Teach on Udemy

Turn what you know into an opportunity and reach millions around the world.

Learn More

Your cart is empty.

Keep shopping

CISSP Certification: Domains 5, 6, 7 & 8 Video Training-2021

Name: CISSP Certification: Domains 5, 6, 7 & 8 Video Training-2021
Rating: 4.1 (19 reviews)

Invest in the CISSP Certification (Domain 5, 6, 7 & 8) Training Course: Video, downloadable slides & practice questions

Created byShon Gerber

Last updated 7/2023

English

What you'll learn

Prepare for the of the 2021 Certified Information Systems Security Processionals (CISSP) exam
Full understanding of the objectives that relate to Domain 5 (Identity and Access Management) of the CISSP exam
Full understanding of the objectives that relate to Domain 6 (Security Assessment and Testing) of the CISSP exam
Full understanding of the objectives that relate to Domain 7 (Security Operations) of the CISSP exam
Full understanding of the objectives that relate to Domain 8 (Software Development Security) of the CISSP exam
Security management perspectives from the view of a Chief Information Security Officer (CISO)
How to begin on the CISSP certification journey along with practical real-world experiences providing knowledge and context
Learn the benefits and rewards for gaining your CISSP certification, and what it will provide to your career

Course content

32 sections • 155 lectures • 8h 54m total length

Introduction4:49
Meet Sean Gerber as he introduces the CISSP version 2021, detailing training, concentrations, ISC Squared, the associate CISSP, and exam highlights.
Cyber Beginnings2:41
Trace the birth of the air force red team, training avionics and maintenance personnel to become cyber attackers, and narrate a self-taught CISSP journey from failure to passing.
Corporate and College2:32
Transition from an Air Force red team commander to a security architect and CISO, highlighting corporate cybersecurity leadership and global operations.
CISSP Concentrations5:02
Discover CISSP concentrations and how architecture, engineering, and management align with the eight domains for exam prep. Gain practical study strategies, resources, and the instructor's expert insights beyond the book.
Consortium and Associates4:12
Explore the CISSP framework across the eight domains, the three-year update cycle, and the associates program that lets you test early before meeting work-experience and certification requirements.
Exam Highlights4:51
Master CISSP exam highlights, including computer adaptive testing, 100–150 questions, and pass/fail outcomes, with guidance on domain weights from the 2021 exam.

Domain 5 Overview2:29
Explore domain five of the CISSP, focusing on identity and access management, authentication and federation, and authorization controls like RBAC, mandatory access control, and OpenID, SAML, Kerberos, TACACS, and Radius.
Access Control Types5:19
Authentication Factors5:06
Explore authentication factors—something you know, have, do, and are—covering passwords, smart cards, tokens, and biometrics, explain password weaknesses, passphrases, and the difference between synchronous and asynchronous tokens.
Systems and Devices5:04
Enforce access controls and encryption in transit and at rest across systems and devices, including cloud, serverless, IoT, and applications, with Active Directory and federation for permissions.

Identity Management Implementation2:39
Compare centralized and decentralized identity management approaches. Leverage single sign-on with LDAP and PKI integrated into Active Directory.
Single and Multi-Factor Authentication5:28
Accountability4:18
Explore authorization, granular role-based access controls, and accountability through auditing and proven identities, and learn session management practices to prevent unauthorized access.
Federated Identity Management2:39
Explore federated identity management and single sign-on across organizations using providers like Facebook and Google. Understand standards such as Saml, OAuth, and OpenID Connect that enable cross-domain authentication.
Common Language6:01
Understand common markup and authentication languages, including HTML, XML, SAML, OAuth 2.0, and OpenID, and evaluate credential management systems like LastPass and CyberArk for secure access.
Just In Time1:37
Use just-in-time federated access with a trusted organization and SAML, creating connections without administrator intervention. Internal credentials grant access to third-party services, sharing basic user details as needed.
Registration, Proofing, and Establishment of Identity4:51
Learn how registration, proofing, and establishment of identity use biometrics, gold star verification, knowledge-based authentication, and authoritative queries to verify who you are while managing short-lived sessions.

Identity Governance_13:40
Identity Governance_23:45
On Premise2:13
On premise identification uses LDAP tied to Active Directory, enabling SSO, SAML, and Windows authentication. Provisioning and APIs support cross-organization apps, though changes may require multi-factor authentication.
Cloud2:17
Explore cloud identity management with the Fido Alliance and biometrics, and examine Azure Active Directory integration and hybrid models that share identities across environments.

Key Concepts6:24
Explore authorization mechanisms and the role of identity and authentication, define permissions, rights, and privileges, and apply defense in depth with RBAC, DAC, MAC, ABAC, and mandatory access controls.
Role Based Access3:14
Mandatory Access Controls2:29
Discretionary Access Controls1:37
Explore discretionary access controls, where owners define asset access and grant identity-based permissions, revealing challenges of granular, non-standard access and the need for software to manage succession.
Risk Based Access Controls2:48

Account Access Review4:29
Provisioning and Deprovisioning5:36
Account Revocation4:36
Implement an immediate access disable upon departure, audit elevated permissions, and apply role-based provisioning, retain data for 30 days, then delete accounts to prevent orphan accounts and insider threat risks.
Privilege Escalation5:31
Explore how privilege escalation advances from local and domain admin accounts to domain-wide control, including horizontal (lateral) and vertical escalation, and how sudo, su, and pseudo affect access.

Open ID and OAuth - Video #14:07
Explore OpenID Connect and OAuth as a token-based authentication framework enabling third-party sign-ins like Google or Facebook without sharing user credentials, using tokens.
Open ID and OAuth - Video #22:22
Explore how OpenID Connect augments OAuth 2.0 to enable single sign-on and token-based authentication across multiple resources, with profile data sharing and streamlined identity management.
SAML2:23
Explore security assertion markup language (saml) as an open standard for single sign-on between identity providers and service providers. Compare saml with oauth and json flows, emphasizing enterprise use.
Kerberos3:19
Explain Kerberos architecture—client, network resource, and key distribution center—with authentication and ticket granting services enabling single sign-on, and note pass the hash, pass the key, and golden ticket attacks.
Domain 5 Completion (freecisspquestions.com)1:37
Complete domain 5 of the CISSP certification and access 360 free CISSP questions through free CISSP questions.com, with 30 questions each month to boost exam readiness.

Domain 6 Overview1:39
Domain 6 overview covers designing, validating assessment and audit strategies for internal, external, and third-party reviews. It emphasizes security control testing and vulnerability assessments, pen testing, and audit output reviews.
Internal Assessment - Video #13:55
Internal Assessment - Video #23:10
Design and conduct security assessments to validate testing strategies against regulatory and business requirements. Review findings with line-by-line controls and threat assessment, presenting textual and graphical reports to leaders.
Security Audits - Video #13:35
Security Audits - Video #24:33
Understand third party audits and soc 1–3 controls, including soc 2 type two operating effectiveness, and how iso 27001, cobit, and csf map to audit requirements.
Security Audits - Video #38:08

Vulnerability Assessment5:32
Explore vulnerability assessment and network discovery, including unauthorized and authenticated scans, using tools like Nessus, Metasploit, and Rapid7. Learn to scan web applications and databases across staging and cloud environments.
Penetration Testing3:44
Explore penetration testing fundamentals, including planning, information gathering, vulnerability scanning, exploitation, and reporting; compare white box, gray box, and black box approaches and consider legal implications for red teams.
Log Reviews2:24
Automate log reviews with security information and event monitoring tools to set rules, trigger alerts, and detect attacks; enforce logging policies via GPO and keep accurate timestamps with NTP.
Code Reviews5:14
Explore synthetic transactions and proactive website monitoring. Implement code review and static, dynamic, and fuzz testing to uncover and fix security flaws before deployment, while considering GDPR and privacy concerns.
Breach Attack Simulations3:04
Misuse Case Testing3:04
Misuse case testing uses a controlled lab environment to safely test the application, with methodical web scanning and focus on APIs, UIs, PLC interfaces, and branch, conditional, and function coverage.

Requirements

Desire to pass the Information Systems Security Professional CISSP Certification Exam and not sure how to do it
Desire to gain more insight and knowledge around IT, Information, and Cyber Security from a management/senior leader perspective

Description

In this CISSP Domain 5, 6, 7 and 8 video training course, I will provide you the knowledge, experience and practical skills you need to pass the CISSP certification. In addition, you will get my years of experience (Over 21 years) as I translate CISSP training requirements into real-world examples.

Included in this course:

CISSP Domain 5 Videos

Full CISSP Domain 5 Videos
10 CISSP practice questions

CISSP Domain 6 Videos

Full CISSP Domain 6 Videos
10 CISSP practice questions

CISSP Domain 7 Videos

Full CISSP Domain 7 Videos
10 CISSP practice questions

CISSP Domain 8 Videos

Full CISSP Domain 8 Videos
10 CISSP practice questions

The curriculum in this course covers the content that will be on the most current CISSP exam (April 2021). Each objective that is required for the CISSP exam will be covered in varying degrees of complexity and competency. The next upgrade to the CISSP curriculum/exam will occur in 2023.

In Domain 5 we will cover:

Control Physical and Logical Access to Assets
- Information
- Systems
- Devices
- Facilities
Manage Identification and Authentication of People, Devices, and Services
- Identity management implementation
- Single/multi-factor authentication
- Accountability
- Session management
- Registration and proofing of identity
- Federated Identity Management (FIM)
- Credential management systems
Integrate Identity as a Third-party Service
- On-premise
- Cloud
- Federated
Implement and Manage Authorization Mechanisms
- Role Based Access Control (RBAC)
- Rule-based Access control
- Mandatory Access Control (MAC)
- Discretionary Access Control (DAC)
- Attribute Based Access Control (ABAC)
Manage the Identity and Access Provisioning Lifecycle
- User access review
- System account access review
- Provisioning and deprovisioning

In Domain 6 we will cover:

Design and Validate Assessment, Test, and Audit Strategies
- Internal
- External
- Third Party
Conduct Security Control Testing
- Vulnerability Assessment
- Penetration Testing
- Log Reviews
- Synthetic Transactions
- Code Review and Testing
- Misuse Case Testing
- Test Coverage Analysis
- Interface Testing
Collect Security Process Data (e.g., Technical and Administrative)
- Account Management
- Management Review and Approval
- Key Performance and Risk Indicators
- Backup Verification Data
- Training and Awareness
- Disaster Recovery (DR) and Business Continuity (BC)
Analyze Test Output and Generate Report
Conduct or Facilitate Security Audits
- Internal
- External
- Third-Party

In Domain 7 we will cover:

Understand and Support Investigations
- Evidence Collection and Handling
- Reporting and Documentation
- Investigative Techniques
- Digital Forensics Tools, Tactics, and Procedures
Understand Requirements for Investigation Types
- Administrative
- Criminal
- Civil
- Regulatory
- Industry Standards
Conduct Logging and Monitoring Activities
- Intrusion Detection and Prevention
- Security Information and Event Management
- Continuous Monitoring
- Egress Monitoring
Securely Provisioning Resources
- Asset Inventory
- Asset Management
- Configuration Management
Understand and Apply Foundational Security Ops Concepts
- "Need-To-Know" / Least Privileges
- Separation of Duties and Responsibilities
- Privileged Account Management
- Job Rotation
- Information Lifecycle
- Service Level Agreements (SLA)
Apply Resource Protection Techniques
- Media Management
- Hardware and Software Asset Management
Conduct Incident Management
- Detection
- Response
- Mitigation
- Reporting
- Recovery
- Remediation
- Lessons Learned
Operate and Maintain Detective and Preventative Measures
- Firewalls
- Intrusion Detection and Prevention Systems
- Whitelisting/Blacklisting
- Third-Party Provided Security Services
- Sandboxing
Implement and Support Patch and Vulnerability Management
Understand and Participate in Change Management Processes
Implement Recovery Strategies
- Backup Storage Strategies
- Recovery Site Strategies
- Multiple Processing Sites
- System Resilience, High Availability, Quality of Service (QOS), and Fault Tolerance
Implement Disaster Recovery (DR) Processes
- Response
- Personnel
- Communications
- Assessment
- Restoration
- Training and Awareness
Test Disaster Recovery Plans (DRP)
- Read-Through/Checklist
- Structured Walk-Through (Table-Top)
- Simulation Test
- Parallel Test
- Full Interruption Test
Participate in Business Continuity (BC) Planning and Exercises
Implement and Manage Physical Security
- Perimeter Security Controls
- Internal Security Controls
Address Personnel Safety and Security Concerns
- Travel
- Security Training and Awareness
- Emergency Management
- Duress

In Domain 8 we will cover:

Design and Validate Assessment, Test, and Audit Strategies
- Internal
- External
- Third Party
Conduct Security Control Testing
- Vulnerability Assessment
- Penetration Testing
- Log Reviews
- Synthetic Transactions
- Code Review and Testing
- Misuse Case Testing
- Test Coverage Analysis
- Interface Testing
Collect Security Process Data (e.g., Technical and Administrative)
- Account Management
- Management Review and Approval
- Key Performance and Risk Indicators
- Backup Verification Data
- Training and Awareness
- Disaster Recovery (DR) and Business Continuity (BC)
Analyze Test Output and Generate Report
Conduct or Facilitate Security Audits
- Internal
- External
- Third-Party

Notes / Disclaimers:

In order for you to pass the CISSP test you need to have the substantial knowledge through experience and knowledge.
The test was originally written in English, but there are other language versions available
Answering the questions you need to consider the "perfect world" scenario and that work around options may be technically correct, but they may not meet (ISC)2 point of view
You need to be able to spot the keywords (DR, BCP, Policy, Standards, etc.) as well as the indicators (First, Best, Last, Least, Most)
Understand and answer every question from the Manager, CISO, or Risk Advisers Point of View (PoV). Answering the questions from a CIO or technical perspective will place your thinking too high or down in the weeds too far.
Understand that you are to answer the questions based on being proactive within your environment. Enable a Vulnerability Management Program before you have vulnerability issues.
The English version of the CISSP exam, utilizes the Computerized Adaptive Testing (CAT) format and is 3 hours long with 100-150 questions
Most people studying for CISSP certification will various media sources, test banks, and various books to enhance their test taking experience.
Don’t rely on one source to teach you all that you need to know for the CISSP….Invest in multiple training opportunities. The future payoff is worth the time and energy.

Who this course is for:

Individuals who are preparing for the ISC2 CISSP Certification Exam
Individuals wanting lean and gain knowledge on the CISSP certification
People wanting to grow their IT Security and Cyber Security knowledge
New and experienced IT Security professionals
Anyone wanting to break into IT Security
Students wanting to learn and grow their understanding on the CISSP Domain curriculum

CISSP Certification: Domains 5, 6, 7 & 8 Video Training-2021

What you'll learn

Explore related topics

Course content

Introductions, Concentrations and Exam Highlights6 lectures • 24min

Domain 5.1: Control Physical and Logical Access to Assets4 lectures • 18min

Domain 5.2: Manage Identification and Authentication , Devices, & Services7 lectures • 28min

Domain 5.3: Federated Identity With a Third-Party Service4 lectures • 12min

Domain 5.4: Implement and Manage Authorization Mechanism5 lectures • 17min

Domain 5.5: Manage the Identity and Access Provisioning Life-cycle4 lectures • 20min

Domain 5.6: Implement Authentication Systems5 lectures • 14min

Domain 6.1: Design and Validate Assessment, Test, and Audit Strategies6 lectures • 25min

Domain 6.2: Conduct Security Control Testing6 lectures • 23min

Domain 6.3: Collect Security Process Data (e.g. Technical and Administrative)3 lectures • 9min

Requirements

Description

Who this course is for: