YoVDO

CISSP Cert Prep: 2 Asset Security

Offered By: LinkedIn Learning

Tags

Asset Security Courses Risk Management Courses Identity and Access Management Courses Security Engineering Courses Security Operations Courses

Course Description

Overview

This course provides a primary resource for anybody preparing for the brand new CISSP (2024) exam from ISC2.

Syllabus

Introduction
  • Earning your CISSP
  • What you should know
  • Study resources
1. The CISSP Exam
  • The CISSP exam
  • Is the CISSP right for you?
  • Careers in information security
  • Value of certification
2. Inside the CISSP Exam
  • Registering for the exam
  • Exam environment
  • Question types
  • Computerized adaptive testing
  • Passing the exam
3. Preparing for the Exam
  • Exam tips
  • Practice tests
4. Experience Requirement
  • Meeting the experience requirement
  • Continuing education requirements
5. Domain 1: Security and Risk Management
  • Overview of the Security and Risk Management domain
6. Security Fundamentals
  • The five pillars of information security
  • Confidentiality
  • Integrity
  • Availability
  • Authenticity and nonrepudiation
7. Security Governance
  • Aligning security with the business
  • Organizational processes
  • Security roles and responsibilities
  • Control and risk frameworks
8. Compliance and Ethics
  • Legal and compliance risks
  • Data privacy
  • General Data Protection Regulation (GDPR)
  • California privacy law
  • National data privacy laws
  • Computer crimes
  • Software licensing
  • Intellectual property
  • Import and export controls
  • Data breaches
  • Ethics
9. Security Policy
  • Security policy framework
  • Security policies
10. Business Continuity
  • Business continuity planning
  • Business continuity controls
  • High availability and fault tolerance
11. Personnel Security
  • Personnel security
  • Security in the hiring process
  • Employee termination process
  • Employee privacy
  • Social networking
12. Risk Management
  • Risk analysis, assessment, and scope
  • Quantitative risk assessment
  • Risk treatment
  • Security control selection and implementation
  • Continuous monitoring, measurement, and tuning
  • Risk management frameworks
  • Risk visibility and reporting
13. Threat Modeling
  • Threat intelligence
  • Managing threat indicators
  • Intelligence sharing
  • Threat research
  • Identifying threats
  • Automating threat intelligence
  • Threat hunting
14. Supply Chain Risk Management
  • Managing vendor relationships
  • Vendor agreements
  • Vendor information management
  • Cloud audits
15. Awareness and Training
  • Security awareness training
  • Compliance training
  • User habits
  • Measuring compliance and security posture
16. Domain 2: Asset Security
  • Overview of the Asset Security domain
17. Data Security
  • Understanding data security
  • Data security policies
  • Data security roles
  • Limiting data collection
  • The data lifecycle
18. Data Security Controls
  • Developing security baselines
  • Leveraging industry standards
  • Customizing security standards
  • Cloud storage security
  • Information classification
  • Digital rights management
  • Data loss prevention
19. Change and Configuration Management
  • Change management
  • Configuration and asset management
  • Physical asset management
  • Supply chain risks and mitigations
20. Domain 3: Security Engineering
  • Overview of the Security Architecture and Engineering domain
21. Secure Design
  • Secure design principles
  • Security models
  • Security evaluation models
  • Segregation of duties
  • Privacy by design
  • Secure defaults
  • Information system lifecycle
22. Virtualization and Cloud Computing
  • What is the cloud?
  • Cloud computing roles
  • Drivers for cloud computing
  • Security service providers
  • Multitenant computing
  • Virtualization
  • Desktop and application virtualization
  • Cloud compute resources
  • Containerization
  • Cloud activities and the cloud reference architecture
  • Cloud deployment models
  • Cloud service categories
  • Edge and fog computing
23. Hardware Security
  • Memory protection
  • Hardware encryption
  • Hardware and firmware security
24. Server Security Issues
  • Server and database security
  • NoSQL databases
  • Distributed and high-performance computing
25. Embedded Systems Security
  • Industrial control systems and operational technology
  • Internet of things
  • Securing smart devices
  • Secure networking for smart devices
  • Embedded systems
  • Communications for embedded devices
26. Encryption
  • Understanding encryption
  • Symmetric and asymmetric cryptography
  • Goals of cryptography
  • Codes and ciphers
  • Cryptographic math
  • Choosing encryption algorithms
  • The perfect encryption algorithm
  • The cryptographic lifecycle
27. Symmetric Cryptography
  • Data encryption standard
  • 3DES
  • AES, Blowfish, and Twofish
  • RC4
  • Cipher modes
  • Steganography
28. Asymmetric Cryptography
  • Rivest-Shamir-Adelman (RSA)
  • PGP and GnuPG
  • Elliptic curve and quantum cryptography
29. Key Management
  • Key management practices
  • Key exchange
  • Diffie-Hellman
  • Key escrow
  • Key stretching
  • Hardware security modules
30. Public Key Infrastructure
  • Trust models
  • PKI and digital certificates
  • Hash functions
  • Digital signatures
  • Digital signature standard
  • Create a digital certificate
  • Revoke a digital certificate
  • Certificate stapling
  • Certificate authorities
  • Certificate subjects
  • Certificate types
  • Certificate formats
31. Cryptanalytic Attacks
  • Brute-force attacks
  • Knowledge-based attacks
  • Eavesdropping attacks
  • Implementation attacks
  • Limitations of encryption algorithms
  • Ransomware
32. Physical Security
  • Site and facility design
  • Data center environmental controls
  • Data center environmental protection
  • Power control
  • Physical access control
  • Visitor management
  • Physical security personnel
33. Software Security Architecture
  • SOAP and REST
  • SOA and microservices
34. Domain 4: Communication and Network Security
  • Introducing the Communication and Network Security domain
35. TCP/IP Networking
  • Introducing TCP/IP
  • IP addresses and DHCP
  • Network traffic
  • Domain name system (DNS)
  • Network ports
  • ICMP
  • Multilayer protocols
36. Secure Network Design
  • Public and private addressing
  • Subnetting
  • Security zones
  • Isolating sensitive systems
  • VLANs and logical segmentation
  • Security device placement
  • Software defined networking (SDN)
  • Transmission media
  • Cloud networking
  • Zero trust and SASE
37. Network Security Devices
  • Routers, switches, and bridges
  • Network topologies
  • Transport architecture
  • Firewalls
  • Proxy servers
  • Load balancers
  • VPNs and VPN concentrators
  • Network intrusion detection and prevention
  • Protocol analyzers
  • Unified threat management
  • Content distribution networks
38. Network Security Techniques
  • Restricting network access
  • Network access control
  • Firewall rule management
  • Router configuration security
  • Switch configuration security
  • Maintaining network availability
  • Network monitoring
  • Firewall and network logs
  • Network performance metrics
  • SNMP
  • Isolating sensitive systems
  • Deception technologies
  • Network support
39. Specialized Networking
  • Telephony
  • Multimedia collaboration
  • Storage networks
40. Transport Encryption
  • TLS and SSL
  • IPsec
  • Remote network access
41. Wireless Networking
  • Understanding wireless networking
  • Wireless encryption
  • Wireless authentication
  • Wireless signal propagation
  • Wireless networking equipment
42. Mobile Device Security
  • Mobile connection methods
  • Mobile device security
  • Mobile device management
  • Mobile device tracking
  • Mobile application security
  • Mobile security enforcement
  • Bring your own device (BYOD)
  • Mobile deployment models
43. Host Security
  • Operating system security
  • Malware prevention
  • Application management
  • Host-based network security controls
  • File integrity monitoring
44. Domain 5: Identity and Access Management
  • Introducing the Identity and Access Management (IAM) domain
45. Identification
  • Authentication, authorization, and accounting (AAA)
  • Usernames and access cards
  • Biometrics
  • Registration and identity proofing
46. Authentication
  • Authentication factors
  • Multifactor authentication
  • Something you have
  • Password authentication protocols
  • Single sign-on and federation
  • RADIUS
  • Kerberos and LDAP
  • SAML
  • Identity as a service (IDaaS)
  • OAuth and OpenID Connect
  • Certificate-based authentication
  • Passwordless authentication
47. Accountability
  • Accountability
  • Session management
48. Account Management
  • Understand account and privilege management
  • Account types
  • Account policies
  • Password policies
  • Manage roles
  • Account monitoring
  • Provisioning and deprovisioning
49. Authorization
  • Understand authorization
  • Mandatory access controls
  • Discretionary access controls
  • Access control lists
  • Database access control
  • Advanced authorization concepts
50. Access Control Attacks
  • Social engineering
  • Impersonation attacks
  • Identity fraud and pretexting
  • Watering hole attacks
  • Physical social engineering
51. Domain 6: Security Assessment and Testing
  • Introducing the Security Assessment and Testing domain
52. Vulnerability Scanning
  • What is vulnerability management?
  • Identify scan targets
  • Scan configuration
  • Scan perspective
  • Analyzing scan reports
  • Correlating scan results
53. Penetration Testing
  • Penetration testing
  • Ethical disclosure
  • Bug bounty
  • Cybersecurity exercises
54. Log Reviews
  • Logging security information
  • Security information and event management
  • Continuous security monitoring
  • Endpoint monitoring
55. Code Testing
  • Code review
  • Code tests
  • Fuzz testing
  • Interface testing
  • Misuse case testing
  • Test coverage analysis
  • Code repositories
  • Third-party code
  • Software risk analysis and mitigation
56. Disaster Recovery Planning
  • Disaster recovery
  • Backups
  • Restoring backups
  • Disaster recovery sites
  • Testing BC/DR plans
  • After action reports
57. Assessing Security Processes
  • Collect security process data
  • Management review and approval
  • Security metrics
  • Audits and assessments
  • Control management
58. Domain 7: Security Operations
  • Introducing the Security Operations domain
59. Investigations and Forensics
  • Conducting investigations
  • Evidence types
  • Introduction to forensics
  • System and file forensics
  • Network forensics
  • Software forensics
  • Mobile device forensics
  • Embedded device forensics
  • Chain of custody
  • Reporting and documenting incidents
  • Electronic discovery (eDiscovery)
60. Privilege Management
  • Need to know and least privilege
  • Privileged account management
61. Incident Management
  • Build an incident response program
  • Creating an incident response team
  • Incident communications plan
  • Incident identification
  • Escalation and notification
  • Mitigation
  • Containment techniques
  • Incident eradication and recovery
  • Validation
  • Post-incident activities
62. Personnel Safety
  • Personnel safety
  • Emergency management
63. Domain 8: Software Development Security
  • Introducing the Software Development Security domain
64. Software Development Lifecycle
  • Software platforms
  • Development methodologies
  • Scaled agile framework
  • Maturity models
  • Automation and DevOps
  • Programming languages
  • Acquired software
65. Application Attacks
  • OWASP top ten
  • Application security
  • Preventing SQL injection
  • Understanding cross-site scripting
  • Request forgery
  • Defending against directory traversal
  • Overflow attacks
  • Explaining cookies and attachments
  • Session hijacking
  • Code execution attacks
  • Privilege escalation
  • Driver manipulation
  • Memory vulnerabilities
  • Race condition vulnerabilities
66. Secure Coding Practices
  • Input validation
  • Parameterized queries
  • Authentication/session management issues
  • Output encoding
  • Error and exception handling
  • Code signing
  • Database security
  • Data de-identification
  • Data obfuscation
67. What's Next
  • Preparing for the exam

Taught by

Mike Chapple

Related Courses

Emergency and Disaster Training and Exercising: An Introduction
Coventry University via FutureLearn A General Approach to Risk Management
University System of Georgia via Coursera Fundamentals of Project Management
University of Adelaide via edX Administración de Proyectos Project
University of California, Irvine via Coursera Administración de Proyectos: Principios Básicos
Tecnológico de Monterrey via Coursera