CiSSP

1. Physical (Environmental) Security

1.1. Introduction

1.2. CISSP Expectations

1.3. Innovation and Leadership

1.4. Site and Facility Design Criteria

1.5. Location Threats

1.6. Perimeter Security

1.7. Gates and Fences

1.8. Perimeter Intrusion Detection

1.9. Lighting

1.10. Access Control

1.11. Closed Circuit TV

1.12. Guards

1.13. Design Requirements

1.14. Building and Inside Security

1.15. Interior Intrusion Detection Systems

1.16. Escort and Visitor Control

1.17. Secure Operational Areas

1.18. Environmental Controls

2. Telecommunication & Network Security

2.1. Introduction

2.2. CISSP Expectations

2.3. Layer 1: Physical Layer

2.4. Layer 2: Data-Link Layer

2.5. Layer 3: Network Layer

2.6. Layer 4: Transport Layer

2.7. Layer 5: Session Layer

2.8. Layer 6: Presentation Layer

2.9. Layer 7: Application Layer

3. Security Architecture & Design

3.1. Introduction

3.2. CISSP Expectations

3.3. The Basics of Secure Design

3.4. Enterprise Security Architecture

3.5. System Security Architecture

4. Security Operations

4.1. Introduction

4.2. CISSP Expectations

4.3. Key Themes

4.4. Maintaining Operational Resilience

4.5. Protecting Valuable Assets

4.6. Controlling Privileged Accounts

4.7. Managing Security Services Effectively

5. https://www.csisc.uk/

6. Software Development Security

6.1. Domain Description and Introduction

6.2. Applications Development and Programming Concepts and Protection

6.3. Audit and Assurance Mechanisms

6.4. Malicious Software (Malware)

6.5. The Database and Data Warehousing Environment

6.6. Web Application Environment

7. Business Continuity & Disaster Recovery Planning

7.1. Project Initiation and Management

7.2. Senior Leadership Support

7.3. Hidden Benefits of the Planning Process

7.4. Defining the Scope of the Planning Effort

7.5. Company Policy or Standard

7.6. Legal and Regulatory Requirements

7.7. The Ten Professional Practice Areas

7.8. Regulations for Financial Institutions

7.9. Legal Standards

7.10. Resource Requirements

7.11. Understanding the Organization

7.12. Business Impact Analysis

7.13. Selecting a Recovery Strategy

7.14. Documenting the Plan

7.15. Managing Recovery Communications

7.16. Testing the Plan

7.17. Training and Awareness Programs

7.18. Update and Maintenance of the Plan

7.19. Transitioning from Project to Program

7.20. Roles and Responsibilities

8. Cryptography

8.1. Introduction

8.2. Concepts and Defi nitions

8.3. Encryption Systems

8.4. Message Integrity Controls

8.5. Digital Signatures

8.6. Encryption Management

8.7. Cryptanalysis and Attacks

8.8. Statistical Analysis

8.9. Encryption Usage

9. Information Security Governance & Risk Management

9.1. Introduction

9.2. The Business Case for Information Security Management

9.3. Information Security Management Governance

9.4. Organizational Behavior

9.5. Security Awareness, Training, and Education

9.6. Risk Management

9.7. Ethics

10. Legal Regulation Investigations and Compliance

10.1. Introduction

10.2. Major Legal Systems

10.3. Information Technology Laws and Regulations

10.4. Incident Response

11. Access Control

11.1. Introduction

11.2. Access Control Concepts

11.3. Access Control Principles

11.4. Information Classifi cation

11.5. Access Control Requirements

11.6. Access Control Categories

11.7. Access Control Types

11.8. Access Control Strategies

11.9. Identity Management

11.10. Access Control Technologies

11.11. Data Access Controls

11.12. Intrusion Detection and Intrusion Prevention Systems

11.13. Threats