Certified Information Systems Security Professional (CISSP) Study Guide

Learn the cybersecurity best practices and earn the industry-coveted CISSP certification. 

(CISSP.AE1) / ISBN : 978-1-64459-278-6
Lessons
Lab
TestPrep
AI Tutor (Add-on)
154 Reviews
Get A Free Trial

About This Course

This course uses the latest (ISC)2 CISSP Certified Information Systems Security Professional best practices to turn you into a cybersecurity expert. We’ll break down the eight areas of information security, including securing networks, preventing hacking, and protecting data privacy, using clear explanations, real-world examples, and hands-on labs.

Skills You’ll Get

  • Understand security policies, risk management, legal and regulatory compliance, and ethical considerations.
  • Grasp core concepts of firewalls, encryption, and access control. 
  • Identify and mitigate security vulnerabilities through risk assessment and response strategies. 
  • Secure critical assets through asset classification, ownership, and data handling. 
  • Design secure network architectures that consider CIA (confidentiality, integrity, availability) 
  • Implement methods for user authentication and access control to protect resources. 
  • Detect and respond to security incidents effectively, minimizing damage. 
  • Integrate security best practices throughout the software development lifecycle. 
  • Communicate security risks and solutions to both technical and non-technical audiences. 

1

Introduction

  • Overview of the CISSP Exam
  • The Elements of This Study Guide
  • Study Guide Exam Objectives
  • Objective Map
2

Security Governance Through Principles and Policies

  • Security 101
  • Understand and Apply Security Concepts
  • Security Boundaries
  • Evaluate and Apply Security Governance Principles
  • Manage the Security Function
  • Security Policy, Standards, Procedures, and Guidelines
  • Threat Modeling
  • Supply Chain Risk Management
  • Summary
  • Exam Essentials
  • Written Lab
3

Personnel Security and Risk Management Concepts

  • Personnel Security Policies and Procedures
  • Understand and Apply Risk Management Concepts
  • Social Engineering
  • Establish and Maintain a Security Awareness, Education, and Training Program
  • Summary
  • Exam Essentials
  • Written Lab
4

Business Continuity Planning

  • Planning for Business Continuity
  • Project Scope and Planning
  • Business Impact Analysis
  • Continuity Planning
  • Plan Approval and Implementation
  • Summary
  • Exam Essentials
  • Written Lab
5

Laws, Regulations, and Compliance

  • Categories of Laws
  • Laws
  • State Privacy Laws
  • Compliance
  • Contracting and Procurement
  • Summary
  • Exam Essentials
  • Written Lab
6

Protecting Security of Assets

  • Identifying and Classifying Information and Assets
  • Establishing Information and Asset Handling Requirements
  • Data Protection Methods
  • Understanding Data Roles
  • Using Security Baselines
  • Summary
  • Exam Essentials
  • Written Lab
7

Cryptography and Symmetric Key Algorithms

  • Cryptographic Foundations
  • Modern Cryptography
  • Symmetric Cryptography
  • Cryptographic Lifecycle
  • Summary
  • Exam Essentials
  • Written Lab
8

PKI and Cryptographic Applications

  • Asymmetric Cryptography
  • Hash Functions
  • Digital Signatures
  • Public Key Infrastructure
  • Asymmetric Key Management
  • Hybrid Cryptography
  • Applied Cryptography
  • Cryptographic Attacks
  • Summary
  • Exam Essentials
  • Written Lab
9

Principles of Security Models, Design, and Capabilities

  • Secure Design Principles
  • Techniques for Ensuring CIA
  • Understand the Fundamental Concepts of Security Models
  • Select Controls Based on Systems Security Requirements
  • Understand Security Capabilities of Information Systems
  • Summary
  • Exam Essentials
  • Written Lab
10

Security Vulnerabilities, Threats, and Countermeasures

  • Shared Responsibility
  • Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements
  • Client-Based Systems
  • Server-Based Systems
  • Industrial Control Systems
  • Distributed Systems
  • High-Performance Computing (HPC) Systems
  • Internet of Things
  • Edge and Fog Computing
  • Embedded Devices and Cyber-Physical Systems
  • Specialized Devices
  • Microservices
  • Infrastructure as Code
  • Virtualized Systems
  • Containerization
  • Serverless Architecture
  • Mobile Devices
  • Essential Security Protection Mechanisms
  • Common Security Architecture Flaws and Issues
  • Summary
  • Exam Essentials
  • Written Lab
11

Physical Security Requirements

  • Apply Security Principles to Site and Facility Design
  • Implement Site and Facility Security Controls
  • Implement and Manage Physical Security
  • Summary
  • Exam Essentials
  • Written Lab
12

Secure Network Architecture and Components

  • OSI Model
  • TCP/IP Model
  • Analyzing Network Traffic
  • Common Application Layer Protocols
  • Transport Layer Protocols
  • Domain Name System
  • Internet Protocol (IP) Networking
  • ARP Concerns
  • Secure Communication Protocols
  • Implications of Multilayer Protocols
  • Microsegmentation
  • Wireless Networks
  • Other Communication Protocols
  • Cellular Networks
  • Content Distribution Networks (CDNs)
  • Secure Network Components
  • Summary
  • Exam Essentials
  • Written Lab
13

Secure Communications and Network Attacks

  • Protocol Security Mechanisms
  • Secure Voice Communications
  • Remote Access Security Management
  • Multimedia Collaboration
  • Load Balancing
  • Manage Email Security
  • Virtual Private Network
  • Switching and Virtual LANs
  • Network Address Translation
  • Third-Party Connectivity
  • Switching Technologies
  • WAN Technologies
  • Fiber-Optic Links
  • Security Control Characteristics
  • Prevent or Mitigate Network Attacks
  • Summary
  • Exam Essentials
  • Written Lab
14

Managing Identity and Authentication

  • Controlling Access to Assets
  • Managing Identification and Authentication
  • Implementing Identity Management
  • Managing the Identity and Access Provisioning Lifecycle
  • Summary
  • Exam Essentials
  • Written Lab
15

Controlling and Monitoring Access

  • Comparing Access Control Models
  • Implementing Authentication Systems
  • Understanding Access Control Attacks
  • Summary
  • Exam Essentials
  • Written Lab
16

Security Assessment and Testing

  • Building a Security Assessment and Testing Program
  • Performing Vulnerability Assessments
  • Testing Your Software
  • Implementing Security Management Processes
  • Summary
  • Exam Essentials
  • Written Lab
17

Managing Security Operations

  • Apply Foundational Security Operations Concepts
  • Addressing Personnel Safety and Security
  • Provision Resources Securely
  • Apply Resource Protection
  • Managed Services in the Cloud
  • Perform Configuration Management (CM)
  • Managing Change
  • Managing Patches and Reducing Vulnerabilities
  • Summary
  • Exam Essentials
  • Written Lab
18

Preventing and Responding to Incidents

  • Conducting Incident Management
  • Implementing Detective and Preventive Measures
  • Logging and Monitoring
  • Automating Incident Response
  • Summary
  • Exam Essentials
  • Written Lab
19

Disaster Recovery Planning

  • The Nature of Disaster
  • Understand System Resilience, High Availability, and Fault Tolerance
  • Recovery Strategy
  • Recovery Plan Development
  • Training, Awareness, and Documentation
  • Testing and Maintenance
  • Summary
  • Exam Essentials
  • Written Lab
20

Investigations and Ethics

  • Investigations
  • Major Categories of Computer Crime
  • Ethics
  • Summary
  • Exam Essentials
  • Written Lab
21

Software Development Security

  • Introducing Systems Development Controls
  • Establishing Databases and Data Warehousing
  • Storage Threats
  • Understanding Knowledge-Based Systems
  • Summary
  • Exam Essentials
  • Written Lab
22

Malicious Code and Application Attacks

  • Malware
  • Malware Prevention
  • Application Attacks
  • Injection Vulnerabilities
  • Exploiting Authorization Vulnerabilities
  • Exploiting Web Application Vulnerabilities
  • Application Security Controls
  • Secure Coding Practices
  • Summary
  • Exam Essentials
  • Written Lab

1

Security Governance Through Principles and Policies

  • Encrypting the Disk
  • Encrypting a File or Folder
  • Understanding documentation review
2

Personnel Security and Risk Management Concepts

  • Understanding and Applying Risk Management Concepts
  • Understanding Security Controls
3

Business Continuity Planning

  • Understanding Business Continuity Planning
4

Laws, Regulations, and Compliance

  • Understanding Laws related to IT
5

Protecting Security of Assets

  • Understanding Data Loss Prevention System
6

Cryptography and Symmetric Key Algorithms

  • Understanding Cryptographic Systems
  • Understanding Symmetric Encryption Algorithms
7

PKI and Cryptographic Applications

  • Observing an MD5-Generated Hash Value
  • Observing an SHA-Generated Hash Value
  • Using OpenSSL to Create a Public/Private Key Pair
  • Understanding the Diffie-Hellman Algorithm
  • Understanding the RSA Algorithm
  • Hiding Text Using Steganography
  • Understanding the Hardware Security Module
8

Principles of Security Models, Design, and Capabilities

  • Understanding Secure Design Principles
  • Understanding Evaluation Assurance Levels
  • Understanding Constrained Interface
9

Security Vulnerabilities, Threats, and Countermeasures

  • Understanding the Lifecycle of an Executed Process
  • Understanding the Internet Files Cache
  • Understanding Hypervisor
  • Understanding a Rootkit
10

Physical Security Requirements

  • Understanding Fire Detection Systems
  • Understanding Security Controls
  • Understanding Programmable Lock
11

Secure Network Architecture and Components

  • Understanding the OSI Model
  • Understanding the Application Layer Protocols
  • Configuring IPSec
  • Understanding IP Classes
  • Understanding Virtual eXtensible LAN
  • Understanding 802.11 Wireless Networking Amendments
  • Understanding LiFi and Zigbee
  • Using Windows Firewall
  • Understanding Network Topologies
12

Secure Communications and Network Attacks

  • Configuring a VPN
  • Understanding IPsec's Encryption of a Packet in Transport and Tunnel Modes
  • Configuring VLANs
  • Configuring Dynamic NAT
  • Configuring Static NAT
  • Understanding NAT and PAT
  • Understanding Third-Party Connectivity
  • Understanding Circuit Switching and Packet Switching
13

Managing Identity and Authentication

  • Restricting Local Accounts
14

Controlling and Monitoring Access

  • Assigning Permissions to Folders
  • Examining Kerberos Settings
  • Performing Spoofing
  • Simulating an Eavesdropping Attack Using Wireshark
  • Using Rainbow Tables
15

Security Assessment and Testing

  • Configuring Audit Group Policy
  • Using nmap for Scanning
  • Conducting Vulnerability Scanning Using Nessus
  • Exploiting Windows 7 Using Metasploit
  • Scanning Ports Using Metasploit
  • Understanding Penetration Testing
  • Understanding Penetration Tests
  • Understanding the Fagan Inspections
  • Understanding Training and Awareness Program
16

Managing Security Operations

  • Understanding Security Operations
  • Understanding Privileged Account Management
  • Understanding Cloud Shared Responsibility Model
17

Preventing and Responding to Incidents

  • Performing DoS Attack with SYN Flood
  • Enabling Intrusion Prevention and Detection
  • Understanding Honeypots and Honeynets
  • Understanding Security Information and Event Management
18

Disaster Recovery Planning

  • Configuring RAID 5
  • Taking Incremental Backup
  • Taking a Full Backup
19

Investigations and Ethics

  • Completing the Chain of Custody
  • Understanding Organizational Code of Ethics
20

Software Development Security

  • Understanding Software Development Lifecycle
  • Understanding Software Capability Maturity Model
  • Understanding ACID Model
  • Understanding a Neural Network
21

Malicious Code and Application Attacks

  • Causing a DarkComet Trojan Infection
  • Understanding Antimalware Software
  • Exploiting a Website Using SQL Injection
  • Conducting a Cross-Site Request Forgery Attack
  • Attacking a Website Using XSS Injection

Any questions?
Check out the FAQs

Still have unanswered questions and need to get in touch?

Contact Us Now

The CISSP certification validates an information security professional's deep knowledge and experience. It assesses not just technical skills but also the ability to manage an organization's security posture. This globally recognized credential demonstrates expertise and opens doors to better career opportunities in cybersecurity.

The CISSP exam has a base fee of $749. To help ease first-time test taker anxieties, (ISC)² offers an optional "Peace of Mind Protection" program for $199. This program allows you to retake the exam at no additional cost if you don't pass on your first try. Additionally, uCertify offers CISSP preparation courses at $279.99.

The CISSP is not typically recommended for beginners in the cybersecurity field. (ISC)² recommends a minimum of five years of cumulative paid work experience in two or more of the eight domains of the CISSP Common Body of Knowledge (CBK). This translates to four years of experience with a relevant college degree or additional qualifying credentials.

While it's possible to pass the CISSP exam in 3 months with intensive studying and a strong foundation in cybersecurity, it's not recommended for most candidates. The CISSP covers a broad range of security topics, and thorough preparation is essential for success. Most people dedicate 6 to 12 months to studying for the CISSP exam.

No, the CISSP certification is not a lifetime certification. To maintain your CISSP credential, you need to fulfill Continuing Professional Education (CPE) requirements every three years.

scroll to top