By Sarah Morgan
CISSP is an advanced level certification governed by (ISC)2. It is designed for information security professionals. As a CISSP, you’ll be an expert in developing, guiding, and managing security standards, policies, and procedures within your organisation.
CISSP is divided into 10 areas, also referred to as domains, known collectively as the Common Body of Knowledge (CBK).
Here’s what you’ll be covering in those domains, during your CISSP Bootcamp training:
Access Control
You’ll learn about concepts, methodologies and techniques to protect the assets of your systems against attacks.
Telecommunications & Network Security
This domain focuses on network structures, its components and methods to keep them safe. It also covers transport methods, communication channels and network security measures.
Information Security Governance & Risk Management
In this domain, you’ll learn how identify your organisation’s information assets. In addition, you’ll gain understanding of the development, documentation and implementation of policies, procedures and standards regarding:
- Security governance and policy
- Information classification and ownership
- Contractual agreements and procurement processes
- Risk management concepts
- Personnel security
- Security education, training and awareness
- Certification and accreditation
Software Development Security
It teaches you about the controls that are included within systems and applications software, and the steps used in their development.
Cryptography
The Cryptography domain teaches you about encryption concepts, cryptanalytic attacks, as well as other principles, means and methods of disguising information.
Security Architecture & Design
This domain contains the concepts, structures, principles and standards used to design, implement, monitor, and secure, operating systems, equipment, applications and networks.
Security Operations
You’ll learn about controls over hardware, media and the operators with access privileges to:
- Resource protection
- Incident response
- Attack prevention and response
- Patch and vulnerability management
Business Continuity & Disaster Recovery Planning
If the worst happens to your organisation, you’ll need to react quickly, in order to recover as quickly as possible. In this domain, you’ll learn about recovery strategies, business impact analysis and disaster recovery processes.
Legal, Regulations, Investigations and Compliance
This domain addresses computer crime laws and regulations; the investigative measures and techniques which can be used to determine if a crime has been committed and methods to gather evidence.
Physical (Environmental) Security
The last domain covers threats and vulnerabilities, and provides preventive measures, that can be used to physically protect an enterprise’s sensitive information. You’ll learn about:
- Site/facility design considerations
- Perimeter security
- Internal security
- Facilities security
About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.
ليست هناك تعليقات:
إرسال تعليق