CISSP - Certified Information Systems Security Professional

Confidentiality, Integrity, Availability, and Governance.

• The CIA Triad and security concepts.
• Security governance principles and policies.
• Legal, regulatory, and compliance requirements.
• Security awareness, education, and training.

Risk analysis, business continuity, and disaster recovery.

• Risk management framework (Identify, Assess, Respond, Monitor).
• Threat modeling and risk analysis (Qualitative, Quantitative).
• Business Impact Analysis (BIA).
• Business Continuity Planning (BCP) and Disaster Recovery (DR) processes.

Identifying, classifying, and protecting information assets.

• Information and asset classification.
• Data ownership, stewardship, and custody.
• Data privacy and data protection.
• Data handling and retention policies.

Engineering and managing secure systems.

• Security engineering principles and design.
• Security models (Bell-LaPadula, Biba, Clark-Wilson).
• Security in the cloud (IaaS, PaaS, SaaS) and virtualization.
• Securing industrial control systems (ICS) and IoT.

Mastering encryption and its applications.

• Symmetric and Asymmetric encryption.
• Hashing algorithms (MD5, SHA).
• Public Key Infrastructure (PKI) and digital certificates.
• Cryptographic attacks (brute force, man-in-the-middle).

Designing and protecting secure network architectures.

• OSI and TCP/IP models.
• Network devices (firewalls, routers, switches).
• Secure network protocols (HTTPS, TLS, VPNs, IPsec).
• Securing wireless networks.

Controlling access to information and assets.

• Identification, Authentication, and Authorization.
• Authentication mechanisms (MFA, biometrics).
• Access control models (MAC, DAC, RBAC, ABAC).
• Federated identity (SAML, OAuth, OpenID Connect).

Validating security controls and conducting audits.

• Vulnerability assessment and penetration testing.
• Security audits and reviews.
• Log review and security reporting.
• Testing strategies (white box, black box, gray box).

Managing day-to-day security operations.

• Foundational security operations concepts.
• Monitoring, logging, and SIEM.
• Configuration management and change management.
• Patch and vulnerability management.

Responding to and recovering from security incidents.

• Incident management lifecycle (Detect, Respond, Mitigate, Report, Recover).
• Digital forensics and investigation.
• Disaster Recovery (DR) execution.
• Lessons learned and post-incident review.

Integrating security into the software development lifecycle (SDLC).

• Secure SDLC (SSDLC) models (e.g., DevSecOps).
• Common software vulnerabilities (OWASP Top 10).
• Secure coding practices and code review.
• Static (SAST) and Dynamic (DAST) application security testing.

Applying all 8 domains to a real-world scenario.

• Analyzing a case study of a fictional company.
• Identifying risks across all 8 domains.
• Developing a high-level security strategy and roadmap.
• Presenting findings and recommendations.

Mastering the CISSP exam format and mindset.

• Understanding the CISSP CAT (Computerized Adaptive Testing) format.
• Thinking like a manager, not just a technician.
• Review of all 8 domains and key concepts.
• Time management and question-answering strategies.

Simulating the exam experience.

• Full-length adaptive practice exam.
• Detailed score report and review of missed questions.
• Final Q&A and readiness assessment.