CISSP: Certified Information Systems Security Professional (2024): ITPRO TV Videos and Practice Tests
R 2501.25
($)
CISSP: Certified Information Systems Security Professional (2024), ITPRO TV Videos and Practice Tests
Course Specifications
Course Number: ITP76–026_rev1.0
Course Length: 39 Hours 39 Minutes
Course Description
This course is designed to prepare IT professionals for the CISSP certification exam and expand their knowledge and understanding of information security concepts and practices. You'll delve into essential domains including Security and Risk Management, Asset Security, Security Architecture, and Engineering, among others. Whether you're understanding secure communication channels, exploring identity management systems, or getting insights into secure software development, this course aligns with the latest CISSP curriculum to ensure you get the knowledge you need, not just to pass the exam, but also to excel in your career.
Course Content
Security Risk and Management (27 Episodes: 6 Hours 16 Minutes)
Five Pillars of Information Security (7 minutes)
In this episode, you will learn about the five pillars of information security.
Security Concepts for Organizations (15 minutes)
In this episode, you will learn about basic security concepts that organizations should consider.
Security Governance Principles (17 minutes)
In this episode, you will learn about basic security governance principles.
Security Control Frameworks Foundation (5 minutes)
In this episode, you will learn about the other security control frameworks that organizations may use as part of security governance.
ISO and NIST Security Control Frameworks
In this episode, you will learn about the ISO 27001 and NIST SP 800-53 security control frameworks that organizations may use as part of security governance.
Spotlight on the GDPR (27 minutes)
In this spotlight episode, we will be discussing how to identify legal & regulatory issues for information security related to the General Data Protection Regulation (GDPR). After watching this episode you will be able to understand and apply the recommended guidance pertinent to these areas through your daily practice as an information security professional.
Other Security Control Frameworks (17 minutes)
Discuss other security control frameworks.
Legal Systems (9 minutes)
In this episode, you will learn about the difference legal systems.
United States Laws and Regulations (13 minutes)
In this episode, you will learn about the United States laws and regulations that may affect organizations.
International Laws and Regulations (13 minutes)
In this episode, you will learn about the international laws and regulations that may affect organizations.
Legal, Regulatory, and Compliance Issues (16 minutes)
In this episode, you will learn about legal, regulatory, and compliance issues.
Investigation Types (12 minutes)
In this episode, you will learn about administrative, criminal, civil, regulatory, and industry standards investigations.
Compliance (21 minutes)
In this episode, you will learn about contractual, legal, regulatory, industry standards, and privacy compliance.
Security Documentation (17 minutes)
In this episode, you will learn about security documentation.
Personnel Policies and Ethics (20 minutes)
In this episode, you will learn about personnel policies and ethics.
Security Awareness (17 minutes)
In this episode, you will learn about security awareness, training, and education.
Business Continuity Concepts (12 minutes)
In this episode, you will learn about business continuity concepts.
Business Impact Analysis (BIA) (12 minutes)
In this episode, you will learn about the business impact analysis (BIA) process.
Business Continuity Process (12 minutes)
In this episode, you will learn about the business continuity process.
Risk Management Concepts (17 minutes)
In this episode, you will learn about the risk management concepts.
Threat and Vulnerability Identification (18 minutes)
In this episode, you will learn about the threat and vulnerability identification.
Risk Analysis (21 minutes)
In this episode, you will learn about risk analysis, including quantitative and qualitative analysis.
Risk Response-Treatment (6 minutes)
In this episode, you will learn about risk response and treatment.
Control Implementation (16 minutes)
In this episode, you will learn about the control implementation as part of risk management.
Risk Reporting and Continuous Monitoring (8 minutes)
In this episode, you will learn about risk reporting and continuous monitoring.
Risk Frameworks (14 minutes)
In this episode, you will learn about the risk frameworks.
Threat Modeling (19 minutes)
In this episode, you will learn about threat modeling.
Supply Chain Risk Management (13 minutes)
In this episode, you will learn about supply chain risk management.
Asset Security (11 Episodes: 2 Hours 33 Minutes)
Asset Classification (16 minutes)
In this episode, you will learn key concepts associated with identifying and classifying assets in your organization.
Data Classification (13 minutes)
In this episode, you will learn key concepts associated with identifying and classifying data (information) in your organization.
Information and Asset Handling (17 minutes)
In this episode, you will learn key concepts associated with establishing information and asset handling requirements in a corporate setting.
Provisioning Information and Assets (16 minutes)
In this episode, you will learn key concepts associated with provisioning information and assets securely. This includes such topics as information and asset ownership, asset inventories, and asset management.
Data Roles (15 minutes)
In this episode, you will learn key concepts associated with data roles that typically exist in a corporate data lifecycle.
Data Lifecycle Phases (18 minutes)
In this episode, you will learn about the typical phases involved in a data lifecycle. A data lifecycle is crucial as it delineates the systematic journey of data from its creation to disposal, ensuring efficient management, security, and compliance, ultimately enabling organizations to derive valuable insights and maintain data integrity throughout its entire existence.
Asset Retention (11 minutes)
In this episode, you will learn about asset retention in modern corporate environments. This episode includes a discussion of common vendor indications regarding the effective life of equipment, including terms like End of Life and End of Support.
Data States (12 minutes)
In this episode, you will learn about the three most common states of data that we recognize as security professionals. These states are data at rest, data in transit, and data in use. You will learn the definition of each of these states, and you will also learn about various security implications and protections relevant for each state.
Scoping and Tailoring (7 minutes)
In this episode, you will learn about the process of scoping and tailoring when it comes to security control design and implementation with organizations today.
Standards Selection (14 minutes)
In this episode, you will learn about the importance and processes involved with selecting security standards when determining your security controls.
Data Protection Methods (9 minutes)
In this episode, you will learn about some important data protection methods in use today, including including Digital Rights Management (DRM), data loss prevention (DLP), and cloud access security brokers (CASB).
Security Architecture and Engineering (33 Episodes: 10 Hours 8 Minutes)
Using Secure Design Principles (24 minutes)
In this episode, we will explore and define many secure design principles that can
aid us in creating more secure systems.
Security Model Basics (21 minutes)
In this episode, we will examine common security models like the CIA Triad, process protections, and User/Kernel modes which will help us better secure our IT systems.
Security Modes (9 minutes)
In this episode, we will define and investigate what security modes are, how they're used and list the 4 types of security modes.
Security Model Types (17 minutes)
In this episode, we will list and define the different types of Security Models.
Bell-LePadula (16 minutes)
In this episode, we will define the Bell-LePadula security model as well as explore its attributes and limitations.
Biba (9 minutes)
In this episode, we will define the Biba security model as well as explore its
attributes and limitations.
Clark-Wilson (12 minutes)
In this episode, we will define the Clark-Wilson security model as well as explore its attributes.
Other Security Models (9 minutes)
In this episode, we will list and describe commonly used security models such as, Lipner, Brewer-Nash, Graham-Denning, and Harrison-Ruzzo-Ullman.
Choosing Security Controls (15 minutes)
In this episode, we will investigate the attributes of common security controls so that we can potentially apply them properly. Understanding they different types of security controls and when/where/how/why they work will enable us to better implement them to meet the security needs of our environments.
Memory Protection (16 minutes)
In this episode, we'll take a look at how computer systems utilize memory protections to safeguard against buffer and stack overflow attacks.
Trusted Platform Module (8 minutes)
In this episode, we will discover the Trusted Platform Module, or TPM, and its use. We will also go over the TPM's processes of Binding and Sealing as well as identify TPM-specific memory.
Encryption and Decryption (21 minutes)
In this episode, we delve into the basics of using encryption. Here we'll discover how encryption can be used to protect stored data as well as data in motion.
Client Vulnerabilities (18 minutes)
In this episode, we'll explore cybersecurity vulnerabilities associated with client-based systems.
Server Vulnerabilities (26 minutes)
In this episode, we'll explore cybersecurity vulnerabilities associated with server-based systems.
Database Vulnerabilities (16 minutes)
In this episode, we'll explore cybersecurity vulnerabilities associated with database systems.
Cloud Vulnerabilities (25 minutes)
In this episode, we'll examine the basics of cloud systems and the cybersecurity vulnerabilities associated with the different types of cloud systems.
Industrial Control System Vulnerabilities (22 minutes)
In this episode, we will take a look at Industrial Control Systems, including their common types and components. We'll also investigate a few of their associated vulnerabilities.
IoT Embedded and Edge Computing Vulnerabilities (25 minutes)
In this episode, we'll investigate IoT, Embedded systems, and Edge Computing along with their associated vulnerabilites.
Virtualization and Container Vulnerabilities (23 minutes)
In this episode, we will dive into virtualization and containerization, specifically exploring the common vulnerabilities associated with each.
Distributed Microservices and Serverless Vulnerabilities (21 minutes)
In this episode, we'll assess Distributed systems, Microservices, and Serverless systems by defining each and covering common vulnerabilities associated with them.
High Performance Computing Vulnerabilities (19 minutes)
In this episode, we will attempt to define High-Performance Systems, explore their common use, and list out a few of the common security vulnerabilites associcated with them.
Cryptography Basics (25 minutes)
In this episode, we will delve into the fundamentals of cryptography; covering common terms and definitions, the cryptographic lifecycle, and common types of cryptography.
PKI (20 minutes)
In this episode, we will study Public Key Infrastructure(PKI) and how it is implemented to increase security for digital systems.
Digital Signatures (20 minutes)
In this episode, we will learn about Digital Signatures. Here we will define what Digital Signatures are and how they are used. We will explore the process of creating and using Digital Signature, step-by-step, so as to fully understand the process.
Classic Cryptanalyic Attacks (22 minutes)
In this episode, we will learn about classic cryptographic attacks that have been used to break cryptosystem in history past and can even be applied today.
Side Channel Attacks (17 minutes)
In this episode, we'll explore how Side-Channel attacks exploit the physical attributes of a digital system to reveal secrets; even secrets protected by encryption.
Other Cryptanalytic Attacks (13 minutes)
In this episode, we will take a look at a bevy of other cyrptanalytic attacks such as Man-in-the-Middle, Meet-in-the-Middle, Pass-the-Hash, Kerberos, and Ransomware.
Secure Site and Facility Design Basics (17 minutes)
In this episode, we will look into designing security for our physical sites and facilities as well as why it's important for not just data protection, but also human protection.
Utilizing Natural Access Controls (12 minutes)
In this episode, we will investigate protecting our physical sites and facilities using natural access controls.
Planning for Physical Security (15 minutes)
In this episode, we will begin looking into physical security planning, implementing techniques that will deter, deny, detect, and delay attacks and/or incidents.
Common Types of Facilities and Sites (18 minutes)
In this episode, we will explore the different common types of facilities and sites. Knowing each of these types will inform the security measures that will be implemented to protect them.
Facilities and Sites Security Controls (23 minutes)
In this episode, we will explore the different security controls used to secure phyiscal sites and facilities. We begin by addressing site security concerns, and then work through physical, technical, and administrative controls.
Information System Life Cycle Management (17 minutes)
In this episode, we will learn about the Information System Life Cycle and explore each phase of the ISLC to help us better secure our digital environments.
Communication and Network Security (23 Episodes: 5 Hours 44 Minutes)
Video, Voice and Collaboration Technologies (7 minutes)
In this episode, the learner will examine video, voice and collaboration platforms. We will also explore various methods to secure these communications platforms.
OSI and TCP-IP Models (13 minutes)
In this episode, the learner will examine the OSI model and TCP/IP models. We will explore the layers, functionality, similarities and differences.
Network Transmission Media (12 minutes)
In this episode, the learner will examine aspects of network transmission media, including signal propagation quality and physical security. We will explore the aspects of wired and wireless transmission media and security considerations.
Transport Architecture (20 minutes)
In this episode, the learner will examine various transport technologies used to transmit data across networks. We will explore switching methods, topology considerations, and more.
Multilayer and Converged Protocols (18 minutes)
In this episode, the learner will examine multilayer and converged protocols. We will explore protocols such as DNP3, Fibre Channel over Ethernet, InfiniBand over Ethernet, Compute Express Link and more.
Network Performance Metrics and Traffic Flows (16 minutes)
In this episode, the learner will examine various network performance metrics that can be used to determine the condition of networks communications. We will explore traffic flows such as north-south and east-west traffic, including the security implications.
Data and Third-party Communications (12 minutes)
In this episode, the learner will examine backhaul networks in wired and wireless communications. We will explore the telecommunication provider network technologies and the security considerations.
Endpoint Security (17 minutes)
In this episode, the learner will examine various host-based technologies that focus on endpoint security. We will explore traditional and modern solutions that provide advanced, centralized endpoint security.
Monitoring and Management Technologies (14 minutes)
In this episode, the learner will examine monitoring and management technologies, security implications and examples. We will explore network observability, capacity management, traffic flow, shaping and more.
IPv4 Addressing Protocol (13 minutes)
In this episode, the learner will examine the structure of IPv4 addressing. We will explore the format, subnet masks, classes, RFC1918 and more.
more.
Remote Access Technologies (16 minutes)
In this episode, the learner will examine remote access and the associated network administrative functions. We will explore various strategies, examples, and more.
Virtual Private Clouds (14 minutes)
In this episode, the learner will examine Virtual Private Clouds, a cloud-based technology used to create private networks. We will explore characteristics such as subnets, routing tables, security and more.
Wireless Network Security (16 minutes)
In this episode, the learner will examine security technologies used to secure communications across wireless networks. We will explore authentication methods and various security protocols such as WPA, TKIP, CCMP, and more.
Cellular and Satellite Communications (17 minutes)
In this episode, the learner will examine various cellular and satellite communication technologies. We will explore 3G, 4G, 5G cellular and more.
Micro-segmentation (10 minutes)
In this episode, the learner will examine micro-segmentation in network design. We will explore various technologies such as network overlays, routers, distributed firewalls, intrusion detection and prevention, Zero Trust and more.
Edge Networks and CDNs (11 minutes)
In this episode, the learner will examine edge networks, including characteristics such as ingress and egress traffic and content distribution networks. We will also examine security considerations, examples, and more.
Wireless Network Architecture (16 minutes)
In this episode, the learner will examine a various wireless technology such as Wi-Fi and IEEE802.11, WLAN Bluetooth and ZigBee. We will explore wireless local area network or WLAN architectures, frequencies, channels and more.
Operations of Infrastructure (21 minutes)
In this episode, the learner will examine secure infrastructure operations techniques. We will explore power redundancy, warranties, and support.
Software Defined Networking (11 minutes)
In this episode, the learner will examine software-defined networking (SDN). We will explore various SDN components such as SDN controllers, interfaces, SDN layers, APIs, and more.
Secure Protocol Implementations (15 minutes)
In this episode, the learner will examine secure protocols and the significance of their implementation. We will explore various secure protocols, implementations and attributes.
Physical and Logical Network Segmentation (19 minutes)
In this episode, the learner will examine physical and logical segmentation in networks. We will explore various technologies used to implement these techniques.
IPv6 Addressing Protocol (15 minutes)
In this episode, the learner will examine the structure of IPv6 addressing. We will explore the benefits of implementing IPv6 addressing.
Network Access Control Systems (12 minutes)
In this episode, the learner will examine physical and virtual network access control solutions. We will examine firewalls, health attestation, proxy servers, 802.1X and more.
Identity and Access Management (IAM) (20 Episodes: 3 Hours 25 Minutes)
Control Physical and Logical Access (9 minutes)
In this episode, you will learn about some of the most important assets that you should control physical and logical access to in your organization.
Type of Access Controls (21 minutes)
In this episode, you will learn about some of the many types of access controls that we can employ in organizations today in order to help secure access to assets.
Groups and Roles (12 minutes)
In this episode, you will learn about the use of users, groups, and roles in a typical Identity and Access Management system in a typical IT environment.
AAA (11 minutes)
In this episode, you will learn about the importance of AAA. That is authentication, authorization, and accounting. These are critical aspects of modern identity and access management systems found in organizations today.
Session Management (7 minutes)
In this episode, you will learn about the importance of session management when it comes to implementing strong identity and access management solutions.
Registration and Proofing (8 minutes)
In this episode, you will some of the key aspects of registration, proofing, and establishment of identity as it relates to identity and access management in an organization.
FIM (10 minutes)
In this episode, you will learn some of the most critical aspects of Federated Identity Management (FIM) as it is exists in corporate environments today.
Credential Management (10 minutes)
In this episode, you will learn about the current common practice of using credential management systems such as a password vault.
SSO and Just-in-TIme (11 minutes)
In this episode, you will learn about the IAM concepts of Single Sign On (SSO) and Just-in-Time access.
Role-Rule Based Access Control (11 minutes)
In this episode, you will learn about two of the many access control models that exist. This episode examines Role Based Access Control (RBAC) and Rule Based Access Control (RuBAC).
MAC-DAC (10 minutes)
In this episode, you will learn about two of the many access control models that exist. This episode examines Mandatory Access Control (MAC) models and Discretionary Access Control (DAC) models.
Other Access Control Methods (6 minutes)
In this episode, you will learn about other access control models that exist in today's IT environments. These include Attribute Based Access Control (ABAC) and Risk Based Access Control models.
Access Policy Enforcement (6 minutes)
In this episode, you will learn about key components in access policy enforcement in modern networks. These components include Policy Enforcement Points (PEPs), Policy Decision Points (PDPs), Policy Information Points (PIPs), and Policy Administration Points (PAPs).
Account Access Review (9 minutes)
In this episode, you will learn about account access review as it might occur in the identity lifecycle management process of an organization.
Provisioning-Deprovisioning (13 minutes)
In this episode, you will learn about key recommended aspects of the provisioning and deprovisioning process in an IAM system. Note that many companies today refer to this as simply on-boarding and off-boarding.
Role Definition - Privilege Escalation (8 minutes)
In this episode, you will learn about two different important aspects of the identity management lifecycle - these are the definition of new roles and the need for privilege escalation.
Service Accounts Management (9 minutes)
In this episode, you will learn about the importance of service accounts in an IAM system. This episode emphasizes a strong lifecycle management approach to these important accounts.
OAuth-OIDC (8 minutes)
In this episode, you will learn about OAuth, OpenID, and OIDC. You will be able to explain their role in the implementation of authentication systems.
SAML-Kerberos (9 minutes)
In this episode, you will learn two protocols that can be used in the authentication process. These protocols are SAML and Kerberos.
RADIUS-TACACS+ (7 minutes)
In this episode, you will learn about two more protocols that can be used in authentication systems. These protocols are RADIUS and TACACS+.
Security Operations (15 Episodes: 4 Hours 0 Minutes)
Understand and Comply with Investigations (19 minutes)
In this episode, the learner will examine the components of digital forensic standards, the processes and the role these standards offer in investigations. We will explore NIST, IOCE and SWGDE and more.
Logging and Monitoring Activities (19 minutes)
In this episode, the learner will examine logging and monitoring solutions such as IDPS, SIEM SOAR, and UEBA. We will explore logging, logging source types, threat hunting, and more.
Configuration Management (13 minutes)
In this episode, the learner will examine configuration management (CM) technologies, platforms, and standards. We will also explore configuration management activities, tools, and more.
Foundational Security Operations Concepts (13 minutes)
In this episode, the learner will examine foundational operational security techniques. We will explore least privilege, segregation of duties, service-level agreements, and more.
Apply Resource and Media Protection (20 minutes)
In this episode, the learner will examine various resource protection techniques. We will explore media management, data states, media protection methods, and more.
Conduct Incident Management (15 minutes)
In this episode, the learner will examine incident management, including response, the process, and industry resources for implementing incident management.
Detection and Preventative Measures (21 minutes)
In this episode, the learner will examine various detection and prevention measures used in operational security. We will explore firewalls, honeypots, and honeynets, sandboxing, and more.
Implement Patch and Vulnerability Management (10 minutes)
In this episode, the learner will examine patch and vulnerability management. We will explore the major components, industry resources, and more.
Change Management Processes (10 minutes)
In this episode, the learner will examine change management processes, guidelines and best practices.
Implement Recovery Strategies (18 minutes)
In this episode, the learner will examine recovery strategies implemented to maintain business operations. We will explore backup storage and recovery site strategies, system resiliency, and more.
Implement Disaster Recovery Processes (17 minutes)
In this episode, the learner will examine disaster recovery processes. We will explore the steps, industry resources for disaster recovery strategies, guidance, and more.
Test Disaster Recovery Plan (10 minutes)
In this episode, the learner will examine the disaster recovery testing activities, industry guidance and more.
Business Continuity Planning (11 minutes)
In this episode, the learner will examine contingency planning concepts and activities. We will explore various continuity planning types, terminology, industry resources for guidance, and more.
Implement and Manage Physical Security (22 minutes)
In this episode, the learner will examine physical security and various techniques for implementing it. We will explore industry resources for guidance on physical security and various controls such as bollards, lighting, CCTV, gates, guards, fencing, and more.
Personnel Safety and Security (16 minutes)
In this episode, the learner will examine personnel safety and security concepts and considerations. We will explore various industry resources for guidance on protecting the safety and security of an organization's personnel.
Secure Software Development (22 Episodes: 5 Hours 55 Minutes)
Introducing software development security (22 minutes)
In this episode, we will explore, at a high-level, what understanding is required and what must be considered to integrate security into the Software Development Life Cycle. (SDLC) along with real-world examples to help provide context.
Choosing a software development methodology (11 minutes)
In this episode, we will take a look at considerations for choosing the appropriate software development method to help.
Considering process driven methodologies (21 minutes)
In this episode, we will analyze the process-drive software development methodologies that directly impact the security and integrity of software applications. Choosing the appropriate one will help ensure secure software deployment, manage software changes and meet compliance and governance best practices.
Considering agile based methodologies (23 minutes)
In this episode, we will analyze the different agile-based software development methodologies that directly impact the security and integrity of software applications. Choosing the appropriate one will help ensure secure software deployment, manage software changes and meet compliance and governance best practices.
Integrating the capability maturity model in the SDLC (15 minutes)
In this episode, we will identify the characteristic practices of an organization's Software development and analyze a practical scenario using the CMM.
Adopting SAMM Into your software development (10 minutes)
In this episode, we will identify the characteristic practices of an organization's software development and analyze a scenario using the SAMM.
Improving product with an integrated product team (7 minutes)
In this episode, we will explore improving the overall product via an Integrated Product Team. We will examine why IPTs have members from multiple functional areas. We will identify the purpose of an IPT is to ensure that all aspects of the product lifecycle are considered from the outset. IPTs aim to improve communication and decision-making, reduce development time, and enhance the quality and security of the final product.
Managing post-deployment product expectations (18 minutes)
In this episode, we will examine the post-deployment practices to manage product expectations: software operations, maintenance, and change management.
Introducing security controls in software development (17 minutes)
In this episode, we'll explore how security controls can be integrated at each stage of the Software Development Life Cycle (SDLC) to mitigate risks and ensure the development of secure software.
Minimizing programming language risks in the sdlc (18 minutes)
In this episode, we'll explore how certain programming languages can influence security, the common vulnerabilities associated with them, and best practices for secure coding to minimize software programming risks.
Developing, deploying, and maintaining secure software (15 minutes)
In this episode, we'll analyze how libraries, toolsets, IDEs, runtime, and code repositories play a critical role in software develop security.
Integrating software configuration management (13 minutes)
In this episode, we'll analyze a scenario regarding how software configuration management helps to achieve secure software development.
Incorporating application security testing (13 minutes)
In this episode, we'll analyze how to incorporate application security testing methodologies within the SDLC.
Implementing auditing and logging of software changes (14 minutes)
In this episode, we'll analyze the effectiveness of software security via auditing, and logging of software changes.
Focusing on risk analysis and mitigation in the SDLC (16 minutes)
In this episode, we will analyze the critical role of risk analysis and mitigation strategies in developing secure software.
Evaluating COTS and third-party software security (16 minutes)
In this episode, we will analyze the strategies and processes for evaluating the security impact of acquired software.
Evaluating managed service and open source software security (15 minutes)
In this episode, we'll analyze open-source software security and managed services security considerations.
Evaluating cloud services security (15 minutes)
In this episode, we'll examine the security considerations associated with using externally provided software and services.
Introducing coding languages and tools (21 minutes)
In this episode, we will examine different levels of software coding languages and also the tools used to develop software.
Identifying security flaws at source-code level (18 minutes)
In this episode, we'll identify some of the different source-code vulnerabilities that can be mitigated by applying secure coding guidelines and standards in software development.
Securing APIs (10 minutes)
In this episode, we'll explain what an API is and does. Also, we look into some security considerations for APIs with examples.
Integrating sdn and sdsec (17 minutes)
In this episode, we'll take a look at an example scenario to help us gain a better understanding of how to integrate SDSec with SDN in our environment.
.jpg){kind=logo}
.jpg){kind=logo}
.jpg){kind=logo}
.jpg){kind=logo}
.png){kind=logo}
