CISSP Study Guide

Resources, tips and strategies for preparing for -- and passing -- the CISSP exam.

(ISC)2's CISSP is perhaps the most highly regarded certification in the information security space, and as such,

is well received by employers and customers alike. This guide will help busy value-added resellers and security consultants prepare for the CISSP exam. We begin with a series of lessons developed by Shon Harris, author of CISSP All-in-One Exam Guide. Each of the ten lesson coincides with a domain from the Common Body of Knowledge. Then you'll find additional resources that cover the exam's content. Finally, we offer you tips and strategies for surviving -- and passing -- the CISSP exam.

If you have further questions about preparing for security certification, submit them to our certification expert, Don Donzal, editor-in-chief of Certified Security Professional Online Magazine.

TABLE OF CONTENTS

   Training for CISSP Certification
   Preparing for the Exam
   Taking the Exam

  Training for CISSP Certification  Return to Table of Contents

  • Lesson 1: Security management practices
    Security management embodies the administrative and procedural activities designed to secure corporate assets and information companywide. Learn how security management facilitates the enterprise security vision by formalizing the infrastructure, defining the activities, and applying the tools and techniques necessary to control, monitor and coordinate security efforts across an organization.

  • Lesson 2: Access control
    Access controls enable the protection of security assets by restricting access to systems and data by users, applications and other systems. Learn how access controls support the core security principles of confidentiality, integrity and availability by inducing subjects to positively identify themselves, prove they possess appropriate credentials, and the necessary rights and privileges to obtain access to the target resource and its information.

  • Lesson 3: Cryptography
    Cryptography enables the protection of security assets through the transformation of clear text to unreadable form. Learn how cryptography, its components, methods and uses, are used to store and transmit messages safely.

  • Lesson 4: Security models and architecture
    As computers and networks have become more complex, so too have approaches evolved for securing them. In this lesson expert Shon Harris investigates the framework and structures that make up typical computer systems; the accompanying webcast sketches the evolution of security models and evaluation methods as they have struggled to keep pace with changing technology needs.

  • Lesson 5: Telecommunications and networking
    This lesson focuses on the "glue" of network security: how networks work, how data is transmitted from one device to another, how protocols transmit information, and how applications understand, interpret and translate data.

  • Lesson 6: Applications and system development
    Applications and systems are the technologies closest to the data we are trying to protect. This lesson details how applications and systems are structured, what security mechanisms and strategies are commonly used to secure data during access, processing and storage; it also presents some of the common threats and countermeasures.

  • Lesson 7: Business continuity
    One of the fundamental objectives of security is "availability" — the ability to access computer data and resources whenever necessary. This lesson focuses on one of the often overlooked but critical aspects of availability: business continuity planning and disaster recovery.

  • Lesson 8: Law, investigation and ethics
    Fraud, theft and embezzlement have always been an unfortunate fact of life, but the computer age has brought on new opportunities for a different and more malicious set of thieves and miscreants. While many security professionals focus on "preventing" cyber attacks, it's equally important to understand how to investigate a computer crime and gather evidence – that's exactly what this lesson addresses.

  • Lesson 9: Physical security
    Physical security has taken on added importance in the continuing wake of 9/11. While most IT professionals are focused on logical systems—computers, networks, systems, devices—a comprehensive security program must address critical physical risks, too. The convergence of physical and logical systems makes this practice even more important.

  • Lesson 10: Operations security
    Operations security pertains to everything needed to keep a network, computer system and environment up and running in a secure and protected manner. Since networks are "evolutionary" and always changing, it's essential that security pros understand the fundamental procedures for managing security continuity and consistency in an operational environment.

  Preparing for the Exam  Return to Table of Contents

  Taking the Exam  Return to Table of Contents

This was first published in September 2006

Dig deeper on Information Security Training and Certification

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close