CISSP-Certified Information Systems Security Professional – Certification Preparation (GK9803)

Chapter 1 Security Governance Through Principles and Policies

• • Security 101
• • Understand and Apply Security Concepts
• • Security Boundaries
• • Evaluate and Apply Security Governance Principles
• • Manage the Security Function
• • Security Policy, Standards, Procedures, and Guidelines
• • Threat Modeling
• • Supply Chain Risk Management

Chapter 2 Personnel Security and Risk Management Concepts

• • Personnel Security Policies and Procedures
• • Understand and Apply Risk Management Concepts
• • Social Engineering
• • Establish and Maintain a Security Awareness, Education, and Training Program

Chapter 3 Business Continuity Planning

• • Planning for Business Continuity
• • Project Scope and Planning
• • Business Impact Analysis
• • Continuity Planning
• • Plan Approval and Implementation

Chapter 4 Laws, Regulations, and Compliance

• • Categories of Laws
• • Laws
• • State Privacy Laws
• • Compliance
• • Contracting and Procurement

Chapter 5 Protecting Security of Assets

• • Identifying and Classifying Information and Assets
• • Establishing Information and Asset Handling Requirements
• • Data Protection Methods
• • Understanding Data Roles
• • Using Security Baselines

Chapter 6 Cryptography and Symmetric Key Algorithms

• • Cryptographic Foundations
• • Modern Cryptography
• • Symmetric Cryptography
• • Cryptographic Life Cycle

Chapter 7 PKI and Cryptographic Applications

• • Asymmetric Cryptography
• • Hash Functions
• • Digital Signatures
• • Public Key Infrastructure
• • Asymmetric Key Management
• • Hybrid Cryptography
• • Applied Cryptography
• • Cryptographic Attacks

Chapter 8 Principles of Security Models, Design, and Capabilities

• • Secure Design Principles
• • Techniques for Ensuring CIA
• • Understand the Fundamental Concepts of Security Models
• • Select Controls Based on Systems Security Requirements
• • Understand Security Capabilities

Chapter 9 Security Vulnerabilities, Threats, and Countermeasures

• • Shared Responsibility
• • Data Localization and Data Sovereignty
• • Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements
• • Client-Based Systems
• • Server-Based Systems
• • Industrial Control Systems
• • Distributed Systems
• • High-Performance Computing (HPC) Systems
• • Real-Time Operating Systems
• • Internet of Things
• • Edge and Fog Computing
• • Embedded Devices and Cyber-Physical Systems
• • Microservices
• • Infrastructure as Code
• • Immutable Architecture
• • Virtualized Systems
• • Containerization
• • Mobile Devices
• • Essential Security Protection Mechanisms
• • Common Security Architecture Flaws and Issues

Chapter 10 Physical Security Requirements

• • Apply Security Principles to Site and Facility Design
• • Implement Site and Facility Security Controls
• • Implement and Manage Physical Security

Chapter 11 Secure Network Architecture and Components

• •  OSI Model
• • TCP/IP Model
• • Analyzing Network Traffic
• • Common Application Layer Protocols
• • Transport Layer Protocols
• • Domain Name System
• • Internet Protocol (IP) Networking
• • ARP Concerns
• • Secure Communication Protocols
• • Implications of Multilayer Protocols
• • Segmentation
• • Edge Networks
• • Wireless Networks
• • Satellite Communications
• • Cellular Networks
• • Content Distribution Networks (CDNs)
• • Secure Network Components

Chapter 12 Secure Communications and Network Attacks ·       

• • Protocol Security Mechanisms
• • Secure Voice Communications
• • Remote Access Security Management
• • Multimedia Collaboration
• • Monitoring and Management
• • Load Balancing
• • Manage Email Security
• • Virtual Private Network
• • Switching and Virtual LANs
• • Network Address Translation
• • Third-Party Connectivity
• • Switching Technologies
• • WAN Technologies
• • Fiber-Optic Links
• • Prevent or Mitigate Network Attacks

Chapter 13 Managing Identity and Authentication

• • Controlling Access to Assets
• • The AAA Model
• • Implementing Identity Management
• • Managing the Identity and Access Provisioning Life Cycle

Chapter 14 Controlling and Monitoring Access

• • Comparing Access Control Models
• • Implementing Authentication Systems
• • Zero-Trust Access Policy Enforcement
• • Understanding Access Control Attacks

Chapter 15 Security Assessment and Testing

• • Building a Security Assessment and Testing Program
• • Performing Vulnerability Assessments
• • Testing Your Software
• • Training and Exercises
• • Implementing Security Management Processes and Collecting Security Process Data

Chapter 16 Managing Security Operations

• • Apply Foundational Security Operations Concepts
• • Address Personnel Safety and Security
• • Provision Information and Assets Securely
• • Managed Services in the Cloud
• • Perform Configuration Management (CM)
• • Manage Change
• • Manage Patches and Reduce Vulnerabilities

Chapter 17 Preventing and Responding to Incidents

• • Conducting Incident Management
• • Implementing Detection and Preventive Measures
• • Logging and Monitoring
• • Automating Incident Response

Chapter 18 Disaster Recovery Planning

• • The Nature of Disaster
• • Understand System Resilience, High Availability, and Fault Tolerance
• • Recovery Strategy
• • Recovery Plan Development
• • Training, Awareness, and Documentation
• • Testing and Maintenance

Chapter 19 Investigations and Ethics

• • Investigations
• • Major Categories of Computer Crime
• • Ethics

Chapter 20 Software Development Security

• • Introducing Systems Development Controls
• • Establishing Databases and Data Warehousing
• • Storage Threats
• • Understanding Knowledge- Based Systems

Chapter 21 Malicious Code and Application Attacks

• • Malware
• • Malware Prevention
• • Application Attacks
• • Injection Vulnerabilities
• • Exploiting Authorization Vulnerabilities
• • Exploiting Web Application Vulnerabilities
• • Application Security Controls
• • Secure Coding Practices