Please enable JavaScript.
Coggle requires JavaScript to display documents.
CISSP - Coggle Diagram
CISSP
Book
- (ISC). Official Study Guide
- (ISC). Official Practice Tests
=> 4 hours to take exams
=> 125-175 questions
=> Pass: 700-1000 points
=> Earn: ~$92k/year
CISSP Domain: 8
- Security and Risk Management - 15% question
- Asset Security - 10% question
- Security Architecture and Engineering - 13% question
- Communication and Network Security - 13% question
- Identity and Access Management - 13% question
- Security Assessment and Testing - 12 questions
- Security Operations - 13% questions
- Software Development Security - 11% questions
- Security and Risk Management - 13 objectives
- Covers professional ethics
- Concept of confidentiality, integrity and availability
- Apply security governance principles
- Compliance issues associated with cybersecurity
- Legal and regulatory that pertain to information security
- Different types of investigations
- Develop and implement document security policy
- Business continuity planning
- Personnel security policies
-
- Determine potential attacks and remediate
- Apply risk-based management
- Establish and maintain an information security, education, training
- Asset Security - 6 objectives
- Concepts of information and asset ownership
-
- Maintain information and asset handling requirement
- Limiting the collection of information to reduce risk
- Classify information and supporting asset
- Determine appropriate data security controls
- Security Architecture and Engineering - 9 objectives
- Security capabilities of information systems
- Access and mitigate the vulnerabilities of security architectures, designs and solution elements
- Security controls and countermeasures
- Dives deeply into applications of cryptography
- Apply security principles in the physical world of site and facility design
- Fundamental concept of security models
- Apply physical security controls to wiring closets, server rooms, media storage facilities
- Implement and manage engineering processes using secure design principles
- different types of crytography attacks
- Communication and Network Security - 3 objectives
- Apply secure design principles to network architectures
Both internet protocol an non IP protocol
OSI Model - TCP Model
- Secure network components
- Establish secure communication channels
Voice, Data communication, VPN
- Identity and Access Management - 6 objectives
- implement identity management system
- implement and manage authorization mechanisms including role-base access control methods
- Manage the identification and authentication of people and devices
- identity and access management domain and access provisioning lifecycle including account provisioning and reviews
- implement authentication systems
- control physical and logic access to assets including information, systems, devices and facilities
- Security Assessment and Testing
-
- Software Development Security - 5 objectives
- Integrate security in the software development life sycle
- identify and apply security controls in development environments
- Assess the effectiveness of software security
- Assess the security impact of software
- Define and apply security coding guidelines and standards
Security Level
- Comp TIA Security+ -> New to the field
- CompTIA CySA+ -> Three or four years of experience
- CISSP -> Five year of experience
After first attempt: 30 days
After second attempt: 60 days
After third attempt: 90 days
Limit of four attempts per calendar year
- Security and Risk Management
- Identity and Access Management
- Security Assessment and Testing
- Software Development Security
- Communication and Network Security
-
-
- Security Architecture and Engineering