PacktLib: CISSP in 21 Days

CISSP in 21 Days

Credits

About the Author

About the Reviewer

Preface

Introduction to CISSP

Eligibility requirements for the CISSP exam and certification

The (ISC)² CBK security domains

Approach

Summary

Day1: Information Security and Risk Management

Knowledge requirements

The approach

Security management practices

Control environment

Standards and guidelines

Security posture

Asset classification and control

Summary

Practice questions

Day 2: Information Security and Risk Management

Security awareness and training

Risk assessment and management

Summary

Practice questions

Day 3: Physical (Environmental) Security

Knowledge requirements

The approach

Threats, vulnerabilities, and countermeasures for physical security

Physical security design

Perimeter security

Interior security

Summary

Practice questions

Day 4: Physical (Environmental) Security

Operations/Facility security

Protecting and securing equipments

Summary

Practice questions

Day 5: Access Control

Knowledge requirements

The approach

Access control concepts, methodologies, and techniques

Access control and authentication

Access control attacks and countermeasures

Summary

Practice questions

Day 6: Access Control

Vulnerability assessment

Penetration testing

Common myths about vulnerability assessment and penetration testing

CVE and CVSS

Summary

Practice questions

Day 7: Cryptography

Key areas of knowledge

The approach

Methods of encryption

Types of encryption

Key length and security

Summary of encryption types

Application and use of cryptography

Summary

Practice questions

Day 8: Cryptography

Public key infrastructure

Methods of cryptanalytic attacks

Cryptographic standards

Summary

Practice questions

Day 9: Operations Security

Knowledge requirements

The approach

Operations procedure and responsibilities

Incident management and reporting

Summary

Practice questions

Day 10: Operations Security

Administrative management and control

Other controls

System evaluation standards

Summary

Practice questions

Day 11: Application Security

Knowledge requirements

The approach

Systems engineering

Software Development Life Cycle

Summary

Practice questions

Day 12: Application Security

Introduction to Information Technology systems

Threats and vulnerabilities to application systems

Web application security

Application controls

Summary

Practice questions

Day 13: Telecommunications and Network Security

Knowledge requirements

The approach

Network architecture, protocols, and technologies

Summary

Practice questions

Day 14: Telecommunications and Network Security

Transport layer

Network or Internet layer

Link layer

Summary

Practice questions

Day 15: Security Architecture and Design

Knowledge requirements

The approach

Computer architecture

Summary

Practice questions

Day 16: Security Architecture and Design

Assurance

Certification and accreditation

Information security models

Summary

Practice questions

Day 17: Business Continuity and Disaster Recovery Planning

Knowledge requirements

The approach

Business Continuity Planning (BCP)

Summary

Practice questions

Day 18: Business Continuity and Disaster Recovery Planning

Disaster Recovery Planning (DRP)

Summary

Practice questions

Day 19: Legal, Regulations, Compliance, and Investigations

Knowledge requirements

The approach

Computer crimes

Cyber crime

Computer crime related incidents

Summary

Practice questions

Day 20: Legal, Regulations, Compliance, and Investigations

Legal and regulatory frameworks

Computer investigations

Ethical usage of information systems

Summary

Practice questions

Day 21: Mock Test Paper

Questions

Answers

References