Blowfish, and Twofish

04 - RC4

05 - Cipher modes

06 - Steganography

29 - 28. Asymmetric Cryptography

01 - Rivest-Shamir-Adelman (RSA)

02 - PGP and GnuPG

03 - Elliptic curve and quantum cryptography

30 - 29. Key Management

01 - Key management practices

02 - Key exchange

03 - Diffie-Hellman

04 - Key escrow

05 - Key stretching

06 - Hardware security modules

31 - 30. Public Key Infrastructure

01 - Trust models

02 - PKI and digital certificates

03 - Hash functions

04 - Digital signatures

05 - Digital signature standard

06 - Create a digital certificate

07 - Revoke a digital certificate

08 - Certificate stapling

09 - Certificate authorities

10 - Certificate subjects

11 - Certificate types

12 - Certificate formats

32 - 31. Cryptanalytic Attacks

01 - Brute-force attacks

02 - Knowledge-based attacks

03 - Eavesdropping attacks

04 - Implementation attacks

05 - Limitations of encryption algorithms

06 - Ransomware

33 - 32. Physical Security

01 - Site and facility design

02 - Data center environmental controls

03 - Data center environmental protection

04 - Power control

05 - Physical access control

06 - Visitor management

07 - Physical security personnel

34 - 33. Software Security Architecture

01 - SOAP and REST

02 - SOA and microservices

35 - 34. Domain 4 Communication and Network Security

01 - Introducing the Communication and Network Security domain

36 - 35. TCPIP Networking

01 - Introducing TCPIP

02 - IP addresses and DHCP

03 - Network traffic

04 - Domain name system (DNS)

05 - Network ports

06 - ICMP

07 - Multilayer protocols

37 - 36. Secure Network Design

01 - Public and private addressing

02 - Subnetting

03 - Security zones

04 - Isolating sensitive systems

05 - VLANs and logical segmentation

06 - Security device placement

07 - Software defined networking (SDN)

08 - Transmission media

09 - Cloud networking

10 - Zero trust and SASE

38 - 37. Network Security Devices

01 - Routers, switches, and bridges

02 - Network topologies

03 - Transport architecture

04 - Firewalls

05 - Proxy servers

06 - Load balancers

07 - VPNs and VPN concentrators

08 - Network intrusion detection and prevention

09 - Protocol analyzers

10 - Unified threat management

11 - Content distribution networks

39 - 38. Network Security Techniques

01 - Restricting network access

02 - Network access control

03 - Firewall rule management

04 - Router configuration security

05 - Switch configuration security

06 - Maintaining network availability

07 - Network monitoring

08 - Firewall and network logs

09 - Network performance metrics

10 - SNMP

11 - Isolating sensitive systems

12 - Deception technologies

13 - Network support

40 - 39. Specialized Networking

01 - Telephony

02 - Multimedia collaboration

03 - Storage networks

41 - 40. Transport Encryption

01 - TLS and SSL

02 - IPsec

03 - Remote network access

42 - 41. Wireless Networking

01 - Understanding wireless networking

02 - Wireless encryption

03 - Wireless authentication

04 - Wireless signal propagation

05 - Wireless networking equipment

43 - 42. Mobile Device Security

01 - Mobile connection methods

02 - Mobile device security

03 - Mobile device management

04 - Mobile device tracking

05 - Mobile application security

06 - Mobile security enforcement

07 - Bring your own device (BYOD)

08 - Mobile deployment models

44 - 43. Host Security

01 - Operating system security

02 - Malware prevention

03 - Application management

04 - Host-based network security controls

05 - File integrity monitoring

45 - 44. Domain 5 Identity and Access Management

01 - Introducing the Identity and Access Management (IAM) domain

46 - 45. Identification

01 - Authentication, authorization, and accounting (AAA)

02 - Usernames and access cards

03 - Biometrics

04 - Registration and identity proofing

47 - 46. Authentication

01 - Authentication factors

02 - Multifactor authentication

03 - Something you have

04 - Password authentication protocols

05 - Single sign-on and federation

06 - RADIUS

07 - Kerberos and LDAP

08 - SAML

09 - Identity as a service (IDaaS)

10 - OAuth and OpenID Connect

11 - Certificate-based authentication

12 - Passwordless authentication

48 - 47. Accountability

01 - Accountability

02 - Session management

49 - 48. Account Management

01 - Understand account and privilege management

02 - Account types

03 - Account policies

04 - Password policies

05 - Manage roles

06 - Account monitoring

07 - Provisioning and deprovisioning

50 - 49. Authorization

01 - Understand authorization

02 - Mandatory access controls

03 - Discretionary access controls

04 - Access control lists

05 - Database access control

06 - Advanced authorization concepts

51 - 50. Access Control Attacks

01 - Social engineering

02 - Impersonation attacks

03 - Identity fraud and pretexting

04 - Watering hole attacks

05 - Physical social engineering

52 - 51. Domain 6 Security Assessment and Testing

01 - Introducing the Security Assessment and Testing domain

53 - 52. Vulnerability Scanning

01 - What is vulnerability management

02 - Identify scan targets

03 - Scan configuration

04 - Scan perspective

05 - Analyzing scan reports

06 - Correlating scan results

54 - 53. Penetration Testing

01 - Penetration testing

02 - Ethical disclosure

03 - Bug bounty

04 - Cybersecurity exercises

55 - 54. Log Reviews

01 - Logging security information

02 - Security information and event management

03 - Continuous security monitoring

04 - Endpoint monitoring

56 - 55. Code Testing

01 - Code review

02 - Code tests

03 - Fuzz testing

04 - Interface testing

05 - Misuse case testing

06 - Test coverage analysis

07 - Code repositories

08 - Third-party code

09 - Software risk analysis and mitigation

57 - 56. Disaster Recovery Planning

01 - Disaster recovery

02 - Backups

03 - Restoring backups

04 - Disaster recovery sites

05 - Testing BCDR plans

06 - After action reports

58 - 57. Assessing Security Processes

01 - Collect security process data

02 - Management review and approval

03 - Security metrics

04 - Audits and assessments

05 - Control management

59 - 58. Domain 7 Security Operations

01 - Introducing the Security Operations domain

60 - 59. Investigations and Forensics

01 - Conducting investigations

02 - Evidence types

03 - Introduction to forensics

04 - System and file forensics

05 - Network forensics

06 - Software forensics

07 - Mobile device forensics

08 - Embedded device forensics

09 - Chain of custody

10 - Reporting and documenting incidents

11 - Electronic discovery (eDiscovery)

61 - 60. Privilege Management

01 - Need to know and least privilege

02 - Privileged account management

62 - 61. Incident Management

01 - Build an incident response program

02 - Creating an incident response team

03 - Incident communications plan

04 - Incident identification

05 - Escalation and notification

06 - Mitigation

07 - Containment techniques

08 - Incident eradication and recovery

09 - Validation

10 - Post-incident activities

63 - 62. Personnel Safety

01 - Personnel safety

02 - Emergency management

64 - 63. Domain 8 Software Development Security

01 - Introducing the Software Development Security domain

65 - 64. Software Development Lifecycle

01 - Software platforms

02 - Development methodologies

03 - Scaled agile framework

04 - Maturity models

05 - Automation and DevOps

06 - Programming languages

07 - Acquired software

66 - 65. Application Attacks

01 - OWASP top ten

02 - Application security

03 - Preventing SQL injection

04 - Understanding cross-site scripting

05 - Request forgery

06 - Defending against directory traversal

07 - Overflow attacks

08 - Explaining cookies and attachments

09 - Session hijacking

10 - Code execution attacks

11 - Privilege escalation

12 - Driver manipulation

13 - Memory vulnerabilities

14 - Race condition vulnerabilities

67 - 66. Secure Coding Practices

01 - Input validation

02 - Parameterized queries

03 - Authenticationsession management issues

04 - Output encoding

05 - Error and exception handling

06 - Code signing

07 - Database security

08 - Data de-identification

09 - Data obfuscation

68 - 67. Whats Next

01 - Preparing for the exam

439,000 تومان

افزودن به سبد خرید

خرید دانلودی فوری

در این روش نیاز به افزودن محصول به سبد خرید و تکمیل اطلاعات نیست و شما پس از وارد کردن ایمیل خود و طی کردن مراحل پرداخت لینک های دریافت محصولات را در ایمیل خود دریافت خواهید کرد.

تولید کننده: LinkedIn Learning (Lynda)