Easy to understand CISSP® prep curriculum with intense quizzes, which ensure you master all of the 10 domains and successfully pass the CISSP® exam in the first attempt.

What You Will Learn:
Tips for taking the Exam & Lunesys Self Study Techniques

1. Information Security and Risk Management
Identify an organization's information assets and the development, documentation, and implementation of policies, standards, procedures, and guidelines to identify risk.

• CIA
• Roles and Responsibilities - RACI
• Asset Management
• Taxonomy - Information Classification
• Risk Management
• Risk Analysis & Assessment
• Information Classification
• Policies, Procedures, Standards, Baselines & Guidelines
• Security Awareness Programs
• Certification and Accreditation

2. Access Control
Access controls are a collection of mechanisms that work together to create a security architecture to protect the assets of the information system.

• AAA
• Access to systems & data
• IPS intrusion prevention & IDS detection
• Audit trail monitoring
• Authentication Methods
• Authorization - DAC, RBAC, MAC
• Accounting - Logging, Monitoring, Auditing
• Central/Decentralized and Hybrid Management
• Single Sign-on - Kerberos, Radius, Diameter, TACACS
• Threats
• Vulnerabilities - Emanations, Impersonation, Rouge Infrastructure, Social Engineering

3 Cryptography
Cryptography domain addresses the principles, means, and methods of disguising information to ensure its integrity, confidentiality and authenticity.

• Terminology
• Cryptosystems
• Ciphers
• Algorithms
• Hashing
• Public Key Crypto
• Digital Signatures
• Symmetric/ Asymmetric
• PKI
• Internet Security
• Cryptosystems - SSL, S/MIME, PGP
• Cryptanalysis

4. Physical (Environmental) Security
The physical security domain provides protection techniques for the entire facility, from the outside perimeter to the inside office space, including all of the information system resources.

• Buildings, and related infrastructure against threatsTerminology
• Technical controls - access controls, intrusion detection system, and monitoring system
• Supporting facilities - heating/cooling, electrical plant, and water system
• Facility Design
• Fire Safety
• Electrical Security
• HVAC
• Perimeter Security - Fences, Gates, Lighting
• Physical facility - buildings and structures housing computer facilities
• Physical Access Control - Transponders, Badges, Swipe Cards
• Theft
• Intrusion Detection - CCTV, Alarms, Guards, & Dogs

5. Security Architecture and Design
Contains the concepts, principles, structures, and standards used to design, monitor, and secure operating systems, equipment, networks, applications and those controls used to enforce various levels of availability, integrity, and confidentiality.

• Identify the security issues and controls with architectures and designs.
• Describe the principles of common computer and network organizations, enterprise architecture and designs.
• Layering, Data Hiding and Abstraction
• Processors
• Memory - Segmentation/Rings, Types of Memory
• Operating Systems
• Defines and understand system models
• Assurance - TCSEC, ITSEC, CC
• Architecture Problems - Covert Channels + TOC/TOU, Object Reuse

6. Application Security
Addresses the important security concepts that apply to application software development and outlines the environment where software is designed and developed.

• General Security Principles
• Database
• Applications
• Artificial Intelligence Models
• SDL
• Programming/Data Attacks
• Malware
• Threats
• Real World Issues
• Change Management
• Database Security
• Mobil Code

7. Telecommunications and Network Security
This domain address:

• Network Structures
• Transmission methodology
• Transport formats
• OSI/DoD TCP/IP Models
• TCP/UDP/ICMP/IP
• Ethernet
• Devices - Routers/Switches/Hubs
• Firewalls
• Wireless
• WAN Technologies - X.25/Frame Relay/ PPP /ISDN/DSL/Cable
• Voice - PBX/Cell Phones/VOIP
• IPSec
• Network Vulnerabilities

8. Legal, Regulations, Compliance, and Investigations domain
It addresses:

• Computer crime laws and regulations
• The measures and technologies used to investigate computer crime incidents
• Ethics - Due Care/Due Diligence
• Intellectual Property
• Incident Response
• Forensics
• Evidence
• Laws - HIPAA, GLB, SOX

9. Business Continuity & Disaster Recovery Planning
The BCP & DRP domain addresses business operations in the event of outages.

• Policy
• Roles and Teams
• Business Continuity Planning
• Business Impact Assessment
• Recovery Strategy
• Recovery Plan Development
• Emergency Response
• Data Backups, Vaulting, Journaling, Shadowing
• Backups & Off-Site Storage
• Software Escrow Arrangements
• External Communications
• Utilities
• Logistics & Supplies
• Emergency Response
• Required Notifications /Testing

10. Operations Security
Identify the controls over hardware, media, and administration to any of these resources. And audit & monitoring that identify security events and subsequent actions.

• Change Control/Configuration Management
• Dual Control, Separation of Duties, Rotation of Duties
• Information Security Controls
• Violation analysis
• Audit trails/reporting
• Resource Protection
• Appropriate administrator/operator privilege
• Recovery procedures
• Attack methods
• Vulnerability Assessment and Pen-Testing

Certification
CISSP® (Certified Information Systems Security Professional) Certifications is based on the CBK (Common Body of Knowledge) which comprises ten subject domains that is compiled and maintained through ongoing peer review by subject matter experts. requires exam candidates to have a minimum of five years of relevant work experience in two or more of the ten domains, 5 years of work experience with an applicable college degree, or a credential from the (ISC)²® -approved list.

CISSP® is a registered trademark of (ISC)²®
Lunesys CISSP® classes are not endorsed, sponsored or delivered by (ISC)²®.

Disclaimer
CISSP® a registered trademark of (ISC)²® Inc (International Information Systems Security Certification Consortium) Inc. The materials for the Lunesys classes have been developed specifically for Lunesys and is not endorsed, sponsored or delivered by (ISC)²®. The goal of the course is to prepare security professionals for the CISSP® exam by covering the ten domains defined by (ISC)²®