
This lecture provides a a preview of how the course is structured along with a walk-through of the CISSP Exam.
We will cover the CIA Triad, look at additional foundational cybersecurity terms, Evaluate and apply security governance principles, organizational processes, examine Security control frameworks, understand Classification levels, privacy requirements, look at compliance requirements and understand Acts related to computer crime, as well as view some data protection regulations.
We will cover Code of ethics, Business Continuity Planning and the underlying steps, Personnel security procedures, risk management concepts, risk response types, Countermeasures selection criteria, types of access controls, understand asset valuation, NIST Risk Management Framework (RMF), threat modeling concepts and methodologies.
We will cover Classification of sensitive data, Defining data classifications, look at data security requirements, glance over managing sensitivity data, followed by data roles, and determining data security roles.
Here, we will cover how to Implement and manage engineering processes using secure design principles, examine different security models, look at TCSEC, ITSEC, Common Criteria, and conclude the video by examining different types of vulnerabilities and ways to protect from them.
We will see how to Assess and Mitigate Vulnerabilities in Mobile based systems & embedded systems, apply cryptography, understand key management life cycle, look at different cryptographic types, Look at Public Key Infrastructure, followed by cryptography attacks, and conclude with looking at applying security principles to site and facility design and how to implement facility controls.
Here, we will cover the OSI and TCP/IP models, followed by TCP, UDP and other network protocols, examine TCP/IP vulnerabilities, Converged protocols, Software defined networking, look at ways to secure wireless networks, and go over network topologies as well as LAN access technologies.
Topics that will be covered: Control Physical and Logical Access to Assets, Manage identification and authentication of people, devices, and services, integrate identity as a third-party service, Implement and manage authorization mechanisms, Manage the identity and access provisioning life cycle.
Understand the process to Design and validate assessment, test, and audit strategies, (through security testing, security assessment, security audit), understand vulnerability assessment process, scanning for web vulnerabilities, look at penetration testing and its phases; analyze synthetic transactions, log reviews, code review and testing, test coverage analysis, interface testing as ways to conduct security control testing; and wrap up by looking at different ways to collect security control data.
Topics that will be covered include the E-Discovery Reference Model (EDRM), Incident response process, digital forensic tools, logging and monitoring activities, monitoring techniques, Securely provisioning resources, Understand and apply security operations concepts, data life cycle management process, and apply resource management techniques.
Review the incident management process, learn how to operate and maintain detective and preventive measures, how to implement and support patch management and vulnerability management, understand and participate in the change management process, understand how to implement recovery strategies, understand terms like System resilience, Quality of Service (QoS), and fault tolerance, take a look at RAID levels, and finally view measures to take to Address personnel safety and security concerns
Topics covered: SDLC phases along with integration of security in the mix, development models, software testing types, storage threats, application level attacks, web based attacks, Security configuration management, code repository services, assessing effectiveness of applied software security, things to consider while acquiring 3rd party software, and secure coding practices.
While most of us professionals do not have the time to read through fat cybersecurity books multiple times, the pressure before the exam is a lot. I have created this short 6 hour video that you watch and/or listen over and over while you are driving (listen while driving), working out, riding the metro or a cab, or even before heading to bed. I definitely recommend leveraging this after you have read through one of the CISSP books once and then come back to this to get a quick recap.