1 / 17

Preparation for CISSP

CISSP is known as a Certified Information System Security Professional. Now it is one of the most globally recognized certifications in information security. So, the certificate is taken by people who are responsible for maintaining the security posture for an enterprise-level.

infosectrain1
Télécharger la présentation

Preparation for CISSP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Preparation for CISSP www.infosectrain.com | sales@infosectrain.com

  2. CISSP is known as a Certified Information System Security Professional. Now it is one of the most globally recognized certifications in information security. So, the certificate is taken by people who are responsible for maintaining the security posture for an enterprise-level. • It is not at all entry-level certification that requires a minimum of 5 years of experience in information security and two or more eight domains of CISSP. • You will understand how important this certification is because it has been more than 26 years since CISSP launched in 1994, and since then, there are only 140 thousand people certified across the globe. www.infosectrain.com | sales@infosectrain.com

  3. Part of CISSP certification: There are eight domains of CISSP Certification: Domain 1: Security and risk management (15%): It is all about security risk and control. It will give you a complete perspective of security risk, governance risk management, and it also talks about at an enterprise-level, how you can take care of business continuity planning. It also gives you a flavor of understanding the loss that’s is following across the globe. This particular domain has the highest percentage in the examination. Domain 2: Asset Security (10%): The next part is assets security, a relatively short domain but indeed a significant one. We will talk about various things that we deal with to protect assets (it is about the information assets that are the data). Domain 3: Security Architecture and engineering (13%):It is one of the humongous domains in CISSP; it includes five different modules and three other parts. It talks about cryptography, security architecture, and engineering, system architecture, and it also talks about physical security. So it is essential for the examination perspective. Domain 4: Communication and network security (14%):It is one of the most extensive fields in CISSP from a content perspective and indeed important once. Many people do not have a networking background; they have difficulty understanding many of the concepts from this domain. www.infosectrain.com | sales@infosectrain.com

  4. Domain 5: Identity and access management (ISM) (13%): Indeed, it is one of the binding domain essentials, but there are few concepts in specific parts that are testable from an examination perspective. Domain 6: Security assessment and testing (12%): In this domain, we look at various aspects that we need to know from an application security perspective: the different things we need to understand while we asset or test an application from a security perspective. Domain 7: Security operations (13%):Many people have first-hand experience in this domain because it talks about the concepts that everybody follows or sees at their day to day level. So it is going to change management, patch management, or vulnerability management. Many people who have worked in information security have done at least one thing in the security operations section. Domain 8: Software development security (10%):In this, we will see various ways of developing software (like software development life cycle, life cycle model, and activity of malicious code and their impact on applications, including your software applications). www.infosectrain.com | sales@infosectrain.com

  5. Exam Specifics: • CISSP is a CAT (Computer Adaptive Test) • How exactly CAT format works: When you start the examination, you will give the first question; the question would have four responses; choose one of the right answers. Now the movement, you select a reply and submit the response; the next question will base on the previous question’s response. If someone has done the last question correctly, the next question will be a slight difficulty level. If someone has done the previous question incorrectly, the next question will be a slightly lower difficulty level. • When the examination gets over, the result will decide based on the three rules. • Confidence interval rule. • Minimum length exam rule. • Run out of time rule. • 3 hours of duration. • You can not flag the question and go back to the previous one. • You will be given a “Wipr Board” and pen with an inbuilt calculator in the testing system. • Questions are weighted. www.infosectrain.com | sales@infosectrain.com

  6. Domain:1 Security Risk and governance: • Domain Agenda: • Understand and apply the concept of confidentiality, integrity, and availability. • Develop, and implement security policy, standards, procedures, and guidelines. • Understanding risk management concepts. • Identify, analyze, and prioritize business continuity requirements. • Understanding CIA: • Confidentiality: Confidentiality means any communication or any information intended for a specific audience; we will only share with those audiences. The best method to protect the confidentiality of the data would be encryption. Now data at any state needs to be protected. So data has typically three different forms: • 1.DIM (Data in motion) • 2.DAR (Data at rest) • 3.DIU (Data in use) www.infosectrain.com | sales@infosectrain.com

  7. Integrity: Any unauthorized modification of the data by an authorized or unauthorized person called as there is a compromise or breach in the integrity. We need to ensure that any unauthorized modification or alteration of any data by any authorized and unauthorized person will be called a compromise or a breach of integrity—the best method or approach for the examination perspective made through the concept of hashing. • Availability: Availability is going to ensure that the data is available whenever it’s needed. Whenever someone wants to access the information, it should be available to us. The best method to achieve availability is fault-tolerance. • Develop, and implement security policy, standards, procedures, and guidelines. • What exactly is your policy? Now, these documents are essential for any organization. They need to keep a hold of these documents because if we do not have these documents, it is difficult for any enterprise or organization to create security or drive a security project at any organization. • Policy: It is a mandatory document that precisely the system is going to state. It is a high-level requirement for security for any organization. Some security policies are: • Access control • Network security • Risk management • Training and awareness www.infosectrain.com | sales@infosectrain.com

  8. Standards: Standards are also mandatory. Standard suggests that it(policies) is compulsory for every newly hired employee. So whenever someone joins the very first time the organization, they go through the mandatory orientation program. • Guidelines:Policy and standard are mandatory, but guidelines are optional. It is going to suggest the best practice. • Baseline: Just like policy and the standard, the baseline is also mandatory. The baseline is the minimum-security requirement. It suggests to you how the guidelines and measures can implement. • Procedure: Procedure is the step by step process to conduct any business tasks. • Understanding risk management concepts:   • Identify, analyze, and prioritize business continuity requirements: • Understand legal and regulatory issues that pertain to information security in a global context: www.infosectrain.com | sales@infosectrain.com

  9. Domain:2 Asset security • Data classification is essential because any security control you want to implement in any system determined through data classification. • Determine and Maintain information and asset ownership: • Data owner: Ultimately responsible for the data. • Data Custodian: Take efforts to protect the data, backup. • System owner: Person who owns the system, which processes the sensitive data. • Business owners: Sales department head will be responsible for the sales dept. However, the system used in the sales department will own by the IT department. • Data controller: Person or entity who controls the processing of data. • Data processor: Person or entity who processes personal data on behalf of the data controller. • Establish information and asset handling requirements: • Marking: Labelling (protection mechanism assigned based on data labels). • Handling sensitive data: Secure transportation of data through the entire lifecycle. • Storing sensitive data: • Proper encryption (AES 256) • Store in a temperature-controlled place. • Destroying sensitive data: Deleting, clearing, purging, sanitization, degaussing, and destruction. www.infosectrain.com | sales@infosectrain.com

  10. Domain:3Security Architecture and engineering Domain 4: Communication and network security Domain 5: Identity and access management (ISM) Domain 6: Security assessment and testing Domain 7: Security operations Domain 8:Software development security www.infosectrain.com | sales@infosectrain.com

  11. InfosecTrain is one of the best consulting organizations, focusing on a range of IT security training and information security services and providing all the necessary CISSP certificationexam preparation. Certified instructors deliver all training with years of industry experience. You can check and enroll in our CISSP-certification-training to prepare for the certification exam. www.infosectrain.com | sales@infosectrain.com

  12. About InfosecTrain • Established in 2016, we are one of the finest Security and Technology Training and Consulting company • Wide range of professional training programs, certifications & consulting services in the IT and Cyber Security domain • High-quality technical services, certifications or customized training programs curated with professionals of over 15 years of combined experience in the domain www.infosectrain.com | sales@infosectrain.com

  13. Our Endorsements www.infosectrain.com | sales@infosectrain.com

  14. Why InfosecTrain Global Learning Partners Access to the recorded sessions Certified and Experienced Instructors Flexible modes of Training Post training completion Tailor Made Training www.infosectrain.com | sales@infosectrain.com

  15. Our Trusted Clients www.infosectrain.com | sales@infosectrain.com

  16. Contact us Get your workforce reskilled by our certified and experienced instructors! IND: 1800-843-7890 (Toll Free) / US: +1 657-221-1127 / UK : +44 7451 208413 sales@infosectrain.com www.infosectrain.com

More Related