Certified Information Systems Security Professional @2019
4.4 (639 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
4,416 students enrolled

Certified Information Systems Security Professional @2019

Certified Information Systems Security Professional @2019
4.4 (639 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
4,413 students enrolled
Last updated 11/2019
English
English [Auto]
Current price: $139.99 Original price: $199.99 Discount: 30% off
5 hours left at this price!
30-Day Money-Back Guarantee
This course includes
  • 15.5 hours on-demand video
  • 8 downloadable resources
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
Training 5 or more people?

Get your team access to 4,000+ top Udemy courses anytime, anywhere.

Try Udemy for Business
What you'll learn
  • After successfully completing this course, the students will be able to completely learn and understand the eight domains of CISSP: Security and Risk Management, Asset Security, Security Engineering, Communications and Network Security, Identity and Access Management, Security Assessment and Testing, Security Operations and Software Development Security.
  • Earning the CISSP proves you have what it takes to effectively design, implement and manage a best-in-class cybersecurity program.
  • With a CISSP, you validate your expertise and become an (ISC)² member, unlocking a broad array of exclusive resources, educational tools, and peer-to-peer networking opportunities.
Requirements
  • There is no required prerequisite for this course however, the candidates are exoected to have a basic knowledge of IT security and industry best practices.
  • The students are also required to have a minimum of five years of professional experience in an IT security related job role. The experience required is a must for registering for the certification exam.
Description

The Certified Information Systems Security Professional course is a preparatory course for the CISSP certification exam provided by (ISC)2, the world’s leading cybersecurity and IT security professional organization. It addresses the exam topics in detail including information security concepts and industry best practices, and covers the eight domains of the official CISSP CBK (Common Body of Knowledge). The candidates are able to gain knowledge in information security that increases their ability to successfully implement and manage security programs in any organization.

The course will enable the students to validate their knowledge about the information security in general and the eight domains of CISSP exam in particular. The course alumni are expected to become involved in critical security decisions and risk management.

This certification course will teach students about security and risk management, asset management, security architecture and engineering, communication and network security, identity and access management, security assessment and testing, security operations, and software development security.

It provides a sound preparation for the CISSP certification exam provided by (ISC)2, the world’s leading cybersecurity and IT security professional organization.

Who this course is for:
  • Candidates looking to be certified as a CISSP.
  • In addition to this, candidates looking to establish their careers in the field of IT security are also encouraged to enrol in this course.
Course content
Expand all 515 lectures 15:33:24
+ Course Introduction
5 lectures 15:19
Course Introduction A
02:19
Course Introduction B
02:22
Course Introduction C
01:29
+ Domain 01 - Security and Risk Management
98 lectures 03:06:29
Security and Risk Management
00:32
Confidentiality
04:41
Confidentiality (Cont.)
02:36
Integrity (Cont.)
02:00
Availability
01:52
Availability (Cont.)
01:52
References
00:12
Topic: Security Governance
00:25
Security Governance Principles
01:03
Security Governance Principles (Cont.)
02:45
Security Functions to Business Goals
02:02
Security Functions to Business Goals (Cont.)
03:46
Security Functions to Business Goals (cont.)
02:56
Organizational Processes
02:17
Organizational Processes (Cont.)
03:17
Roles and Responsibilities
01:43
Roles and Responsibilities (Cont.)
01:25
Security Control Frameworks (Cont.)
03:02
Security Control Frameworks (cont.)
02:56
Due Care / Due Diligence
02:17
References
00:13
Topic: Compliance Requirements
00:18
Compliance Requirements
03:37
Contracts, Legal, Industry Standards
02:45
Contracts, Legal, Industry Standards (Cont.)
02:13
Contracts, Legal, Industry Standards (cont.)
03:52
Privacy Requirements (Cont.)
02:12
References
00:10
Topic: Legal and Regulatory - Global
00:29
Legal and Regulatory - Global
02:17
Legal and Regulatory - Global (Cont.)
01:24
Cyber Crimes and Data Breaches
01:20
Cyber Crimes and Data Breaches (Cont.)
01:36
Intellectual Property
02:35
Intellectual Property (Cont.)
01:18
Intellectual Property (cont.)
01:58
Intellectual Property cont.
01:46
Import / Export Controls
03:04
Trans-border Data Flows
01:48
Privacy (Cont.)
03:25
References
00:10
Topic: Professional Ethics
00:30
Professional Ethics
02:02
Professional Ethics (Cont.)
01:15
Topic: Security Policy, Standards, Procedures
00:21
Security Policy, Standards, Procedures (Cont.)
01:29
Security Policy, Standards, Procedures (cont.)
02:55
References
00:08
Topic: Business Continuity
00:20
Business Continuity
01:23
Document Scope and Plan
01:55
Document Scope and Plan (Cont.)
02:57
Business Impact Analysis
02:14
Business Impact Analysis (Cont.)
02:09
References
00:05
Topic: Personal Security Policies
00:29
Personal Security Policies
03:30
Candidate Screening / Hiring
02:12
Employment Agreements / Polices
03:12
On-boarding / Termination Process
03:03
On-Boarding / Termination Process (Cont.)
02:52
Vendor, Consultant, Contractor
01:55
Compliance Policy Requirements
01:40
Privacy Policy Requirements
02:26
References
00:09
Topic: Apply Risk Management
00:12
Apply Risk Management Part1
02:03
Apply Risk Management Part2
03:38
Apply Risk Management Part 3
01:40
Apply Risk Management Part 4
01:47
Apply Risk Management Part5
01:21
References
00:11
Topic: Threat Modeling
00:07
Threat Modeling – Concepts / Methodology
03:44
Threat Modeling – Categorizing Threats
02:33
Threat Modeling – Generic Steps
02:50
Threat Modeling – Analyzing Risk
02:20
References
00:08
Topic: Risk Management – Supply Chain
00:19
Hardware, Software
03:40
Hardware, Software (Cont.)
02:47
3rd Party Evaluations
02:27
3rd Party Evaluations (Cont.)
03:37
Minimum Security
02:36
References
00:30
Topic: Security Awareness and Training
00:28
Security Awareness and Training
04:38
Methods and Techniques
01:39
Periodic Content Reviews
01:46
Effectiveness Evaluations
02:15
References
00:12
Quiz 1
10 questions
+ Domain 02 - Asset Management
44 lectures 01:23:53
Asset Management
00:33
Topic: Identify and Classify
00:23
Data Classification Part1
02:35
Data Classification Part 2
02:35
Data Classification Part 3
02:30
Asset Classification
02:07
Asset Classification (Cont.)
01:41
References
00:08
Topic: Asset Ownership
00:11
Asset Ownership Part1
04:24
Asset Ownership Part2
03:31
Asset Ownership Part3
02:44
References
00:08
Topic: Protect Privacy
00:14
Data Owners
02:18
Data Owners (Cont.)
03:55
Data Processors
02:24
Data Processors (Cont.)
01:15
Data Remanence
01:46
Data Remanence (Cont.)
02:19
Data Collection Part1
01:43
Data Collection Part2
01:14
Data Collection Part3
01:37
References
00:21
Topic: Asset Retention
00:12
Asset Retention
02:14
Record Retention
05:08
References
00:12
Topic: Data Security Controls
00:19
Data Security Controls
03:08
Data Security Controls (Cont.)
03:52
Data Security Controls (Last Part)
03:54
Scoping and Tailoring
02:21
Standards Selection
02:47
Data Protection Methods
01:04
Data Protection Methods (Cont.)
02:08
References
00:20
Topic: Information / Asset Handling
00:11
Information / Asset Handling Part1
01:47
Information / Asset Handling Part2
03:26
Information / Asset Handling Part3
02:43
Failure Examples
03:26
Storage Options
01:52
References
00:13
Quiz 2
10 questions
+ Domain 03 - Security Architecture and Engineering
91 lectures 02:56:31
Security Architecture and Engineering
00:46
Topic: Engineering Processes and Secure Design
00:11
Engineering Processes and Secure Design
02:06
Closed / Open Systems
02:59
Closed / Open Source Code
02:38
Techniques / Confinement
02:08
Bounds
01:42
Process Isolation
01:35
Controls / MAC and DAC
02:00
References
00:11
Topic: Concepts of Security Models
00:11
Concepts of Security Models
03:12
Security Perimeter
01:58
Reference Monitors / Security Kernels
01:44
Various Models
01:18
References
00:10
Topic: Controls Based on Security Requirements
00:09
Controls Based on Security Requirements
01:19
Rainbow Series
02:49
TCSEC
01:17
ITSEC / Common Criteria
01:33
Common Criteria
01:23
References
00:10
Topic: Security Capabilities of Information Systems
00:14
Security Capabilities of Information Systems
01:49
Virtualization
02:39
Trusted Platform Module
01:57
References
00:10
Topic: Assess / Mitigate Vulnerabilities
00:26
Assess / Mitigate Vulnerabilities
02:29
Local Caches
01:52
Server-Based Systems
02:13
Database Systems
02:46
Database Systems (Cont.)
02:40
Industrial Control Systems
04:04
Cloud-Based Systems
04:16
Cloud-Based Systems (Cont.)
02:52
Distributed Systems
02:12
Internet of Things
02:46
References
00:12
Topic: Assess / Mitigate Vulnerabilities (Web)
00:12
Assess / Mitigate Vulnerabilities (Web)
03:36
Assess / Mitigate Vulnerabilities (Web) - Cont.
03:00
Assess / Mitigate Vulnerabilities (Web) - Cont.
03:28
References
00:25
Topic: Assess / Mitigate Vulnerabilities (Mobile)
00:07
Assess / Mitigate Vulnerabilities (Mobile)
03:17
Device Security
05:53
Application Security
04:10
Application Security (Cont.)
01:40
References
00:11
Topic: Assess / Mitigate Vulnerabilities (Embedded)
00:14
Assess / Mitigate Vulnerabilities (Embedded)
02:18
Embedded / Static Systems
02:26
Securing Embedded / Static Systems
04:10
References
00:11
Topic: Apply Cryptography
00:40
Apply Cryptography
04:20
Cryptographic Life Cycle
01:40
Cryptographic Methods
01:54
Symmetric Key
02:41
Asymmetric Key
03:55
Asymmetric Key (Cont.)
02:06
Elliptic Curve
01:51
Public Key Infrastructure
01:28
Certificates
02:09
Certificates (Cont.)
01:57
Key Management
03:20
Digital Signatures
01:57
Integrity - Hashing
01:35
Integrity - Hashing (Cont.)
01:56
Cryptanalytic Attacks
02:47
Digital Rights Management (DRM)
03:38
References
00:10
Topic: Site / Facility Security Principles
00:09
Site / Facility Security Principles
03:08
Site / Facility Security Principles (Cont.)
03:03
References
00:10
Topic: Site / Facility Security Controls
03:40
Site / Facility Security Controls
02:20
Server Rooms / Data Centers
02:15
Server Rooms / Data Centers (Cont.)
02:16
Media Storage Facilities
01:31
Evidence Storage
02:52
Restricted and Work Area Security
01:43
Utilities and HVAC
02:33
Environmental Issues
02:09
Fire Prevention, Detection, and Suppression
00:55
Fire Extinguishers / Detection
01:27
Water Suppression / Gas Discharge
01:40
References
00:12
Quiz 3
10 questions
+ Domain 04 - Communication and Network Security
46 lectures 01:01:30
Communication and Network Security
00:26
Topic: Secure Design and Network Architecture
00:22
Secure Design and Network Architecture
01:29
OSI Model
00:34
Encapsulation / Decapsulation
01:35
Physical / Data Link Layers
02:14
Network Layer
00:55
Transport Layer
00:56
Session Layer
00:57
Presentation Layer
01:04
Application Layer
00:37
IP Networking
00:43
TCP/IP
04:31
SYN / ACK / TCP
00:57
IP Classes
02:36
Multilayer Protocols
01:13
Converged Protocols
01:46
Wireless Networks
01:38
Secure SSID
01:26
Secure Encryption Protocols
01:05
Secure Encryption Protocols (Cont.)
01:18
References
00:20
Topic: Secure Network Components
00:18
Operation of Hardware
02:49
Firewalls
02:10
Firewall Inspection
01:43
Transmission Media
01:57
Baseband / Broadband
00:50
Twisted Pair
01:53
Network Access Controls
00:30
Network Access Controls - Concepts
01:09
Endpoint Security
02:02
Distribution Networks
01:25
References
00:12
Topic: Secure Communication Design
00:13
Voice
01:57
PBX Fraud
01:06
Multimedia Collaboration
01:19
Remote Meeting
01:38
Securing Email
01:30
Remote Access
01:53
Remote Access (Cont.)
01:51
Remote Authentication
01:23
Virtualized Networks
01:46
VPN Protocols
00:58
References
00:16
Quiz 4
10 questions
+ Domain 05 - Identity and Access Management
41 lectures 01:13:31
Identity and Access Management
00:32
Topic: Physical and Logical Access
00:13
Information
01:57
Access Control Process
02:34
Logical and Technical Access Controls
02:55
Logical and Technical Access Controls (Cont.)
02:04
Systems
01:53
Devices
02:13
Facilities
02:23
References
00:44
Topic: Manage Identification / Authentication
00:24
Identity Implementation
01:47
Single / Multi-factor Authentication
03:50
Service Authentication
02:38
Accountability
02:56
Session Management
02:16
Registration / Proofing Identity
02:34
Federated Identity Management
02:33
Common Language
02:17
Credential Management Systems
03:44
CyberArk
01:38
References
00:17
Topic: Integrate Identity as a Third-Party Service
00:12
On-Premise
02:37
Cloud
02:31
Federated
01:00
References
00:12
Topic: Implement and Manage Authorization
00:29
Role-Based Access
01:52
Upsides / Downsides
01:28
Rule-Based Access
01:39
Mandatory Access
01:42
Discretionary Access
02:09
Attribute-based Access
00:54
References
00:11
Topic: Manage Identity / Access Lifecycle
00:12
Account Review
04:37
System Access Review
03:57
Provisioning
02:12
Provisioning (Cont.)
01:04
References
00:11
Quiz 5
9 questions
+ Domain 06 - Security Assessment and Testing
38 lectures 01:13:43
Security Assessment and Testing
00:27
Topic: Assessment, Test, and Audit Strategies
00:08
Assessment, Test, and Audit Strategies
02:56
Security Assessment / Testing
03:12
Security Assessments
01:32
External / Third Party
02:37
Auditing Standards
01:11
References
00:10
Topic: Security Control Testing
00:21
Vulnerability Assessment
04:22
Vulnerability Scans
03:48
Network Vulnerability Scans
02:29
Web Vulnerability Scans
04:38
Penetration Testing
03:42
Testing Options
01:00
Log Reviews
04:13
Synthetic Transaction
01:01
Code Review / Testing
01:47
Testing Options (cont.)
02:13
Misuse Case Testing
01:37
Test Coverage Analysis
01:07
Interface Testing
02:06
References
00:27
Topic: Security Process Data
00:16
Account Management
06:40
Management Review
02:41
Performance and Risk Indicators
01:15
Backup Verification
01:54
Training and Awareness
01:04
References
00:07
Topic: Analyze Test Output / Generate Reports
00:13
Analyze Test Output / Generate Reports
03:48
External Scan Report
03:22
References
00:04
Topic: Conduct / Facilitate Security Audit
00:08
Internal Aspects
03:05
External / 3rd Party Aspect
01:51
References
00:11
Quiz 6
10 questions
+ Domain 07 - Security Operations
114 lectures 03:17:30
Security Operations
00:19
Topic: Investigations
00:16
Evidence Collection
02:51
Network / Software / Hardware Analysis
03:12
Reporting and Documentation
03:35
Investigative Techniques
01:11
Gathering Evidence
01:07
Digital Forensics
01:48
Chain of Custody
01:39
References
00:09
Topic: Investigation Team
00:10
Administrative Aspects
02:51
Criminal Investigations
02:32
Civil Investigations
02:53
Regulatory Investigations
02:20
References
00:09
Topic: Logging and Monitoring Activities
00:14
SIEM
03:06
Deployment
02:21
Continuous Monitoring
02:39
Egress Monitoring
02:06
Tools to Assist
04:04
References
00:10
Topic: Provisioning Resources
00:13
Asset Inventory
02:03
Asset Management
02:30
Cloud-Based Management
03:59
Configuration Management
02:16
References
00:16
Topic: Security Operations Concepts
00:21
Separation of Duties
03:01
Need to Know / Least Privilege
01:43
Separation of Privilege
01:16
Privileged Account Management
04:58
Job Rotation
03:05
Information Lifecycle
01:48
Key Phases of Data
02:51
Service Level Agreements
01:48
References
00:12
Topic: Protection Techniques
00:09
Media Management
02:46
Hardware / Software Asset Management
01:44
Software
02:15
References
00:09
Topic: Incident Management
00:14
Detection
02:38
Responsive
02:36
Reporting
02:37
Legal / Compliance
01:46
Recovery
02:05
Remediation
01:29
Lessons Learned
01:16
References
00:15
Topic: Detective / Preventative Measures
00:23
Firewalls
04:07
Intrusion Detection / Prevention
02:05
Knowledge / Behavior-Based
01:58
Network / Host-Based
01:49
Whitelisting / Blacklisting
02:01
Third-Party Security Services
01:41
Sandboxing
01:22
Honeypots/Honeynets
02:53
Anti-Malware
01:55
References
00:13
Topic: Patch and Vulnerability Management
00:09
Patch / Vulnerability Management
02:43
Patch Management
02:26
References
00:15
Topic: Change Management Processes
00:10
Change Management
02:28
Security Impact Analysis
02:55
References
00:08
Topic: Implement Recovery Strategies
00:22
Backup Storage
02:37
Recovery Site Strategies
03:19
Business / Functional Unit Priorities
02:03
Crisis Management
04:09
Multiple Processing Sites
02:29
Options
02:03
Cloud Computing
01:17
High Availability / QoS
01:08
Hard Drives / Power Sources
03:17
QoS
00:57
References
00:09
Topic: Implement Disaster Recovery
00:15
Response
02:11
Personnel
02:17
Communications
Processing..
Assessment
01:00
Restoration
01:37
Training and Awareness
02:10
References
00:06
Topic: Test Disaster Recovery
00:22
Overview
04:23
Read-Through Checklists
01:20
Walk-Through (Table-Top)
01:14
Simulation Test
01:42
Parallel Test
01:09
Full Interruption
01:49
References
00:07
Topic: Implement / Manage Physical Security
00:14
Perimeter Security
03:24
Fences, Gates and Lighting
02:45
Security Dogs
02:24
Internal Security Controls
01:55
Badges / Regulatory Requirements
01:52
References
00:06
Topic: Personnel Safety / Security
00:12
Travel
02:31
Travel (Cont.)
02:49
Security Training and Awareness
01:59
Emergency Management
01:28
Duress
02:22
References
00:15
Quiz 7
10 questions
+ Domain 08 - Software Development Security
38 lectures 01:04:58
Software Development Security
00:30
Topic: Software Development Life Cycle
00:09
Development Methodologies
02:07
Functional Requirements / Control Specifications
03:22
Design / Code Review
01:14
User Acceptance Testing / Change Management
02:20
Maturity Models
02:08
Agile / SW-CMM
02:09
Change Management
02:13
Integrated Product Team
01:39
References
00:18
Topic: Security Controls in Development
00:15
Security of Software Environments
02:24
Development Security
03:35
Secure Coding Configuration Management
04:39
Code Repositories
01:47
Best Practices
01:33
References
00:16
Topic: Assess Software Security Effectiveness
00:17
Auditing and Logging
02:00
ODBC / NoSQL
03:03
Risk Analysis / Mitigation
02:38
Development Methodology
02:35
Tracking Progress / Repeat
01:03
References
00:14
Topic: Security Impact of Acquired Software
00:10
Security Impact of Acquired Software
03:13
OWASP Key Considerations
03:05
References
00:10
Topic: Secure Coding Guidelines and Standards
00:11
Security Weaknesses / Vulnerabilities
03:21
Reconnaissance Attacks
01:33
Masquerading Attacks
02:11
API Security
01:47
Secure Coding Practices
00:56
Testing Options
00:44
References
00:11
Quiz 8
10 questions
Course Closure
02:58