Overview:

The Certified Information Systems Security Professional (CISSP Training) is the most globally recognized certification in the information security market. CISSP validates an information security professional’s deep technical and managerial knowledge and experience to effectively design, engineer, and manage the overall security posture of an organization.  

Outlines:

• Security and Risk Management 

Two Key Elements: Assessment and Mitigation

The practice of security risk management (SRM) begins with a thorough and well-thought-out risk assessment. Why? Because we cannot begin to answer questions until we know what the questions are—or solve problems until we know what the problems are. A good assessment process naturally leads directly into a risk mitigation strategy. These two key elements will be discussed further in this chapter and are mentioned at various points throughout this book with respect to specific protection applications.

• Asset Security

In information security, computer security and network security, an asset is any data, device, or other component of the environment that supports information-related activities. Assets generally include hardware (e.g. servers and switches), software (e.g. mission critical applications and support systems) and confidential information. Assets should be protected from illicit access, use, disclosure, alteration, destruction, and/or theft, resulting in loss to the organization.

• Security Architecture and Engineering

• Communication and Network Security

Network security covers a variety of computer networks, both public and private, that are used in everyday jobs; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

• Identity and Access Management (IAM)

Identity and access management (IAM) in enterprise IT is about defining and managing the roles and access privileges of individual network users and the circumstances in which users are granted (or denied) those privileges. Those users might be customers (customer identity management) or employees (employee identity management. The core objective of IAM systems is one digital identity per individual. Once that digital identity has been established, it must be maintained, modified and monitored throughout each user’s “access lifecycle.”

• Security Assessment and Testing

This process determines how effectively an entity being assessed meets specific security objectives. It is not meant to take the place of implementing security controls themselves

• Security Operations

Security operations are those practices and teams that are devoted to preventing, detecting, assessing, monitoring, and responding to cybersecurity threats and incidents.