CISSP Essentials

CISSP Essentials Security School

SearchSecurity is debuting several all-new lessons in its CISSP Essentials Security School featuring Shon Harris of Logical Security.'s CISSP Essentials Security School offers free training for CISSP® certification exam. Benefit...

from a series of 10 training lessons that explore the fundamental concepts, technologies and practices of information systems security. Each lesson corresponds to a subject domain in the exam's Common Body of Knowledge -- the essential elements each CISSP-certified practitioner must know.

Each of the 10 lessons includes an instructional presentation, a domain spotlight article that provides an insider's guide to each domain, an exclusive quiz offering prep questions similar to those on the real CISSP exam and interactive learning activities. Each of these components have been developed to provide a holistic view of each domain and to provide effective and efficient learning practices through an incremental, step-centric process.

CISSP Essentials Security School not only provides CISSP certification education with a thorough overview of the topics covered in the exam, but it also doubles as a comprehensive security resource that enables proactive information security professionals on all levels to keep their skills sharp and gain a greater understanding of how all the pieces in the information security puzzle fit together.

The 10 lessons in CISSP Essentials Security School are broken down into three domain groups. The first three domains focus on securing assets and reveal the essential elements to build an organizational enterprise security program, including the frameworks, technologies and methodologies to protect every company's primary information asset: its data.

Domains 4-6 focus on securing the infrastructure as they reveal the nuts and bolts of how to best apply security to everyday computer and business operations. Fundamental concepts explored in the sessions include how to effectively design security architectures, implement secure networks and build security into applications and systems.

Finally domains 7-10 cover the business of security, an area that is ignored far too often in some of today's "status quo" enterprises. Security is often thought of exclusively in terms of technology, but corporate security is much more. It involves everything from governance, business management and regulatory compliance, to an understanding of physical security, disaster recovery and the law.

INTRO - An introduction to the (ISC)2 CISSP security certification exam

NEW - In this all-new introduction to SearchSecurity's CISSP Essentials Security School, Shon Harris explains the basics and history of the (ISC)2 CISSP security exam, the 10 CISSP domains of the Common Body of Knowledge and the effect that the maturing of the information security industry has had on the exam. This section also explores:

  • CISSP: The "gold standard" of the information security industry
  • CISSP exam subject areas
  • Anatomy of the exam and its "interactive" evolution
  • Mapping the exam to security models
  • Why simply knowing the material isn't enough

Go to: An introduction to the CISSP security certification exam

DOMAIN 1 - Information Security Governance and Risk Management

NEW (Debuting Sept. 5, 2014) -While hacking, new malware and computer crimes grab all the news headlines, sound organizational security practices and the development of an enterprise security architecture are the foundations of any organization's security success. CISSP Domain 1 explores:

  • Security management responsibilities
  • Asset identification and classification
  • Risk management
  • Information classification
  • Personnel security
  • Security governance
  • Enterprise architectural development
  • Policies and procedures
  • Security embedded into vendor contracts
  • Security education and awareness training

Go to Domain 1: Information security governance and risk management

DOMAIN 2 - Access Control

NEW (Debuting Sept. 19, 2014) - A cornerstone of any information security program is controlling how resources are accessed by users, applications and other systems to ensure they can be properly protected from unauthorized modification or disclosure. CISSP Domain 2 tackles topics including:

  • The fundamental principles of access control
  • The concepts of "subjects" and "objects"
  • Identity management
  • The four steps of authentication
  • Two-factor authentication
  • User access vs. device access
  • Intrusion prevention and detection systems
  • Access control models
  • Authentication protocols

Go to Domain 2: Access control

DOMAIN 3 - Cryptography

NEW (Debuting Oct. 3, 2014) -Cryptography is one of the essential elements in the protection of electronic data. Cryptography is built into almost every network protocol, software application, operating system, embedded systems and integrated more and more at the chip and silicon level. Cryptography provides confidentiality, integrity and authenticity services. CISSP Essentials domain 3 covers:

  • Cryptographic components and their relationships
  • Symmetric, asymmetric and hashing algorithm types
  • Public key infrastructure (PKI) mechanisms
  • Cryptosystems implementation
  • Cryptanalysis and attack types

Get more information on Domain 3: Cryptography

DOMAIN 4 - Security Architecture and Design 

NEW (Debuting Oct. 17, 2014) -Architecting and implementing security into the design of various types of software, devices and enterprising is complex – but critical. Security must be designed, implemented, monitored and improved throughout each entity's lifecycle. CISSP Essentials domain 4 offers an in-depth review of:

  • Formal system architecture development
  • Kernel and trusted computing base security
  • Hardware and operating system architectures
  • Memory management and protection
  • Security within virtualization and cloud computing
  • Formal security control models
  • Security criterion and ratings
  • Certification and accreditation processes

Get more information on Domain 4: Security architecture and design

DOMAIN 5 - Telecommunications and Network Security

This session prepares students for the CISSP exam by focusing on the "glue" of network security: how networks work, how data is transmitted from one device to another, how protocols work, transmission methods and transport formats. Topics to be featured in this session include:

  • OSI model and protocol structure
  • Security protocols
  • LAN, MAN and WAN technologies
  • Cabling and data transmission types
  • Network devices and security services
  • Network architecture and design
  • Telecommunication protocols and devices
  • Remote access methodologies and technologies
  • Wireless, mobile, and cloud technologies
  • Network attack types

Get more information on Domain 5: Telecommunications and networking security

DOMAIN 6 - Software Development Security

Applications and computer systems are usually developed for functionality first, not security. But it's always more effective to build security into every system from the outset rather than "bolt" it on afterward. The exact reasons why are revealed in this CISSP domain through topics focused on:

  • Systems development life cycle (SDLC)
  • Secure coding and testing
  • Programming languages and security issues
  • Database types and protection components
  • Data warehousing and data mining
  • Software life cycle development processes
  • Web-based security
  • Expert systems and artificial intelligence
  • Software oriented threats and attacks

Get more information on Domain 6: Software development security

DOMAIN 7 - Business Continuity and Disaster Recovery Planning

One of the fundamental objectives of security is "availability" -- the ability to access data and computing environments whenever necessary. This session focuses on one of the often overlooked but critical aspects of availability: business continuity planning and disaster recovery. Topics in this CISSP certification prep section focus on:

  • Business impact analysis
  • Disruption types and associated threats
  • Operational and financial ramifications
  • Contingency and redundancy technologies
  • Selecting, developing and implementing disaster and contingency plans
  • Backup and offsite facilities

Get more information on Domain 7: Business continuity and disaster recovery planning 

DOMAIN 8 - Legal, Regulations, Investigations and Compliance

Fraud, theft and embezzlement have always been an unfortunate fact of life, but the digital age has brought on new opportunities for a different and more malicious set of thieves and criminals. While many security professionals focus on "preventing" cyber attacks, the CISSP CBK teaches that it's equally important to understand how to investigate a computer crime and gather evidence -- that's exactly what this session addresses. Additional topics highlighted are information security regulations, laws and ethics that guide the practice:

  • Computer crimes and computer law
  • International legal system types
  • Forensics, investigation processes and evidence collection
  • Incident-handling program development
  • Prosecution process and associated threats
  • Industry regulations and compliance requirements
  • Ethics and best practices for security professionals

Get more information on Domain 8: Legal, regulations, investigations and compliance

DOMAIN 9 - Physical (Environmental) Security

Physical security has taken on added importance in the continuing wake of September 11, 2001. While most IT professionals are focused on digital systems—computers, networks, systems, devices—a comprehensive security program must address critical physical risks, too. The convergence of physical and digital systems makes this practice even more important. CISSP Essentials domain 9 covers:

  • Administrative, technical and physical controls pertaining to physical security
  • Facility location, construction and management
  • Physical security risks, threats and countermeasures
  • Fire prevention, detection and suppression
  • Intrusion detection, CCTV, monitoring and lighting technologies
  • Threat types and associated risks

Get more information on Domain 9: Physical (environmental) security 

DOMAIN 10 - Operations Security

Operations security pertains to everything needed to keep a network, computer system and environment up and running in a secure and protected manner. Since networks are "evolutionary" and always changing, it's essential that security pros understand the fundamental procedures for managing security continuity and consistency in an operational environment. CISSP Essentials domain 10 reveals essential answers centered on key operations security topics:

  • Resource, media and data protection technologies
  • Incident response and situational awareness
  • Patch, configuration and vulnerability management
  • Operational assurance methods and measurements
  • Trusted recovery technologies
  • Attack prevention and response approaches

Get more information on Domain 10: Operations security

About Shon Harris

Shon Harris

Shon Harris is the founder and CEO of Logical Security LLC, an information security consultant, a former engineer in the Air Force’s Information Warfare unit, an instructor and an author.  She has authored several international best-selling books on information security published by McGraw-Hill and Pearson which have sold over a million copies and have been translated into six languages. Ms. Harris authors academic textbooks for various publishers and articles for trade magazines.

Ms. Harris has consulted for a large number of organizations in every business sector (financial, medical, retail, entertainment, utility) and several U.S. government agencies over the last 18 years. Ms. Harris provides high-end, advanced and specialized consulting for organizations globally. She also works directly with law firms as a technical and expert witness on cases that range from patent infringement, criminal investigations, civil lawsuits and she specializes in cryptographic technologies. Ms. Harris was recognized as one of the top 25 women in the information security field by Information Security magazine. 

CISSP® is a registered certification mark of the International Information Systems Security Certification Consortium, Inc., also known as (ISC)2

This was first published in October 2014

Dig Deeper on CISSP Certification



Find more PRO+ content and other member only offers, here.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: