1 CISSP Certified - The Easy WayLessons from a Newly Minted CISSP

2 Class Overview 8 domains used to be 10This makes the test more streamlined and I say easier Less questions per domain More “real-world” questions- because the domains overlap, the questions tend to be more real-world ALL the questions, except the Crypto questions, are non-technical – Always remember “how would your CIO answer”

3 Lesson 1 Security and Risk ManagementConfidentiality, integrity, and availability concepts  - Know CIA by Heart Security governance principles – Oversight and ITIL will help you out here Compliance, Legal and Regulatory Issues – SOX and Regulatory Guidelines – There will be “memorization” questions on the test Professional ethics – Know the ISC2 code by heart Security policies, standards, procedures and guidelines – be sure and know how these differ in an organization, what is “suggested” vs. “mandatory”

4 Lesson 2 Asset Security Information and asset classification – Know all the layers of public and government data classification i.e. Confidential, private…etc Ownership (e.g. data owners, system owners) – Quite a few questions on the test concerning “who can change data, who can class it” Protect privacy Appropriate retention – a few questions on data destruction Data security controls – You will see questions regarding shipping and Chain of Custody Handling requirements (e.g. markings, labels, storage)

5 Lesson 3 Security EngineeringEngineering processes using secure design principles Security models, evaluations and capabilities fundamental concepts Security architectures, designs, and solution elements vulnerabilities Web-based systems vulnerabilities – Know sql injection vs