Curriculum
- 9 Sections
- 174 Lessons
- 3 Days
Expand all sectionsCollapse all sections
- Domain 00 – Introduction31:815
- 1.01 CISSP®—Introduction 2.6
- 1.12 Before you start 1.11
- 1.23 Objectives 1.20
- 1.34 CISSP®2:19
- 1.45 (ISC)²®1:58
- 1.56 CISSP® Domains3:47
- 1.67 Benefits of CISSP® for Professionals2:1
- 1.78 Benefits of CISSP® for Employers2:6
- 1.89 CISSP® Certification Requirements1:42
- 1.910 CISSP® Certification Requirements (contd.)1:21
- 1.1011 CISSP® Certification Requirements (contd.)1:57
- 1.1112 CISSP® Certification Requirements (contd.)2:5
- 1.1213 CISSP® Examination3:36
- 1.1314 CISSP® Examination (contd.)1:30
- 1.1415 Conclusion
- Domain 01 – Security and Risk Management258:4693
- 2.01 Domain 01—Security and Risk Management1:10
- 2.12 Objectives1:32
- 2.23 Importance of Information Security and Risk Management2:3
- 2.34 Role and Importance of CIA in ISM2:7
- 2.45 Confidentiality2:51
- 2.56 Integrity2:32
- 2.67 Availability1:57
- 2.78 Information Security1:33
- 2.89 Information Security Management1:26
- 2.910 Information Security Governance2:6
- 2.1011 IT Security and Organizational Goals, Mission, and Objectives1:29
- 2.1112 Goals, Mission, and Objectives2:55
- 2.1213 Aligning Security with Goals, Mission, and Objectives1:41
- 2.1314 Business Scenario2:14
- 2.1415 Organizational Processes2:28
- 2.1516 Auditing1:21
- 2.1617 Control Framework1:40
- 2.1718 Due Care1:31
- 2.1819 Due Diligence1:28
- 2.1920 Security Controls1:49
- 2.2021 Service Level Agreements1:58
- 2.2122 Managing Third-Party Governance3:23
- 2.2223 Offshoring—Privacy Requirements and Compliance2:7
- 2.2324 Business Scenario1:52
- 2.2425 Layers of Responsibility2:3
- 2.2526 Security Policies2:31
- 2.2627 Types of Security Policies2:35
- 2.2728 Security Policy Implementation3:7
- 2.2829 Policy Chart2:8
- 2.2930 Standards, Guidelines, Procedures, and Baselines3:7
- 2.3031 Business Scenario1:30
- 2.3132 Compliance—Need for Compliance2:23
- 2.3233 Regulatory Compliance1:45
- 2.3334 Compliance1:39
- 2.3435 Compliance (contd.)1:57
- 2.3536 Compliance (contd.)1:48
- 2.3637 Standards/Manuals/Guidelines for Compliance2:9
- 2.3738 Computer Crimes1:27
- 2.3839 Introduction to Computer Crimes1:54
- 2.3940 Categories of Computer Crimes3:28
- 2.4041 Business Scenario1:51
- 2.4142 Major Legal Systems1:45
- 2.4243 Common Law and Civil Law2:42
- 2.4344 Customary Law and Religious Law2:44
- 2.4445 Mixed Law1:28
- 2.4546 Business Scenario1:36
- 2.4647 Introduction to Intellectual Property (IP) Law2:1
- 2.4748 Types of Intellectual Property (IP) Law2:51
- 2.4849 Types of Intellectual Property (IP) Law (contd.)2:44
- 2.4950 Types of Intellectual Property (IP) Law (contd.)1:0
- 2.5051 Business Scenario1:39
- 2.5152 Import or Export Controls and Trans-Border Data Flow2:10
- 2.5253 Introduction to Privacy2:59
- 2.5354 U.S. Privacy Laws2:14
- 2.5455 U.S. Privacy Laws (contd.)2:21
- 2.5556 U.S. Guidelines for Managing Privacy2:41
- 2.5657 EU Council Directive (Law) on Data Protection2:18
- 2.5758 The U.S.-European Union Safe Harbor3:4
- 2.5859 Security Definitions3:40
- 2.5960 Information Risk Management2:9
- 2.6061 Business Scenario1:54
- 2.6162 Introduction to Risk Analysis2:6
- 2.6263 Goals of Risk Analysis1:26
- 2.6364 Risk Analysis Team1:54
- 2.6465 Steps for Risk Analysis1:50
- 2.6566 Information and Assets Valuation2:16
- 2.6667 Risk Analysis Types1:41
- 2.6768 Quantitative Risk Analysis—Steps2:47
- 2.6869 Quantitative Risk Analysis—Problem1:39
- 2.6970 Qualitative Risk Analysis2:10
- 2.7071 Delphi Technique2:4
- 2.7172 Quantitative vs.Qualitative1:29
- 2.7273 Hybrid Analysis1:45
- 2.7374 Countermeasure Selection—Problem1:56
- 2.7475 Countermeasure Selection—Other Factors1:57
- 2.7576 Handling Risk2:39
- 2.7677 Business Scenario1:51
- 2.7778 Threat Modeling1:59
- 2.7879 Need for Business Continuity Planning1:55
- 2.7980 Basic Concepts—Disruptive Events3:26
- 2.8081 Basic Concepts—Business Continuity Planning1:47
- 2.8182 Importance of Business Continuity Planning1:31
- 2.8283 Business Continuity Planning Phases1:53
- 2.8384 BCP/DRP Phase 1—Project Initiation and Scoping3:54
- 2.8485 BCP/DRP Phase 2—Business Impact Analysis (BIA)2:11
- 2.8586 BIA—Goals2:20
- 2.8687 BIA—Steps4:32
- 2.8788 BIA Steps—Business Unit Level2:7
- 2.8889 Maximum Tolerable Downtime (MTD)2:46
- 2.8990 Failure and Recovery Metrics3:52
- 2.9091 Failure and Recovery Metrics (contd.)2:46 92 Stages of Failure and Recovery1:52 93 BCP/DRP Phase 3—Identify Preventive Controls2:19 94 Importance of Managing Personnel Security1:51 95 Managing Personnel Security—Hiring Practices1:54 96 Managing Personnel Security—Employee Termination1:47 97 Vendor, Contractors, and Consultant Controls1:47 98 Best Work Practices2:44 99 Business Scenario1:48 100 Importance of Security Awareness Training1:54
- 2.91101 Security Awareness Training: Awareness, Training, and Education2:28 102 Implementation of Security Awareness Training Program1:38 103 Importance of Content Updates1:23 104 Importance of Managing Security Function1:53 105 Best Practices—Budget and Establish Security Metrics2:28 106 Best Practices—Resources and Develop and Implement Strategies2:23 107 Best Practices—Completeness and Effectiveness of the Program1:25 108 Business Scenario1:44 109 (ISC)² Code of Ethics3:31 110 Quiz0:0
- 2.92111 Summary1:54 112 Conclusion1:6
- Domain 02 – Asset Security116:506
- 3.01 Domain 02—Asset Security1:13 2 Objectives1:28 3 Importance of Asset Security1:39 4 Need for Information Classification2:12 5 Information Classification Objectives1:56 6 Government or Military Sector Classification2:33 7 Commercial or Private Sector Classification2:50 8 Information Classification Criteria2:52 9 Data Classification Considerations1:47 10 Role Responsible for Data Classification1:51
- 3.111 Business Scenario1:37 12 Data Management1:53 13 Best Practices for Data Management1:54 14 Data Policy2:14 15 Data Ownership1:54 16 Data Ownership—Best Practices1:45 17 Data Custodians2:15 18 Data Custodians (contd.)1:33 19 Data Quality2:9 20 Data Quality—Aspects1:32
- 3.221 Data Quality Assurance and Quality Control1:49 22 Data Documentation1:44 23 Data Documentation Practices2:28 24 Data Standards1:58 25 Data Control Lifecycle1:33 26 Data Specification and Modeling1:37 27 Database Maintenance1:38 28 Data Audit1:41 29 Data Storage and Archiving1:59 30 Data Security1:58
- 3.331 Data Access, Sharing, and Dissemination1:56 32 Data Publishing1:32 33 Data Handling Requirements2:25 34 Media Resource Protection4:32 35 Data Remanence2:51 36 Business Scenario1:45 37 Asset Management2:17 38 Software Licensing1:45 39 Equipment Lifecycle1:0 40 Protecting Privacy2:35
- 3.441 Ensuring Appropriate Retention2:6 42 Data Security Controls2:36 43 Data in Transit—Best Practices2:11 44 Scoping and Tailoring1:52 45 Scoping and Tailoring (contd.)2:2 46 Standards Selection—US DoD3:10 47 Standards Selection—International Standards2:45 48 Standards Selection—National Cyber Security Framework Manual1:48 49 Standards Selection—Center for Strategic and International Studies1:0 50 Standards Selection—Critical Security Controls2:23
- 3.551 Standards Selection—Security Content Automation Protocol2:19 52 Framework for Improving Critical Infrastructure Cybersecurity2:4 53 Business Scenario1:38 54 Quiz0:0 55 Summary1:44 56 Conclusion1:7
- Domain 03 – Security Engineering338:3415
- 4.01 Domain 03—Security Engineering1:14 2 Objectives1:23 3 Security Architecture and Design – Case Study1:42 4 Security Engineering1:31 5 Architecture Framework2:29 6 Zachman Framework2:11 7 TOGAF1:45 8 ITIL2:32 9 Creating a Security Architecture3:0 10 Enterprise Security Architecture3:6
- 4.111 Common Security Services in ESA2:29 12 SABSA Framework1:58 13 SABSA Matrix5:1 14 Business Scenario1:41 15 ISO/IEC 27001:2013 Security Standards2:8 16 ISO/IEC 27002—Code of Practice for Information Security Management2:37 17 Security Models2:6 18 State Machine Model1:24 19 Multilevel Security Models2:7 20 Matrix-Based Model1:48
- 4.221 Non-Interference Model1:57 22 Information flow model1:40 23 Examples of Security Models: Bell–LaPadula Confidentiality Model3:13 24 Examples of Security Models: Biba Integrity Model2:26 25 Examples of Security Models: Clark–Wilson integrity model2:13 26 Brewer–Nash, Graham–Denning, and Harrison–Ruzzo–Ullman models2:15 27 Business Scenario1:34 28 Evaluation Criteria2:4 29 CSEC3:20 30 Information Technology Security Evaluation Criteria2:20
- 4.331 Common Criteria2:15 32 Common Criteria Evaluation Process1:50 33 Common Criteria Levels2:23 34 Payment Card Industry Data Security Standard1:51 35 Certification and Accreditation1:36 36 Certification and Accreditation Standards2:33 37 SEI—CMMI2:49 38 SEI—CMMI Levels1:46 39 Business Scenario2:11 40 System Security Architecture2:19
- 4.441 Mainframes and Other Thin Client Systems2:40 42 Middleware and Embedded Systems1:23 43 Pervasive Computing and Mobile Computing Devices1:15 44 System Components—Processors2:8 45 System Components—Memory1:51 46 System Components—Storage1:17 47 System Components—Trusted Computing Base (TCB)1:23 48 System Components—Reference Monitor1:29 49 System Components—Trusted Platform Module (TPM)1:38 50 System Components—Peripherals and Other Input/Output Devices1:42
- 4.551 System Components—Operating System1:40 52 System Components—Ring Model1:34 53 System Components—System Kernel1:54 54 Distributed Systems1:34 55 Virtualization1:28 56 Hypervisor1:45 57 Cloud Computing1:10 58 Service models2:15 59 Grid Computing1:12 60 Peer to Peer Networking (P2P)1:20
- 4.661 Business Scenario1:56 62 Security Threats and Countermeasures1:22 63 Assessing and Mitigating Vulnerabilities and Threats2:30 64 Assessing and Mitigating Vulnerabilities and Threats (contd.)1:54 65 Assessing and Mitigating Vulnerabilities and Threats (contd.)2:5 66 Best Practices1:45 67 Best Practices (contd.)1:30 68 Best Practices—Techniques and Technologies1:59 69 Best Practices—Techniques and Technologies (contd.)1:30 70 Best Practices—Techniques and Technologies (contd.)1:24
- 4.771 Best Practices—Techniques and Technologies (contd.)1:37 72 Best Practices—Techniques and Technologies (contd.)1:42 73 Introduction to Cryptography3:40 74 Cryptographic Lifecycle1:56 75 Algorithm or Protocol Governance1:52 76 Cryptography Terms3:45 77 Strength of a Cryptosystem2:29 78 Cryptography Methods—Substitution Cipher2:31 79 Cryptography Methods—Transposition Cipher1:24 80 Cryptography Methods—Book or Running Key Cipher2:9
- 4.881 Cryptography Methods—Concealment Cipher1:43 82 Cryptography Methods—Steganography and DRM2:19 83 Business Scenario1:36 84 Introduction to Symmetric Cryptography3:1 85 Symmetric Key Ciphers2:16 86 Block Cipher1:47 87 Stream Cipher3:2 88 Block Cipher Designs1:41 89 Data Encryption Standard (DES)2:33 90 DES Algorithm2:35
- 4.991 DES Operation Modes—Electronic Code Book2:1 92 DES Operation Modes—Cipher Block Chaining2:7 93 DES Operation Modes—Cipher Feed Back2:22 94 DES Operation Modes—Output Feed Back1:44 95 DES Operation Modes—Counter2:1 96 Triple DES2:46 97 Advanced Encryption Standard (AES)2:17 98 AES Algorithm1:14 99 AES Algorithm—Key Expansion and Initial Round1:15 100 Advanced Encryption Standard (AES) Algorithm—Rounds3:1
- 4.10101 AES Algorithm—Final Round1:8 102 Other Symmetric Systems2:54 103 Other Symmetric Systems (contd.)2:11 104 Business Scenario1:43 105 Introduction to Asymmetric Cryptography3:7 106 Introduction to Asymmetric Cryptography—Diagram1:9 107 Introduction to RSA Algorithm1:54 108 RSA Algorithm Process2:20 109 Other Types of Asymmetric Cryptography—Elliptic Curve Cryptosystems2:2 110 Other Types of Asymmetric Cryptography—Diffie-Hellman Key Exchange1:35
- 4.11111 Public Key Cryptography2:25 112 Symmetric vs. Asymmetric Cryptography3:45 113 Advantages and Disadvantages1:54 114 Introduction to Public Key Infrastructure3:15 115 PKI Certification2:48 116 PKI Certification (contd.)1:33 117 PKI Steps—Part 11:44 118 PKI Steps—Part 21:58 119 One-Way Hash2:13 120 Hashing Algorithms3:9
- 4.12121 Hashing Algorithms (contd.)2:41 122 Salting1:34 123 Message Authentication Code (MAC)2:50 124 Digital Signatures2:15 125 Key Management2:30 126 Key Management Principles2:50 127 Escrowed Encryption3:44 128 Business Scenario1:58 129 Need for Physical and Environmental Security2:50 130 Business Scenario2:2
- 4.13131 Site and Facility Design Criteria3:27 132 Information Protection Environment1:53 133 Crime Prevention Through Environmental Design (CPTED)2:2 134 Site Location2:38 135 Construction2:8 136 Support Facilities2:46 137 Business Scenario1:51 138 Secure Operational Areas4:15 139 Business Scenario1:49 140 Environmental Controls1:21
- 4.14141 Environmental Controls (Contd.)2:5 142 Fire Detection and Suppression1:44 143 Power Supply3:3 144 Power Supply (contd.)1:57 145 HVAC1:43 146 Training and Awareness1:23 147 Business Scenario1:0 148 Quiz0:0 149 Summary1:48 150 Conclusion1:7
- Domain 04 – Communications and Network Security255:4410
- 5.01 Domain 04—Communications and Network Security1:15 2 Objectives1:27 3 Importance of Communications and Network Security—Case Study1:39 4 Introduction to Secure Network Architecture and Design1:26 5 Open Systems Interconnection4:43 6 OSI Model Layers2:15 7 Physical Layer2:9 8 Data Link Layer2:18 9 Network Layer1:49 10 Transport Layer2:1
- 5.111 Session Layer1:52 12 Presentation Layer2:16 13 Application Layer1:47 14 Transmission Control Protocol/Internet Protocol (TCP/IP) Model2:8 15 Network Access Layer and Internet Layer2:8 16 Host-to-Host Layer and Application Layer2:10 17 Comparison of OSI and TCP/IP Models2:17 18 Introduction to IP Addressing1:48 19 IPv4 and IPv63:35 20 Classful IP Addressing1:38
- 5.221 Class A1:31 22 Class B1:30 23 Class C1:27 24 Class D and Class E1:30 25 Classless Inter-Domain Routing3:41 26 Private Networks and Loopback Address2:42 27 Types of IP Addressing2:15 28 Routed and Routing Protocols2:56 29 Types of Network Protocols1:15 30 Transmission Control Protocol (TCP)2:6
- 5.331 User Datagram Protocol (UDP)1:46 32 Internet Protocol1:20 33 Address Resolution Protocol2:37 34 Internet Control Message Protocol (ICMP)1:29 35 Hypertext Transfer Protocol (HTTP)2:56 36 Implications of Multi-Layer Protocols1:53 37 Distributed Network Protocol2:7 38 LAN/Network Technologies5:14 39 Transmission Media1:26 40 Twisted Pair2:0
- 5.441 Coaxial Cable Box2:45 42 Fiber-Optic Cable Box2:42 43 Network Topologies2:52 44 Media Access Technologies1:46 45 Carrier-Sense Multiple Access with Collision Detection2:20 46 Carrier-Sense Multiple Access with Collision Avoidance2:4 47 Flavors of LAN transmission methods1:30 48 List of Networking Devices3:33 49 VLANs3:8 50 Gateways2:3
- 5.551 Network Access Control Devices1:38 52 Packet-Filtering and Application-Level3:40 53 Circuit-Level and Stateful-Inspection2:39 54 Firewall Architectures3:37 55 Network Security Terms2:51 56 Business Scenario1:26 57 Networks2:9 58 Types of Networks2:9 59 WAN Technologies2:11 60 WAN Switching and Devices2:55
- 5.661 Network Address Translation and Frame Relay2:36 62 Multi-Protocol Label Switching and VoIP1:58 63 Fiber Channel over Ethernet and Internet Small Computer System Interface2:5 64 Virtualized Networks2:2 65 Introduction to Remote Access1:45 66 VPN using PPTP and L2TP2:44 67 Internet Security Protocol (IPsec)2:6 68 Internet Security Protocol (IPsec) Modes of Operation2:47 69 IPsec Security Protocols—Authentication Header (AH)3:44 70 IPsec Security Protocols—Encapsulating Security Payload (ESP)2:26
- 5.771 Components of the IPsec Process2:28 72 Components of the IPsec Process (contd.)2:18 73 IPsec Process1:59 74 Secure Access Protocols3:49 75 Secure Access Protocols (contd.)3:10 76 Secure Access Protocols (contd.)2:3 77 Remote Access Security Methods1:32 78 Multimedia Collaboration1:52 79 Wireless Technologies1:29 80 IEEE Wireless Standards and Spread-Spectrum Technologies2:17
- 5.881 Direct Sequence Spread Spectrum and Frequency-Hopping Spread Spectrum2:20 82 WLAN Operational Modes2:30 83 Bluetooth2:37 84 Bluetooth Attack1:15 85 Blue Jacking and Blue Snarfing2:9 86 Blue Bugging, Backdoor Attacks, and Denial of Service Attacks2:3 87 Wireless Security7:29 88 Business Scenario1:49 89 Network Attacks3:33 90 Network Attacks (contd.)3:17
- 5.991 Network Attacks—Countermeasures4:2 92 Quiz0:0 93 Summary1:40 94 Conclusion1:8
- Domain 05 – Identity and Access Management185:528
- 6.01 Domain 05—Identity and Access Management1:15 2 Objectives1:31 3 Importance of Identity and Access Management in Information Security1:59 4 Controlling Physical and Logical Access to Assets2:23 5 Controlling Physical and Logical Access to Assets (contd.)2:51 6 Access Subject-Object and Access controls2:13 7 Identity and Access Management Policy1:47 8 Identification Authentication and Authorization2:21 9 Identity Management1:32 10 Identity and Access Provisioning Lifecycle2:28
- 6.111 Identity and Access Provisioning Lifecycle (contd.)1:48 12 Guidelines for User Identification1:53 13 Verifying Identification Information2:41 14 Strong Authentication2:26 15 Biometrics—Characteristics3:11 16 Types of Biometrics2:42 17 FRR FAR CER3:4 18 Passwords2:15 19 Password Types2:43 20 Tokens1:30
- 6.221 Token Device—Synchronous1:48 22 Token Device—Asynchronous1:40 23 Memory Cards and Smart Cards2:39 24 Attacks on Smart Cards—Fault Generation and Micro-Probing3:8 25 Access Criteria3:4 26 Authorization Concepts3:22 27 Identity Management Implementation1:31 28 Password Management3:2 29 Directory Management2:5 30 Directory Technologies2:35
- 6.331 Accounts Management2:16 32 Profile Management1:49 33 Web Access Management1:30 34 Single Sign-On (SSO)2:49 35 SSO Technologies2:1 36 Kerberos3:41 37 Kerberos Steps2:35 38 Problems with Kerberos1:54 39 Business Scenario2:1 40 Access Control Types—Security Layer2:17
- 6.441 Access Control Types—Functionality2:39 42 Business Scenario1:24 43 Access Control Models—DAC1:0 44 Access Control Models—MAC1:0 45 Access Control Models—RBAC1:51 46 Business Scenario1:28 47 Access Control Concepts4:12 48 Types of Access Control Administration3:19 49 Remote Authentication Dial-In User Service (RADIUS)2:50 50 TACACS and TACACS+1:56
- 6.551 DIAMETER1:58 52 Accountability2:43 53 Accountability (contd.)1:40 54 Session Management1:56 55 Registration and Proof of Identity1:42 56 Credential Management Systems1:47 57 Credential Management Systems—Risks and benefits1:42 58 Federated Identity Management1:45 59 Federated Identity Management Models1:51 60 Federated Identity Management Models (contd.)2:6
- 6.661 Federated Identity Management Models (contd.)1:48 62 Identity as a Service1:44 63 Identity as a Service—Functionality2:53 64 Identity as a Service—Possible Issues2:7 65 Integrate Third-Party Identity Services2:5 66 Integrate Third-Party Identity Services (contd.)1:49 67 Unauthorized Disclosure of Information4:37 68 Threats to Access Control5:27 69 Protection against Access Control Attacks1:39 70 Access Control Best Practices1:53
- 6.771 Access Control Best Practices (contd.)1:29 72 Quiz0:0 73 Summary1:39 74 Conclusion1:7
- Domain 06 – Security Assessment and Testing93:85
- 7.01 Domain 06—Security Assessment and Testing1:14 2 Objectives1:25 3 Security Assessment and Testing—Introduction1:36 4 Assessment and Test Strategies1:48 5 Vulnerability Assessment2:4 6 Penetration Testing2:18 7 Log Management2:14 8 Log Management—Advantages and Challenges1:44 9 Log Management—Best Practices1:48 10 Log Management—Operational Process1:40
- 7.111 Logged Events1:27 12 Synthetic Transactions1:59 13 Reasons to Use Synthetic Transactions1:51 14 Code Review and Testing1:49 15 Testing Techniques2:16 16 Security Testing in the SDLC2:55 17 Software Product Testing Levels2:5 18 Misuse Case Testing1:37 19 Misuse Case Testing—Scenarios2:19 20 Test Coverage Analysis1:38
- 7.221 Interface Testing1:35 22 API Testing (contd.)1:59 23 Interface Testing (contd.)1:27 24 GUI Testing1:51 25 Common Software Vulnerabilities2:28 26 Business Scenario1:54 27 Information Security Continuous Monitoring2:32 28 Information Security Continuous Monitoring—Strategy and Process2:55 29 Risk Evaluation and Control—Metrics1:0 30 Security Controls Monitoring Frequencies3:24
- 7.331 ISCM—Benefits1:50 32 Key Performance and Risk Indicators2:12 33 Internal and Third-Party Audits2:33 34 Audit Frequency and Scope1:47 35 Statement on Auditing Standards No. 702:43 36 Service Organization Controls1:57 37 SOC 1 Report2:23 38 SOC 2 Report2:40 39 SOC 2 Reports (contd.)2:7 40 SOC 3 Report1:41
- 7.441 SOC 1, SOC 2, and SOC 3 Comparison1:58 42 Audit Process—Audit Preparation Phase2:3 43 Audit Process—Audit Phase1:43 44 Business Scenario1:36 45 Quiz0:0 46 Summary1:52 47 Conclusion1:7
- Domain 07 – Security Operations373:4813
- 8.01 Domain 07—Security Operations1:15 2 Objectives1:24 3 Importance of Security Operations—Case Study1:47 4 Introduction to Investigations1:41 5 Investigation Challenges2:4 6 Investigations—Primary Activities2:51 7 Crime Scene1:52 8 Forensic Investigation Guidelines2:7 9 Incident Response Terminologies2:53 10 Incident Response Goals1:28
- 8.111 Incident Response Team2:39 12 Incident Response Procedures3:19 13 Incident Response Procedures (contd.)1:59 14 Incident Response Procedures (contd.)1:27 15 Incident Response Procedures (contd.)1:31 16 Business Scenario1:52 17 Evidence2:21 18 Evidence Lifecycle2:17 19 Chain of Evidence2:4 20 Types of Evidence4:47
- 8.221 Computer Forensics Procedure1:50 22 Requirements for Investigation Types2:15 23 Logging and Monitoring Activities1:40 24 Intrusion Detection System3:52 25 Intrusion Prevention System3:30 26 Security Information and Event Management (SIEM)2:12 27 Security Information and Event Management (SIEM)—Characteristics1:45 28 Continuous Monitoring1:53 29 Egress Filtering1:0 30 Data Leak or Loss Prevention (DLP)2:26
- 8.331 Steganography and Digital Watermarking1:58 32 Business Scenario1:44 33 Secure Provisioning of Resources through Configuration Management2:8 34 Secure Provisioning of Resources through Configuration Management (contd.)1:52 35 Introduction to Security Operations1:37 36 Security Operations Concepts1:44 37 Security Operations1:51 38 Effects of Operations Controls on C.I.A.1:29 39 Business Scenario2:3 40 Operational Resilience2:8
- 8.441 Threats to Operations3:12 42 Threats to Operations (contd.)3:36 43 Vulnerabilities4:30 44 Controls2:49 45 Business Scenario1:44 46 Need for Controlling Privileged Accounts2:18 47 Identity and Access Management2:30 48 Types of Accounts2:29 49 Commonly Used Roles2:1 50 Commonly Used Roles (contd.)2:53
- 8.551 Monitoring Special Privileges1:33 52 Service Level Agreements (SLAs)2:15 53 Business Scenario1:45 54 Protect Valuable Assets2:28 55 Protecting Physical Assets1:45 56 Protecting Information Assets2:7 57 Protecting Resources2:33 58 Controls for Protecting Assets—Hardware Controls2:51 59 Controls for Protecting Assets—Software Controls3:2 60 Controls for Protecting Assets—Media Controls2:0
- 8.661 Controls for Protecting Assets—Administrative Controls3:51 62 Cloud and Virtual Storage1:53 63 Cloud and Virtual Storage Security Issues1:53 64 Types of Virtualized Storage2:0 65 Hard Copy Records1:46 66 Business Scenario1:34 67 Incident Management2:46 68 Security Measurements, Metrics, and Reporting1:32 69 Managing Security Technologies1:42 70 Incident Management—Detection Phase1:27
- 8.771 Intrusion Detection System1:46 72 Security Information Event Management (SIEM)3:38 73 Anti-Malware Systems1:59 74 Monitoring Techniques—Violation Analysis2:12 75 Incident Management—Other Phases1:57 76 Trusted Recovery and System Recovery2:54 77 Problem Management2:29 78 Operating and Maintaining Preventive Measures2:2 79 Patch Management2:15 80 Vulnerability Management2:19
- 8.881 Change Management2:39 82 Change Control Process2:23 83 Configuration Management3:24 84 Configuration Management (contd.)1:26 85 Business Scenario1:37 86 Develop a Recovery Strategy2:18 87 Types of Recovery—Business Recovery and Facility and Supply Recovery1:44 88 Types of Recovery—User Recovery1:29 89 Types of Recovery—Operational Recovery1:56 90 Recovery Partners Strategy3:44
- 8.991 Backup Sites1:51 92 Backup Sites (contd.)4:6 93 Backup Sites (contd.)2:36 94 Backup Methods2:36 95 Importance of Maintaining Resilient Systems3:35 96 Redundancy and Fault Tolerance2:54 97 Redundancy and Fault Tolerance Methods2:13 98 Redundancy and Fault Tolerance Methods (contd.)5:21 99 Best Practices for Backup and Recovery1:55 100 Business Scenario1:43
- 8.10101 Disaster Recovery—Planning Design and Development1:37 102 Planning Design and Development—Step 1 and Step 22:38 103 Planning Design and Development—Step 3 and Step 43:19 104 Disaster Recovery Phases—Implementation, Testing, and Training1:44 105 Importance of Testing1:19 106 Types of Testing2:4 107 Types of Testing (contd.)2:30 108 Types of Testing (contd.)2:54 109 Training3:57 110 Disaster Recovery Phases—Maintenance3:49
- 8.11111 Disaster Recovery Phases—Maintenance (contd.)1:26 112 Business Scenario2:4 113 Perimeter Security2:32 114 Barriers1:37 115 Fences2:14 116 Gates2:40 117 Walls and Bollards2:13 118 Perimeter Intrusion Detection5:26 119 Business Scenario1:42 120 Importance of Lighting2:12
- 8.12121 Types of Lighting Systems2:20 122 Types of Lights2:21 123 Access Control2:41 124 Types of Access Control Systems7:33 125 Business Scenario1:42 126 Building and Inside Security9:5 127 Personnel Security2:28 128 Business Scenario1:50 129 Quiz0:0 130 Summary1:0 131 Conclusion1:6
- Domain 08 – Software Development Security222:509
- 9.01 Domain 08 – Software Development Security1:15 2 Objectives1:25 3 Importance of Software Development Security1:51 4 System Environments2:9 5 Distributed Environment1:11 6 Client/Server Systems and Local Environment1:35 7 Distributed Data Processing and Agents1:45 8 Applets1:42 9 Programming Concepts2:22 8.010 Compiler Vs Interpreter2:39
- 9.111 Programming and Software2:40 12 Threats in the Software Environment2:15 13 Threats in the Software Environment (contd.)3:11 14 Threats in the Software Environment (contd.)2:7 15 Threats in the Software Environment (contd.)2:3 16 Threats in the Software Environment (contd.)1:49 17 Threats in the Software Environment (contd.)1:46 18 Business Scenario2:12 19 System Life Cycle and Systems Development3:35 20 Systems Development Life Cycle3:31
- 9.221 SDLC—Operation and Maintenance1:42 22 Integrated Product Team (IPT)1:42 23 DevOps1:39 24 Software Testing Methods4:18 25 Software Testing Levels1:43 26 Application Controls1:35 27 Software Development Methods2:9 28 Software Development Methods (contd.)2:9 29 Software Development Methods (contd.)1:53 30 Software Development Methods (contd.)1:54
- 9.331 Software Development Methods (contd.)2:32 32 Java Security1:57 33 Secure Software Development Best Practices1:47 34 Business Scenario2:5 35 Object-Oriented Programming Terms2:1 36 Object – Oriented Programming Terms (contd.)1:34 37 Object-Oriented Programming—Definition2:23 38 Distributed Object-Oriented Systems2:47 39 Object Request Brokers1:49 40 COM—Component Object Model1:28
- 9.441 DCOM—Distributed Component Object Model1:38 42 CORBA—Common Object Request Broker Architecture1:58 43 Software Security and Assurance2:18 44 Software Security and Assurance (contd.)1:43 45 Software Security and Assurance (contd.)1:53 46 Software Security and Assurance (contd.)1:42 47 Software Security and Assurance (contd.)1:41 48 Software Security and Assurance (contd.)1:50 49 Software Security and Assurance (contd.)1:40 50 Software Security and Assurance (contd.)1:55
- 9.551 Software Security and Assurance (contd.)1:40 52 Software Security and Assurance (contd.)1:36 53 Software Security and Assurance (contd.)1:56 54 Software Security and Assurance (contd.)1:54 55 Software Security and Assurance (contd.)1:35 56 Software Security: XML and Security Assertion Markup Language2:23 57 Software Security: SOA3:15 58 Audit and Assurance Mechanisms3:24 59 Assessing the Effectiveness of Software Security1:51 60 Assessing the Effectiveness of Software Security (contd.)1:51
- 9.661 Assessing the Security Impact of Acquired Software2:15 62 Code Repositories and Application Programming Interfaces2:4 63 Business Scenario1:47 64 Database and Data Warehousing Environments2:25 65 Database Terms2:9 66 Types of Databases1:27 67 Types of Databases (contd.)1:27 68 Types of Databases (contd.)1:41 69 Types of Databases (contd.)1:29 70 Types of Databases (contd.)1:43
- 9.771 Database—Threats and Vulnerabilities5:40 72 Introduction to Data Warehousing2:4 73 Data Warehousing Concepts2:57 74 Database Normalization2:17 75 DBMS Controls5:26 76 Business Scenario1:39 77 Malwares—Types5:56 78 Malware Protection2:31 79 Business Scenario1:35 80 Importance and Role of Knowledge Management2:3
- 9.881 Knowledge-Based System/Artificial Intelligence1:33 82 Knowledge-Based System—Expert System2:22 83 Knowledge-Based System—Neural Network2:33 84 Web Application Environment—Threats and Vulnerabilities2:35 85 Web Application Environment Security2:3 86 Web Application Environment Security (contd.)2:14 87 Web Application Environment Security (contd.)1:34 88 Web Application Environment Security (contd.)1:45 89 The Ten Best Practices for Secure Software Development—(ISC)27:28 90 Quiz0:0 91 Summary2:7 92 Conclusion
121 Hashing Algorithms (contd.)2:41 122 Salting1:34 123 Message Authentication Code (MAC)2:50 124 Digital Signatures2:15 125 Key Management2:30 126 Key Management Principles2:50 127 Escrowed Encryption3:44 128 Business Scenario1:58 129 Need for Physical and Environmental Security2:50 130 Business Scenario2:2
Prev
141 Environmental Controls (Contd.)2:5 142 Fire Detection and Suppression1:44 143 Power Supply3:3 144 Power Supply (contd.)1:57 145 HVAC1:43 146 Training and Awareness1:23 147 Business Scenario1:0 148 Quiz0:0 149 Summary1:48 150 Conclusion1:7
Next