ISSAP – Communications & Network Security

Voice & Facsimile Communications Pulse Code Modulation (PCM) Circuit-Switched / Packet-Switched Networks VoIP Architecture Concerns End-to-End Delay Jitter Method of Voice Digitization Used Packet Loss Rate Security Voice Security Policies and Procedures Encryption Authentication Administrative Change Control Integrity Availability Voice Protocols Network Architecture Redundancy and Availability Internet Versus Intranet Extranet Network Types Perimeter Controls Security … Read moreISSAP – Communications & Network Security

ISSAP – Access Control Systems & Methodology

Access Control Concepts DAC DAC Implementation Strategies Non-discretionary Access Control MAC Least Privilege Separation of Duties Architectures Authentication, Authorization, and Accounting (AAA) Centralized Access Control Common Implementations Design Considerations Decentralized Access Control Design Considerations Federated AC Design Considerations Directories and Access Control Design Considerations Identity Management Accounting Access Control Administration & Management Concepts Access Control … Read moreISSAP – Access Control Systems & Methodology

CISSP: Software Development Security

(Understanding, Applying, and Enforcing Software Security) Here you will need to: Application of security concepts Application of best practices to Production Software Development Software Environments Since most CISSP done like to program, we let the programmers do it. But the CISSP does need to know how to interact with the developers. Therefore, know: All of … Read moreCISSP: Software Development Security

CISSP: Security Operations

Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery) This Course specifically spends time on what the security engineer does daily.  Where this security engineer spends his/her time now is a major shift into how we think about learning Iformation Security.   Its now trending heavily towards the role of the individual and the skillset … Read moreCISSP: Security Operations

CISSP: Security Assessment and Testing

(Designing, Performing, and Analyzing Security Testing) This involves the: Evaluation of information assets / associated infrastructure and all of the Tools and techniques for the purpose of Identifying Risk Mitigating Risk due to Architecture issues Design flaws Configuration Errors Hardware and software vulnerabilities Coding errors with any other weakness that may affect the system. This … Read moreCISSP: Security Assessment and Testing

CISSP: Identity and Access Management

(Controlling Access and Managing Identity) You can start with Provisioning Managing identities Access used with interaction of humans Access used with Information systems Disparate Information Systems Between individual components of IS's gaining unauthorized access to systems (Access Control) gaining access to information (Confidentiality) and Address: Identification Authentication Authorization of Users Systems Services Single Multi-factor authentication … Read moreCISSP: Identity and Access Management

CISSP: Communications and Network Security

(Designing and Protecting Network Security) This domain focuses on: Network Architecture Transmission Methods Transport Protocols Control Devices IAC Model Public Networks Private Networks By now you must have mastered: Network Fundamentals Network Typologies IP addressing Network Segmentation Switching and Routing Wireless Networking OSI and TCP Models TCP/IP protocol suite Had enough?  Don't forget the impact with … Read moreCISSP: Communications and Network Security

CISSP: Security Engineering

(Engineering and Management of Security) This domain has the second largest number of topics You'll have to understand how treats relate to: Malicioous Acts Human Error Hardware Failures Natural Desasters The IAC Triad will also be a theme throughout this subject You will need to learn how to use security engineering process security design principles … Read moreCISSP: Security Engineering

CISSP: Asset Security

(Protecting the Security of Assets) This domain deals with the: collection handling protection of information  throughout a lifecycle.  This is first done by understanding the classification of the asset which will be the basis for controls. Several roles will be discussed with regards to ownership as it relates to: information systems business process Over the … Read moreCISSP: Asset Security

CISSP: Security and Risk Management

(Security, Risk, Compliance, Law, Regulations, Business Continuity) This specific domain covers the basic principles of computer security Confidentiality Integrity Availability Identification Authentication Authorization Accounting etc… It also covers Risk Management topics to include: Assets Treats Risks Vulnerabilities Risk management will continue to be a critical topic.  This topic will be explored thoroughly to include: Risk … Read moreCISSP: Security and Risk Management