Title: Preparation for CISSP
1Preparation for CISSP
www.infosectrain.com sales_at_infosectrain.com
2- CISSP is known as a Certified Information System
Security Professional. Now it is one of the most
globally recognized certifications in information
security. So, the certificate is taken by people
who are responsible for maintaining the security
posture for an enterprise-level. - It is not at all entry-level certification that
requires a minimum of 5 years of experience in
information security and two or more eight
domains of CISSP. - You will understand how important this
certification is because it has been more than 26
years since CISSP launched in 1994, and since
then, there are only 140 thousand people
certified across the globe.
www.infosectrain.com sales_at_infosectrain.com
3Part of CISSP certification There are eight
domains of CISSP Certification Domain 1
Security and risk management (15) It is all
about security risk and control. It will give you
a complete perspective of security risk,
governance risk management, and it also talks
about at an enterprise-level, how you can take
care of business continuity planning. It also
gives you a flavor of understanding the loss
thats is following across the globe. This
particular domain has the highest percentage in
the examination. Domain 2 Asset Security (10)
The next part is assets security, a relatively
short domain but indeed a significant one. We
will talk about various things that we deal with
to protect assets (it is about the information
assets that are the data). Domain 3 Security
Architecture and engineering (13) It is one of
the humongous domains in CISSP it includes five
different modules and three other parts. It talks
about cryptography, security architecture, and
engineering, system architecture, and it also
talks about physical security. So it is essential
for the examination perspective. Domain 4
Communication and network security (14) It is
one of the most extensive fields in CISSP from a
content perspective and indeed important once.
Many people do not have a networking background
they have difficulty understanding many of the
concepts from this domain.
www.infosectrain.com sales_at_infosectrain.com
4Domain 5 Identity and access management (ISM)
(13) Indeed, it is one of the binding domain
essentials, but there are few concepts in
specific parts that are testable from an
examination perspective. Domain 6 Security
assessment and testing (12) In this domain, we
look at various aspects that we need to know from
an application security perspective the
different things we need to understand while we
asset or test an application from a security
perspective. Domain 7 Security operations
(13) Many people have first-hand experience in
this domain because it talks about the concepts
that everybody follows or sees at their day to
day level. So it is going to change management,
patch management, or vulnerability management.
Many people who have worked in information
security have done at least one thing in the
security operations section. Domain 8 Software
development security (10) In this, we will see
various ways of developing software (like
software development life cycle, life cycle
model, and activity of malicious code and their
impact on applications, including your software
applications).
www.infosectrain.com sales_at_infosectrain.com
5- Exam Specifics
- CISSP is a CAT (Computer Adaptive Test)
- How exactly CAT format works When you start the
examination, you will give the first question
the question would have four responses choose
one of the right answers. Now the movement, you
select a reply and submit the response the next
question will base on the previous questions
response. If someone has done the last question
correctly, the next question will be a slight
difficulty level. If someone has done the
previous question incorrectly, the next question
will be a slightly lower difficulty level. - When the examination gets over, the result will
decide based on the three rules. - Confidence interval rule.
- Minimum length exam rule.
- Run out of time rule.
- 3 hours of duration.
- You can not flag the question and go back to the
previous one. - You will be given a Wipr Board and pen with an
inbuilt calculator in the testing system. - Questions are weighted.
www.infosectrain.com sales_at_infosectrain.com
6- Domain1 Security Risk and governance
- Domain Agenda
- Understand and apply the concept of
confidentiality, integrity, and availability. - Develop, and implement security policy,
standards, procedures, and guidelines. - Understanding risk management concepts.
- Identify, analyze, and prioritize business
continuity requirements. - Understanding CIA
- Confidentiality Confidentiality means any
communication or any information intended for a
specific audience we will only share with those
audiences. The best method to protect the
confidentiality of the data would be encryption.
Now data at any state needs to be protected. So
data has typically three different forms - 1.DIM (Data in motion)
- 2.DAR (Data at rest)
- 3.DIU (Data in use)
www.infosectrain.com sales_at_infosectrain.com
7- Integrity Any unauthorized modification of the
data by an authorized or unauthorized person
called as there is a compromise or breach in the
integrity. We need to ensure that any
unauthorized modification or alteration of any
data by any authorized and unauthorized person
will be called a compromise or a breach of
integritythe best method or approach for the
examination perspective made through the concept
of hashing. - Availability Availability is going to ensure
that the data is available whenever its needed.
Whenever someone wants to access the information,
it should be available to us. The best method to
achieve availability is fault-tolerance. - Develop, and implement security policy,
standards, procedures, and guidelines. - What exactly is your policy? Now, these documents
are essential for any organization. They need to
keep a hold of these documents because if we do
not have these documents, it is difficult for any
enterprise or organization to create security or
drive a security project at any organization. - Policy It is a mandatory document that precisely
the system is going to state. It is a high-level
requirement for security for any organization.
Some security policies are - Access control
- Network security
- Risk management
- Training and awareness
www.infosectrain.com sales_at_infosectrain.com
8- Standards Standards are also mandatory. Standard
suggests that it(policies) is compulsory for
every newly hired employee. So whenever someone
joins the very first time the organization, they
go through the mandatory orientation program. - Guidelines Policy and standard are mandatory,
but guidelines are optional. It is going to
suggest the best practice. - Baseline Just like policy and the standard, the
baseline is also mandatory. The baseline is the
minimum-security requirement. It suggests to you
how the guidelines and measures can implement. - Procedure Procedure is the step by step process
to conduct any business tasks. - Understanding risk management concepts
- Identify, analyze, and prioritize business
continuity requirements - Understand legal and regulatory issues that
pertain to information security in a global
context
www.infosectrain.com sales_at_infosectrain.com
9Domain2 Asset security Data classification is
essential because any security control you want
to implement in any system determined through
data classification. Determine and Maintain
information and asset ownership Data owner
Ultimately responsible for the data. Data
Custodian Take efforts to protect the data,
backup. System owner Person who owns the system,
which processes the sensitive data. Business
owners Sales department head will be responsible
for the sales dept. However, the system used in
the sales department will own by the IT
department. Data controller Person or entity who
controls the processing of data. Data processor
Person or entity who processes personal data on
behalf of the data controller. Establish
information and asset handling requirements Marki
ng Labelling (protection mechanism assigned
based on data labels). Handling sensitive data
Secure transportation of data through the entire
lifecycle. Storing sensitive data Proper
encryption (AES 256) Store in a
temperature-controlled place. Destroying
sensitive data Deleting, clearing, purging,
sanitization, degaussing, and destruction.
www.infosectrain.com sales_at_infosectrain.com
10Domain3 Security Architecture and
engineering Domain 4 Communication and network
security Domain 5 Identity and access
management (ISM) Domain 6 Security assessment
and testing Domain 7 Security
operations Domain 8 Software development
security
www.infosectrain.com sales_at_infosectrain.com
11InfosecTrain is one of the best consulting
organizations, focusing on a range of IT security
training and information security services and
providing all the necessary CISSP certification
exam preparation. Certified instructors deliver
all training with years of industry experience.
You can check and enroll in our
CISSP-certification-training to prepare for the
certification exam.
www.infosectrain.com sales_at_infosectrain.com
12About InfosecTrain
- Established in 2016, we are one of the finest
Security and Technology Training and Consulting
company - Wide range of professional training programs,
certifications consulting services in the IT
and Cyber Security domain - High-quality technical services, certifications
or customized training programs curated with
professionals of over 15 years of combined
experience in the domain
www.infosectrain.com sales_at_infosectrain.com
13Our Endorsements
www.infosectrain.com sales_at_infosectrain.com
14Why InfosecTrain
Global Learning Partners
Access to the recorded sessions
Certified and Experienced Instructors
Flexible modes of Training
Tailor Made Training
Post training completion
www.infosectrain.com sales_at_infosectrain.com
15Our Trusted Clients
www.infosectrain.com sales_at_infosectrain.com
16(No Transcript)
17Contact us
Get your workforce reskilled by our certified and
experienced instructors!
IND 1800-843-7890 (Toll Free) / US 1
657-221-1127 / UK 44 7451 208413
sales_at_infosectrain.com
www.infosectrain.com