CISSP Domains Review

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
5 hours 58 minutes
Difficulty
Intermediate
CEU/CPE
6
Video Transcription
00:00
>> Welcome back to Cybrary ISSEP course,
00:00
I'm your instructor, Brad Rhodes.
00:00
Let's conduct our review of
00:00
the Certified Information Systems
00:00
Security Professional domains.
00:00
A pretty straight a set of learning
00:00
objectives for this particular video.
00:00
We're going to talk about the CISSP domains.
00:00
The first three CISSP domains are listed here.
00:00
We're going to talk about each of them.
00:00
So security and risk management,
00:00
that's the beginning of the CISSP journey.
00:00
That's where we talk about things like ethics and
00:00
the CIA Triad confidentiality,
00:00
integrity and availability.
00:00
You'll see that again in ISSEP.
00:00
We talk about business continuity,
00:00
business impact analysis,
00:00
all of those things here we really delve into
00:00
risk management here as well at a wave tops level,
00:00
for the management level of things.
00:00
We're going to do a lot more
00:00
risk management when it comes to ISSEP,
00:00
because ISSEP is really keen on that.
00:00
Because when you're engineering a system,
00:00
if you don't deal with risk at
00:00
the very front end of the engineering design work,
00:00
you're going to spend a lot of money
00:00
at the backend mitigating risks,
00:00
and that's never a good place to be.
00:00
The next domain is asset security
00:00
and that's really a simple question we answered there.
00:00
What the heck do you have? Asset security
00:00
could be your hardware, it could be your software.
00:00
But many people unfortunately
00:00
just stop there and it's not bad.
00:00
It also includes,
00:00
across the defense in-depth,
00:00
all of the systems related to that.
00:00
It talks about asset security
00:00
is who's your administrators?
00:00
What privileges do they have?
00:00
That asset of security? Access to data.
00:00
Data is another one of those assets that we have to
00:00
defend as cybersecurity professionals,
00:00
and that's part of
00:00
asset security. So you get to know all of that.
00:00
So assets security is
00:00
so much bigger than just software and hardware.
00:00
The next domain, security
00:00
architecture and engineering is probably the
00:00
most influential when it comes
00:00
to the ISSEP concentration.
00:00
So there's a lot of material there that you're going to
00:00
want to review studying for the ISSEP exam,
00:00
that is going to come directly out of
00:00
the security architecture and engineering domain.
00:00
But in that area there, we talk about the basics
00:00
of client-server, SCADA ICS,
00:00
Internet of Things, cryptography,
00:00
all of those things are in that part there because
00:00
it's truly those engineering pieces.
00:00
Our domains four through six are shown here.
00:00
Communications and network security.
00:00
There's a stack of routers and switches.
00:00
Probably, hopefully obvious to
00:00
folks that we're talking about things
00:00
here like the OSI model, TCP IP,
00:00
UDP, endpoint security, network security,
00:00
all of that stuff that is literally
00:00
everything in Domain 4.
00:00
Domain 5 is identity and access management.
00:00
So that's where we talk about the IAAA,
00:00
identity, authentication, authorization, and accounting.
00:00
Who are you? Do you have the right credentials?
00:00
Are you authorized to do the stuff that you're doing?
00:00
Then are we logging out so we know what you actually did.
00:00
You also find things in Domain 5
00:00
like mandatory access control,
00:00
discretionary access control and this is where we
00:00
begin to talk about some of the cloud-based access,
00:00
which is huge today.
00:00
So that's something that is covered in Domain 5.
00:00
Domain 6, or security assessment and testing also
00:00
ties directly to ISSEP because we're talking about
00:00
security controls here and
00:00
those could be your technical controls,
00:00
your management controls, your process control.
00:00
Those are all things you see here.
00:00
This is business continuity, disaster recovery, auditing.
00:00
You will see when we talk about testing related to say,
00:00
security controls, that you'll see
00:00
this again as we go through ISSEP.
00:00
But much more focused on what does and
00:00
ISSEP do to create those controls for an organization?
00:00
Domain 7 and eight,
00:00
the last two domains of
00:00
the new domain set
00:00
goes about part about five years ago now,
00:00
CISSP went down from 10 domains down to eight.
00:00
So this is why if you took
00:00
your CISSP a while ago
00:00
and you're now doing the concentration,
00:00
you need to go back and look at these materials.
00:00
Domain 7, Security Operations,
00:00
pretty straightforward to most.
00:00
That's where we talk about logging.
00:00
Least privileged need to know those aspects.
00:00
We talk about incident response here,
00:00
we've review and go through how to handle a
00:00
Security Information and Event monitoring a SIM system.
00:00
So that's everything you would do to
00:00
operate a secure environment
00:00
after you've deployed everything.
00:00
Then of course, we have domain eight,
00:00
which is the software development life cycle,
00:00
not the system development life cycle.
00:00
You guys remember that.
00:00
So questions you want
00:00
to ask here is, what are we talking about?
00:00
Well, obviously there's lots of ways to develop software,
00:00
probably the most common today that you'll see again
00:00
also in ISSEP as well is agile.
00:00
That's where we do what we call
00:00
spins or iterations of development and
00:00
get a software product into
00:00
the hands of a user as soon as we can,
00:00
so that they can begin to use it and
00:00
kick the tires and light the fire, so to speak.
00:00
But this is also where we talk about
00:00
secure coding because this is CISSP,
00:00
and secure coding is one of those things that we
00:00
continually struggle with in the industry.
00:00
So what do we cover in this lesson?
00:00
We've reviewed the eight CISSP domains.
00:00
You're going to need to look at these domains again,
00:00
and you're going to want to study
00:00
these again and go through them,
00:00
even going through questions that
00:00
you might have been asked on the CISSP exam
00:00
when you were prepping for that exam,
00:00
because ISSEP uses context from
00:00
the CISSP materials to help to frame
00:00
questions and help you to
00:00
think about the problems that are in front of you.
00:00
So you're going to want to understand and go back through
00:00
the CISSP materials. We'll see you next time.
Up Next