CISSP Essentials Security School

Each of the 10 lessons includes a 45-minute video presentation, a domain spotlight article that provides an insider's guide to each domain, and an exclusive quiz offering prep questions similar to those on the real CISSP exam.

CISSP Essentials Security School not only provides CISSP certification education with a thorough overview of the topics covered in the exam, but it also doubles as a comprehensive security resource that enables proactive information security professionals on all levels to keep their skills sharp and gain a greater understanding of how ...

BROWSE BY TAG CISSP Certification,   Information Security Careers, Training and Certifications,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT CISSP Certification Information security book excerpts and reviews Some IT security certifications are overvalued, analyst says Q2 2009 data shows IT security certification pay still climbing Why doesn't the CISSP cover information assurance and DIACAP? IT security skills and certification pay Despite recession, pay climbs for top IT security certifications Security skills pay increases despite economic downturn How do I get CPE credits? Finding a security management job after an economic downturn What is the GISP certification and how does it compare to the CISSP certification? CISSP Certification Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Certified Information Systems Security Professional  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

all the pieces in the information security puzzle fit together.

The 10 lessons in CISSP Essentials Security School are broken down into three domain groiups. The first three domains focus on securing data and reveal the essential elements to build an organizational security program, including the theories, technologies and methodologies to protect every company's primary information asset: its data.

Domains 4-6 focus on securing the infrastructure as they reveal the nuts and bolts of how to best apply security to everyday computer and business operations. Fundamental concepts explored in the sessions include how to effectively design security architectures, implement secure networks, and build security into applications and systems.

Finally domains 7-10 cover the business of security, an area that is ignored far too often in some of today's "status quo" enterprises. Security is often thought of exclusively in terms of technology, but corporate security is much more. It involves everything from governance, business management and regulatory compliance, to an understanding of physical security, disaster recovery and the law.

DOMAIN 1 - SECURITY MANAGEMENT PRACTICES  [IMAGE]
While viruses, worms and hacking grab all the news headlines, sound security management practices are the foundation of any organization's security success. CISSP Domain 1 explores:

• Security management responsibilities
  
• The core components of security management: risk management, security policies and security education.
  
• Administrative, technical and physical controls
  
• Risk management and risk analysis
  
• Data classification
  
• Security roles and personnel security issues

DOMAIN 2 - ACCESS CONTROL  [IMAGE]
A cornerstone of information security is controlling how resources are accessed so they can be protected from unauthorized modification or disclosure. The controls that enforce access control can be hardware or software tools, which are technical, physical or administrative in nature. CISSP Essentials domain 2 tackles:

• Identification methods and technologies
  
• Biometrics
  
• Authentication models and tools
  
• Access control types: discretionary, mandatory and nondiscretionary
  
• Accountability, monitoring and auditing practices
  
• Emanation security and technologies
  
• Possible threats to access control practices and technologies

Click here for more on Domain 2

DOMAIN 3 - CRYPTOGRAPHY  [IMAGE]
Cryptography is one of the essential elements in the protection of electronic data. Most e-commerce applications rely on some form of encryption to protect the confidentiality and integrity of sensitive information as it transits across the Internet. Encryption is also an essential component in protecting stored data from unauthorized access. CISSP Essentials domain 3 covers:

• Cryptographic components and their relationships
  
• Government involvement in cryptography
  
• Symmetric and asymmetric key cryptosystems
  
• PKI concepts and mechanisms
  
• Hashing algorithms
  
• Types of attacks on cryptosystems

Click here for more on Domain 3

DOMAIN 4 - SECURITY MODELS AND ARCHITECTURE  [IMAGE]
Two fundamental concepts in computer and information security are the security model, which outlines how security is to be implemented; and the architecture of a security system, which is the framework and structure of a system. CISSP Essentials domain 4 offers an in-depth review of:

• Computer architectures, from the core operating system kernel to the applications to the network
  
• Trusted computing base and security mechanisms
  
• Components within the operating system
  
• Different security models used in software development
  
• Security criterion and ratings
  
• Certification and accreditation processes

Click here for more on Domain 4

DOMAIN 5 - TELECOMMUNICATIONS AND NETWORKING  [IMAGE]
This session prepares students for the CISSP exam by focusing on the "glue" of network security: how networks work, how data is transmitted from one device to another, how protocols transmit information, and how applications understand, interpret and translate data. Topics to be featured in this session include:

• OSI model
  
• TCP/IP and protocols
  
• LAN, WAN and WAN technologies
  
• Cabling and data transmission types
  
• Network devices and services
  
• Intranets and extranets
  
• Telecommunication protocols and devices
  
• Remote access methodologies and technologies
  
• Resource availability
  
• Wireless technologies

Click here for more on Domain 5

DOMAIN 6 - APPLICATIONS AND SYSTEMS DEVELOPMENT  [IMAGE]
Applications and computer systems are usually developed for functionality first, not security. But it's always more effective to build security into every system from the outset rather than "bolt" it on afterward. The exact reasons why are revealed in this CISSP domain through topics focused on:

• Different types of software controls and implementation
  
• Database concepts and security issues
  
• Data warehousing and data mining
  
• Software life cycle development processes
  
• Change control concepts
  
• Object-oriented programming components
  
• Expert systems and artificial intelligence

Click here for more on Domain 6

Click here for more on Domain 7

DOMAIN 8 - LAWS, INVESTIGATIONS AND ETHICS  [IMAGE]
Fraud, theft and embezzlement have always been an unfortunate fact of life, but the computer age has brought on new opportunities for a different and more malicious set of thieves and miscreants. While many security professionals focus on "preventing" cyber attacks, the CISSP CBK teaches that it's equally important to understand how to investigate a computer crime and gather evidence – that's exactly what this session addresses. Additional topics highlighted are information security regulations, laws and ethics that guide the practice:

• Ethics and best practices for security professionals
  
• Computer crimes and computer law
  
• Computer crime investigation processes and evidence collection
  
• Incident-handling procedures
  
• Different types of evidence

Click here for more on Domain 8

DOMAIN 9 - PHYSICAL SECURITY  [IMAGE]
Physical security has taken on added importance in the continuing wake of September 11, 2001. While most IT professionals are focused on logical systems—computers, networks, systems, devices—a comprehensive security program must address critical physical risks, too. The convergence of physical and logical systems makes this practice even more important. CISSP Essentials domain 9 covers:

• Administrative, technical and physical controls pertaining to physical security
  
• Facility location, construction and management
  
• Physical security risks, threats and countermeasures
  
• Fire prevention, detection and suppression
  
• Authenticating individuals and intrusion detection

Click here for more on Domain 9

DOMAIN 10 - OPERATIONS SECURITY  [IMAGE]
Operations security pertains to everything needed to keep a network, computer system and environment up and running in a secure and protected manner. Since networks are "evolutionary" and always changing, it's essential that security pros understand the fundamental procedures for managing security continuity and consistency in an operational environment. CISSP Essentials domain 10 reveals essential answers centered on key operations security topics:

• Administrative and management responsibilities
  
• Product evaluation and operational assurance
  
• Change configuration management
  
• Trusted recovery states
  
• E-mail security

Click here for more on Domain 10

CISSP® is a registered certification mark of the International Information Systems Security Certification Consortium, Inc., also known as ISC(2).