Certified Information Systems Security Professional (CISSP) is an internationally recognized security qualification. Success in this respected exam opens the door to your dream job as a security expert as well as an eye catching salary. But passing the final exam is challenging. Every year a lot of candidates do not prepare sufficiently for the examination, and fail at the final stage. This happens when they cover everything but do not revise properly and hence lack in confidence.Introduction
This chapter introduces the organization of the guide, expectations, and the approach adopted.
Day 1: Information Security and Risk Management Part 1
This chapter covers various concepts that are related to "Security Management Practices; Control Environment and Asset Classification and Controls".
Day 2: Information Security and Risk Management Part 2
The important requirements of "security awareness and training" and "Risk Assessment and Management" are discussed in this chapter.
Day 3: Physical (Environmental) Security Part 1
This chapter deals with the threats, vulnerabilities and countermeasures for physical security and physical security design that includes perimeter and interior security.
Day 4: Physical (Environmental) Security Part 2
This chapter addresses the concepts in Operations / Facility Security and Protecting and Securing equipment.
Day 5: Access Control Part 1
Access Control-related concepts, methodologies and techniques; Authentication; and Access-related attacks and countermeasures are covered in this chapter.
Day 6: Access Control Part 2
Vulnerability Assessment and Penetration Testing-related concepts are covered in this chapter.
Day 7: Cryptography Part 1
In this chapter, various concepts related to cryptography such as methods and types of encryption as well as application and the use of cryptography are covered.
Day 8: Cryptography Part 2
In this chapter, core concepts in Public Key Infrastructure, Key management techniques, methods of cryptanalytic attacks as well as various Cryptographic Standards are covered.
Day 9: Operations Security Part 1
Various concepts in the areas of Operations Procedures and Responsibilities, Incident Management, and Reporting are covered in this chapter.
Day 10: Operations Security Part 2
Control environment related to operations security as well as evaluation criteria such as TCSEC are covered in this chapter.
Day 11: Application Security Part 1
This chapter covers Systems Engineering concepts and Software Development Life Cycle models.
Day 12: Application Security Part 2
IT systems, Threats and Vulnerabilities of application systems, and Application Control concepts are covered in this chapter
Day 13: Telecommunications and Network Security Part 1
This chapter covers various concepts in network architecture, Open System Interconnect (OSI) and TCP/IP models; various protocols in the TCP/IP model related to the application and transport layers; and threats, vulnerabilities, attacks and countermeasures for TCP/IP protocols and services.
Day 14: Telecommunications and Network Security Part 2
This chapter covers different protocols that are in the network/internet layer, data link layer and physical layer in the TCP/IP model, some of the threats and vulnerabilities that are prevalent to such protocols and common attacks and possible countermeasures.
Day 15: Security Architecture and Design Part 1
This chapter covers concepts in Computer Architecture, Trusted Computing Base, and Protection Domain and its related mechanisms.
Day 16: Security Architecture and Design Part 2
This chapter addresses the concepts in Assurance-related standards, various Certification and Accreditation schemes and various Computer Security models.
Day 17: Business Continuity and Disaster Recovery Planning Part 1
Various concepts in the Business Continuity Planning domain, its Goals and objectives as well as the concepts in Business Impact Analysis are covered in this chapter.
Day 18: Business Continuity and Disaster Recovery Planning Part 2
This chapter covers the Disaster Recovery Planning process, various Backup concepts, and the process of Resuming Business from alternative sites.
Day 19: Legal, Regulations, Compliance and Investigations Part 1
Various Computer Crimes, Cyber Crimes as well as different types of Attacks are covered in this chapter.
Day 20: Legal, Regulations, Compliance, and Investigations Part 2
This chapter covers various Information Systems-related laws and regulations across the world; concepts related to Computer Investigations and Ethical Usage of information systems as prescribed by international bodies including (ISC)2.
Day 21: Mock Test Paper
This chapter contains a full-blown mock test paper containing a total of 250 questions from all the 10 domains.
References
This chapter provides various references and books that are relevant to CISSP exam preparation.
http://hotfile.com/dl/62613253/a7eed06/CISSP_in_21_Days.pdf.html
http://shareflare.net/download/73442.73631dbfd1298fae20f731c52b1fa5065/CISSP_in_21_Days.pdf.html
