Certified Information Systems Security Professional (CISSP)
Certified Information Systems Security Professional (CISSP) 2021
CISSP 2021: (ISC)2 & the CISSP Exam
CISSP 2021: Architecture, Design, & Solutions Vulnerabilities
CISSP 2021: Asset Classification & Lifecycle
CISSP 2021: Business Continuity Plannings
CISSP 2021: Communication & Network Security
CISSP 2021: Deploying Identity & Access Management (IAM)
CISSP 2021: Fundamental Concepts & Principles
CISSP 2021: Identity and Access Management Principles
CISSP 2021: Practical Cryptography
CISSP 2021: Risk Management
CISSP 2021: Secure Design Principles
CISSP 2021: Security Assessment & Testing
CISSP 2021: Security Governance Principles
CISSP 2021: Security Operations
CISSP 2021: Security Policy
CISSP 2021: Site & Facility Security
CISSP 2021: Software Development Lifecycles & Ecosystems
CISSP 2021: Software Development Security
TestPrep Certified Information Systems Security Professional (CISSP) 2021 Update

CISSP 2021: (ISC)2 & the CISSP Exam

Course Number:
it_spcissp_01_enus
Lesson Objectives

CISSP 2021: (ISC)2 & the CISSP Exam

  • discover the key concepts covered in this course
  • describe the (ISC)2 code of ethics and its importance to a CISSP candidate
  • outline the CISSP CAT and linear exam information
  • define the CISSP exam weights across various domains
  • summarize the key concepts covered in this course

Overview/Description
In this introductory course of this CISSP training series, you will learn about the (ISC)2 code of professional ethics and organizational code of ethics that all CISSP candidates must attest to in order to be certified. These codes transcend the certification and should permeate every aspect of the life of a security practitioner, engineer, or architect. This course will also introduce the various characteristics of the 3-hour CAT and 6-hour linear CISSP examinations, including domain weightings. After completing this course, you'll have a foundational understanding of codes of ethics and aspects of the CISSP exam.

Target

Prerequisites: none

CISSP 2021: Architecture, Design, & Solutions Vulnerabilities

Course Number:
it_spcissp_11_enus
Lesson Objectives

CISSP 2021: Architecture, Design, & Solutions Vulnerabilities

  • discover the key concepts covered in this course
  • compare security between clients-based systems and server-based systems
  • identify the distinctiveness of securing database systems, including scoping, tailoring, tokenizing, and abstraction
  • recognize the security of industrial control systems and supervisory control and data acquisition (SCADA)
  • describe the security of virtualization and cloud-based deployments, such as IaaS, PaaS, SaaS, MSSPs, and CASBs
  • outline the characteristics of securing distributed systems
  • recognize the main vulnerabilities to IoT based on the Open Web Application Security Project (OWASP)
  • compare the security distinctiveness of securing containerized applications, both server-based and serverless, and microservices
  • describe the unique aspects of securing embedded systems and SoC deployments
  • assess the security capabilities of information systems (memory protection, TPM, encryption/decryption)
  • describe security of high-performance computing (HPC) systems and edge computing systems
  • summarize the key concepts covered in this course

Overview/Description
A security professional needs to be acquainted with security architecture and engineering as they determine the design, implementation, monitoring, and securing of systems and networks of an organization. Use this course to explore the fundamentals of security architecture and engineering. Learn more about client-server, databases, and distributed systems, examine IoT, containers, serverless, and microservices, and explore embedded system security and constraints in detail. You'll also get familiar with TPM, HPC, and edge computing security. Upon completion of this course, you'll be able to assess and mitigate the vulnerabilities of modern security architectures, designs, and solutions, as well as understanding the capabilities of securing information systems. Further, you can also use this course to prepare for the CISSP exam.

Target

Prerequisites: none

CISSP 2021: Asset Classification & Lifecycle

Course Number:
it_spcissp_06_enus
Lesson Objectives

CISSP 2021: Asset Classification & Lifecycle

  • discover the key concepts covered in this course
  • compare different states of data: in use, in transit, and at rest
  • identify and classify information and assets
  • establish requirements for information and asset labeling and handling
  • provision resources by establishing ownership, implementing inventory, and asset management
  • manage roles of owner, controller, custodian, processors, and users
  • manage data collection, location, maintenance, remanence, retention, and destruction
  • ensure appropriate data retention such as end-of-life (eol) and end-of-support (eos)
  • summarize the key concepts covered in this course

Overview/Description
Before a security practitioner can even begin to implement security controls and countermeasures, they must have a good understanding of the types and valuation of organizational assets, both tangible and intangible. Data exists in various states and different locations, and it must be handled and treated according to pre-established policies. Explore methods for classifying, prioritizing, handling assets throughout the entire lifecycle to disposition using this course. Examine various aspects of the lifecycle: data and asset states and classification, information and asset handling requirements, data roles, and asset destruction and sanitation. After completing this course, you will have a knowledge of organizational assets and how to classify them. Further, you can also use this course to prepare for the CISSP exam.

Target

Prerequisites: none

CISSP 2021: Business Continuity Planning

Course Number:
it_spcissp_15_enus
Lesson Objectives

CISSP 2021: Business Continuity Planning

  • discover the key concepts covered in this course
  • develop and document a business impact analysis plan
  • describe business continuity planning and continuity of operations processes
  • define various backup storage strategies
  • outline how to implement various recovery strategies, like sites, processing, system resilience, high-availability, and fault tolerance
  • describe security concerns, such as travel, security training and awareness, emergency management, and personal duress
  • outline how to conduct different types of tests on disaster recovery plans, such as read-through, tabletop, walkthrough, simulation, parallel, and full interruption testing
  • summarize the key concepts covered in this course

Overview/Description
Business impact and continuity planning form part of the most crucial topics in security operations. They involve identifying risks, foreseeing potential threats and the impact on business operations if disasters occur, and planning accordingly to prevent and recover from these possible occurrences. Use this course to learn how to develop a business impact analysis plan. Examine what's involved in business continuity planning and continuity of operations processes. Explore various backup storage and recovery strategies. Also, learn how to conduct multiple types of tests on disaster recovery plans. Upon completion of this course, you'll be able to plan for recovery from various types of disasters and know how to document all processes before and after the fact correctly. Furthermore, you'll be a step closer to being prepared for the CISSP exam.

Target

Prerequisites: none

CISSP 2021: Communication & Network Security

Course Number:
it_spcissp_13_enus
Lesson Objectives

CISSP 2021: Communication & Network Security

  • discover the key concepts covered in this course
  • describe the deployment of secure, converged, and multilayer protocols
  • outline micro-segmentation security for SDN, VXLAN, and SD-WAN
  • compare detective and preventative measures, such as firewalls, IDS/IPS, sandboxing, honeypots, and anti-malware, among others
  • compare security mechanisms for wireless networks, such as Wi-Fi, LiFi, Zigbee, and satellite
  • describe security for 4G and 5G cellular networks
  • recognize content delivery and distribution networking (CDN)
  • explain various mechanisms for securing endpoints using Network Admission Control (NAC), EDR, and next-generation endpoint protection
  • implement secure communication channels for voice, multimedia collab, remote access, data communications, virtualized networks, and third-party connectivity
  • summarize the key concepts covered in this course

Overview/Description
Some CISSP domains have evolved further than the others over the past few years, and the communication and network security domain is a prime example. Explore cutting-edge technologies, such as converged protocols, micro-segmentation, 5G, and content distribution networks (CDN) using this course. Examine secure protocols, wireless and cellular networking, and secure communication channels. This course will also help you investigate the mechanisms involved in endpoint security. After completing this course, you'll be acquainted with the fundamentals of security concerns in network channels. You can also use this course to prepare for the CISSP exam.

Target

Prerequisites: none

CISSP 2021: Deploying Identity & Access Management (IAM)

Course Number:
it_spcissp_10_enus
Lesson Objectives

CISSP 2021: Deploying Identity & Access Management (IAM)

  • discover the key concepts covered in this course
  • describe the RADIUS and TACACS+ AAA protocol operations
  • define Security Assertion Markup Language (SAML) 2.0 and its practical implementation
  • compare OpenID Connect (OIDC) and Open Authorization (Oauth) and how they can function together and standalone in modern environments
  • describe the MIT Kerberos protocol and operation specifically in an Active Directory (AD) enterprise
  • discuss provisioning and deprovisioning entities as in on/off-boarding and transfer operations
  • examine the definition and assignment of roles and the management of people assigned to new roles
  • review user, system, and service account access in an enterprise
  • manage elevation (or escalation) of privileges of managed service accounts, use of sudo, and minimizing privilege creep
  • implement Identity Management (IdM) and Multi-Factor Authentication (MFA) processes
  • manage mechanisms like accounting, session management, registration, proofing, FIM, credential management, SSO, and JIT
  • summarize the key concepts covered in this course

Overview/Description
If implemented properly, Identity Access Management mechanisms and protocols can greatly improve an enterprise's visibility and security. This course will help you delve deeper into the practical implementation of identity and access management controls and mechanisms. Explore the implementation of authentication systems like SAML, investigate the management of the identity and access provisioning lifecycle, and discover how the identification of people, devices, and services are managed. You'll also examine authentication and authorization protocols, provisioning and deprovisioning, and accounting, registration, and proofing of identity. After finishing this course, you'll have an understanding of how to effectively use and execute identity and access mechanisms within your organization. Moreover, you can also use this course to prepare for the CISSP exam.

Target

Prerequisites: none

CISSP 2021: Fundamental Concepts & Principles

Course Number:
it_spcissp_02_enus
Lesson Objectives

CISSP 2021: Fundamental Concepts & Principles

  • discover the key concepts covered in this course
  • define confidentiality as it relates to a key goal of security
  • define integrity as it relates to a key goal of security
  • define availability as it relates to a key goal of security
  • define authenticity as it relates to a key goal of security
  • define non-repudiation as it relates to a key goal of security
  • outline the ISO OSI Reference Model and describe how it's used by security practitioners
  • outline the TCP/IP Reference Model and describe how it's leveraged by security practitioners
  • summarize the key concepts covered in this course

Overview/Description
Even with several years of practical experience in the security field, knowledge and application of specific security concepts and principles may have eluded even the seasoned security professional. Use this course to brush up on some of the vital, core security principles, such as confidentiality, integrity, and non-repudiation. Be reminded of the critical role of security design in the ISO OSI 7-layer Reference Model and the 4-layer TCP/IP Reference Model. Upon completion of this course, you'll be fully attuned to the most fundamental aspects of security. Furthermore, you can use this course to prepare for the CISSP exam.

Target

Prerequisites: none

CISSP 2021: Identity and Access Management Principles

Course Number:
it_spcissp_09_enus
Lesson Objectives

CISSP 2021: Identity and Access Management Principles

  • discover the key concepts covered in this course
  • control physical and logical access to assets, such as information, systems, applications, devices, and facilities
  • compare the shared responsibility identity models of on-premises, cloud, and hybrid
  • recognize the concepts of security models, such as Biba, Star, and Bell-LaPadula
  • identify features of the Role-based Access Control (RBAC) authorization mechanism
  • outline features of the Rule-based Access Control authorization mechanism
  • describe characteristics of the Mandatory Access Control (MAC) authorization mechanism
  • recognize features of the Discretionary Access Control (DAC) authorization mechanism
  • outline features of the Attribute-based Access Control (ABAC) authorization mechanism
  • describe features of the Risk-adaptable Access Control (RAdAC) authorization mechanism
  • summarize the key concepts covered in this course

Overview/Description
Identity and access management (IAM) is crucial for businesses in order to identify and mitigate security violations, define user identity, and manage access privileges and authorization. Gain a better understanding of critical concepts, terms, and models needed to build a strong foundation in IAM using this course. Explore different areas of physical and logical control and learn more about security models like Biba and Bell-LaPadula. You will also delve deeper into authorization mechanisms, such as MAC, RBAC, DAC, and ABAC. You will have a better understanding of authentication and authorization fundamentals after completing this course. Further, you can also use this course to prepare for the CISSP exam.

Target

Prerequisites: none

CISSP 2021: Practical Cryptography

Course Number:
it_spcissp_08_enus
Lesson Objectives

CISSP 2021: Practical Cryptography

  • discover the key concepts covered in this course
  • compare symmetric and asymmetric key cryptosystems
  • describe cryptographic hashing and message authentication codes
  • describe digital signatures and digital certificates and their common use cases
  • explore elliptic curve and quantum computing
  • outline the cryptographic life cycle, including keys and algorithm selection
  • describe modern practical key management practices
  • outline the elements of Public Key Infrastructure
  • categorize cryptographic attacks such as brute force, implementation, and side-channel
  • summarize the key concepts covered in this course

Overview/Description
Cryptology is crucial to network security as it secures data, information, and communication. Take this course to build a strong foundation in cryptography and cryptanalysis - the two aspects of cryptology. This course will help you gain a better understanding of two objectives of the security architecture and engineering domain: selecting and determining cryptographic solutions and understanding methods of cryptanalytic attacks. These will support your exploration of controls and countermeasures to be implemented going forward in the security lifecycle. You'll be able to outline practical cryptographic solutions and cryptanalysis and prepare for the CISSP exam after completing this course.

Target

Prerequisites: none

CISSP 2021: Risk Management

Course Number:
it_spcissp_07_enus
Lesson Objectives

CISSP 2021: Risk Management

  • discover the key concepts covered in this course
  • identify common threats and vulnerabilities
  • describe modern risk assessment and analysis methods
  • compare security control categories and types, such as operational, preventative, detective, and corrective
  • understand various risk frameworks
  • choose and implement controls and countermeasures
  • evaluate security and privacy controls
  • describe risk monitoring, measuring, and reporting
  • understand continuous improvement such as risk maturity modeling and capability modeling
  • describe and apply threat modeling concepts and methodologies
  • outline supply chain risk management (SCRM) concepts
  • summarize the key concepts covered in this course

Overview/Description
A security professional must be familiar with risk management concepts to be able to apply them effectively. Use this course to explore the management of risks to tangible and intangible assets. Get familiar with the details of vulnerability and risk assessment, countermeasure selection and implementation, and risk frameworks. This course will also help you examine the monitoring, measuring, and reporting of risk and delve further into threat modeling and supply chain risk management (SCRM). You'll have an understanding of risk management fundamentals and how to apply them after completing this course. Moreover, you can also use this course to prepare for the CISSP exam.

Target

Prerequisites: none

CISSP 2021: Secure Design Principles

Course Number:
it_spcissp_03_enus
Lesson Objectives

CISSP 2021: Secure Design Principles

  • discover the key concepts covered in this course
  • describe the security principle of least privilege and provide real-world examples
  • describe the security principle of defense in depth (DiD) and provide real-world examples
  • describe the security principle of separation of duties (SoD) and provide real-world examples
  • describe what it means to "keep it simple" in the context of a security principle with real-world examples
  • define the characteristics of the Zero Trust (ZT) principle and zero trust architecture (ZTA)
  • outline the design principles and use cases of secure defaults
  • recognize the characteristics of secure failure and differentiate between fail open and fail closed firewalls
  • describe the security principle of privacy by design and provide real-world examples
  • list use cases for the trust but verify security principle
  • summarize the key concepts covered in this course

Overview/Description
Security design principles are crucial while designing any security mechanism for a system. This course will help you gain a better understanding of how these principles help develop a secure system, which prevents security flaws and also blocks unwanted access to it. Get familiar with security concepts and principles such as defense in depth, least privilege, and zero trust and explore them further with the help of real-world applications and use cases. After completing this course, you'll be aware of the significance of methodologies for implementing separation of duties, secure defaults, secure failure, and privacy by design while avoiding over-complexity.

Target

Prerequisites: none

CISSP 2021: Security Assessment & Testing

Course Number:
it_spcissp_16_enus
Lesson Objectives

CISSP 2021: Security Assessment & Testing

  • discover the key concepts covered in this course
  • design and validate assessment, test, and audit strategies
  • conduct security control testing
  • gather technical and administrative security process data
  • recognize best practices for analyzing test output and generating reports
  • summarize the key concepts covered in this course

Overview/Description
For an organization to achieve continual improvement and attain a higher level of security maturity, a solid plan for security assessment and testing must be in place. Explore the fundamental aspects of security assessment and testing through this course. You will delve deeper into designing and validating assessment, test and audit strategies, and data collection. This course will also give you a deeper insight into performing security testing, analyzing the output, generating reports, and facilitating audits. After completing this course, you will possess the skills and knowledge to implement appropriate security assessment and testing measures within your organization. Further, you can also use this course to prepare for the CISSP 2021 exam.

Target

Prerequisites: none

CISSP 2021: Security Governance Principles

Course Number:
it_spcissp_04_enus
Lesson Objectives

CISSP 2021: Security Governance Principles

  • discover the key concepts covered in this course
  • describe methods for aligning security with business strategy, goals, mission, and objectives
  • define various organizational roles, responsibilities, and processes such as acquisitions and divestitures
  • describe the concepts of due care and due diligence, providing real-world examples
  • outline contractual and legal industry standards and other regulatory privacy requirements
  • define issues that pertain to cybercrime, data breaches, IP, import/export, and transborder data flow
  • list the requirements for investigation types such as administrative, criminal, civil, regulatory, and industry standards
  • summarize the key concepts covered in this course

Overview/Description
All security imitative begin at the top as an aspect of global corporate governance. The modern security architect must understand the role of security governance in the bigger picture as well as how it should align with the value proposition of the organization. This course will help you get familiar with the principles of security governance, aspects of compliance and industry standards, and the components of conducting investigations. After you are done with this course, you will be able to recognize and assess issues related to security governance, compliance, and regulations. Further, this course will help you prepare for the CISSP exam.

Target

Prerequisites: none

CISSP 2021: Security Operations

Course Number:
it_spcissp_14_enus
Lesson Objectives

CISSP 2021: Security Operations

  • discover the key concepts covered in this course
  • define core security concepts, such as need-to-know, least-privilege, job rotation, and service level agreements (SLAs)
  • outline configuration management best practices
  • outline how to conduct change management
  • describe how to implement patch management initiatives to adhere to security best practices
  • describe how to perform logging and monitoring activities to gather meaningful metrics and key risk indicators
  • recognize enterprise vulnerability assessment tools, processes, and management
  • outline the incident response processes of detection, response, mitigation, reporting, recovery, remediation, and lessons learned
  • identify how to understand and comply with investigations by collecting evidence, documenting, analysis, performing digital forensics, and gathering artifacts
  • summarize the key concepts covered in this course

Overview/Description
The security operations domain represents 13% of the CISSP exam and is one of the most important areas of practice for the security engineer and architect. Use this course to gain an in-depth theoretical comprehension of core security concepts, such as configuration, change, and patch management, logging and monitoring, vulnerability assessment and management, incident response, BCP, BIA, DRP, and forensic investigations. After completing this course, you'll be familiar with the processes, best practices, and tools to put these security concepts in place. If you're preparing for the CISSP exam, this course will help you.

Target

Prerequisites: none

CISSP 2021: Security Policy

Course Number:
it_spcissp_05_enus
Lesson Objectives

CISSP 2021: Security Policy

  • discover the key concepts covered in this course
  • develop, implement, and document various aspects of security policies as well as identify newer policies based on recent technology changes
  • compare standards, guidelines, best practices, policies, and standard operating procedures (SOP)
  • outline the best practices for candidate screening, background investigations, and hiring new employees
  • compare various employee agreements and define practices for onboarding new employees
  • describe security best practices related to transfer and termination of employees
  • analyze the challenges of working with vendors, consultants, and contractors from the perspective of security policy
  • establish and maintain a security awareness, education, and training program
  • summarize the key concepts covered in this course

Overview/Description
The written and published security policy is a critical aspect of security governance in all sizes and types of organizations. Use this course to gain a better understanding of security policy development and implementation. Delve into employment and personnel policies, third-party policies and agreements, as well as security awareness and training. Upon finishing this course, you'll have a foundational knowledge of security governance and will be able to prepare for the CISSP exam.

Target

Prerequisites: none

CISSP 2021: Site & Facility Security

Course Number:
it_spcissp_12_enus
Lesson Objectives

CISSP 2021: Site & Facility Security

  • discover the key concepts covered in this course
  • describe the defense-in-depth approach as it applies to sites and facilities
  • describe how to defend the perimeter using various physical controls
  • examine a variety of common categories of physical controls
  • implement controls to protect enterprise power systems
  • implement controls to protect the heating, ventilation, and air-conditioning (HVAC) system and other environmental controls
  • implement controls to protect distribution frames, wiring systems, and wiring closets
  • implement controls to protect server rooms and data centers
  • implement controls to protect media and evidence storage facilities
  • implement controls to safeguard restricted work areas
  • outline how to deploy fire prevention, detection, and suppression techniques
  • summarize the key concepts covered in this course

Overview/Description
In past iterations of the CISSP exam, physical security was a domain in itself. In the recent version of CISSP, this topic is found in the Security Architecture and Engineering domain. Use this course to explore security principles and for site and facility design and examine various site and facility security controls. Discover how to navigate the essentials of facility and site security, investigate common physical controls, and get familiar with the physical defense-in-depth approach. You'll also learn about the prevention, detection and, suppression of fire in greater detail. After completing this course, you'll be able to assess issues with the security design of a site or facility and implement appropriate controls to address them. Moreover, you can also use this course to prepare for the CISSP exam.

Target

Prerequisites: none

CISSP 2021: Software Development Lifecycles & Ecosystems

Course Number:
it_spcissp_17_enus
Lesson Objectives

CISSP 2021: Software Development Lifecycles & Ecosystems

  • discover the key concepts covered in this course
  • compare development methodologies, such as Waterfall, Agile, CI/CD, DevOps, and DevSecOps
  • describe operations, maintenance, and change management in maturity models like capability maturity model (CMM) and software assurance maturity model (SAMM)
  • define integrated product teams and their role in software development security
  • identify and apply security controls in programming languages, libraries, runtimes, code repositories, IDE, and toolsets
  • describe software configuration management (SCM)
  • compare application security testing methods like static application security testing (SAST) and dynamic application security testing (DAST)
  • summarize the key concepts covered in this course

Overview/Description
Security has become an integral element of the software development lifecycle (SDLC). A security professional needs to be aware of software development methodologies and ecosystems to safeguard their business against data breaches and other security threats. Use this course to learn more about different aspects of software development lifecycles, such as development methodologies, maturity models, security controls, SOAR and SCM in application security, and application security testing. Having completed this course, you'll have a foundational understanding of the different elements of SDLC. Moreover, you can also use this course to prepare for the CISSP 2021 exam.

Target

Prerequisites: none

CISSP 2021: Software Development Security

Course Number:
it_spcissp_18_enus
Lesson Objectives

CISSP 2021: Software Development Security

  • discover the key concepts covered in this course
  • assess the security impact of commercial off-the-shelf (COTS), open-source, and third-party acquired software
  • describe enterprise mobility management and control
  • identify weaknesses in source code
  • explain the securing of application programming interfaces (APIs)
  • define recommended secure coding practices and guidance for SecDevOps
  • outline and apply software-defined security
  • summarize the key concepts covered in this course

Overview/Description
Securing software development should be an area of focus for business owners and security professionals because it reduces business risk, protects the data stored in business applications, and ensures ongoing compliance with governing security laws and regulations. Use this course to gain a deeper understanding of software development security. Learn more about assessing built and acquired software security, cloud deployment types and their relationship to security, and software diversity. You'll also examine weaknesses in source code and APIs and secure coding techniques. Upon completion of this course, you'll have the skills and knowledge to implement secure practices while developing software. You'll also be a step closer in your preparation for the CISSP 2021 exam.

Target

Prerequisites: none

TestPrep Certified Information Systems Security Professional (CISSP)

Course Number:
it_spciss_01_tp_enus
Objectives:

Overview/Description
To test your knowledge on the skills and competencies being measured by the vendor certification exam. TestPrep can be taken in either Study or Certification mode. Study mode is designed to maximize learning by not only testing your knowledge of the material, but also by providing additional information on the topics presented. Certification mode is designed to test your knowledge of the material within a structured testing environment, providing valuable feedback at the end of the test.

* This TestPrep is aligned to the 2018 Certification Exam Outline.

Target Audience
Individuals seeking practice in a structured testing environment, covering the skills and competencies being measured by the vendor certification exam.

Prerequisites: none

Close Chat Live