CISSP: Certified Information Systems Security Professional (2024)
Overview
This course is designed to prepare IT professionals for the CISSP certification exam and expand their knowledge and understanding of information security concepts and practices. You'll delve into essential domains including Security and Risk Management, Asset Security, Security Architecture, and Engineering, among others. Whether you're understanding secure communication channels, exploring identity management systems, or getting insights into secure software development, this course aligns with the latest CISSP curriculum to ensure you get the knowledge you need, not just to pass the exam, but also to excel in your career.
CISSP: Certified Information Systems Security Professional (2024) Overview
This course is designed to prepare IT professionals for the CISSP certification exam and expand their knowledge and understanding of information security concepts and practices. You'll delve into essential domains including Security and Risk Management, Asset Security, Security Architecture, and Engineering, among others. Whether you're understanding secure communication channels, exploring identity management systems, or getting insights into secure software development, this course aligns with the latest CISSP curriculum to ensure you get the knowledge you need, not just to pass the exam, but also to excel in your career.
WEBVTT
(Music) to be jumping into
this course with you. We're
going to be having a discussion
about CISSP. And this is a very
big course, Robin. What are
some of the things that we need
to talk about before we even
launch into the topics? So
you need to keep in mind
that the CISSP exam is geared
toward a management level
certification. It is not a
practitioner level
certification. And as such,
it covers a wide range of
topics. I tell people that the
CISSP topics wise is about a
mile long, but it only goes
about an inch deep. Because you
are looking at things from a
management level. You're not
the practitioner that has to go
and do all the security
controls and configure
everything. You're the manager
that has to make the decision
of what you're going to do.
And then you give the IT
department folks their marching
orders so they can do their
jobs as well. So that's what
the CISSP exam is all about--
management level
cybersecurity. And this is a
really great starting point to
have our discussion go into a
little bit more depth about the
experience you may need.
So what does that look like?
So the experience that you're
going to need when you're
taking the CISSP exam is they
do require that you have five
years of cumulative experience
in two or more than eight
domains. The eight domains are
your main areas of knowledge
within the exam. And they want
that five years. You're going
to have to actually prove that
you have. It's just more of a,
I worked in this project and I
did this. I worked for this
many years managing these kind
of devices. And it's in two or
more of the domains, five
years. However, just because
you like the experience,
it doesn't mean you have to
totally discount this exam and
say, I can't take the exam.
Because what they do allow you
to do is if you take and pass
the exam, you can do something
called becoming associate of
ISC2. And what happens then is
you get that associate status
and you have a certain amount
of time to get the required
work experience to become a
full fledged CISSP. So it's
like a provisional
certification that you get
until that experience comes
along. So if you're taking this
course, you don't really have
the experience, don't let that
keep you from taking the exam.
Let me tell you a little bit
about the exam. Now, the exam
is what's called a CAT exam.
It's computerized adaptive
testing. What this means is
this
exam has an algorithm built
in it where they try to
minimize the number of
questions that they give you.
And they start with kind of a
lower level difficulty. And as
you get questions right and as
you progress through the exam,
the questions get harder and
harder. And in the background,
this algorithm is learning
about you and determining
whether you've got the
knowledge to pass this exam.
You'll get three hours to take
the exam. You will get between
125 and 150 questions maximum.
25 of those questions generally
are not graded. You are not
going to know which ones are
not graded. They're not marked
in any way. And the reason they
do this is it gives them a
chance to have like a pretest
of questions. Those 25 ungraded
questions don't count toward or
against your score, but it
allows the psychometricians in
the background to determine if
they're really a good question.
If a question has gotten
consistently wrong, it may not
be a good question. But your
questions start at a lower
level and progress and get
higher. And at some point,
you'll quit getting and you'll
either get your pass or your
fail. The format of the
questions is you will see
mostly multiple-choice
questions, but there are what
they call advanced innovative
items. These are things like
matching questions where you're
matching terms and definitions
are matching wireless
deployments and their speeds,
stuff like that. There's also a
listing question where you're
putting things, steps in an
order. You can see things like
a hotspot question where you're
given a graphic and you've got
to click on a particular
component in that graphic.
And there's also, in some
cases, you might have some
other items that are more
lab-like. The passing grade for
this exam is 700 out of 1,000.
And remember, with the computer
adaptive testing, with that
three-hour time limit, if you
get up, the timer does not
stop. In other words, if you
need to take a break and go get
a drink, whatever, you can do
so, but the timer does not
stop. Now, finally, I want to
discuss the examination domains
and the weightings they're
given. As I mentioned in an
earlier thing, you need to get
that. You need to have
experience in two of the eight
domains. Well, here's the eight
domains. As you can see,
the eight domains have various
weightings. Some of them are as
high as 16%. Some of them are
as low as 10%. And that just
basically explains to you or
shows you the weighting given
to those domains. Now,
something that I do suggest to
folks is if they have a domain
they feel pretty good about,
still go through the learning
material, but maybe you don't
spend as much of a focus as you
would on those domains that you
know. If you look at this and
you go, "Whoo!" You know,
that software development
security, I am not a developer,
and I'm going to really have to
do a deep dive into that.
Well, spend a little bit more
time on that. Give yourself a
preparation plan,
but when you're planning, go
ahead and book your examination
date, because it's so easy.
If we don't set that goal of,
"This is the day I want to go
take it," we keep putting it
off, and we keep putting it
off. You can, by the way,
if you set the date, you can
move it as long as you move it
within a certain time limit.
But if you don't set the date,
it's so easy to just keep
pushing that certification
attempt down the road. Guys,
this exam is not hard,
but you do have to have a
certain level of knowledge.
And you can do it. Go through
this course. And like I said,
on those topics that you don't
really know, go circle back.
Do a deeper dive if you need
to. Look at our notes. It's not
just about that personality on
screen
and the
information they're
imparting. They've also given
you some notes. And there's
also going to be references
that you can go out to.
Speaking of references,
Lauren, I'm in the video
world now, but prior to
stepping over into the video
world, I have always been a
writer. For 20 years now, I've
written
IT certification topics
as far as prep materials.
Well, about a decade ago,
I started writing books.
And my first foray into writing
books was writing a cert-- was
writing a cert guide on the
CISSP exam. Now, I started this
a decade ago. And currently,
the published edition is the
fourth edition. And that,
if you go to Pearson.com and
you type in my name, Robin
Abernathy, you'll see the
fourth edition of this book
available. Now, we are
currently writing and revising
the fifth edition. So the fifth
edition is written to the
latest objectives, the 2024
objectives. So it should be
released soon. But right now,
the fourth edition-- now,
I will tell you this. There's
not a huge difference between
the fourth edition and the
fifth edition. With the fourth
edition, to go into the fifth
edition, there was one domain,
the communication and network
security domain, domain four.
It had a pretty heavy edit.
But all of the other domains
were just minor little tweaks
they did. So the fourth edition
isn't out of date. It's just
going to have a few things that
might be missing from there.
So I'm not saying you can't get
the fourth edition. But if you
can delay taking that
certification exam and wait for
that fifth edition to come out,
that's what I'd suggest.
So there you have it, the CISSP
exam. It's a great exam to get.
The Department of Defense
recognizes it as part of their
8570.1 initiative as a
management level cert. So
Lauren, it's a lot.
It's a lot. But it's-- A
mile long and inch deep.
And inch deep. OK, so Robin and
I will be-- some of the faces
that you see, but you'll get a
chance to see a lot of
edutainers taking apart each of
the domains and helping you
learn along the way. You will
see another host, like myself
named Sophie, who will be your
learner advocate. And remember,
there are so many resources put
together by the edutainers that
have notes and check out
Robin's book and some-- maybe
some links that you can check
out as well. So Robin, I'm
ready to get started if you
(Music)
Learning Style
On Demand
Includes
Practice Test
Length of course
39h 39m
159 Episodes
Here are the topics we'll cover
- Course Overview
- Security Risk and Management
- Asset Security
- Security Architecture and Engineering
- Communication and Network Security
- Identity and Access Management (IAM)
- Security Assessment Testing
- Security Operations
- Secure Software Development
Learning Options
Options for this course
Train your team
Stay ahead of the curve and future-proof your business with training programs designed for you.
Channel & Reseller
Transform your experience and integrate with our unique evolving library of Audit, Cybersecurity, and Information Technology courses.
Individual learners
Learn at your own pace and get your certification training.