CISSP Study Guide

(ISC)2's CISSP is perhaps the most highly regarded certification in the information security space, and as such, is well received by employers and customers alike. This guide will help busy value-added resellers and security consultants prepare for the CISSP exam. We begin with a series of lessons developed by Shon Harris, author of CISSP All-in-One Exam Guide. Each of the ten lesson coincides with a domain from the Common Body of Knowledge. Then you'll find additional resources that cover the exam's content. Finally, we offer you tips and strategies for surviving -- and passing -- the CISSP exam.

If you have further questions about preparing for security certification, submit them to our certification expert, Don Donzal, editor-in-chief of Certified Security Professional Online Magazine.

TABLE OF CONTENTS    Training for CISSP Certification    Preparing for the Exam    Taking the Exam

Training for CISSP Certification

Return to Table of Contents

• Lesson 1: Security management practices
  Security management embodies the administrative and procedural activities designed to secure corporate assets and information companywide. Learn how security management facilitates the enterprise security vision by formalizing the infrastructure, defining the activities, and applying the tools and techniques necessary to control, monitor and coordinate security efforts across an organization.

• Lesson 2: Access control
  Access controls enable the protection of security assets by restricting access to systems and data by users, applications and other systems. Learn how access controls support the core security principles of confidentiality, integrity and availability by inducing subjects to positively identify themselves, prove they possess appropriate credentials, and the necessary rights and privileges to obtain access to the target resource and its information.

• Lesson 3: Cryptography
  Cryptography enables the protection of security assets through the transformation of clear text to unreadable form. Learn how cryptography, its components, methods and uses, are used to store and transmit messages safely.

• Lesson 4: Security models and architecture
  As computers and networks have become more complex, so too have approaches evolved for securing them. In this lesson expert Shon Harris investigates the framework and structures that make up typical computer systems; the accompanying webcast sketches the evolution of security models and evaluation methods as they have struggled to keep pace with changing technology needs.

• Lesson 5: Telecommunications and networking
  This lesson focuses on the "glue" of network security: how networks work, how data is transmitted from one device to another, how protocols transmit information, and how applications understand, interpret and translate data.

• Lesson 6: Applications and system development
  Applications and systems are the technologies closest to the data we are trying to protect. This lesson details how applications and systems are structured, what security mechanisms and strategies are commonly used to secure data during access, processing and storage; it also presents some of the common threats and countermeasures.

• Lesson 7: Business continuity
  One of the fundamental objectives of security is "availability" — the ability to access computer data and resources whenever necessary. This lesson focuses on one of the often overlooked but critical aspects of availability: business continuity planning and disaster recovery.

• Lesson 8: Law, investigation and ethics
  Fraud, theft and embezzlement have always been an unfortunate fact of life, but the computer age has brought on new opportunities for a different and more malicious set of thieves and miscreants. While many security professionals focus on "preventing" cyber attacks, it's equally important to understand how to investigate a computer crime and gather evidence – that's exactly what this lesson addresses.

• Lesson 9: Physical security
  Physical security has taken on added importance in the continuing wake of 9/11. While most IT professionals are focused on logical systems—computers, networks, systems, devices—a comprehensive security program must address critical physical risks, too. The convergence of physical and logical systems makes this practice even more important.

• Lesson 10: Operations security
  Operations security pertains to everything needed to keep a network, computer system and environment up and running in a secure and protected manner. Since networks are "evolutionary" and always changing, it's essential that security pros understand the fundamental procedures for managing security continuity and consistency in an operational environment.

Preparing for the Exam

Return to Table of Contents

• Feature article: Pre-CISSP: Options for the security newbie
  Shon Harris advises novice security practitioners on the value of entry-level certifications -- and good, old-fashioned experience -- in preparation for the CISSP.

• Ask the Expert: Recommended prep time for CISSP
  Certification expert Ed Tittel addresses how long it may take to get up to speed for the CISSP exam.

• Ask the Expert: Recommended CISSP books
  The top three CISSP study guides, recommended by SearchSecurityChannel's certification expert.

• Ask the Expert: Preparing for the CISSP exam
  CISSP study resources recommended by fellow IT professionals.

• Ask the Expert: Advice on preparing for the CISSP
  SearchNetworking expert Ed Tittel recommends CISSP prep classes and details on the best prep book available.

• Chapter download: Security models and architecture
  Read Chapter 5 from Shon Harris'CISSP All-in-One Exam Guide, Second Edition.

Taking the Exam

Return to Table of Contents

• Feature article: Dos and don'ts for passing the CISSP exam
  From choosing an exam date to answering the questions, here are some dos and don'ts for CISSP exam success.

• Ask the Expert: Best practices for taking the CISSP exam
  Certification expert Don Donzal offers advice on how to survive the tedious CISSP exam.

• Feature article: Luck, career goals and a CISSP boot camp
  A newly certified security practitioner offers advice for surviving the CISSP exam.