All right. Congratulations on completing the course. We have covered all eight domains of C I S S P. We started out with Chapter one, which was security and risk management. Also, in this chapter, we covered business continuity and disaster recovery planning.
By far, this one chapter is the most testable out of all the other eights who make sure you spend plenty of time
in Chapter one. Chapter two was kind of short and sweet assets security. We talked about classifying data. We talked about data in its various stages, at rest in process and in motion or in transit on the network
and really focusing in on individual assets and how we keep them safe.
Chapter three, security engineering
and Chapter three really was divided into two main parts. The concepts of security, architecture and design where we looked at security models like Bella Padula, Deborah Clark Wilson and we talked about a component by component level.
And we also looked at some evaluation criteria, like the orange Wilken common criteria.
All right, then we moved into the cryptography section and in the cryptography section
we cover cryptography. And there's a lot of information about cryptography. Crypto is very testable on the exam. Lots of information, from understanding the historical uses of cryptography to looking at symmetric versus asymmetric and how they come together in a hybrid
means and technologies like S S L T l s.
Ah. We also talked about protocols that use photography like I p sec. Ah, we looked at, um, non repudiation. And then that led us into a discussion on public key infrastructure. Don't forget, crypto, even though it's now part of another chapter.
Our Chapter four communications and network security. We looked at the O S I model and then we talked about from layer by layer. What protocols and devices function of each layer. And then we also looked at some security threats and we talked about some mitigating strategies.
We moved into chapter five, where we talked about identity and access management.
We talked about the I triple a identify, authenticate, authorized and then accounting. We looked at different types of authentications, something you had no something. You have something you are. And then we moved over to talking about network authentication protocols and specifically
talked about Kerberos.
Then we moved into security assessment and testing. We looked at vulnerability assessments versus pen tests and the steps that we would go through in order to conduct either of thes. Then security operations led us into a discussion on redundancy, whether it came from clustering or raid
uh uh, Elektronik vaulting, moat, journaling and so on. And then last but not least, we got to the point where, um
really we realize all of these security measures that we put in place are all about protecting our software. So let's look at some means that we can use to to create secure software as opposed to a having all these periphery devices provide security. Let's just write good code. And that's what Chapter eight was about.
So we've covered a lot of material. You have great perseverance for sticking through all eight domains, as I hope you have. And remember, this is this'll. Class is not meant to be your soul.
Sources study material. But hopefully I've given you some ideas about the things to really focus on. I hope you've enjoyed the classes and we look forward to seeing you with additional classes here on side. Very thanks so much