CISSP Central

CISSP Central

por Krishnakumar Mahadevan
Temporada 1
Introduction to CISSP 2024
This is just an introduction episode of CISSP Central podcast, and this entire podcast series is based on a published book named C(R)ISSP: The most concise handbook for CISSP 2024, written by myself, which can be purchased directly from Amazon.
CISSP Domain1 Section 1 and Section 2
1.1 Understand, adhere to, and promote professional ethics 1.1.1 (ISC)2 Code of Professional Ethics 1.1.2 Organizational code of ethics 1.2 Understand and apply security concepts 1.2.1 Confidentiality, Integrity, Availability, Authenticity, and Non-repudiation
CISSP Domain1 Section 3
1.3 Evaluate, apply, and sustain security governance principles. 1.3.1 Alignment of the security function to business strategy 1.3.2 Organizational processes (e.g., acquisitions, divestitures, etc.,) 1.3.3 Organizational roles and responsibilities 1.3.4 Security Control Frameworks 1.3.5 Due Care and Due Diligence
CISSP Domain1 Section 4
1.4 Understanding of Info Security legal and regulatory problems 1.4.1 Cybercrimes and data breaches 1.4.2 Licensing and intellectual property requirements 1.4.3 Import/export controls 1.4.4 Transborder data flow. 1.4.5 Issues Related to Privacy 1.4.6 Contractual, Legal, Industry Standards, & Regulatory Requirements
CISSP Domain1 Section 5, 6 and 7
1.5 Understand requirements for investigation types 1.6 Develop, document, & implement security policy, standards, procedures, & guidelines 1.6.1 Security Policies 7 1.6.2 Standards, Procedures Baselines, and Guidelines 1.7 Identify, analyze, and prioritize Business Continuity (BC) requirements 1.7.1 Business Impact Analysis 1.7.2 External Dependencies
CISSP Domain1 Section 8
1.8 Contribute to and enforce personnel security policies and procedures 1.8.1 Candidate Screening and Hiring 1.8.2 Employment agreements and policy driven requirements 1.8.3 Onboarding, transfers, and termination processes 1.8.4 Vendor, consultant, and contractor agreements and controls
CISSP Domain1 Section 9
1.9 Understand and apply risk management concepts 1.9.1 Threat and Vulnerability Identification 1.9.2 Risk Analysis, assessment, and scope 1.9.3 Risk response and treatment 1.9.4 Applicable Types of Controls 1.9.5 Control Assessments 1.9.6 Continuous monitoring and measurement 1.9.7 Reporting (e.g., Internal, External) 1.9.8 Continuous improvement (e.g., risk maturity modeling) 1.9.9 Risk Frameworks
CISSP Domain1 Section 10
1.10 Understand & apply threat modelling & Methodologies 1.10.1 STRIDE Model 1.10.2 PASTA Model 1.10.3 DREAD Model
CISSP Domain1 Section 11 and 12
1.11 Apply supply chain risk management (SCRM) concepts 1.11.1 Risks associated with the acquisition of products and services from suppliers and providers 1.11.2 Risk mitigations 1.12 Establish and maintain a security awareness, education, and Training program 1.12.1 Methods & techniques to increase awareness and training 1.12.2 Periodic content reviews to include emerging technologies and trends 1.12.3 Program effectiveness evaluation
CISSP Domain2 Intro and Section 1
2.0 DOMAIN 2: ASSET SECURITY 2.1 Identify and classify information and assets 2.1.1 Data Classification 2.1.2 Asset Classification 2.1.3 Other key concepts of Asset Security
1 de 5