Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Certified Information Systems Security Professional
Course Introduction
Course Introduction (5:29)
Course Introduction A (2:19)
Course Introduction B (2:22)
Course Introduction C (1:29)
Instructor Introduction (3:40)
Domain 01 - Security and Risk Management
Security and Risk Management (0:32)
Topic: Confidentiality, Integrity, and Availability (0:23)
Confidentiality (4:41)
Confidentiality conti... (2:36)
Integrity (1:53)
Integrity conti... (2:00)
Availability (1:52)
Availability Continued (1:52)
References (0:13)
Topic: Security Governance (0:25)
Security Governance Principles (1:04)
Security Governance Principles conti... (2:46)
Security Functions to Business Goals (2:02)
Security Functions to Business Goals conti... (3:46)
Security Functions to Business Goals conti... (2:57)
Organizational Processes (2:17)
Organizational Processes conti... (3:17)
Roles and Responsibilities (1:44)
Roles and Responsibilities conti... (1:25)
Security Control Frameworks (2:47)
Security Control Frameworks conti... (3:02)
Security Control Frameworks conti... (2:57)
Due Care / Due Diligence (2:17)
References (0:14)
Topic: Compliance Requirements (0:18)
Compliance Requirements (3:37)
Contracts, Legal, Industry Standards (2:45)
Contracts, Legal, Industry Standards conti... (2:14)
Contracts, Legal, Industry Standards cont... (3:52)
Privacy Requirements (1:14)
Privacy Requirements conti... (2:13)
References (0:10)
Topic: Legal and Regulatory - Global (0:30)
Legal and Regulatory - Global (2:17)
Legal and Regulatory - Global conti... (1:24)
Cyber Crimes and Data Breaches (1:20)
Cyber Crimes and Data Breaches conti... (1:36)
Intellectual Property (2:35)
Intellectual Property conti... (1:19)
Intellectual Property conti... (1:58)
Intellectual Property conti.... (1:46)
Import / Export Controls (3:05)
Trans-border Data Flows (1:48)
Privacy (1:51)
Privacy conti... (3:25)
References (0:10)
Professional Ethics (0:30)
Professional Ethics (2:03)
Professional Ethics cont... (1:15)
Topic: Security Policy, Standards, Procedures (0:22)
Security Policy, Standards, Procedures (2:14)
Security Policy, Standards, Procedures cont... (1:29)
Security Policy, Standards, Procedures cont... (2:55)
References (0:09)
Topic: Business Continuity (0:20)
Business Continuity (1:23)
Business Continuity cont... (3:21)
Document Scope and Plan (1:56)
Document Scope and Plan conti... (2:57)
Business Impact Analysis (2:14)
Business Impact Analysis cont... (2:09)
References (0:05)
Topic: Personal Security Policies (0:29)
Personal Security Policies (3:30)
Candidate Screening / Hiring (2:12)
Employment Agreements / Polices (3:12)
On-boarding / Termination Process (3:03)
On-boarding / Termination Process conti... (2:52)
Vendor, Consultant, Contractor (1:55)
Compliance Policy Requirements (1:40)
Privacy Policy Requirements (2:26)
References (0:09)
Topic: Apply Risk Management (0:12)
Apply Risk Management Part1 (2:03)
Apply Risk Management Part2 (3:38)
Apply Risk Management Part3 (1:40)
Apply Risk Management Part4 (1:47)
Apply Risk Management Part5 (1:21)
References (0:11)
Topic: Threat Modeling (0:07)
Threat Modeling – Concepts / Methodology (3:44)
Threat Modeling – Categorizing Threats (2:33)
Threat Modeling – Generic Steps (2:50)
Threat Modeling – Analyzing Risk (2:20)
References (0:08)
Topic: Risk Management – Supply Chain (0:19)
Hardware, Software (3:40)
Hardware, Software conti... (2:47)
3rd Party Evaluations (2:27)
3rd Party Evaluations conti.... (3:37)
Minimum Security (2:37)
References (0:30)
Topic: Security Awareness and Training (0:29)
Security Awareness and Training (4:38)
Methods and Techniques (1:39)
Periodic Content Reviews (1:46)
Effectiveness Evaluations (2:15)
References (0:13)
Quiz 1
Domain 02 - Asset Management
Asset Management (0:33)
Topic: Identify and Classify (0:23)
Data Classification Part1 (2:35)
Data Classification Part2 (2:35)
Data Classification Part3 (2:30)
Asset Classification (2:08)
Asset Classification conti... (1:41)
References (0:08)
Topic: Asset Ownership (0:11)
Asset Ownership Part1 (4:24)
Asset Ownership Part2 (3:31)
Asset Ownership Part3 (2:44)
References (0:08)
Topic: Protect Privacy (0:14)
Data Owners (2:18)
Data Owners conti... (3:55)
Data Processors (2:25)
Data Processors conti... (1:16)
Data Remanence (1:47)
Data Remanence conti... (2:20)
Data Collection Part1 (1:44)
Data Collection Part2 (1:14)
Data Collection Part3 (1:37)
References (0:21)
Topic: Asset Retention (0:12)
Asset Retention (2:15)
Record Retention (5:08)
References (0:12)
Topic: Data Security Controls (0:19)
Data Security Controls Part1 (3:08)
Data Security Controls Part2 (3:52)
Data Security Controls Part3 (3:54)
Scoping and Tailoring (2:21)
Standards Selection (2:48)
Data Protection Methods (1:05)
Data Protection Methods conti... (2:08)
References (0:21)
Topic: Information / Asset Handling (0:12)
Information / Asset Handling Part1 (1:47)
nformation / Asset Handling Part2 (3:26)
Information / Asset Handling Part3 (2:43)
Failure Examples (3:26)
Storage Options (1:52)
References (0:13)
Quiz 2
Domain 03 - Security Architecture and Engineering
Security Architecture and Engineering (0:46)
Topic: Engineering Processes and Secure Design (0:11)
Engineering Processes and Secure Design (2:06)
Closed / Open Systems (2:59)
Closed / Open Source Code (2:38)
Techniques / Confinement (2:08)
Bounds (1:42)
Process Isolation (1:35)
Controls / MAC and DAC (2:00)
References (0:12)
Topic: Concepts of Security Models (0:11)
Concepts of Security Models (3:12)
Security Perimeter (1:59)
Reference Monitors / Security Kernels (1:45)
Various Models (1:18)
References (0:10)
Topic: Controls Based on Security Requirements (0:09)
Controls Based on Security Requirements (1:19)
Rainbow Series (2:49)
TCSEC (1:17)
ITSEC / Common Criteria (1:33)
Common Criteria (1:23)
References (0:10)
Topic: Security Capabilities of Information Systems (0:14)
Security Capabilities of Information Systems (1:50)
Virtualization (2:39)
Trusted Platform Module (1:57)
References (0:10)
Topic: Assess / Mitigate Vulnerabilities (0:26)
Assess / Mitigate Vulnerabilities (2:29)
Local Caches (1:52)
Server-Based Systems (2:14)
Database Systems (2:46)
Database Systems conti... (2:40)
Industrial Control Systems (4:04)
Cloud-Based Systems (4:17)
Cloud-Based Systems conti... (2:52)
Distributed Systems (2:13)
Internet of Things (2:46)
References (0:12)
Topic: Assess / Mitigate Vulnerabilities (Web) (0:13)
Assess / Mitigate Vulnerabilities (Web) Part1 (3:36)
Assess / Mitigate Vulnerabilities (Web) Part2 (3:00)
Assess / Mitigate Vulnerabilities (Web) Part3 (3:28)
References (0:25)
Topic: Assess / Mitigate Vulnerabilities (Mobile) (0:07)
Assess / Mitigate Vulnerabilities (Mobile) (3:17)
Device Security (5:53)
Application Security (4:10)
Application Security conti... (1:41)
References (0:11)
Topic: Assess / Mitigate Vulnerabilities (0:14)
Assess / Mitigate Vulnerabilities (2:18)
Embedded / Static Systems (2:26)
Securing Embedded / Static Systems (4:11)
References (0:12)
Topic: Apply Cryptography (0:40)
Apply Cryptography (4:20)
Cryptographic Life Cycle (1:40)
Cryptographic Methods (1:54)
Symmetric Key (2:41)
Asymmetric Key (3:55)
Asymmetric Key conti... (2:06)
Elliptic Curve (1:51)
Public Key Infrastructure (1:29)
Certificates (2:10)
Certificates conti... (1:57)
Key Management (3:20)
Digital Signatures (1:57)
Integrity - Hashing (1:35)
Integrity - Hashing conti.. (1:56)
Cryptanalytic Attacks (2:47)
Digital Rights Management (DRM) (3:38)
References (0:10)
Topic: Site / Facility Security Principles (0:09)
Site / Facility Security Principles (3:09)
Site / Facility Security Principles conti... (3:03)
References (0:10)
Topic: Site / Facility Security Controls (3:41)
Site / Facility Security Controls (2:20)
Server Rooms / Data Centers (2:16)
Server Rooms / Data Centers conti... (2:17)
Media Storage Facilities (1:31)
Evidence Storage (2:52)
Restricted and Work Area Security (1:43)
Utilities and HVAC (2:33)
Environmental Issues (2:09)
Fire Prevention, Detection, and Suppression (0:56)
Fire Extinguishers / Detection (1:27)
Water Suppression / Gas Discharge (1:40)
References (0:12)
Quiz 3
Domain 04 - Communication and Network Security
Communication and Network Security (0:26)
Topic: Secure Design and Network Architecture (0:22)
Secure Design and Network Architecture (1:29)
OSI Model (0:35)
Encapsulation / Decapsulation (1:35)
Physical / Data Link Layers (2:14)
Network Layer (0:55)
Transport Layer (0:56)
Session Layer (0:57)
Presentation Layer (1:04)
Application Layer (0:37)
IP Networking (0:44)
TCP/IP (4:31)
SYN / ACK / TCP (2:36)
IP Classes (0:57)
Multilayer Protocols (1:13)
Converged Protocols (1:46)
Wireless Networks (1:38)
Secure SSID (1:26)
Secure Encryption Protocols (1:05)
Secure Encryption Protocols conti... (1:19)
References (0:21)
Topic: Secure Network Components (0:18)
Operation of Hardware (2:49)
Firewalls (2:10)
Firewall Inspection (1:43)
Transmission Media (1:57)
Baseband / Broadband (0:50)
Twisted Pair (1:53)
Network Access Controls (0:31)
Network Access Controls - Concepts (1:09)
Endpoint Security (2:02)
Distribution Networks (1:26)
References (0:12)
Topic: Secure Communication Design (0:13)
Voice (1:57)
PBX Fraud (1:06)
Multimedia Collaboration (1:19)
Remote Meeting (1:38)
Securing Email (1:30)
Remote Access (1:53)
Remote Access conti.... (1:51)
Remote Authentication (1:23)
Virtualized Networks (1:46)
VPN Protocols (0:58)
References (0:16)
Quiz 4
Domain 05 - Identity and Access Management
Identity and Access Management (0:32)
Topic: Physical and Logical Access (0:13)
Information (1:57)
Access Control Process (2:34)
Logical and Technical Access Controls (2:55)
Logical and Technical Access Controls conti... (2:04)
Systems (1:53)
Devices (2:13)
Facilities (2:23)
References (0:44)
Topic: Manage Identification / Authentication (0:24)
Identity Implementation (1:47)
Single / Multi-factor Authentication (3:50)
Service Authentication (2:38)
Accountability (2:56)
Session Management (2:16)
Registration / Proofing Identity (2:34)
Federated Identity Management (2:33)
Common Language (2:17)
Credential Management Systems (3:45)
CyberArk (1:38)
References (0:17)
Topic: Integrate Identity as a Third-Party Service (0:12)
On-Premise (2:37)
Cloud (2:31)
Federated (1:00)
References (0:12)
Topic: Implement and Manage Authorization (0:29)
Role-Based Access (1:52)
Upsides / Downsides (1:28)
Rule-Based Access (1:39)
Mandatory Access (1:43)
Discretionary Access (2:09)
Attribute-based Access (0:54)
References (0:11)
Topic: Manage Identity / Access Lifecycle (0:13)
Account Review (4:38)
System Access Review (3:57)
Provisioning (1:05)
Provisioning conti... (2:12)
References (0:11)
Quiz 5
Domain 06 - Security Assessment and Testing
Security Assessment and Testing (0:27)
Topic: Assessment, Test, and Audit Strategies (0:08)
Assessment, Test, and Audit Strategies (2:56)
Security Assessment / Testing (3:13)
Security Assessments (1:32)
External / Third Party (2:37)
Auditing Standards (1:12)
References (0:10)
Topic: Security Control Testing (0:21)
Vulnerability Assessment (4:22)
Vulnerability Scans (3:49)
Network Vulnerability Scans (2:29)
Web Vulnerability Scans (4:39)
Penetration Testing (3:43)
Testing Options (1:00)
Log Reviews (4:13)
Synthetic Transaction (1:01)
Code Review / Testing (1:47)
Testing Options (cont.) (2:13)
Misuse Case Testing (1:37)
Test Coverage Analysis (1:07)
Interface Testing (2:06)
References (0:27)
Topic: Security Process Data (0:16)
Account Management (6:40)
Management Review (2:41)
Performance and Risk Indicators (1:15)
Backup Verification (1:54)
Training and Awareness (1:04)
References (0:07)
Topic: Analyze Test Output / Generate Reports (0:14)
Analyze Test Output / Generate Reports (3:49)
External Scan Report (3:23)
References (0:05)
Topic: Conduct / Facilitate Security Audit (0:08)
Internal Aspects (3:06)
External / 3rd Party Aspect (1:51)
References (0:11)
Quiz 6
Domain 07 - Security Operations
Security Operations (0:19)
Topic: Investigations (0:16)
Evidence Collection (2:51)
Network / Software / Hardware Analysis (3:12)
Reporting and Documentation (3:35)
Investigative Techniques (1:11)
Gathering Evidence (1:07)
Digital Forensics (1:48)
Chain of Custody (1:39)
References (0:10)
Topic: Investigation Team (0:11)
Administrative Aspects (2:51)
Criminal Investigations (2:32)
Civil Investigations (2:53)
Regulatory Investigations (2:20)
References (0:09)
Topic: Logging and Monitoring Activities (0:15)
SIEM (3:06)
Deployment (2:21)
Continuous Monitoring (2:39)
Egress Monitoring (2:06)
Tools to Assist (4:04)
References (0:11)
Topic: Provisioning Resources (0:13)
Asset Inventory (2:03)
Asset Management (2:30)
Cloud-Based Management (4:00)
Configuration Management (2:17)
References (0:16)
Topic: Security Operations Concepts (0:21)
Separation of Duties (3:01)
Need to Know / Least Privilege (1:43)
Separation of Privilege (1:16)
Privileged Account Management (4:58)
Job Rotation (3:05)
Information Lifecycle (1:49)
Key Phases of Data (2:51)
Service Level Agreements (1:48)
References (0:12)
Topic: Protection Techniques (0:10)
Media Management (2:46)
Hardware / Software Asset Management (1:44)
Software (2:15)
References (0:09)
Topic: Incident Management (0:14)
Detection (2:38)
Responsive (2:36)
Reporting (2:37)
Legal / Compliance (1:46)
Recovery (2:05)
Copy of Remediation (1:29)
Copy of Lessons Learned (1:17)
Copy of References (0:15)
Topic: Detective / Preventative Measures (0:23)
Firewalls (4:07)
Intrusion Detection / Prevention (2:05)
Knowledge / Behavior-Based (1:59)
Network / Host-Based (1:49)
Whitelisting / Blacklisting (2:01)
Third-Party Security Services (1:41)
Sandboxing (1:23)
Honeypots/Honeynets (2:53)
Anti-Malware (1:55)
References (0:13)
Topic: Patch and Vulnerability Management (0:09)
Patch and Vulnerability Management (2:43)
Patch Management (2:26)
References (0:15)
Topic: Change Management Processes (0:10)
Change Management (2:28)
Security Impact Analysis (2:55)
References (0:09)
Topic: Implement Recovery Strategies (0:22)
Backup Storage (2:38)
Recovery Site Strategies (3:19)
Business / Functional Unit Priorities (2:03)
Crisis Management (4:09)
Multiple Processing Sites (2:29)
Options (2:03)
Cloud Computing (1:17)
High Availability / QoS (1:08)
Hard Drives / Power Sources (3:17)
QoS (0:57)
References (0:09)
Topic: Implement Disaster Recovery (0:15)
Response (2:11)
Personnel (2:17)
Communications (3:09)
Assessment (1:00)
Restoration (1:37)
Training and Awareness (2:10)
References (0:07)
Topic: Test Disaster Recovery (0:22)
Overview (4:23)
Read-Through Checklists (1:20)
Walk-Through (Table-Top) (1:15)
Simulation Test (1:42)
Parallel Test (1:09)
Full Interruption (1:49)
References (0:07)
Topic: Implement / Manage Physical Security (0:14)
Perimeter Security (3:24)
Fences, Gates and Lighting (2:45)
Security Dogs (2:25)
Internal Security Controls (1:55)
Badges / Regulatory Requirements (1:53)
References (0:06)
Topic: Personnel Safety / Security (0:12)
Travel (2:32)
Travel conti... (2:49)
Security Training and Awareness (2:00)
Emergency Management (1:28)
Duress (2:23)
References (0:15)
Quiz 7
Domain 08 - Software Development Security
Software Development Security (0:30)
Topic: Software Development Life Cycle (0:10)
Development Methodologies (2:08)
Functional Requirements / Control Specifications (3:23)
Design / Code Review (1:14)
User Acceptance Testing / Change Management (2:20)
Maturity Models (2:08)
Agile / SW-CMM (2:09)
Change Management (2:13)
Integrated Product Team (1:39)
References (0:18)
Topic: Security Controls in Development (0:15)
Security of Software Environments (2:24)
Development Security (3:35)
Secure Coding Configuration Management (4:39)
Code Repositories (1:47)
Best Practices (1:33)
References (0:16)
Topic: Assess Software Security Effectiveness (0:17)
Auditing and Logging (2:00)
ODBC / NoSQL (3:03)
Risk Analysis / Mitigation (2:38)
Development Methodology (2:35)
Tracking Progress / Repeat (1:03)
References (0:14)
Topic: Security Impact of Acquired Software (0:10)
Security Impact of Acquired Software (3:14)
OWASP Key Considerations (3:05)
References (0:11)
Topic: Secure Coding Guidelines and Standards (0:11)
Security Weaknesses / Vulnerabilities (3:21)
Reconnaissance Attacks (1:34)
Masquerading Attacks (2:11)
API Security (1:47)
Secure Coding Practices (0:57)
Testing Options (0:44)
References (0:11)
Quiz 8
Course Closure (2:58)
Egress Monitoring
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock