This is an ideal course for any student who is preparing for CISSP. The course content covers Domain 5 and Domain 6 in detail.
Design and validate assessment, test, and audit strategies
Internal
External
Third-party
Conduct security control testing
Vulnerability assessment
Penetration testing
Log reviews
Synthetic transactions
Code review and testing
Misuse case testing
Test coverage analysis
Interface testing
Breach attack simulations
Compliance checks
Collect security process data (e.g., technical and administrative)
Account management
Management review and approval
Key performance and risk indicators
Backup verification data
Training and awareness
Disaster Recovery (DR) and Business Continuity (BC)
Analyze test output and generate reports
Remediation
Exception handling
Ethical disclosure
Conduct or facilitate security audits
Internal
External
Third-party
Control physical and logical access to assets
Information
Systems
Devices
Facilities
Applications
Manage identification and authentication of people, devices, and services
Identity Management (IdM) implementation
Single/Multi-Factor Authentication (MFA)
Accountability
Session management
Registration, proofing, and establishment of identity
Federated Identity Management (FIM)
Credential management systems
Single Sign On (SSO)
Just-In-Time (JIT)
Federated identity with a third-party service
On-premises
Cloud
Hybrid
Implement and manage authorization mechanisms
Role Based Access Control (RBAC)
Rule based access control
Mandatory Access Control (MAC)
Discretionary Access Control (DAC)
Attribute Based Access Control (ABAC)
Risk based access control
Manage the identity access provisioning lifecycle
Account access review (e.g., user, system, service)
Provisioning and deprovisioning (E.g., on/off boarding and transfers)
Role definition (e.g., people assigned to new roles)
Privilege escalation (e.g., manage service accounts, use of sudo, minimizing its use)
Implement authentication systems
OPENid Connect (OIDC)/Open Authorization (Oauth)
Security Assertion Markup Language (SAML)
Kerberos
Remote Authentication Dial-In User Service (RADIUS)/Terminal Access Controller Access Control System Plus (TACACS+)
The CISSP exam is governed by the International Information Systems Security Certification Consortium (ISC) . (ISC) is a global not-for-profit organization. It has four primary mission goals:
Maintain the Common Body of Knowledge (CBK) for the field of information systems security.
Provide certification for information systems security professionals and practitioners.
Conduct certification training and administer the certification exams.
Oversee the ongoing accreditation of qualified certification candidates through continued education.
The (ISC)2 is operated by a board of directors elected from the ranks of its certified practitioners.
Subscribe now! The CISSP exam is governed by the International Information Systems Security Certification Consortium (ISC) . (ISC) is a global not-for-profit organization.
2
13
TAKE THIS COURSE