Preparation for CISSP - PowerPoint PPT Presentation

About This Presentation
Title:

Preparation for CISSP

Description:

CISSP is known as a Certified Information System Security Professional. Now it is one of the most globally recognized certifications in information security. So, the certificate is taken by people who are responsible for maintaining the security posture for an enterprise-level. – PowerPoint PPT presentation

Number of Views:73
Slides: 18
Provided by: infosectrain

less

Transcript and Presenter's Notes

Title: Preparation for CISSP


1
Preparation for CISSP
www.infosectrain.com sales_at_infosectrain.com
2
  • CISSP is known as a Certified Information System
    Security Professional. Now it is one of the most
    globally recognized certifications in information
    security. So, the certificate is taken by people
    who are responsible for maintaining the security
    posture for an enterprise-level.
  • It is not at all entry-level certification that
    requires a minimum of 5 years of experience in
    information security and two or more eight
    domains of CISSP.
  • You will understand how important this
    certification is because it has been more than 26
    years since CISSP launched in 1994, and since
    then, there are only 140 thousand people
    certified across the globe.

www.infosectrain.com sales_at_infosectrain.com
3
Part of CISSP certification There are eight
domains of CISSP Certification Domain 1
Security and risk management (15)  It is all
about security risk and control. It will give you
a complete perspective of security risk,
governance risk management, and it also talks
about at an enterprise-level, how you can take
care of business continuity planning. It also
gives you a flavor of understanding the loss
thats is following across the globe. This
particular domain has the highest percentage in
the examination. Domain 2 Asset Security (10)
The next part is assets security, a relatively
short domain but indeed a significant one. We
will talk about various things that we deal with
to protect assets (it is about the information
assets that are the data). Domain 3 Security
Architecture and engineering (13) It is one of
the humongous domains in CISSP it includes five
different modules and three other parts. It talks
about cryptography, security architecture, and
engineering, system architecture, and it also
talks about physical security. So it is essential
for the examination perspective. Domain 4
Communication and network security (14) It is
one of the most extensive fields in CISSP from a
content perspective and indeed important once.
Many people do not have a networking background
they have difficulty understanding many of the
concepts from this domain.
www.infosectrain.com sales_at_infosectrain.com
4
Domain 5 Identity and access management (ISM)
(13) Indeed, it is one of the binding domain
essentials, but there are few concepts in
specific parts that are testable from an
examination perspective. Domain 6 Security
assessment and testing (12) In this domain, we
look at various aspects that we need to know from
an application security perspective the
different things we need to understand while we
asset or test an application from a security
perspective. Domain 7 Security operations
(13) Many people have first-hand experience in
this domain because it talks about the concepts
that everybody follows or sees at their day to
day level. So it is going to change management,
patch management, or vulnerability management.
Many people who have worked in information
security have done at least one thing in the
security operations section. Domain 8 Software
development security (10) In this, we will see
various ways of developing software (like
software development life cycle, life cycle
model, and activity of malicious code and their
impact on applications, including your software
applications).

www.infosectrain.com sales_at_infosectrain.com
5
  • Exam Specifics
  • CISSP is a CAT (Computer Adaptive Test)
  • How exactly CAT format works When you start the
    examination, you will give the first question
    the question would have four responses choose
    one of the right answers. Now the movement, you
    select a reply and submit the response the next
    question will base on the previous questions
    response. If someone has done the last question
    correctly, the next question will be a slight
    difficulty level. If someone has done the
    previous question incorrectly, the next question
    will be a slightly lower difficulty level.
  • When the examination gets over, the result will
    decide based on the three rules.
  • Confidence interval rule.
  • Minimum length exam rule.
  • Run out of time rule.
  • 3 hours of duration.
  • You can not flag the question and go back to the
    previous one.
  • You will be given a Wipr Board and pen with an
    inbuilt calculator in the testing system.
  • Questions are weighted.

www.infosectrain.com sales_at_infosectrain.com
6
  • Domain1 Security Risk and governance
  • Domain Agenda
  • Understand and apply the concept of
    confidentiality, integrity, and availability.
  • Develop, and implement security policy,
    standards, procedures, and guidelines.
  • Understanding risk management concepts.
  • Identify, analyze, and prioritize business
    continuity requirements.
  • Understanding CIA
  • Confidentiality Confidentiality means any
    communication or any information intended for a
    specific audience we will only share with those
    audiences. The best method to protect the
    confidentiality of the data would be encryption.
    Now data at any state needs to be protected. So
    data has typically three different forms
  • 1.DIM (Data in motion)
  • 2.DAR (Data at rest)
  • 3.DIU (Data in use)

www.infosectrain.com sales_at_infosectrain.com
7
  • Integrity Any unauthorized modification of the
    data by an authorized or unauthorized person
    called as there is a compromise or breach in the
    integrity. We need to ensure that any
    unauthorized modification or alteration of any
    data by any authorized and unauthorized person
    will be called a compromise or a breach of
    integritythe best method or approach for the
    examination perspective made through the concept
    of hashing.
  • Availability Availability is going to ensure
    that the data is available whenever its needed.
    Whenever someone wants to access the information,
    it should be available to us. The best method to
    achieve availability is fault-tolerance.
  • Develop, and implement security policy,
    standards, procedures, and guidelines.
  • What exactly is your policy? Now, these documents
    are essential for any organization. They need to
    keep a hold of these documents because if we do
    not have these documents, it is difficult for any
    enterprise or organization to create security or
    drive a security project at any organization.
  • Policy It is a mandatory document that precisely
    the system is going to state. It is a high-level
    requirement for security for any organization.
    Some security policies are
  • Access control
  • Network security
  • Risk management
  • Training and awareness

www.infosectrain.com sales_at_infosectrain.com
8
  • Standards Standards are also mandatory. Standard
    suggests that it(policies) is compulsory for
    every newly hired employee. So whenever someone
    joins the very first time the organization, they
    go through the mandatory orientation program.
  • Guidelines Policy and standard are mandatory,
    but guidelines are optional. It is going to
    suggest the best practice.
  • Baseline Just like policy and the standard, the
    baseline is also mandatory. The baseline is the
    minimum-security requirement. It suggests to you
    how the guidelines and measures can implement.
  • Procedure Procedure is the step by step process
    to conduct any business tasks.
  • Understanding risk management concepts  
  • Identify, analyze, and prioritize business
    continuity requirements
  • Understand legal and regulatory issues that
    pertain to information security in a global
    context

www.infosectrain.com sales_at_infosectrain.com
9
Domain2 Asset security Data classification is
essential because any security control you want
to implement in any system determined through
data classification. Determine and Maintain
information and asset ownership Data owner
Ultimately responsible for the data. Data
Custodian Take efforts to protect the data,
backup. System owner Person who owns the system,
which processes the sensitive data. Business
owners Sales department head will be responsible
for the sales dept. However, the system used in
the sales department will own by the IT
department. Data controller Person or entity who
controls the processing of data. Data processor
Person or entity who processes personal data on
behalf of the data controller. Establish
information and asset handling requirements Marki
ng Labelling (protection mechanism assigned
based on data labels). Handling sensitive data
Secure transportation of data through the entire
lifecycle. Storing sensitive data Proper
encryption (AES 256) Store in a
temperature-controlled place. Destroying
sensitive data Deleting, clearing, purging,
sanitization, degaussing, and destruction. 
www.infosectrain.com sales_at_infosectrain.com
10
Domain3 Security Architecture and
engineering Domain 4 Communication and network
security Domain 5 Identity and access
management (ISM) Domain 6 Security assessment
and testing Domain 7 Security
operations Domain 8 Software development
security
www.infosectrain.com sales_at_infosectrain.com
11
InfosecTrain is one of the best consulting
organizations, focusing on a range of IT security
training and information security services and
providing all the necessary CISSP certification
exam preparation. Certified instructors deliver
all training with years of industry experience.
You can check and enroll in our
CISSP-certification-training to prepare for the
certification exam.
www.infosectrain.com sales_at_infosectrain.com
12
About InfosecTrain
  • Established in 2016, we are one of the finest
    Security and Technology Training and Consulting
    company
  • Wide range of professional training programs,
    certifications consulting services in the IT
    and Cyber Security domain
  • High-quality technical services, certifications
    or customized training programs curated with
    professionals of over 15 years of combined
    experience in the domain

www.infosectrain.com sales_at_infosectrain.com
13
Our Endorsements
www.infosectrain.com sales_at_infosectrain.com
14
Why InfosecTrain
Global Learning Partners
Access to the recorded sessions
Certified and Experienced Instructors
Flexible modes of Training
Tailor Made Training
Post training completion
www.infosectrain.com sales_at_infosectrain.com
15
Our Trusted Clients
www.infosectrain.com sales_at_infosectrain.com
16
(No Transcript)
17
Contact us
Get your workforce reskilled by our certified and
experienced instructors!
IND 1800-843-7890 (Toll Free) / US 1
657-221-1127 / UK 44 7451 208413
sales_at_infosectrain.com
www.infosectrain.com
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Preparation for CISSP" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!