CISSP Certification: Domains 1, 2, 3 & 4 Video Training-2021

In this CISSP Domain 1, 2, 3, and 4 video training course, I will provide you the knowledge, experience and practical skills you need to pass the CISSP certification. In addition, you will get my years of experience (Over 18 years) as I translate CISSP training requirements into real-world examples.

Included in this course:

CISSP Domain 1 Videos

• 13 Sections - 31 Videos

• 10 CISSP practice questions

CISSP Domain 2 Videos

• 5 Sections - 9 Videos

• 10 CISSP practice questions

CISSP Domain 3 Videos

• 11 Sections - 16 Videos

• 10 CISSP practice questions

CISSP Domain 4 Videos

• 3 Sections - 7 Videos

• 10 CISSP practice questions

The curriculum in this course covers the content that will be on the most current CISSP exam (April 2021). Each objective that is required for the CISSP exam will be covered in varying degrees of complexity and competency. The next upgrade to the CISSP curriculum/exam will occur in 2023.

In Domain 1 we will cover:

• Introduction

  • Introduction

  • Purpose

  • ISC2

• Understand and apply concepts of confidentiality, integrity and availability

  • Confidentiality

  • Integrity

  • Availability

• Evaluate and apply security governance principles

  • Alignment of security function to business strategy, goals, mission, and objectives

  • Organizational processes (e.g., acquisitions, divestitures, governance committees

  • Organizational roles and responsibilities

  • Security control frameworks

  • Due care/due diligence

• Determine compliance requirements

  • Contractual, legal, industry standards, and regulatory requirements

  • Privacy requirements

• Understand legal and regulatory issues that pertain to information security in a global context

  • Cyber crimes and data breaches

  • Licensing and intellectual property requirements

  • Import/export controls

  • Trans-border data flow

  • Privacy

• Understand, adhere to, and promote professional ethics

  • (ISC)² Code of Professional Ethics

  • Organizational code of ethics

• Develop, document, and implement security policy, standards, procedures, and guidelines

• Identify, analyze, and prioritize Business Continuity (BC) requirement

  • Develop and document scope and plan

  • Business Impact Analysis (BIA)

• Contribute to and enforce personnel security policies and procedures

  • Candidate screening and hiring

  • Employment agreements and policies

  • Onboarding and termination processes

  • Vendor, consultant, and contractor agreements and controls

  • Compliance policy requirements

  • Privacy policy requirements

• Understand and apply risk management concepts

  • Identify threats and vulnerabilities

  • Risk assessment/analysis

  • Risk response

  • Countermeasure selection and implementation

  • Applicable types of controls (e.g., preventive, detective, corrective)

  • Security Control Assessment (SCA)

  • Monitoring and measurement

  • Asset valuation

  • Reporting

  • Continuous improvement

  • Risk frameworks

• Understand and apply threat modeling concepts and methodologies

  • Threat modeling methodologies

  • Threat modeling concepts

• Apply risk-based management concepts to the supply chain

  • Risks associated with hardware, software, and services

  • Third-party assessment and monitoring

  • Minimum security requirements

  • Service-level requirements

• Establish and maintain a security awareness, education, and training program

  • Methods and techniques to present awareness and training

  • Periodic content reviews

  • Program effectiveness evaluation

In Domain 2 we will cover:

• Identify and classify information and assets

  • Data Classification

  • Asset Classification

• Determine and maintain information and asset ownership

• Protect privacy

  • Data owners

  • Data processors

  • Data remanence

  • Collection limitation

• Ensure appropriate asset retention

• Determine data security controls

  • Understand data states

  • Scoping and tailoring

  • Standards selection

  • Data protection methods

• Establish information and asset handling requirements

In Domain 3 we will cover:

• Implementation and management of engineering processes using secure design principles

  • Asset Retention

  • Confinement

• Understanding of the fundamental concepts of security models

• Selection of controls based upon systems security requirements

• Security capabilities of information systems

• Assessment and mitigation of vulnerabilities within a security architecture

  • Client-based systems

  • Server-based systems

  • Database systems

  • Cryptographic systems

  • Industrial Control Systems (ICS)

  • Cloud-based systems

  • Distributed systems

  • Internet of Things (IoT)

• Assessment and mitigation in web-based systems

• Assessment and mitigation in mobile-based systems

• Assessment and mitigation in embedded devices

• Apply cryptographic methods

  • Cryptographic life-cycle

  • Cryptographic methods

  • Public Key Infrastructure

  • Key management practices

  • Digital Signatures

  • Non-repudiation

  • Integrity (e.g. Hashing)

  • Cryptographic attacks

  • Digital Rights Management (DRM)

• Application of security principles to sites and facility design

• Implementation of site and facility security controls

  • Wiring closets/intermediate distribution facilities

  • Server rooms/data centers

  • Media storage facilities

  • Evidence storage

  • Restricted and work area security

  • Utilities and Heating, Ventilation, and Air Conditioning (HVAC)

  • Environmental issues

  • Fire prevention, detection, and suppression

In Domain 4 we will cover:

• Implement secure design principles in network architectures

  • Open System Interconnection (OSI) and Transmission Control Protocol/Internet Protocol (TCP/IP) models

  • Internet Protocol (IP) networking

  • Implications of multil-ayer protocols

  • Converged protocols

  • Software-defined networks

  • Wireless networks

• Secure network components

  • Operation of hardware

  • Transmission media

  • Network Access Control (NAC) devices

  • Endpoint security

  • Content-distribution networks

• Implement secure communication channels according to design

  • Voice

  • Multimedia collaboration

  • Remote access

  • Data communications

  • Virtualized networks

Notes / Disclaimers:

• In order for you to pass the CISSP test you need to have the substantial knowledge through experience and knowledge.

• The test was originally written in English, but there are other language versions available

• Answering the questions you need to consider the "perfect world" scenario and that work around options may be technically correct, but they may not meet (ISC)2 point of view

• You need to be able to spot the keywords (DR, BCP, Policy, Standards, etc.) as well as the indicators (First, Best, Last, Least, Most)

• Understand and answer every question from the Manager, CISO, or Risk Advisers Point of View (PoV). Answering the questions from a CIO or technical perspective will place your thinking too high or down in the weeds too far.

• Understand that you are to answer the questions based on being proactive within your environment. Enable a Vulnerability Management Program before you have vulnerability issues.

• The English version of the CISSP exam, utilizes the Computerized Adaptive Testing (CAT) format and is 3 hours long with 100-150 questions

• Most people studying for CISSP certification will various media sources, test banks, and various books to enhance their test taking experience.

• Don’t rely on one source to teach you all that you need to know for the CISSP….Invest in multiple training opportunities. The future payoff is worth the time and energy.