This presentation on CISSP speaks about why CISSP, what is CISSP, CISSP exam, its's requirements, and the various CISSP domains. Watching this video will help you understand the importance of the CISSP certification and what exactly CISSP is. Certified Information Systems Security Professional (CISSP) certification is an advanced level cyber security certification; it trains a candidate to become an information assurance professional. This is one of the toughest cyber security certifications. CISSP has eight domains; they are Security and Risk Management, Asset Security, Security Engineering, Communications, and Network Security, Identity and Access Management, Security Assessment and Testing, Security Operations, and Software Development Security. You will be able to understand each of these domains as each of these are explained individually in this presentation.
Below topics are explained in this CISSP Presentation:
1. Why CISSP?
2. What is CISSP?
3. CISSP exam
4. CISSP exam requirements
5. CISSP domains
CISSP Certification Course Overview:
The CISSP certification training develops your expertise in defining the IT architecture and in designing, building, and maintaining a secure business environment using globally approved information security standards. The course covers industry best practices and prepares you for the CISSP certification exam held by (ISC)².
CISSP Training Key Features:
- 67 hours of in-depth learning
- 5 simulation test papers to prepare you for CISSP certification
- Offers the requisite 30 CPEs for taking the CISSP examination
Eligibility:
The CISSP certification is the most globally recognized professional requirement in the IT Security domain. This CISSP training is best suited for those at the intermediate level of their career including; security consultants/managers, IT directors/managers, security auditors/architects, security system engineers, CIOs, and network architects.
Pre-requisites:
To obtain your CISSP certification, you must have a minimum of five years of full-time professional work experience in two or more of the 8 domains of the CISSP – (ISC)² CBK 2018. A qualified individual with less than five years of experience will receive the (ISC)² associate title.
Learn more at https://www.simplilearn.com/cyber-security/cissp-certification-training
5. Why CISSP?
Cyber Security has various certifications like CCNA, CompTIA, CISM, CISA, CEH.
In addition to these, the most in-demand certification is the CISSP (Certified
Information System Security Professional)
6. Why CISSP?
The demand for CISSP certified professionals has grown rapidly, when compared to the
other cyber security professionals. There are nearly 50,000 job postings for the same
Source: INFOSEC
8. What is CISSP?
Certified Information Systems Security Professional (CISSP) certification is an
advanced level cyber security certification; it trains a candidate to become an
information assurance professional. This is one of the toughest cyber security
certifications.
9. What is CISSP?
A candidate with a CISSP certification will be able to define the design, architecture,
controls, and management of highly secure business environments
11. Exam Requirements
To be eligible for the CISSP certification, a candidate must have at least 5 years of work
experience in the field of the information security domain. Before taking up this
certification, it is suggested that the candidate clears other certifications like CCNA,
CompTIA Security+, CEH, CISM, CISA, and so on.
12. The CISSP Certification is suitable for professionals working in the following fields:
• Security Consultants and Managers
• Network and Security Architects
• IT Directors
• Security Auditors
• Chief Information Security officers
Exam Requirements
14. CISSP Exam
The CISSP Certification is developed by the International Information Systems Security
Certification Consortium (ISC)2.
15. CISSP Exam
The CISSP Certification is developed by the International Information Systems Security
Certification Consortium (ISC)2.
Certificate Provider
16. CISSP Exam
The CISSP Certification is developed by the International Information Systems Security
Certification Consortium (ISC)2.
Certificate Provider
Exam Fees
$699
17. CISSP Exam
The CISSP Certification is developed by the International Information Systems Security
Certification Consortium (ISC)2.
No. of questions in the
exam and duration
• 250 Questions in 6 Hours
• Type of questions:
Multiple choice
18. CISSP Exam
The CISSP Certification is developed by the International Information Systems Security
Certification Consortium (ISC)2.
Pass Mark
No. of questions in the
exam and duration
• 250 Questions in 6 Hours
• Type of questions:
Multiple choice
700 out of 1000
20. CISSP Domains
The CISSP Certification has a total of 8 domains:
Security and Risk
Management Asset Security
Security Engineering
Communications and
Network Security
Identity and Access
Management
Security Assessment and
Testing
Security Operations
Software
Development Security
22. CISSP Exam
This domain mainly consists of the fundamentals of security policies, compliance law
and regulations, professional ethics, risk management, and threat modeling
1. Security and Risk Management
23. CISSP Exam
Under security policies, Information Security and Cyber Security play a vital role
Information Security
Processes and tools deployed to
protect sensitive information
Cyber Security
Set of techniques used to protect the
integrity of networks
1. Security and Risk Management
24. CISSP Exam
The following approaches are adopted to implement cyber security
Security measures are
decided based on
regulations
Here, security measures
are based on no specific
criteria
Security measures are
based on unique risks in
an organization
Compliance - based Ad - hoc Risk - based
1. Security and Risk Management
25. CISSP Exam
To protect the information within a company Confidentiality, Integrity, and Availability (CIA)
security model is designed
CIA triad
Confidentiality
Integrity
Availability
1. Security and Risk Management
26. CISSP Exam1. Security and Risk Management
The GRC trilogy is a structured approach adopted by organizations to align IT objectives
with business objectives
Risk Management ComplianceGovernance
27. CISSP Exam1. Security and Risk Management
The GRC trilogy is a structured approach adopted by organizations to align IT objectives
with business objectives
Governance is taken care of by the senior professionals of an
organization. Such a program has goals like ensuring goals are
achieved, providing strategic plans, and so on
Governance Risk Management Compliance
28. CISSP Exam
The GRC trilogy is a structured approach adopted by organizations to align IT objectives
with business objectives
In risk management, the organizations look into mitigating all types of
risks such as investment, physical, and cyber risks
1. Security and Risk Management
Governance Risk Management Compliance
29. CISSP Exam
The GRC trilogy is a structured approach adopted by organizations to align IT objectives
with business objectives
Risk Management Compliance
Compliance refers to abiding by the defined laws and regulations
1. Security and Risk Management
Governance
30. CISSP Exam
The GRC trilogy is a structured approach adopted by organizations to align IT objectives
with business objectives
Risk Management Compliance
Compliance refers to abiding by the defined laws and regulations
1. Security and Risk Management
Governance
Did you know that the senior management of an organization
develops a security policy that is implemented to achieve the
organization’s goals?
31. CISSP Exam
The GRC trilogy is a structured approach adopted by organizations to align IT objectives
with business objectives
Risk Management Compliance
Compliance refers to abiding by the defined laws and regulations
1. Security and Risk Management
Governance
Let’s have a look at the characteristics of these security
policies
32. CISSP Exam1. Security and Risk Management
They should support the vision
and mission
33. CISSP Exam1. Security and Risk Management
They should support the vision
and mission
All the business units should be
integrated
34. CISSP Exam1. Security and Risk Management
They should be updated
regularly
They should support the vision
and mission
All the business units should be
integrated
35. CISSP Exam1. Security and Risk Management
Security policies should be
easy to understand
They should be updated
regularly
They should support the vision
and mission
All the business units should be
integrated
36. 1. Security and Risk Management
A risk analysis team is formed in an organization to perform the analysis of each known
risk. The steps to perform risk analysis is as shown below:
37. 1. Security and Risk Management
A risk analysis team is formed in an organization to perform the analysis of each known
risk. The steps to perform risk analysis is as shown below:
Assessment of the value
of the company’s assets
Analyzing risks to
assets
Identify
countermeasures to
mitigate the risks
2 31
38. 1. Security and Risk Management
A risk analysis team is formed in an organization to perform the analysis of each known
risk. The steps to perform risk analysis is as shown below:
1 2 3
Assessment of the value
of the company’s assets
Analyzing risks to
assets
Identify
countermeasures to
mitigate the risks
39. 1. Security and Risk Management
A risk analysis team is formed in an organization to perform the analysis of each known
risk. The steps to perform risk analysis is as shown below:
1 2 3
Assessment of the value
of the company’s assets
Analyzing risks to
assets
Identify
countermeasures to
mitigate the risks
40. 1. Security and Risk Management
A risk analysis team is formed in an organization to perform the analysis of each known
risk. The steps to perform risk analysis is as shown below:
1 2 3
Assessment of the value
of the company’s assets
Analyzing risks to
assets
Identify
countermeasures to
mitigate the risks
42. CISSP Exam2. Asset Security
1. Data Classification
2. Data Management
3. Data Remanence
4. Data Loss Prevention
Asset Security is the second domain of the CISSP. It deals with the collection and protection
of information. These are the steps we will be looking into
43. CISSP Exam2. Asset Security
Data is classified by the data owner
1. Data Classification
44. CISSP Exam2. Asset Security
The classification of data is done based on certain set criteria’s
1. Data Classification
45. CISSP Exam2. Asset Security
Data classification is annually reviewed
1. Data Classification
46. CISSP Exam2. Asset Security
2. Data Management
In data management the information lifecycle is managed
47. CISSP Exam2. Asset Security
2. Data Management
Data management ensures that the data complies to the standards
48. CISSP Exam2. Asset Security
2. Data Management
Data management also ensures data validity and integrity
49. CISSP Exam2. Asset Security
3. Data Remanence
Data Remanence is defined as the remains of the digital data that is
present even after erasing the data
50. CISSP Exam2. Asset Security
3. Data Remanence
Security professionals should be well versed with techniques to avoid
Data Remanence
51. CISSP Exam2. Asset Security
To prevent data loss, a set of measures is adopted to ensure that
information is only available to authorized users
4. Data Loss Prevention
53. CISSP Exam3. Security Engineering
This domain talks about security architecture, security models, cryptography, and physical
security
Security Architecture Cryptography
54. CISSP Exam3. Security Engineering
This domain talks about security architecture, security models, cryptography, and physical
security
Security Architecture Cryptography
Takes the help of TCB (Trusted computing base), Security Perimeter, and
Reference models to implement security
55. CISSP Exam3. Security Engineering
Security Architecture Cryptography
Information is secured by converting data from a readable format to a
non-readable format and vice versa
This domain talks about security architecture, security models, cryptography, and physical
security
57. CISSP Exam4. Communications and Network Security
This domain consists of network structures, countermeasures, transmission methods, and
security measures used to achieve CIA
58. CISSP Exam4. Communications and Network Security
This domain consists of network structures, countermeasures, transmission methods, and
security measures used to achieve CIA
OSI Model
Open Systems Interconnection model describes how data is
transferred from one computer to another
59. CISSP Exam4. Communications and Network Security
This domain consists of network structures, countermeasures, transmission methods, and
security measures used to achieve CIA
Firewall is a hardware or software which blocks the incoming or
outgoing traffic from the internet to your computer
FirewallOSI Model
60. CISSP Exam4. Communications and Network Security
This domain consists of network structures, countermeasures, transmission methods, and
security measures used to achieve CIA
IDS is designed to detect unauthorized access to a system. It is used
together with a firewall and a router
Firewall Intrusion Detection SystemOSI Model
62. CISSP Exam5. Identity and Access Management
Identity and Access Management talks about the access control, identification,
authorization, and attacks on access control and its countermeasures.
63. CISSP Exam5. Identity and Access Management
Identity and Access Management talks about the access control, identification,
authorization, and attacks on access control and its countermeasures.
Let’s have a look at the following topics:
1. Identity Management
2. Kerberos
3. Access Criteria
64. CISSP Exam5. Identity and Access Management
Identity and Access Management talks about the access control, identification,
authorization, and attacks on access control and its countermeasures.
Identity Management is used to establish
identities to identify and authenticate users
through automated means
1
65. CISSP Exam5. Identity and Access Management
Identity and Access Management talks about the access control, identification,
authorization, and attacks on access control and its countermeasures.
Kerberos, an authentication protocol that is
based on symmetric-key cryptography,
provides end to end security
2
66. CISSP Exam5. Identity and Access Management
Identity and Access Management talks about the access control, identification,
authorization, and attacks on access control and its countermeasures.
Access privileges should be granted based
on the level of trust and the job role in the
organization. For safety reasons, it should
also be provided based on the location and
the time
3
68. CISSP Exam6. Security Assessment and Testing
This domain looks into audits, security control assessment, and testing reports
69. CISSP Exam6. Security Assessment and Testing
An audit is a repeated process wherein an independent professional
evaluates and analyzes evidence
This domain looks into audits, security control assessment, and testing reports
70. CISSP Exam6. Security Assessment and Testing
Vulnerability assessment is the process by which IT risks are identified
and evaluated
This domain looks into audits, security control assessment, and testing reports
71. CISSP Exam6. Security Assessment and Testing
Testing is performed to check the data flow between the application
and the system
This domain looks into audits, security control assessment, and testing reports
73. CISSP Exam7. Security Operations
This domain includes investigations, monitoring and logging, disaster recovery, and change
management
74. CISSP Exam7. Security Operations
This domain includes investigations, monitoring and logging, disaster recovery, and change
management
The topics in this domain are:
1. Digital Forensics
2. Incident Management
3. Perimeter Security
75. CISSP Exam7. Security Operations
This domain includes investigations, monitoring and logging, disaster recovery, and change
management
Here, digital data is examined to identify,
recover, and analyze opinions about digital
information
1
Digital Forensics
76. CISSP Exam7. Security Operations
This domain includes investigations, monitoring and logging, disaster recovery, and change
management
Incident Management works to restore the
services to normal as soon as possible. A
team called the incident response team is
deployed to handle such emergencies
2
Incident Management
77. CISSP Exam7. Security Operations
This domain includes investigations, monitoring and logging, disaster recovery, and change
management
3
Perimeter Security
Perimeter defense allows us to detect and
keep a check on unauthorized physical
access. Access to the facility is controlled
79. CISSP Exam8. Software Development Security
This domain talks about security in a software development lifecycle.
80. CISSP Exam
Application Program Interface
• It is a collection of protocols and
functions used to create applications.
• API supports formats such as
Representational State Transfer (REST)
and Simple Object Access Protocol
(SOAP)
8. Software Development Security
81. CISSP Exam
Security Threats and Attacks - Malware
• Malware refers to malicious software,
viruses, ransomware, and worms.
• Trojan virus is also a form of malware
that disguises itself as a legitimate
software
8. Software Development Security
82. CISSP Exam
Security Threats and Attacks - Spyware
It is a type of malware which is used to
secretly gather information of the victim to
give it to a third party
8. Software Development Security
83. CISSP Exam
Security Threats and Attacks - Adware
As the name suggests, this is a type of
malware that constantly displays ads and
pop-ups. Some of such ads can also gather
your information
8. Software Development Security
84. CISSP Exam
Security Threats and Attacks - Social Engineering Attacks
It is the art of manipulating people so that
they end up giving their confidential
information. It is broken down into Phishing,
Spear Phishing, and Whaling Phishing
Attack.
8. Software Development Security
85. CISSP Exam
Security Threats and Attacks - SQL Injection Attack
In a database driven website, the hacker
manipulates a standard SQL query.
Malicious code is inserted into a SQL server
to obtain information
8. Software Development Security