CISSP Security Professional
This series helps a learner prepare to take and pass the Certified Information Systems Security Professional (CISSP) exam. This series, like the exam, covers ten domains of information system security knowledge including access control systems and methodology, network and telecommunications security, security management and practices, applications and systems development security, cryptography, security and architecture models, operations security, business continuity and disaster recovery planning, law, investigation, and ethics, as well as physical security.
This series is for anyone preparing for the CISSP exam, or for anyone who wants to learn more about information security subjects. This online course contains 8 lessons and 1 practice exams and should take approximately 24 hours to complete.
Access Control Systems and Methodology
This course covers Domain 1 of the Certified Information Systems Security Professional (CISSP) exam It explains what you need to know about the mechanisms you can use to exercise either a directing or restraining influence over the behavior, use, and content of a system and teaches you how to discuss the relationship between access control and accountability, define common access control techniques and models, detail the specifics of access control administration, explain identification and authentication techniques, discuss centralized/decentralized control, and explain intrusion detection and common methods of attack.
Telecommunications and Network Security
This course covers Domain 2 of the Certified Information Systems Security Professional (CISSP) exam It explains what you need to know about the structures, transmissions methods, transport formats, and security measures used to provide integrity, availability, authentication, and confidentiality for transmissions over private and public communications networks and media and teaches you how to explain the International Standards Organization/Open Systems Interconnection, (ISO/OSI) layers and characteristics, describe the design and function of communications and network security, describe the components, protocols and services involved in Internet/intranet/extranet design, define and describe communications security techniques to prevent, detect, and correct errors so that integrity, availability, and confidentiality of transactions over networks may be maintained, define and describe specific areas of communication and how they can be secured, and explain current forms of network attacks and their countermeasures.
Security Management and Practices
This course covers Domain 3 of the Certified Information Systems Security Professional (CISSP) exam It explains what you need to know about identifying an organization's information assets, as well as the development, documentation, and implementation of appropriate policies, standards, procedures, and guidelines It also covers how data classification, risk assessment, and risk analysis are used to identify the threats, classify assets, and to rate their vulnerabilities so that effective security controls can be implemented and teaches you how to understand the principles of security management, understand risk management and how to use risk analysis to make information security management decisions, set information security roles and responsibilities throughout your organization, understand the considerations and criteria for classifying data, determine how employment policies and practices are used to enhance information security in your organization, and use change control to maintain security.
Applications and Systems Development Security
This course covers Domain 4 of the Certified Information Systems Security Professional (CISSP) exam It explains what you need to know about the security controls that are included within systems and applications software and the steps used in their development in both distributed and centralized environments and teaches you how to demonstrate an understanding of challenges in both distributed and nondistributed environments, discuss databases and data warehousing issues, describe knowledge-based systems and examples of edge computing, discuss the types of attacks made on software vulnerabilities, describe and define malicious code, and discuss system development controls.
Cryptography, Security Architecture, and Security Models
This course covers Domains 5 and 6 of the Certified Information Systems Security Professional (CISSP) exam It explains what you need to know about the principles, means, and methods of disguising information to ensure its integrity, confidentiality, and authenticity It also covers concepts, principles, structures, and standards used to design, implement, monitor, and secure operating systems, equipment, networks, and applications and teaches you how to compare and contrast symmetric and asymmetric algorithms, describe PKI and key management, detail common methods of attacking encryption, including general and specific attacks, list common security models and their function, explain the basics of security architecture, and describe the Internet Protocol Security (IPSec) standard.
Operations Security
This course covers Domain 7 of the Certified Information Systems Security Professional (CISSP) exam It explains what you need to know about identifying the hardware and media controls, as well as the operators with access privileges to any of these resources It also covers auditing and monitoring techniques that permit the identification of security events and their sources and teaches you how to identify the key roles of operations security, define threats and countermeasures, explain how audit and monitoring can be used as operations security tools, define the role of Administrative management in operations security, and define operations security concepts and describe operations security best practices.
Business Continuity and Disaster Recovery Planning
This course covers Domain 8 of the Certified Information Systems Security Professional (CISSP) exam It explains what you need to know about preservation in the face of major disruptions to normal business operations It covers both the preparation and testing of specific actions to protect critical business processes from the effect of major system and network failures and teaches you how to document the natural and man-made events that need to be considered in making disaster recovery and business continuity plans, explain the difference between disaster recovery planning (DRP) and business continuity planning (BCP) and the importance of developing plans that include both, detail the business continuity planning process, explain the need for, and development of, a backup strategy. Include information on determining what to back up, how often to back up, as well as the proper storage facility for backups, and detail the disaster recovery planning process, including recovery plan development, implementation, maintenance, and the restoration of business functions.
Law, Investigation, Ethics, and Physical Security
This course covers Domains 9 and 10 of the Certified Information Systems Security Professional (CISSP) exam It explains what you need to know about computer crime laws and regulations, as well as the investigative measures and techniques which can be used to determine if a crime has been committed It also covers the threats, vulnerabilities, and countermeasures that can be utilized to physically protect an enterprise's resources and sensitive information and teaches you how to define what constitutes a computer crime and how such a crime is proven in court, explain the laws of evidence, discuss computer ethics, understand general principles that apply to the theft of information and assets, know the general criteria that apply to the location and construction of facilities, and describe physical intrusion detection methodologies and products.
Practice Exam
This course provides five practice exams for the Certified Information Systems Security Professional (CISSP) exam.