5 hours 58 minutes
Welcome back to cyber Is this? Of course. I'm your instructor. Brad Roads.
conduct our review of the certified information systems security, professional domains.
A pretty straight A set of learning objectives for this particular video. We're kind of talk about the CSP domains.
The first three c s sp domains Air listed here. We're gonna talk about each of them. So security and risk management, that's the beginning of the C. S S P journey. That's where we talk about things like ethics and the CIA, triad, confidentiality, integrity and availability. You'll see that again in this IP,
we talk about business continuity, business impact analysis, all of those things where we really delve into risk management here is well at a wave tops level
for the sort of the management level of things.
We're gonna do a lot more risk management when it comes to SF. Because SF is really keen on that,
because when you're engineering a system, if you don't deal with risk at the very front end of the engineering design work, you're going to spend a lot of money at the back end mitigating risks, and that's never a good place to be
the next domain is asset security, and that's really a simple question. We answered there. What the heck do you have? Um, asset security Could be your hardware could be your software. But many people, unfortunately, just stop there, and it's not that right it is. It also includes all of your across the defense in depth. All of the systems related to that
it talks about asset security is
who's your administrators? What kind of privileges do they have? That's assets security? Access to data data is another one of those assets that we have to defend as cybersecurity professionals, and that's part of asset security. So you've got to know all of that. So assets security, it's so much bigger than just software and hardware.
The next domain security, architecture and engineering is probably the most influential when it comes to the ISS IP concentration. So there's a lot of material there that you're gonna want to review studying for the exam that is gonna come directly out of
out of the security, engineering, security, architecture and engineering domain.
But in that area there we talk about the basics of like, you know, client server skate I C. s Internet of things, cryptography. All of those things air in that part there because it's truly those engineering pieces.
Domains four through six are shown here communications and network security. There's a stack of routers and switches, probably hopefully obvious to folks that we're talking about things here. Like the OS I model T c p i p udp uh, endpoint security, network security. All that stuff that is literally everything in modules in domain for
domain five is identity and access management. And so
that's where we talk about the triple A identity authentication, authorization, accounting. Who are you?
Uh, do you have the right credentials? Are you are you authorized to do the stuff that you're doing? And then are we logging that? So we know what you actually did.
You also find things in domain five like mandatory access control, discretionary access control. And this is where we begin to talk about some of the cloud based access which is huge today on DSO. That's something that is covered in domain five. The main six, security and assessment. Our security assessment and testing also
ties directly to ESA because we're talking about security controls here
and those could be your technical controls. Your management controls your process controls Those are all things you see here. This is a business continuity disaster recovery, auditing. Um, you will see on when we talk about testing related to, say, security controls. That you'll see this again as we go through is a but much more focused on
what is an ISI due to create those controls for an organization.
The main seven and eight. The last
two domains of the new, uh, the new domain set cause about about five years ago now CSP went down from 10 domains down to eight. And so this is why if you took your CSP a while ago and you're now doing the concentration, you need to go back and look at these materials.
The main seven security operations. Pretty straightforward to most. That's where we talk about logging. Least privileged need to know those aspects. We talk about incident response here. We review and go through how thio handle a security information and event monitoring a SIM system. So that's everything you would do to operate a secure environment
after you've deployed everything.
And then, of course, we have domain eight which is the software development life cycle, not the system development life cycle. You guys remember that, right? So, questions you wanna ask your is What are we talking about? Well, obviously, there's lots of ways to develop software. Probably the most common today that you'll see again. Also in this Oppa's well is agile.
Um and that's where we do what we call
spins or it orations of development and get ah product a software product into the hands of a user. As soon as we can eso they could begin to use it and kick the tires and light the fire, so to speak. But this is also where we talk about secure coding because this is CSP and secure coding is one of those things that we continually struggle within the industry.
All right, so what do we cover in this lesson? We reviewed the eight C s sp domains. You're gonna need to look at these domains again, and you're gonna want to study these again and go through them, even going through and and going through questions right that you might have been asked on the C. S S P exam when you were prepping for that exam. Because
this because s abuses,
uh, context from the CSP materials to help to frame questions and help you to think about the problems that in front of you. So you're gonna want to understand and go back through the C s SP materials.
We'll see you next time.