CISSP Study Guide
1: Security and Risk Management
Think like a C-Suite
You may have heard the mantra "think like a manager" numerous times, be it from resources like Re...
Risk Analysis Formulas
Understanding Risks Analysis Formulas Risk analysis can be broken down into two primary methods....
Threat Modeling
Supply Chain Risk Management (SCRM) Modern service delivery often involves a chain of multipl...
Types of Law
Type of Law Standard Description Criminal Law Beyond a reasonable doubt Contai...
2, 3: Security Architecture & Engineering
Domain 2: Asset Security
Data Security Controls When preparing for your CISSP exam, the primary areas to focus on include...
Introduction & New Concepts
Introduction to Key Concepts We will cover, at a high level, the following concepts which will b...
Frameworks
Common Criteria (CC) - ISO/IEC 15408 Overview: Provides a framework for the security evaluatio...
Technological Architectures
Microservices and Service Orientated Architecture (SOA) Service-Oriented Architecture (SOA) is a...
Computing Programs
Grid Computing Grid computing, a subset of distributed computing, harnesses the power of many lo...
Authentication & Access
Security Modes Multilevel Mode Designed for systems that handle data of varying classificatio...
Cloud & Network Security
CASB (Cloud Access Security Broker) Definition: A CASB is a security solution that sits between ...
Hardware & System Infrastructure
Processor States Single State Processors Multi-State Processors Processors restr...
Threats & Countermeasures
Process Isolation: It's like giving each process its own private room. This ensures a process...
Physical Security
Physical Security Controls Functional Order of Security Controls Stage Purpose Example ...
3.1 Cryptography
Cryptography can be a challenging aspect of the CISSP exam, as it demands a substantial grasp of ...
Cryptographic Systems
Post-Quantum Cryptography (PQC) PQC refers to cryptographic algorithms designed to be secure aga...
Introduction & Concepts
Understanding the core principles of cryptography is crucial in the journey towards CISSP certifi...
Ciphers & Codes
This overview provides an introduction to the basic concepts of codes and ciphers, essential elem...
Public Key Infrastructure (PKI)
Public Key Infrastructure (PKI) is an essential framework in cybersecurity that works like a digi...
Asymmetric vs. Symmetric
In short, symmetric cryptography is faster and simpler but lacks scalability, has challenges with...
Hashing vs. Encryption
In the previous pages, we covered discussed encryption as a bidirectional function. Note how encr...
Types of Attacks
In the realm of cybersecurity, we often encounter various types of attacks. We'll dig deeper into...
4: Communication and Network Sec.
Introduction & Concepts
Objective Implement secure design principles in network architectures. Secure network compone...
Net. Topologies and Cabling
Network Standard Topologies Mesh Topology Description: Every system is connected to every other...
Communication Models
UDP/TCP While TCP focuses on reliability and comprehensive data communication, UDP aims for sp...
Advanced Network Concepts
Synchronous vs Asynchronous Synchronous Communication: Relies on a timing or clocking mechani...
Network Architecture
Network Segmentation Definition: A strategy that divides a network into multiple segments or sub...
Wireless & Cellular Networks
Wireless Networks Li-Fi: Uses light for communication, boasting speeds that surpass Wi-Fi. ...
Advanced Technologies
Content Delivery Networks (CDN) A decentralized server network crafted to curtail delays when lo...
Network Security
Intrusion Detection & Prevention Systems Intrusion Detection Systems (IDS) and Intrusion Prevent...
Network Devices & Infrastructure
Firewalls Network security devices that monitor and filter incoming and outgoing network traffic...
5: Identity and Access Management
Introduction & Concepts
Exam Outline Control Physical and logical access to assets Manage identification and authenti...
Security Controls
Security Controls Overview Security controls can be: Implemented Via: Administratively ...
Risk Management
Risk Definition: The potential that a threat can exploit a vulnerability and cause damage...
Access Control Attacks
Common Attacks Spoofed Logon Screen Description: Fake login screen captures user credent...
Identity, Access Management
Key Term Description Examples Subject Active participant that requests access. ...
6: Security Assessment and Testing
7: Security Operations
Introduction & Concepts
CISSP Domain 7: Security Operations 7.1 Understand and Comply with Investigations 7.2 Conduct...
Access Management and Operational Controls
Limiting Access & Damage Apply the Need-to-Know & Least Privilege theory: Limit access to dat...
Configuration and Vulnerability Management
Configuration & Change Management Helps in preventing incidents and outages. Configuratio...
Intrusion Detection and Response
Intrusion Systems Intrusion Detection System (IDS) Response Mechanism Passive Response: Logs...
Monitoring and Auditing
Log Files & Monitoring Log Files Purpose: Record data in databases or files. Types: Authen...
Computer Crime and Investigations
Computer Crime in the Context of CISSP CISSP mainly focuses on US law. A computer crime is a vi...
BCP & DRP
Difference between BCP and DRP BCP (Business Continuity Planning): Focuses on the whole bu...
8: Software Development Security
Introduction & Concepts
What's New in Domain 8? 8.2 Identify and Apply Security Controls in Software Development Eco...
Database Concepts and Threats
RDBMS Architecture Tables (relations): Comprises multiple attributes or fields. Each attribute c...
Machine Learning and Artificial Intelligence
Introduction to Machine Learning Machine Learning Techniques Focus on algorithmically disco...
Software Development Concepts
SDLC Phase Steps Phase Name Description Mnemonic ⬇️ Requirements and Analysis In t...
Software Security and Threats
Change, Configuration, and Testing Change and Configuration Management Provides an organized ...
Systems Security Concepts
Protection Rings: Protection rings structure privilege levels in a hierarchical manner, typicall...