Welcome and Introduction

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
15 hours 43 minutes
Difficulty
Advanced
CEU/CPE
16
Video Transcription
00:00
>> Hello, everybody.
00:00
Welcome to the CISSP certification course
00:00
here on Cybrary.
00:00
My name's Kelly Handerhan,
00:00
and I am going to be your instructor.
00:00
Now just to get started,
00:00
a few things we're going to show you in this video.
00:00
I'm going to give you an introduction.
00:00
Let us know who I am.
00:00
We'll talk about the structure of the course
00:00
>> and also set some prerequisites that'll help
00:00
>> you make sure that you're in the right course.
00:00
We'll discuss the objectives
00:00
and then we will also talk about
00:00
the format that CISSP exam currently follows,
00:00
which is something called computer adaptive testing,
00:00
sometimes affectionately known as CAT.
00:00
Just very quickly, as I mentioned, I'm Kelly Handerhan.
00:00
My email address is over on the right side and I always
00:00
welcome any comments or thoughts from Cybrary students.
00:00
I have been in
00:00
the cybersecurity field for going on about 20 years now.
00:00
I know you're thinking, "But Kelly,
00:00
you look so young.
00:00
How could you possibly be in this field for 20 years?"
00:00
Well, thank you.
00:00
But I actually started in the mid '90s
00:00
and worked with Novell,
00:00
Unix, and some of
00:00
the other operating systems at that time.
00:00
Went over to Microsoft about
00:00
the year 2000 with Windows 2000,
00:00
sold my soul to Microsoft,
00:00
worked with Active Directory and
00:00
Windows architecture and
00:00
configuration for multiple years.
00:00
But about the last 10 or so years,
00:00
I've been primarily focused on cybersecurity,
00:00
information security,
00:00
and making sure that our technical assets are safe.
00:00
Now, I've been with Cybrary since its inception,
00:00
way back in the day.
00:00
I've been doing this for awhile.
00:00
I do have various certifications in the field,
00:00
of course, CISSP is one.
00:00
Then I also have cloud security certs of risk management,
00:00
project management, and I have a bunch of others,
00:00
but those are the ones that are most relevant.
00:00
Now, prerequisites for this course,
00:00
so these are recommendations.
00:00
It's not mandatory, but it is encouraged
00:00
because this really isn't an introductory course.
00:00
We're going to encourage
00:00
you to have Network+ certification,
00:00
Security+ certification and/or network experience
00:00
and/or risk management experience.
00:00
Now, I say that these are recommendations
00:00
because this will make your life much easier.
00:00
We're going to touch on these topics
00:00
with an understanding that you
00:00
know the basics of networking and
00:00
networking protocols and technologies,
00:00
some basics with information security
00:00
just to build on that.
00:00
That's certainly what I would
00:00
encourage the students of this class to have.
00:00
Now with this exam, what to expect.
00:00
We have eight domains that
00:00
ISC squared has set apart for us to cover,
00:00
security and risk management,
00:00
that domain is very big and very testable.
00:00
Everything starts with risk management,
00:00
every decision that we make,
00:00
so it makes sense that that would be
00:00
one of their most testable domains.
00:00
We'll go through just the ideas of
00:00
security governance and how
00:00
risk comes to play in our decision-making.
00:00
With asset security, you can
00:00
almost name the entire course asset security,
00:00
we're protecting our assets. That's what we're about.
00:00
But specifically, we're looking at
00:00
data security with ideas like encryption,
00:00
data rights management, information rights management.
00:00
We're looking at some ideas
00:00
specifically for our sensitive data.
00:00
Now we move into Domain 3 and Domain 3 is a domain that,
00:00
in my mind, really is broken down into two sections.
00:00
There's the first half,
00:00
which is on cryptography,
00:00
and then the second half which is security,
00:00
architecture, and design.
00:00
With crypto, you don't have
00:00
to have a doctorate in cryptography,
00:00
we're not going to get as deep under the hood.
00:00
That's really true of a lot of the domains here.
00:00
Sometimes people say it's a mile wide and
00:00
an inch deep and I don't disagree with that.
00:00
Sometimes folks come in worried about cryptography,
00:00
we'll make it make sense.
00:00
Second half is security,
00:00
architecture, and design.
00:00
How do we choose the components
00:00
that provide us with the degree of security we want?
00:00
Well, we start out by figuring out
00:00
what type of security we're going to focus on.
00:00
Do we want confidentiality
00:00
or integrity? What are our goals?
00:00
Then we find the hardware, software,
00:00
and firmware that is in alignment with those goals.
00:00
Then we have identity and access management.
00:00
With identity, how do we
00:00
establish accounts on the network?
00:00
Then access management,
00:00
how do we determine who gets access to what and when?
00:00
Domain 5 brings us into
00:00
communications and network security,
00:00
so this is the Net+ equivalent,
00:00
but in three and a half hours.
00:00
Obviously, having a network background
00:00
is going to be very helpful.
00:00
If you don't have that strong network background,
00:00
you may want to review
00:00
our Network+ class because that'll get you caught up.
00:00
Domain 6, security assessment and testing,
00:00
vulnerability assessments and penetration testing,
00:00
and some of the tools that we use to
00:00
detect and determine the security of our network.
00:00
Are we able to withstand an attack?
00:00
Can we detect an attack?
00:00
What are the tools we use?
00:00
We move into security operations.
00:00
This is an important chapter because a lot of
00:00
this focuses on redundancy.
00:00
We'll talk about the CIA triad,
00:00
which stands for confidentiality,
00:00
integrity, and availability.
00:00
A lot of our course focuses on confidentiality,
00:00
but Domain 7 is focused on availability.
00:00
That's an essential element,
00:00
sometimes we talk about uptime.
00:00
How do we get there?
00:00
Redundancy.
00:00
When we have large scale incidents
00:00
that impact the organization,
00:00
that's where business continuity comes in.
00:00
Then last but not least, software development security.
00:00
This isn't about the code,
00:00
it's about the process that's used to
00:00
create the code for our software and
00:00
making sure that we have security
00:00
throughout the software development life cycle.
00:00
When it comes right down to it,
00:00
that's where our problems are,
00:00
it's in the software.
00:00
We want to focus on making sure
00:00
that we have secure processes,
00:00
making sure we're aware of the threats that exist,
00:00
and making sure that we have the right controls in
00:00
place to mitigate the risks associated with software.
00:00
These are the eight domains
00:00
that ISC squared has chosen and
00:00
this is what we'll be going
00:00
through chapter by chapter, domain by domain.
00:00
Now, with the adaptive testing, as I mentioned,
00:00
this is ISC squared's new format
00:00
, computer adaptive testing.
00:00
What this means is every question that
00:00
you get is going to be driven by previous questions.
00:00
Maybe that's a stretch to
00:00
say every single question you get.
00:00
But basically what happens is they start off with
00:00
a medium difficulty question.
00:00
If you get that correct,
00:00
they ask you a harder one.
00:00
If you get it incorrect,
00:00
they ask you an easier one.
00:00
The idea is they're trying to plot
00:00
out where you stand in your overall knowledge.
00:00
Now because of that,
00:00
you're not going to be able to mark questions for
00:00
review and go back to earlier questions and make changes.
00:00
That gives some folks alarm,
00:00
but let me tell you the truth.
00:00
If you're going back and modifying,
00:00
you're probably changing more right answers to the
00:00
wrong than you are changing wrong answers to your right.
00:00
I really look at that as a blessing that you
00:00
don't get to go back and overthink things.
00:00
Now the other great thing compared to how it used to
00:00
be is this exam only last three hours,
00:00
you're going to get anywhere from 100-150 questions.
00:00
Keep your eye on the time,
00:00
but I really don't think you're
00:00
going to have a problem with that.
00:00
Based on the style of the questions,
00:00
you should have plenty of time to complete the exam.
00:00
The next slide just shows you
00:00
the weight of the questions.
00:00
It's not necessarily indicative of how many questions,
00:00
but how ISC squared weights the different topics.
00:00
You'll see that they consider two topics,
00:00
the most significant, security and risk management.
00:00
Like I said, every decision should come back to
00:00
risk and then security operations,
00:00
which focuses on redundancy and business continuity.
00:00
The way I like to think of it is
00:00
every decision should start with risk,
00:00
and every decision marches
00:00
towards continuity of the enterprise.
00:00
This is just a quick summary
00:00
of how CAT works and how they're
00:00
going about plotting out your progress
00:00
on the exam in order to determine,
00:00
would you pass or fail?
00:00
Once you have answered enough questions
00:00
correctly to satisfy them,
00:00
that you have enough knowledge to
00:00
hold the CIS certification,
00:00
the exam stops and you're notified.
00:00
Now, unfortunately, the same would
00:00
be true once they have
00:00
enough information to know
00:00
that passing the exam's out of your range,
00:00
they will also stop the certification process.
00:00
You're not guaranteed to get 150 questions,
00:00
like I said, anywhere between 100 and 150.
00:00
You will get either a pass or a fail,
00:00
you don't get a ton of information
00:00
about your strengths or weaknesses.
00:00
Particularly when you pass,
00:00
you just get a notification that you've been
00:00
temporarily certified as having passed the exam.
00:00
We talked about the structure of this course,
00:00
I gave you a little information about my background.
00:00
We covered the eight domains of
00:00
the CISSP exam and we talked about the CAT format.
Up Next