Certified Information Systems Security Professional - CISSP

via Codecademy Path

Go to class Write review

Achieve CISSP certification by mastering security governance, risk management, and ethical practices in information systems design, implementation, and compliance

Syllabus

Security and Risk Management

In this track, the focus will be on understanding, adhering to, and promoting professional ethics; understanding and applying security concepts; evaluating and applying security governance principles; understand legal, regulatory, and compliance issues that pertain to information security in a holistic context; understanding requirements for investigation types (i.e., administrative, criminal, civil, regulatory, industry standards); This track will also cover developing, documenting, and implementing security policy, standards, procedures, and guidelines; identifying, analyzing, assessing, prioritizing, and implementing Business Continuity (BC) requirements; contributing to and enforcing personnel security policies and procedures; understanding and applying risk management concepts; understanding and applying threat modeling concepts and methodologies; applying Supply Chain Risk Management (SCRM) concepts; and establishing and maintaining a security awareness, education, and training program.

Asset Security

In this track, the focus will be on the following: identify and classify information and assets, establish information and asset handling requirements, provision information and assets securely, manage data lifecycle, ensure appropriate asset retention (e.g., End of Life (EOL), End of Support), and determine data security controls and compliance requirements.

Security Architecture and Engineering

In this track, we will focus on several critical aspects of secure engineering processes. Participants will research, implement, and manage engineering practices grounded in secure design principles, while also gaining an understanding of fundamental security models, such as Biba, the Star Model, and Bell-LaPadula. We will discuss how to select appropriate controls based on system security requirements and explore the security capabilities of Information Systems, including memory protection, Trusted Platform Module (TPM), and encryption/decryption techniques. Additionally, we will assess and mitigate vulnerabilities within security architectures, designs, and solution elements, as well as determine suitable cryptographic solutions. Participants will learn about methods of cryptanalytic attacks, apply security principles to site and facility design, and design effective security controls for these environments. Finally, we will cover the management of the information system lifecycle, ensuring a comprehensive understanding of security in engineering processes.

Communication and Network Security

In this track, the focus will be on the applying secure design principles in network architectures, securing network components, and implementing secure communication channels according to design.

Identity and Access Management (IAM)

In this track, the focus will be on the following: control physical and logical access to assets, design identification and authentication strategy (e.g., people, devices, and services), federated identity with a third-party service, implement and manage authorization mechanisms, manage the identity and access provisioning lifecycle, and implement authentication systems.

Security Assessment and Testing

In this track, you will delve into designing and validating assessment, test, and audit strategies; conducting security control testing; collecting both technical and administrative security process data; analyzing test outputs to generate reports; and conducting or facilitating security audits.

Security Operations

In this track, the focus will be on a range of essential topics. Participants will learn to understand and comply with investigation protocols while conducting effective logging and monitoring activities. Participants will explore Configuration Management (CM) tasks, including provisioning, baselining, and automation, alongside foundational concepts of security operations. Emphasis will be placed on resource protection, incident management, and the operation and maintenance of detection and preventive measures. Additionally, we will cover the implementation and support of patch and vulnerability management, as well as the understanding and participation in change management processes. Recovery strategies and Disaster Recovery (DR) processes will be implemented, including testing of Disaster Recovery Plans (DRPs). Participants will also engage in Business Continuity (BC) planning and exercises, manage physical security measures, and address personnel safety and security concerns. This comprehensive approach aims to enhance your skills and preparedness in the field of cybersecurity.

Software Development Security

In this track, we will concentrate on several key areas essential for integrating security into software development. Participants will learn to understand and incorporate security throughout the Software Development Life Cycle (SDLC), identifying and applying relevant security controls within software development ecosystems. We will also assess the effectiveness of software security measures and evaluate the security implications of acquired software. Additionally, the track will cover the definition and application of secure coding guidelines and standards to ensure robust security practices are followed. This comprehensive approach aims to enhance your ability to develop secure software effectively.

Take the Practice Exam

Practice exams are designed to help you prepare for the exam and perform on exam day. Study at your own pace, whenever you want, and wherever you are most comfortable. Practice with exam-like questions.