Paths

CISSP® (Certified Information Systems Security Professional)

Author: Kevin Henry

This series provides the foundational knowledge needed to effectively design, engineer, manage and lead the security posture of an organization. This series can be used to prepare... Read more

CISSP® (Certified Information Systems Security Professional)

This series provides the foundational knowledge needed to effectively design, engineer, manage and lead the security posture of an organization. This series can be used to prepare for the (ISC)²® CISSP® (Certified Information Systems Security Professional) examination, with coverage of the CISSP Certification Exam Outline effective April 2018.

Preparing for an (ISC)2® Certification Exam

by Kevin Henry

Mar 31, 2018 / 17m

17m

Start Course
Description

Preparing for an (ISC)2® examination can be difficult and stressful. In this course, Preparing for an (ISC)2® Certification Examination, you will learn how to set yourself up for success, prior to taking the exam. First, you will delve into the test-taking process. Next, you will discover some helpful tips and tricks to pass the exam. Last, you will learn how to develop a study plan. When you are finished with this course, you will have the skills and knowledge needed to be prepared for an (ISC)2 exam.

Table of contents
  1. Course Overview1m
  2. The (ISC)2® Exam Format12m
  3. How to Prepare for an (ISC)2® Examination 3m

Security Management

by Kevin Henry

Apr 13, 2018 / 1h 29m

1h 29m

Start Course
Description

As a Security Manager you play a critical role in setting up an effective security program that will protect the assets of the organization in a cost-effective way. In this course ,Security Management, you will first learn the process of working with management to develop a security strategy and a budget. Next, you'll learn how to promote an understanding of security concepts and responsibilities. Finally, you will gain an understanding on the management functions of being a security leader and meeting the requirements of compliance, governance and development of policies and security procedures. By the end of this course, you'll be knowledgeable in the goals and aims of information protection, management and responsibility.

Table of contents
  1. Course Overview1m
  2. Understanding Security Concepts30m
  3. The Principles of Security Governance20m
  4. Security Roles and Responsibilities19m
  5. Security Policies18m

Information Classification

by Kevin Henry

Apr 25, 2018 / 1h 39m

1h 39m

Start Course
Description

Security professionals need to know how to comply with laws and standards in information protection. In this course, Information Classification, you will learn foundational knowledge of asset protection and gain the ability to identify assets and provide them with adequate protection. First, you will learn about information classification and ownership. Next, you will discover the legal aspects of intellectual property protection. Finally, you will explore how to manage all of the assets of the organization. When you’re finished with this course, you will have the skills and knowledge of information security needed to be an effective manager and practitioner in information management.

Table of contents
  1. Course Overview1m
  2. Information Ownership15m
  3. Data Retention and Deletion28m
  4. Protection of Intellectual Property23m
  5. Security Concerns During Divestitures and Acquisitions16m
  6. Asset Management14m

Personnel Security

by Kevin Henry

Apr 13, 2018 / 1h 19m

1h 19m

Start Course
Description

As a Security Professional you will have to work with people both within and outside of the organization. In this course, Personnel Security, you will first learn how to build a security team and assign roles and responsibilities. You will then gain an understanding on importance of employee management procedures and training and the way to communicate security concepts effectively. Finally, you will learn the role of ethics in the organization and how it involves the security department. By the end of this course, you'll be knowledgeable in the area of personnel security and making people a part of your information protection strategy.

Table of contents
  1. Course Overview1m
  2. The People Problem42m
  3. Disciplinary Action and Termination28m
  4. Ethics and Culture7m

Risk Assessment and Management

by Kevin Henry

May 24, 2018 / 2h 33m

2h 33m

Start Course
Description

Security Professionals rely on risk management to justify and develop an Information Security program. In this course, Risk Assessment and Management, you will learn comprehensive knowledge of risk management and the theories, concepts, and practices of threat modeling and enterprise risk management. First, you will learn about establishing the context for risk management. Next, you will compare the various methods of risk assessment. Finally, you will examine the options for risk response and monitoring. When you’re finished with this course, you will have the skills and knowledge of information security needed to be an effective manager and practitioner in information and risk management.

Table of contents
  1. Course Overview1m
  2. Risk Frameworks - ISO27005, 31000, NIST, HTRA45m
  3. Framing Risk10m
  4. Assessing Risk44m
  5. Mitigating Risk30m
  6. Monitoring Risk19m

Security Controls and Control Frameworks

by Kevin Henry

Jun 7, 2018 / 59m

59m

Start Course
Description

It can be challenging to evaluate and select the best controls for an organization. Through this course, Security Controls and Control Frameworks, you will gain an understanding of the risk associated with the development of a security control framework, and how to address it. You will first learn the various types of controls and the factors used in establishing an effective security infrastructure. Next, you will examine the strengths of various types of controls including managerial, technical, and environmental controls that can be deployed to prevent and react to security incidents. Finally, you will examine how to test and evaluate the effectiveness of controls in relation to risk and compliance. When you're finished with this course, you will have the skills and knowledge needed to be an effective contributor to the design of secure information systems and business processes.

Table of contents
  1. Course Overview1m
  2. Types of Controls27m
  3. Control Selection Criteria30m

Investigations and Incident Management

by Kevin Henry

Jun 13, 2018 / 1h 3m

1h 3m

Start Course
Description

The use of risk management and control frameworks should help an organization to avoid and reduce the impact of incidents, but despite all of that, the information security professional must be ready when something goes wrong. In this course, Investigations and Incident Management, you will learn how to handle an incident with expertise and skill. First, you will touch on how to prepare for incident management. Then you will see how to detect, correct, and recover from incidents. Finally, you will discover how to conduct and learn from investigations, so that the incident management process can be better prepared for future adverse events. When you're finished with this course, you will have the skills and knowledge needed to handle incidents in a professional and competent manner.

Table of contents
  1. Course Overview1m
  2. Fundamentals of Investigations22m
  3. Introduction to Incident Management13m
  4. Incident Management Process25m

Business Continuity Management

by Kevin Henry

Jun 13, 2018 / 1h 35m

1h 35m

Start Course
Description

Business success depends on being prepared for any incident that could affect business operations. The art and science of Business Continuity Management is essential to handling any problem in a calm and forward-thinking manner. In this course, Business Continuity Management, you will gain understanding of maintaining resilience through incidents of your business operations. First, you will learn how to prepare a business continuity plan. Then, you will learn how to analyze the business to discover important products, services, and critical timelines for recovery. Finally, you will learn how to write, test, and maintain business continuity plans. When you're finished with this course, you will have the skills and knowledge needed to contribute to the development of business continuity and disaster recovery plans.

Table of contents
  1. Course Overview1m
  2. Business Continuity Management Process22m
  3. Business Impact Analysis14m
  4. Create Contingency Strategies20m
  5. Writing Business Continuity Plans17m
  6. Implementing, Testing, and Maintaining Business Continuity Plans19m

Security Architecture

by Kevin Henry

Jun 19, 2018 / 1h 27m

1h 27m

Start Course
Description

Security architecture addresses the problem of disjointed and ineffective security implementations that lead to compromise of data or system or business failure. The design of an integrated and resilient security framework is the goal of this course on Security Architecture. In this course, Security Architecture, you will learn the value of strategic planning and gain the ability to design an enterprise-wide security framework. First, you will learn to secure various network and system architectures. Next, you will discover security frameworks. Finally, you will explore how to design and review a security model. When you’re finished with this course, you will have the skills and knowledge of security architecture needed to design and deploy and enterprise-wide security solution.

Table of contents
  1. Course Overview1m
  2. Architecture Design52m
  3. Architecture Items33m

Security Engineering

by Kevin Henry

Jul 11, 2018 / 53m

53m

Start Course
Description

Security Engineering addresses the problem of inadequate and incomplete security solutions. The configuration of an integrated and resilient security framework is the goal of this course on Security Engineering. In this course, Security Engineering, you will learn the use of security models and gain the ability to develop and deploy a robust security solution tailored for your organization. First, you will learn about the traditional security approaches. Next, you will discover security challenges with modern technology. Finally, you will explore how to manage and operate a security program. When you’re finished with this course, you will have the skills and knowledge of security engineering needed to design and deploy an enterprise-wide security solution.

Table of contents
  1. Course Overview1m
  2. Security Models and Design52m

Cryptography Application

by Kevin Henry

Aug 3, 2018 / 2h 22m

2h 22m

Start Course
Description

Cryptography is all about logic and process - understanding the terminology, the process flow, and the strengths and weaknesses of the various cryptographic algorithms. Through this course, Cryptography Application, you will learn how cryptography works, how to attack it and how it is used in everyday life. First, you will explore the fascinating world of cryptography and become familiar with each type of algorithm. Next, you will learn how cryptography works in many of the tools we use today. Finally, you will learn how to attack and compromise a crypto system. When you're finished with this course, you will have a comfortable understanding of cryptography and its application.

Table of contents
  1. Course Overview1m
  2. Introduction to Cryptography1h 9m
  3. Cryptography Operations and Uses38m
  4. Cryptanalysis and Attacks33m

Physical Security

by Kevin Henry

Aug 6, 2018 / 1h 19m

1h 19m

Start Course
Description

Physical Security is an area that is relatively unknown to most information security professionals, and yet it is one of the most important elements of an effective and complete information security program. In this course, Physical Security, you will gain an understanding of how a breach in physical security may lead to the breach of information and systems despite the effectiveness of other technical controls. First, you will learn the principles of physical security and how to protect systems and data. Then, you will examine environmental controls and learn the threats to physical security systems. Finally, you will discover how to integrate physical security controls into information security frameworks. By the end of this course, you'll be comfortable with your knowledge of physical and environmental security.

Table of contents
  1. Course Overview1m
  2. Location Security and Defense in Depth17m
  3. Integration of Physical and Information Security33m
  4. Environmental Security26m

Communications and Network Security

by Kevin Henry

Sep 18, 2018 / 2h 59m

2h 59m

Start Course
Description

Network communication is one of the primary areas of risk to most business processes. Networks provide the attack surface used to compromise data and business operations. In this course, Communications and Network Security, you will learn about network and communications models such as OSI and TCP/IP. Next, you'll touch on the area of secure protocols. Finally, you will explore network attacks. When you're finished with this course, you will have a good understanding of network and communications security, protocols, and network encryption needed to help you audit, operate, and manage secure communications.

Table of contents
  1. Course Overview1m
  2. Secure Communications Models1h 4m
  3. Secure Network Communications1h 4m
  4. Network Protocols and Network Security48m

What you will learn

  • The basic concepts of security and risk management and how to apply these concepts effectively within an organization
  • How to identify, classify and protect assets and data
  • How to securely implement and manage engineering processes as well as assess and mitigate common system vulnerabilities
  • How to secure network architectures and their components as well as implement secure communication channels
  • How to implement and monitor identity and access management
  • How to design, perform and analyze security assessments and testing
  • How to conduct logging and monitoring, incident management and recovery according to security operations best practices
  • How to integrate security into the software development lifecycle and apply secure coding standards

Pre-requisites

(ISC)²® requires CISSP® candidates have at least five years of cumulative, paid, full-time work experience in at least two of the (ISC)²® CISSP® Common Body of Knowledge domains. It is recommended that viewers have a firm understanding of the basic concepts of information security before embarking on these courses.

Knowledge is power

A Professional or Enterprise Pluralsight account is required to access Kaplan®* practice exams. Sign in below or sign up for a free team trial.