CISSP Bootcamp Course : Domain 7 and Domain 8

Domain 7: Security Operations

• Security Operations Center (SOC): SOC is a centralized facility where cybersecurity professionals monitor and analyze an organization's security posture, detect and respond to security incidents, and manage security-related operations. The domain covers SOC structure, functions, and best practices.

• Incident Response: Incident response is the process of identifying, analyzing, and responding to security incidents to minimize their impact and prevent future incidents. The domain covers incident response planning, preparation, detection, analysis, containment, eradication, and recovery.

• Disaster Recovery Planning: Disaster recovery planning is the process of developing strategies, procedures, and policies to recover critical systems and data in the event of a disaster. The domain covers disaster recovery planning phases, strategies, testing, and implementation.

• Business Continuity Planning: Business continuity planning is the process of developing strategies, procedures, and policies to maintain essential business functions in the event of a disruption. The domain covers business continuity planning phases, strategies, testing, and implementation.

• Access Control and Management: Access control and management are the processes of granting or denying access to resources based on the principles of least privilege, need-to-know, and separation of duties. The domain covers access control models, techniques, and technologies, as well as access control policies and procedures.

• Monitoring and Analysis: Monitoring and analysis are the processes of monitoring security events and data, analyzing the data, and identifying security risks and threats. The domain covers monitoring and analysis tools and techniques, log management, and threat intelligence.

• Vulnerability Management: Vulnerability management is the process of identifying, assessing, prioritizing, and mitigating vulnerabilities in IT systems and applications. The domain covers vulnerability assessment and scanning tools, vulnerability management frameworks, and best practices.

• Security Assessment and Testing: Security assessment and testing are the processes of evaluating the security posture of an organization's IT systems, applications, and networks. The domain covers security assessment and testing techniques, tools, and methodologies.

• Physical Security: Physical security is the set of measures used to protect physical assets, such as buildings, equipment, and people. The domain covers physical security measures, access control, surveillance, and environmental controls.

Domain 8: Software Development Security

• Secure Coding Practices: Secure coding practices are the principles and techniques used to develop software that is secure, reliable, and resistant to attacks. The domain covers secure coding principles, secure coding standards, and secure coding techniques.

• Threat Modeling: Threat modeling is the process of identifying and analyzing potential threats and vulnerabilities to software systems and applications. The domain covers threat modeling methodologies, techniques, and tools.

• Software Development Life Cycle (SDLC): The SDLC is the process of developing, testing, and deploying software. The domain covers the SDLC phases, processes, and best practices, including secure coding practices and testing.

• Security Controls and Techniques for Web Applications: Web application security is the set of measures used to protect web applications from attacks. The domain covers web application security risks, security controls, and techniques.

• Mobile Application Security: Mobile application security is the set of measures used to protect mobile applications from attacks. The domain covers mobile application security risks, security controls, and techniques.

The CISSP exam is governed by the International Information Systems  Security Certification Consortium (ISC) . (ISC) is a global not-for-profit organization. It has four primary mission goals:

Maintain the Common Body of Knowledge (CBK) for the field of information systems security.

Provide certification for information systems security professionals and practitioners.

Conduct certification training and administer the certification exams.

Oversee the ongoing accreditation of qualified certification candidates through continued education.

The (ISC)2 is operated by a board of directors elected from the ranks of its certified practitioners.

Subscribe now! The CISSP exam is governed by the International Information Systems  Security Certification Consortium (ISC) . (ISC) is a global not-for-profit organization.