Study Plan,
- (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide 9th Edition – Mike Chapple (Author)
- CISSP All-in-One Exam Guide, Ninth Edition Fernando Maymi and Shon Harris (Author)
- Eleventh Hour CISSP®: Study Guide, Third Edition – Eric Conrad (Author) – Just before exams
- CISSP exam cram with Pete Zerger
- GitHub Notes
- CISSP course and practice questions in Udemy
- Sunflower PDF
Key Concepts for CISSP Certification Study with Domains details
Domain 1 – Security and Risk Management
- CIA Triad
- Data Security Concepts: Disclosure, Alteration, and Destruction (DAD)
- Information and Access Control (IAAA)
- Risk Management
- Responsibilities of the Information Security Officer (ISO)
- Due care is a fundamental concept in information security
- Control Frameworks
- Intellectual Property Laws
- Regulations
- Corporate Officer Liability under Sarbanes-Oxley Act (SOX)
- COSO Framework
- COBIT Framework
- Data Breaches
- key laws and regulations
- Ethics
- Business Continuity Plan (BCP) Development
- Business Impact Analysis (BIA)
- Administrative Management Controls
- Employment and Security
- Third-Party Controls
- ITIL Overview
- Risk Management and Risk Assessment Process
- Quantitative Risk Analysis for CISSP
- Determination of Impact in Risk Analysis
- Risk Response
- Risk Framework Countermeasures
- Controls Overview
- Penetration Testing
- Pen Test Methodology
- Deming Cycle
- Identification of Threats
- Software Licenses
- Assurance
- Requirements gathering
- Security awareness training
- FISMA
Domain 2 – Asset Security
- Information Classification and Categorization
- Security Policies, Standards, and Guidelines
- Data Classification Policy
- Asset management
- IT Asset Management
- US-EU Safe Harbor
- Roles and Responsibilities related to information security
- Data Ownership
- Data Custodian Responsibilities
- Quality Control (QC) and Quality Assurance (QA)
- Data Standards
- Data Modeling
- Data Remanence and Sanitization
- Baselines
- Scoping and Tailoring
- Link Encryption vs. End-to-End Encryption
- Classifying Costs and Related Considerations
- Standards and Key concepts
Domain 3 – Security Engineering
- Systems Engineering & Modeling
- Engineering Principles for IT Security (NIST SP 800-27)
- ISO/IEC 21827:2008 SSE-CMM
- OS Kernel
- System Components
- Memory Protection Mechanisms
- ITIL Core Components
- Types of Security Models
- Techniques for Ensuring CIA
- Security Models Overview
- Composition Theories in Information Flow Models
- ITSEC (Information Technology Security Evaluation Criteria)
- Certification and Accreditation
- Product Evaluation Models
- ISO 27001 & ISO 27002
- Control Frameworks: COBIT
- Virtualization Concepts
- Timing and Race Condition Attacks
- Memory Components and Addressing Techniques
- Cloud Service Models
- Database Security Concepts
- Key Encryption Concepts and Definitions
- Goals of Cryptography
- Cryptographic Concepts
- Security Monitoring Concepts
- Methods of Cryptography
- Cipher Modes
- Symmetric Cryptography Concepts
- Asymmetric Cryptography Concepts
- Hybrid Cryptography
- Security Assertion Markup Language (SAML)
- Service Provisioning Markup Language (SPML)
- Cyber-Physical Systems (CPS)
- History of Cryptography
- Symmetric vs. Asymmetric Key Systems
- Components of Cryptography
- Public Key Infrastructure (PKI)
- Digital Signatures
- Email Security
- Digital Certificates
- Hashing and Cryptographic Attacks
- Access Control and Security Concepts
- Digital Rights Management (DRM) and Related Concepts
- Applets and Related Technologies
- Threats and Risk Management Concepts
- Security Capabilities of Information Systems
- Fire Prevention, Detection, and Suppression
- Tempest and Related Concepts
- Humidity and Its Effects on Static Electricity and Equipment
- Electrical Interference, Power Issues, and Counters
- Security Engineering Key Concepts
Domain 4: Communication and Network Security
- OSI Model Overview
- TCP/IP Model Overview
- Security Modes in Mandatory Access Control (MAC)
- Types of Firewalls and Their Functions
- Wireless Networking Standards Overview
- OSI layer with Protocols
- Networking Concepts Overview
- IPv4 vs. IPv6
- Types of Wireless Networks and Security Protocols
- Common TCP and UDP Ports
- Switched Networks and Related Technologies
- Email Security Solutions & Certificates
- Security Perimeter Overview
- Operations of Hardware Components
- LAN Devices Overview
- Networking Concepts and Technologies Overview
- Attacks, Malware, and Malicious Activities Overview
- Overview of Network Attacks and Mitigation
- Packet Switching Technologies Overview
- Overview of WLAN Protocols
- LAN Cables Overview
- Firewall Generations Overview
- Firewall Architecture Overview
- Access Control Methodologies and Remote Access Authentication Systems Overview
- Remote Access Technologies Overview
- Remote Access Security Technologies Overview
- Remote Node Security Protocols Overview
- LAN Topologies Overview
- LAN Transmission Methods Overview
- Data Network Signals Overview
- LAN Media Access Overview
- LAN Transmission Protocols Overview
- Data Network Types Overview
- Virtual Private Networks (VPN) Overview
- VPN Protocols Overview
- VPN Devices Overview
- Encapsulating Security Payload (ESP) Overview
- Spread Spectrum Techniques Overview
- WAN Protocols Overview
- Converged Protocols and related technologies
Domain 5: Identity and Access Management (IAM)
- Access Control
- Identity Management
- Single Sign-On (SSO) Overview
- Kerberos Overview
- SingleFactor Authentication and Multiple Factor Authentication
- Type 1 Authentication: Something a User Knows
- Type 2 Authentication: Something a User Has
- Type 3 Authentication: Something a User Is (Biometrics)
- SAML (Security Assertion Markup Language)
- Identity as a Service (IDaaS)
- Managing User Accounts within a Cloud
- Authentication Methods
- Authorization Mechanisms
- Access Control Models
- Reconnaissance attacks
Domain 6: Security Assessment and Testing
- Security testing
- Verification and validation
- Logs
- Security software
- Monitoring and Auditing
- Protecting logs
- Synthetic Transactions and Performance Monitoring
- Code review and testing
- Threat assessment modeling
- Monitoring Key Performance Indicators
- Performing vulnerability assessments
- Testing software
- Key Concepts for CISSP Certification Study with Domains details
Domain 7: Security Operations
- Incident Scene
- Evidence
- Live Evidence
- Interviewing and Interrogation
- Witnesses
- Digital Evidence
- Digital Forensics
- Digital Forensics and Investigations
- Law
- Security Incident and Event Management (SIEM)
- Intrusion Detection and Prevention Systems (IDPS)
- Data Loss Prevention (DLP)
- Configuration Management
- Recovery procedures
- Trusted Path
- Incident Response
- Root Cause Analysis (RCA)
- Firewalls
- Disaster Processing Continuity Plans
- RAID Levels and Backup Storage Media
- Transaction Redundancy Implementations
- Data Destruction and Reuse
- Disaster Recovery Planning (DRP)
- Disaster Recovery Process
- Disaster Recovery Testing
- Business Continuity Planning (BCP)
- Closed-Circuit Television (CCTV)
- Lighting
- Fences
- Alarms
- Intrusion Detection systems in physical security
- Locks
- Audit Trails
- Security Access Cards
- Trusted Recovery
- Key points in Security Operations
- Location and Security Design: CPTED
- Various types of Cyber Attacks
Domain 8: Software Development Security
- System Development Life Cycle (SDLC)
- Change Management Process
- Configuration Management Process
- Software Capability Maturity Model
- DevOps
- Software Development Models
- Agile Software Development
- Database Systems
- ACID model
- Knowledge Management
- Programming Language Generations
- Programs in Software Development
- Object-Oriented Technology (OOT) Overview
- Technical Security Protection
- Covert Channels
- Types of Malicious Code
- Types of Viruses
- Anti-Virus Detection Methods
- Protection Mechanisms
- Terms
- key points to understand in Software Development Security
- OWASP Top 10