CISSP Topic brief

Ref from https://www.youtube.com/watch?v=i6vKjSa20iw

CISSP Full Training Masterclass In 3 Hours | CISSP Training Video 2021 | CISSP Tutorial |Simplilearn

Year 2020 :
3 Hours , Why what
Exam > Require Domain Overview Sample

Must 5+ Year Exp of Info-sec / Same as Security+ CISA CISM

Management Level and Audit Level

8 Domain :
Software Dev ,Sec Oper , Sec Assess &Test , Iden &Access Mng
, Sec &Risk Mng , Asset Sec , Sec Engineer , Comm &Net Sec

1. Sec & Risk Mng > Policy , compliance law , regulation , ethics ,risk , Th Model

CyberSec (technique network) vs Info Sec (process+tools data/info)

Compliance based / Ad-hoc / risk based

GRC trilogy : Governance + Risk Mnagement + Compliance
> Senior management of Organization
> Support Vision and mission of Company
> All business unit , update regularly, easy to understand

Risk Analyst :
>1 value of assets >2 risk to assess >3 solution to mitigate risk

Domain 2 Asset Security
Data : Classification > Management > Remanence() > Loss Prevention

( about data remenance : https://www.youtube.com/watch?v=5OmDYfjcUt0 and https://www.youtube.com/watch?v=FctBPX4IHA8 )
> What is a degausser? : https://www.youtube.com/watch?v=Eb5dkKxhbLE
> HD-2 Hard Drive and Tape Degausser https://www.youtube.com/watch?v=WI0Hdj6lZD4
>V92 Compacte, hoogenergetische media degausser: https://www.youtube.com/watch?v=fwYx23GoDKg
Prevent Data Remenance : Wipe , deguasser , Overwrite Data ,
> DOD = Department of Defence

Domain 3 : Security Engineering
> architecture, models , cryptography , physical
> TCB =Trusted computing base
> Perimeter ,reference models

Domain 4 : Communacation and Network Security
> Network Structure , Transmission method , security messures > CIA Triad
> OSI Model , PH.DL.NW,TR,SS.PR.AP
> DL : format of data , NW: Logical Addressing
>> , TR: End2End Connection/Protocol , SS: Session ,AP : Comp + Human Inteactive
> Firewall , IDS (worm,virus)

Domain 5: Identity and Access Management
> iden mng , kerberos , access criteria
> authen protocol , symetric -key cryptography
> level of trust , job roles , location , time

Domain 6 : Sec Assessment and Testing
> audit , sec con assess , testing rep
> evaluate analyst evidence , identify risk at this point
> prioritising vulner..
> check data flow
> disaster , incident mng , perimeter sec , monitor , logging , change mng
> investigate , comp crime , forensic , recover , incident resp plan

Domain 7 : Software Dev Sec
> Software Dev lifecycle
> API , malware spyware adware , social engi attack
> API -> REST SOAP
> adware , come with 3rd party > advice tern on popup blocker
> adware : advertising ( not dangerous ) , change browser home base , annoy
> Social Engineering Attack : manipulate people . give confidential info , tricking human mind .
>> Phishing , Spear Phishing (group), Whaling (hight )>>>> with Email
> SQL Injection : Web to Database