Monday, February 11, 2008

CISSP 10 Domains Overview

Here you can see the main concepts of each domain.

Access Control Systems and Methodology

Mechanisms and methods used to enable administrators and managers to control what subjects can access.
* Identification, Authentication, Authorization, Monitoring.
* Access Control Administration.
* Categories and Controls.
* Control Threats and Measures.
* Dana ownership.
* Attacks to the Access Control.

Telecommunications and Network Security

Protocols and devices security.
* OSI.
* LAN, MAN (metropolitan) and WAN technologies.
* Internet, intranet, extranet.
* VPN's, routers, bridges and repeaters.
* topologies.
* Network Attacks.
* Network Security Concepts and Risks.
* Business Goals and Network Security.

Security Management Practices

Company assets to determine the level of protection required, in order to reducing threats and monetary loss.
* Data classification.
* Policies, procedures, standards and guidelines.
* Risk assessment and management.
* Personal security and awareness.

Applications and Systems Development Security

* Data mining and data warehousing.
* Development practices.
* System storage.
* Malicious code.
* Software Based Controls.
* Software Development Lifecyle and Principles.


Cryptographic technologies, and attacks to the cryptography.
* Basic Concepts and Algorithms.
* Symetric vs Asymetric algorithms.
* Signatures and Certification.
* Cryptanalysis.
* PKI.

Security Architecture and Models

Concepts, Principles and Standards for designing and implementing secure applications.
* SO states, kernel functions and memory mapping.
* Security models.
* TCSSE Trusted Computer Security Evaluations (evaluation criteria)
* Common Criteria and ITSEC
* Common flaws in applications and systems.
* Principles and Benefits
* Trusted Systems and Computing Base.
* System and Enterprise Architecture.

Operations Security

Controls over personnel, hardware, systems, auditing and monitoring.
* Administrative responsibilities to personnel and jobs.
* Maintenance concepts. (AV,FW,auditing)
* Preventive, corrective, and recovery controls.
* Standards.
* Media, Backups and Change Control Management.
* Controls Categories.

Business Continuity Planning and Disaster Recovery Planning

Preservation of business activities when faced with disruptions or disasters.
* Resource identification and value.
* Risk assessment.
* Crisis management.
* Response and Recovery Plans.
* Restoration Activities.
* Plan development, implementation and maintenance.

Laws Investigations and Ethics

* Laws, regulations and crimes.
* Licensing and software privacy.
* Export and import laws and issues.
* Evidence types and admissibility into court.
* Incident handling, and forensics.
* Major Legal Systems
* Common and Civil Law
* Regulations, Laws and Information Security

Physical Security

Threats, risks and contra measures to protect: facilities,hardware,data,media and personnel.
* Restricted areas, authorization methods and controls.
* Sensors and alarms.
* Intrusion detection.
* Fire detection, prevention and suppression.
* Fencing security guards, and security badge types.
* Layered Physical Defense and Entry Points.
* Site Location Principle.


Jerald said...

Wonderful blog & good post.Its really helpful for me, awaiting for more new post. Keep Blogging!

CISSP Certification

Steffi said...

interesting blog. It would be great if you can provide more details about it. Thanks you


Nitesh Kumar said...

I really appreciate information shared above. It’s of great help. If someone want to learn Online (Virtual) instructor lead live training in CISSP, kindly contact us
MaxMunus Offer World Class Virtual Instructor led training on CISSP. We have industry expert trainer. We provide Training Material and Software Support. MaxMunus has successfully conducted 100000+ trainings in India, USA, UK, Australlia, Switzerland, Qatar, Saudi Arabia, Bangladesh, Bahrain and UAE etc.
For Demo Contact us.
Nitesh Kumar
Skype id: nitesh_maxmunus
Ph:(+91) 8553912023

Yakov Leberman said...

This web site is really a walk-via for the entire information you wanted about this and didn’t know who to ask. Glimpse here, and you’ll undoubtedly discover it. casino online