CISSP in 100 Pages: A Study Companion (Last Minute Exam Cram) by Nathan
English | 20 Oct. 2017 | ASIN: B076MKH2NZ | 100 Pages | PDF | 973.3 KB
English | 20 Oct. 2017 | ASIN: B076MKH2NZ | 100 Pages | PDF | 973.3 KB
The CISSP is a global measure of excellence in the world of cybersecurity. This 100-page study review summarizes what you need to know to be successful with the CISSP certification exam. CISSP in 100 Pages is intended to supplement your other CISSP study materials and act as a review or a refresher for the large content areas the certification exam covers.
Domain One: Security
Confidentiality, Integrity and Availability
Security Governance Principles
Compliance
Legal and Regulatory Issues
Professional Ethics
Business Continuity Requirements
Personnel Security Policies
Risk Management
Threat Modelling
Information Security, Education, Training and Awareness
Domain Two: Asset Security
Classifying Information
Maintaining Ownership
Protect Privacy
Data Security Controls
Handling Requirements
Domain Three: Security Engineering
Secure Design Principles
Fundamental Concepts of Security Models
Controls and Countermeasures
Information Systems
Vulnerabilities of Security Architecture, Web-Based Systems and Mobile Systems
Apply Cryptography
Physical Security
Domain Four: Communication and Network Security
Secure Design Principles
Secure Network Components
Secure Communication Channels
Preventing and Mitigating Network Attacks
Domain Five: Identity and Access Management
Access to Assets
Identification and Authentication of People and Devices
Cloud Identity
Third-Party Identity Services
Authorization Mechanisms
Access Control Attacks
Provisioning Lifecycle
Domain Six: Security Assessment and Testing
Assessment and Test Strategies
Security Control Testing
Management and Operational Controls
Test Outputs
Internal and Third Party Audits
Domain Seven: Security Operations
Investigations
Requirements for Investigation Types
Logging and Monitoring Activities
Provisioning of Resources
Foundational Security Operations Concepts
Resource Protection Techniques
Incident Management
Preventative Measures
Patch and Vulnerability Management
Change Management Processes
Recovery Strategies
Disaster Recovery Processes
Business Continuity
Physical Security
Domain Eight: Software Development Security
Software Development Lifecycle
Enforcing Security Controls
Effectiveness of Software Security
Confidentiality, Integrity and Availability
Security Governance Principles
Compliance
Legal and Regulatory Issues
Professional Ethics
Business Continuity Requirements
Personnel Security Policies
Risk Management
Threat Modelling
Information Security, Education, Training and Awareness
Domain Two: Asset Security
Classifying Information
Maintaining Ownership
Protect Privacy
Data Security Controls
Handling Requirements
Domain Three: Security Engineering
Secure Design Principles
Fundamental Concepts of Security Models
Controls and Countermeasures
Information Systems
Vulnerabilities of Security Architecture, Web-Based Systems and Mobile Systems
Apply Cryptography
Physical Security
Domain Four: Communication and Network Security
Secure Design Principles
Secure Network Components
Secure Communication Channels
Preventing and Mitigating Network Attacks
Domain Five: Identity and Access Management
Access to Assets
Identification and Authentication of People and Devices
Cloud Identity
Third-Party Identity Services
Authorization Mechanisms
Access Control Attacks
Provisioning Lifecycle
Domain Six: Security Assessment and Testing
Assessment and Test Strategies
Security Control Testing
Management and Operational Controls
Test Outputs
Internal and Third Party Audits
Domain Seven: Security Operations
Investigations
Requirements for Investigation Types
Logging and Monitoring Activities
Provisioning of Resources
Foundational Security Operations Concepts
Resource Protection Techniques
Incident Management
Preventative Measures
Patch and Vulnerability Management
Change Management Processes
Recovery Strategies
Disaster Recovery Processes
Business Continuity
Physical Security
Domain Eight: Software Development Security
Software Development Lifecycle
Enforcing Security Controls
Effectiveness of Software Security