CISSP The 10 Domains
Here you will find the 10 domains you need to know , in order to pass the CISSP exam.
Under each domain, you can find study help for the domains made by: Lawrence Pingree.
1 Access Control Systems and Methodology
Mechanisms and methods used to enable administrators and managers to control what subjects can access.
* Identification, Authentication, Authorization, Monitoring.
* Access Control Administration.
* Categories and Controls.
* Control Threats and Measures.
* Dana ownership.
* Attacks to the Access Control.
2 Telecommunications and Network Security
Protocols and devices security.
* LAN, MAN (Metropolitan Area Network) and WAN technologies.
* Internet, intranet, extranet.
* VPN’s, routers, bridges and repeaters.
* Network Attacks.
* Network Security Concepts and Risks.
* Business Goals and Network Security.
3 Security Management Practices
Company assets to determine the level of protection required, in order to reducing threats and monetary loss.
* Data classification.
* Policies, procedures, standards and guidelines.
* Risk assessment and management.
* Personal security and awareness.
4 Aplikation og Systems udviklings Sikkerhed
* Data mining og data warehousing .
* Udviklings praksis.
* System lager/opbevaring.
* Skadelig kode .
* Software Baseret kontroller.
* Software udvikling Livssyrkel og principper.
Cryptographic technologies, and attacks to the cryptography.
* Basic Concepts and Algorithms.
* Symetric vs Asymetric algorithms.
* Signatures and Certification.
6 Security Architecture and Models
Concepts, Principles and Standards for designing and implementing secure applications.
* SO states, kernel functions and memory mapping.
* Security models.
* TCSSE Trusted Computer Security Evaluations (evaluation criteria)
* Common Criteria and ITSEC
* Common flaws in applications and systems.
* Principles and Benefits
* Trusted Systems and Computing Base.
* System and Enterprise Architecture.
7 Operations Security
Controls over personnel, hardware, systems, auditing and monitoring.
* Administrative responsibilities to personnel and jobs.
* Maintenance concepts. (AV,FW,auditing)
* Preventive, corrective, and recovery controls.
* Media, Backups and Change Control Management.
* Controls Categories.
8 Business Continuity Planning and Disaster Recovery Planning
Preservation of business activities when faced with disruptions or disasters.
* Resource identification and value.
* Risk assessment.
* Crisis management.
* Response and Recovery Plans.
* Restoration Activities.
* Plan development, implementation and maintenance.
9 Laws Investigations and Ethics
* Laws, regulations and crimes.
* Licensing and software privacy.
* Export and import laws and issues.
* Evidence types and admissibility into court.
* Incident handling, and forensics.
* Major Legal Systems
* Common and Civil Law
* Regulations, Laws and Information Security
10 Physical Security
Threats, risks and contra measures to protect: facilities,hardware,data,media and personnel.
* Restricted areas, authorization methods and controls.
* Sensors and alarms.
* Intrusion detection.
* Fire detection, prevention and suppression.
* Fencing security guards, and security badge types.
* Layered Physical Defense and Entry Points.
* Site Location Principle.