YoVDO

CISSP Cert Prep: 2 Asset Security

Offered By: LinkedIn Learning

Tags

Asset Security Courses Risk Management Courses Identity and Access Management Courses Security Engineering Courses Security Operations Courses

Course Description

Overview

This course provides a primary resource for anybody preparing for the brand new CISSP (2024) exam from ISC2.

Syllabus

Introduction
  • Earning your CISSP
  • What you should know
  • Study resources
1. The CISSP Exam
  • The CISSP exam
  • Is the CISSP right for you?
  • Careers in information security
  • Value of certification
2. Inside the CISSP Exam
  • Registering for the exam
  • Exam environment
  • Question types
  • Computerized adaptive testing
  • Passing the exam
3. Preparing for the Exam
  • Exam tips
  • Practice tests
4. Experience Requirement
  • Meeting the experience requirement
  • Continuing education requirements
5. Domain 1: Security and Risk Management
  • Overview of the Security and Risk Management domain
6. Security Fundamentals
  • The five pillars of information security
  • Confidentiality
  • Integrity
  • Availability
  • Authenticity and nonrepudiation
7. Security Governance
  • Aligning security with the business
  • Organizational processes
  • Security roles and responsibilities
  • Control and risk frameworks
8. Compliance and Ethics
  • Legal and compliance risks
  • Data privacy
  • General Data Protection Regulation (GDPR)
  • California privacy law
  • National data privacy laws
  • Computer crimes
  • Software licensing
  • Intellectual property
  • Import and export controls
  • Data breaches
  • Ethics
9. Security Policy
  • Security policy framework
  • Security policies
10. Business Continuity
  • Business continuity planning
  • Business continuity controls
  • High availability and fault tolerance
11. Personnel Security
  • Personnel security
  • Security in the hiring process
  • Employee termination process
  • Employee privacy
  • Social networking
12. Risk Management
  • Risk analysis, assessment, and scope
  • Quantitative risk assessment
  • Risk treatment
  • Security control selection and implementation
  • Continuous monitoring, measurement, and tuning
  • Risk management frameworks
  • Risk visibility and reporting
13. Threat Modeling
  • Threat intelligence
  • Managing threat indicators
  • Intelligence sharing
  • Threat research
  • Identifying threats
  • Automating threat intelligence
  • Threat hunting
14. Supply Chain Risk Management
  • Managing vendor relationships
  • Vendor agreements
  • Vendor information management
  • Cloud audits
15. Awareness and Training
  • Security awareness training
  • Compliance training
  • User habits
  • Measuring compliance and security posture
16. Domain 2: Asset Security
  • Overview of the Asset Security domain
17. Data Security
  • Understanding data security
  • Data security policies
  • Data security roles
  • Limiting data collection
  • The data lifecycle
18. Data Security Controls
  • Developing security baselines
  • Leveraging industry standards
  • Customizing security standards
  • Cloud storage security
  • Information classification
  • Digital rights management
  • Data loss prevention
19. Change and Configuration Management
  • Change management
  • Configuration and asset management
  • Physical asset management
  • Supply chain risks and mitigations
20. Domain 3: Security Engineering
  • Overview of the Security Architecture and Engineering domain
21. Secure Design
  • Secure design principles
  • Security models
  • Security evaluation models
  • Segregation of duties
  • Privacy by design
  • Secure defaults
  • Information system lifecycle
22. Virtualization and Cloud Computing
  • What is the cloud?
  • Cloud computing roles
  • Drivers for cloud computing
  • Security service providers
  • Multitenant computing
  • Virtualization
  • Desktop and application virtualization
  • Cloud compute resources
  • Containerization
  • Cloud activities and the cloud reference architecture
  • Cloud deployment models
  • Cloud service categories
  • Edge and fog computing
23. Hardware Security
  • Memory protection
  • Hardware encryption
  • Hardware and firmware security
24. Server Security Issues
  • Server and database security
  • NoSQL databases
  • Distributed and high-performance computing
25. Embedded Systems Security
  • Industrial control systems and operational technology
  • Internet of things
  • Securing smart devices
  • Secure networking for smart devices
  • Embedded systems
  • Communications for embedded devices
26. Encryption
  • Understanding encryption
  • Symmetric and asymmetric cryptography
  • Goals of cryptography
  • Codes and ciphers
  • Cryptographic math
  • Choosing encryption algorithms
  • The perfect encryption algorithm
  • The cryptographic lifecycle
27. Symmetric Cryptography
  • Data encryption standard
  • 3DES
  • AES, Blowfish, and Twofish
  • RC4
  • Cipher modes
  • Steganography
28. Asymmetric Cryptography
  • Rivest-Shamir-Adelman (RSA)
  • PGP and GnuPG
  • Elliptic curve and quantum cryptography
29. Key Management
  • Key management practices
  • Key exchange
  • Diffie-Hellman
  • Key escrow
  • Key stretching
  • Hardware security modules
30. Public Key Infrastructure
  • Trust models
  • PKI and digital certificates
  • Hash functions
  • Digital signatures
  • Digital signature standard
  • Create a digital certificate
  • Revoke a digital certificate
  • Certificate stapling
  • Certificate authorities
  • Certificate subjects
  • Certificate types
  • Certificate formats
31. Cryptanalytic Attacks
  • Brute-force attacks
  • Knowledge-based attacks
  • Eavesdropping attacks
  • Implementation attacks
  • Limitations of encryption algorithms
  • Ransomware
32. Physical Security
  • Site and facility design
  • Data center environmental controls
  • Data center environmental protection
  • Power control
  • Physical access control
  • Visitor management
  • Physical security personnel
33. Software Security Architecture
  • SOAP and REST
  • SOA and microservices
34. Domain 4: Communication and Network Security
  • Introducing the Communication and Network Security domain
35. TCP/IP Networking
  • Introducing TCP/IP
  • IP addresses and DHCP
  • Network traffic
  • Domain name system (DNS)
  • Network ports
  • ICMP
  • Multilayer protocols
36. Secure Network Design
  • Public and private addressing
  • Subnetting
  • Security zones
  • Isolating sensitive systems
  • VLANs and logical segmentation
  • Security device placement
  • Software defined networking (SDN)
  • Transmission media
  • Cloud networking
  • Zero trust and SASE
37. Network Security Devices
  • Routers, switches, and bridges
  • Network topologies
  • Transport architecture
  • Firewalls
  • Proxy servers
  • Load balancers
  • VPNs and VPN concentrators
  • Network intrusion detection and prevention
  • Protocol analyzers
  • Unified threat management
  • Content distribution networks
38. Network Security Techniques
  • Restricting network access
  • Network access control
  • Firewall rule management
  • Router configuration security
  • Switch configuration security
  • Maintaining network availability
  • Network monitoring
  • Firewall and network logs
  • Network performance metrics
  • SNMP
  • Isolating sensitive systems
  • Deception technologies
  • Network support
39. Specialized Networking
  • Telephony
  • Multimedia collaboration
  • Storage networks
40. Transport Encryption
  • TLS and SSL
  • IPsec
  • Remote network access
41. Wireless Networking
  • Understanding wireless networking
  • Wireless encryption
  • Wireless authentication
  • Wireless signal propagation
  • Wireless networking equipment
42. Mobile Device Security
  • Mobile connection methods
  • Mobile device security
  • Mobile device management
  • Mobile device tracking
  • Mobile application security
  • Mobile security enforcement
  • Bring your own device (BYOD)
  • Mobile deployment models
43. Host Security
  • Operating system security
  • Malware prevention
  • Application management
  • Host-based network security controls
  • File integrity monitoring
44. Domain 5: Identity and Access Management
  • Introducing the Identity and Access Management (IAM) domain
45. Identification
  • Authentication, authorization, and accounting (AAA)
  • Usernames and access cards
  • Biometrics
  • Registration and identity proofing
46. Authentication
  • Authentication factors
  • Multifactor authentication
  • Something you have
  • Password authentication protocols
  • Single sign-on and federation
  • RADIUS
  • Kerberos and LDAP
  • SAML
  • Identity as a service (IDaaS)
  • OAuth and OpenID Connect
  • Certificate-based authentication
  • Passwordless authentication
47. Accountability
  • Accountability
  • Session management
48. Account Management
  • Understand account and privilege management
  • Account types
  • Account policies
  • Password policies
  • Manage roles
  • Account monitoring
  • Provisioning and deprovisioning
49. Authorization
  • Understand authorization
  • Mandatory access controls
  • Discretionary access controls
  • Access control lists
  • Database access control
  • Advanced authorization concepts
50. Access Control Attacks
  • Social engineering
  • Impersonation attacks
  • Identity fraud and pretexting
  • Watering hole attacks
  • Physical social engineering
51. Domain 6: Security Assessment and Testing
  • Introducing the Security Assessment and Testing domain
52. Vulnerability Scanning
  • What is vulnerability management?
  • Identify scan targets
  • Scan configuration
  • Scan perspective
  • Analyzing scan reports
  • Correlating scan results
53. Penetration Testing
  • Penetration testing
  • Ethical disclosure
  • Bug bounty
  • Cybersecurity exercises
54. Log Reviews
  • Logging security information
  • Security information and event management
  • Continuous security monitoring
  • Endpoint monitoring
55. Code Testing
  • Code review
  • Code tests
  • Fuzz testing
  • Interface testing
  • Misuse case testing
  • Test coverage analysis
  • Code repositories
  • Third-party code
  • Software risk analysis and mitigation
56. Disaster Recovery Planning
  • Disaster recovery
  • Backups
  • Restoring backups
  • Disaster recovery sites
  • Testing BC/DR plans
  • After action reports
57. Assessing Security Processes
  • Collect security process data
  • Management review and approval
  • Security metrics
  • Audits and assessments
  • Control management
58. Domain 7: Security Operations
  • Introducing the Security Operations domain
59. Investigations and Forensics
  • Conducting investigations
  • Evidence types
  • Introduction to forensics
  • System and file forensics
  • Network forensics
  • Software forensics
  • Mobile device forensics
  • Embedded device forensics
  • Chain of custody
  • Reporting and documenting incidents
  • Electronic discovery (eDiscovery)
60. Privilege Management
  • Need to know and least privilege
  • Privileged account management
61. Incident Management
  • Build an incident response program
  • Creating an incident response team
  • Incident communications plan
  • Incident identification
  • Escalation and notification
  • Mitigation
  • Containment techniques
  • Incident eradication and recovery
  • Validation
  • Post-incident activities
62. Personnel Safety
  • Personnel safety
  • Emergency management
63. Domain 8: Software Development Security
  • Introducing the Software Development Security domain
64. Software Development Lifecycle
  • Software platforms
  • Development methodologies
  • Scaled agile framework
  • Maturity models
  • Automation and DevOps
  • Programming languages
  • Acquired software
65. Application Attacks
  • OWASP top ten
  • Application security
  • Preventing SQL injection
  • Understanding cross-site scripting
  • Request forgery
  • Defending against directory traversal
  • Overflow attacks
  • Explaining cookies and attachments
  • Session hijacking
  • Code execution attacks
  • Privilege escalation
  • Driver manipulation
  • Memory vulnerabilities
  • Race condition vulnerabilities
66. Secure Coding Practices
  • Input validation
  • Parameterized queries
  • Authentication/session management issues
  • Output encoding
  • Error and exception handling
  • Code signing
  • Database security
  • Data de-identification
  • Data obfuscation
67. What's Next
  • Preparing for the exam

Taught by

Mike Chapple

Related Courses

AZ-500 Microsoft Azure Security Technologies
A Cloud Guru
Certified Information Systems Security Professional (CISSP)
A Cloud Guru
CompTIA CASP+ Certification, CAS-003 Exam Preparation
A Cloud Guru
Automated Cyber Security Incident Response
EDUCBA via Coursera
AWS IoT Security Series (Traditional Chinese)
Amazon Web Services via AWS Skill Builder