(ISC)2 CISSP

This learning path is designed to train and prepare you for the Certified Information Systems Security Professional (CISSP) certification exam, the premier security certification created and administered by the International Systems Security Certification Consortium (ISC)². The courses within the learning path cover the objectives of the exam as defined in the (ISC)² common body of knowledge (CBK). CISSPs are expected to have a broad range of skills across security policy development and management, as well as a technical understanding of a wide range of security controls across all disciplines within IT security. Our learning path provides you with a quick and proven method for mastering this huge range of knowledge.

Course

WAN & Remote Access Security

33 minutes

When it comes to wireless networks and remote access security, there are several threats you need to be on the lookout for. Bluesnarfing, Man-in-the-Middle attacks and the dangers of obsolete protocols are just a few. In this five-video course, the student will review WAN and remote access security: wireless networks, mobile systems, WAN technologies, remote access and secure communication protocols. This course also includes diagrams, vocabulary, definitions, protocol lists and examples.

Course

Secure Software Development

43 minutes

They say an ounce of prevention is worth a pound of cure, and that’s what this course is about. Nine videos cover secure software development: from change control and software testing to software environment security, object-oriented programming, distributed computing, mobile code, malware and more, this course explores the details of ensuring that software development has security baked in right from the get-go. Take a closer look at software testing types, sample change control procedures and definitions of terms such as polyinstantiation and polymorphism.

Course

Secure Software Design

25 minutes

Four videos cover the ins and outs of secure software design. Beginning with an introductory module on secure software design, we move on to secure system development life cycle (SDLC), software development models and maturity models. Take a closer look at the waterfall method, the spiral model, the agile software development method and more.

Course

Disaster Recovery

36 minutes

When trouble strikes, your preparations could mean the difference between disaster and a bump in the road. Review disaster recovery with six videos: Recovery Strategy, Recovery Process, Disaster Recovery Plan Testing, RAID (Redundant Array of Inexpensive Disks), Backups and Network Redundancy. Explore the development process for a disaster recovery strategy, look at the different models of disaster recovery plans and fallback sites, and compare Mean Time Between Failure (MTBF) and Mean Time to Repair (MTTR). Remember: “Nine-tenths of wisdom is being wise in time.”

Course

Business Continuity Planning

19 minutes

It’s an old saying: hope for the best, plan for the worst. Business continuity planning means planning for the worst. Three modules take the student through the details of making sure your company continues operations: creating incident response plans and contingency plans, conducting a Business Impact Analysis (BIA), the National Institute of Standards and Technology’s Seven Steps to Continuity Planning and more. Learn the stages of incident management, the key metrics developed in a BIA and the ins-and-outs of recovery plans.

Course

Preventative & Detective Measures

39 minutes

Seven videos reintroduce the student to the details of preventative and detective measures on a system. Beginning with log management, the course covers egress monitoring, configuration management, operations concepts, trusted recovery and patch management. Includes vocabulary and definitions, best practices and more.

Course

Computer Crime Investigations

32 minutes

“You’ve got no evidence!” criminals like to say. Actually, we do. This four-video course covers the fundamentals of computer crime investigations, from the types of crime to the investigation process, forensics and proper handling of evidence. Chain of custody, forensic timeline, computer crime categories and more will remind the student of the ins and outs of investigating crimes in the world of computers.

Course

Database Security

20 minutes

Twenty minutes is all you need to brush up on your database security. This brisk five-video course covers database architectures, database terminology, data mining, transaction management and database attacks. Includes details such as terminology, key types, database models, diagrams and more.

Course

Security Assessment

20 minutes

This course looks at three important parts of security assessment: goals, control testing and collecting, analyzing and reporting security data. In four videos, students will be introduced to the ins and outs of penetration testing: testing a system from an attacker’s point of view, monitoring a system’s vulnerabilities, planning for and performing a test, the Rules of Engagement when attacking a client’s system, the nitty-gritty of security auditing and more. Every system has a weakness, and sometimes, it’s your job to find it before your enemies do.

Course

Access Control Fundamentals

1 hour, 37 minutes

Twenty-two videos cover everything you want to know about access control fundamentals. Beginning with access control basics (definitions and subject-object relationships), we move on to access control categories, authentication, account management, Single Sign-On (SSO) and Kerberos, the three forms of user authentication and the arguable fourth form, remote authentication services and much more. This is a complex subject, but our Access Control Fundamentals course dives deep and dredges up the answers for you.

Course

Distributed System & Virtualized Networks

20 minutes

Take a closer look at distributed systems and virtualized networks with this four-video course. Beginning with Virtual Private Networks (VPNs) and Virtualized Local Area Networks (VLANs), the student will be introduced to the fundamentals of distributed and cloud computing, virtualization and virtualized networks. Why is virtualization a good choice, and what are its weaknesses? What’s the difference between Infrastructure-as-a-Service and Platform-as-a-Service? Includes definitions and diagrams.

Course

Secure Network Design

26 minutes

Securing a network is a lot like securing a building: there are many possible protection mechanisms, and even more possible ways for the intruder to get in. In this course, six videos take the student through the essentials of secure network design. From firewalls and the so-called demilitarized zone (DMZ) to honeypots, honeytokens and honeynets, endpoint security and the many flavors of authentication protocol, learn to identify the potential chinks in a system’s armor — and how to make them secure.

Course

Security Governance Principles

16 minutes

Two videos introduce you to the basic principles of security governance, beginning with a close look at the CIA (Confidentiality, Integrity and Availability) triad and what it means for a well-designed system. Includes an examination of the DAD (Disclosure, Alternation and Denial) triad, which opposes CIA. We also look at security governance fundamentals and the importance of roles, developing proper organization processes, aligning business objectives with strategies and a wide array of sample security roles and responsibilities.

Course

Network Fundamentals

1 hour, 20 minutes

Review everything you ever needed to know about network fundamentals with this fourteen-video course. Beginning with OSI (Open Systems and Interconnection) protocols and layers, this course explores the TCP/IP model, network devices and security, IP networking, multi-layer protocols, Dynamic Host Configuration Protocol (DHCP), network cabling and topology, signaling types and much more. Take a closer look at switched and permanent virtual circuits, or find out what DORA or POTS stands for. It’s all here!

Course

Data Center Security

21 minutes

Take a closer look at data center security with four videos covering the big picture of data center security, media storage, fire safety and utilities and HVAC (heating, ventilation and air conditioning) systems. Why is prevention the best solution for fire? What’s the difference between a safe, a vault and a container, and why does it matter? Full details on everything you need to know about data center security and protecting your organization’s servers from disaster.

Course

Physical Security

52 minutes

Physical security is any organization’s first line of defense, and understanding it is key. Learn the hows and whys of physical security with eight videos covering facility design and construction, perimeter defenses, internal facilities security, physical intrusion detection, personnel safety and more. Discover the difference between deterrent, detective and preventive controls, and learn about crime prevention through environmental design (CPTED), piggybacking, tailgating, defense-in-depth in physical security and appropriate choices of locks and keys.

Course

System Protection Mechanisms

32 minutes

Well-designed systems will always attempt to protect themselves, but they can’t do it alone. And that’s where you come in. Seven videos introduce the student to the fundamentals of system protection mechanisms, beginning with Trusted Computing Base (TCB) and covering common architecture flaws, Web-based vulnerabilities, covert channels, embedded systems and more. Compare and contrast open and closed systems, look at the five protection rings of a system and even refresh your knowledge of computer components with this course!

Course

Secure Design Principles

39 minutes

Systems engineering applies through the entire process of development, from concept until final disposal. And to keep your system secure, you need to understand the principles of secure design. Nine modules take the student through security models, evaluation models, popular security models (such as Bell-LaPadula, State Machine, Clark & Wilson and more), common criteria and the certification and accreditation process, with quick stops at useful items such as the Rainbow Series and the secure design life cycle. Includes vocabulary, definitions, lattice diagrams and even some notes on obsolete models.

Course

Public Key Infrastructure

21 minutes

What is Diffie-Hellman key exchange? Or quantum key cryptography? This course will answer all of your questions about public key infrastructure. Beginning with in-depth definitions of terms (including Certificate Authority, Registration Authority and Certificate Repository), this course takes a close look at public key infrastructure components, PKI certificates, key management and key exchange. Everything from an explanation of an X.509 digital certificate to the dangers of software-based key storage, all in four videos.

Course

Cryptography Fundamentals

41 minutes

Cryptography is the science of securing information, and in today’s security-obsessed world, cryptography is more important than ever. In eight videos, the student explores the fundamentals of symmetric and asymmetric cryptography, cryptographic attacks, hybrid cryptography, ciphers and more. This course offers vocabulary and definitions, example diagrams, a close look at cryptographic algorithms and everything you ever wanted to know about keys. We also touch on the CIA triad and the use of hashing and digital signatures to ensure confidentiality, integrity and non-repudiation.

Course

Asset Security

39 minutes

Here are two questions everyone will eventually need to ask themselves: What do I have, and where is it? This seven-video course gives the student the tools to answer those questions by taking them through the minutiae of asset security. Beginning with managing sensitive data and basic principles such as need-to-know and definitions of important terms (quality control and assurance, data owner, data custodian and more), we conduct a deeper dive into six key topic areas: data remanence, data at rest, data in transit, data ownership, data security controls and classification.

Course

Security Policies

22 minutes

Organizations know the importance of planning ahead, and that’s what this course is about. A five-video series introduces you to security policies, procedures, standards, baselines and guidelines. Take an in-depth look at personnel security, the most common control frameworks, service-level agreements and the various types of security documents. What’s the difference between a policy and a procedure? Come find out!

Course

Risk Management

49 minutes

It’s nearly impossible to completely eliminate risk, but there are steps you can take to reduce it. This nine-video series on risk management takes a close look at risk management: definitions, tools, notable risk frameworks such as the NIST Risk Management Framework (RMF) and other Special Publications and the process of calculating risk. We also touch on threats and threat agents, the difference between due diligence and due care, and tips and best practices for ensuring that your employees are security-conscious and aware of risks. People are always the weakest link, so take an hour to learn how to strengthen them.

Course

Regulatory Compliance

30 minutes

Information is increasingly subject to legislation, and that means companies have a choice between regulatory compliance or legal trouble. Five videos give the student a look at the nitty-gritty of regulatory compliance, from the laws and regulations that protect data privacy rights (the Health Insurance Portability and Accountability Act, the California Consumer Privacy Act and more) to issues of intellectual property, the challenges of keeping data safe in an international market and the ethical codes an information security professional is expected to follow.