This video series covers all eight domains of the CISSP exam in detail, with an emphasis on high-probability and high-difficulty concepts. The presenter recommends a strategy incorporating multiple learning techniques to help you prepare more quickly and effectively. The video is available free of charge, with a link to additional resources, including FAQs and exam updates.
00:00:00 This video series covers all eight domains of the CISSP exam. The 2022 edition covers these topics in detail, with emphasis on high-probability and high-difficulty concepts. The presenter recommends a strategy incorporating multiple learning techniques to help you prepare more quickly and effectively. The video is available free of charge, with a link to additional resources, including FAQs and exam updates.
00:05:00 The author provides an overview of the concepts of due diligence and do care, which are used together to reduce the liability of a senior management in the event of a loss. He also provides a brief explanation of these concepts in terms of a decision-making process.
00:10:00 The video discusses the importance of learning for the CISSP exam, and how repetition can help memorize information for the long term. The video also discusses the use of spaced repetition, which is a technique for learning material over a period of time.
00:15:00 The author provides a detailed explanation of how to use practice exams from the official study guide to identify which topics you need to focus on in order to prepare for the CISSP exam. He recommends using the chapters in the book to identify which domain you need to focus on, and suggests using quizzes at the end of each chapter to help you focus your learning.
00:20:00 The video introduces the CISSP exam and its associated requirements. It provides an overview of domain one, which covers security risk management, including risk analysis, threat modeling, compliance, legal, regulatory, and privacy considerations. Finally, it reviews the new material included in 2021 in relation to risk management principles and standards.
00:25:00 The video discusses the concepts of data integrity, security policy development, risk management, and the CIA triad, as well as the different types of security plans. It also provides an overview of security planning.
00:30:00 The video discusses the CISSP exam, which includes eight domains. It provides an overview of the three main options for responding to risk, and discusses risk management frameworks. It provides an overview of the preparatory step, the six main steps, and the key points to remember about a risk management framework.
00:35:00 This video discusses the eight domains of the CISSP exam, including risk management. The video explains that risk can be categorized as residual risk, inherent risk, and total risk. It also discusses the role of risk management in a process, noting that human safety is the most important risk to consider. Finally, the video provides a mnemonic device for remembering the seven steps of risk management.
00:40:00 This 1-hour video tutorial covers the steps involved in quantitative risk analysis, which is used to evaluate the effectiveness of a response to risk. The video covers the following topics: inventorying assets, identifying threats, calculating exposure and loss expectancy, and researching countermeasures. The video ends with a discussion of the outputs of the risk analysis process, which will be important for understanding future risk assessment and decision-making.
00:45:00 The video discusses the concepts and formulas used in qualitative risk analysis. It explains how exposure factor and single loss expectancy are used to calculate the likelihood and cost of a particular threat against an asset.
00:50:00 The video discusses the concepts of annualized rate of occurrence, annualized loss expectancy, and safeguard evaluation. It explains how these concepts are used to calculate the value of a safeguard.
00:55:00 This video provides an overview of the different models used to threat model, including asset valuation, attacker goals, and software threats. The video also mentions the Stride model, which was developed by Microsoft.
The video provides an overview of the eight domains covered on the CISSP exam, as well as tips on preparing for the exam. It also discusses changes in the threat landscape and the importance of privacy by design.
01:00:00 The video covers the basics of threat modeling, including transit, asset value, pasta, trike, and cobit. It emphasizes the importance of diagramming potential attacks, as well as meeting stakeholder needs and covering the enterprise end to end. It also mentions the importance of a holistic approach and separating governance from management.
01:05:00 This video overviews the different types of security controls, their purposes, and how to apply them. It also discusses how to reduce the risk of attack.
01:10:00 The CISSP exam covers eight security-related generalities, including cyber crimes, data breaches, licensing and intellectual property, privacy, and import/export controls. Each general area has its own set of laws that a CISSP must be aware of.
01:15:00 The video provides a brief overview of the eight domains covered on the CISSP exam. The most significant laws related to information security are the Computer Fraud and Abuse Act (CFAA) and the Federal Information Security Management Act (Fisma). Other laws that may come up on the exam include the Copyright and Digital Millennium Copyright Act (CDMA), the Intellectual Property Rights (IPR) laws, and the Electronic Communications Privacy Act (ECPA). In addition, the video mentions the Business Continuity Planning (BCP) process and the importance of understanding the steps involved.
01:20:00 The article discusses the different aspects of business continuity planning, including education, security awareness training, and reporting data breaches. The article also discusses the new topics that will be covered on the CISSP exam in 2021, including asset security and data lifecycle management.
01:25:00 The video describes the eight domains of the CISSP exam, as well as the data life cycle and its key elements. It explains that data classification is important, and that data destruction methods can vary depending on the security level of the data. It also discusses data handling, data retention, and data destruction methods.
01:30:00 This video provides a comprehensive overview of the CISSP exam, including discussion of data classification, sensitive data, and data ownership. The video also provides tips on preparing for the exam.
01:35:00 The video covers the topics of CISSP domain three, security architecture and engineering. It discusses the official exam outline, and what is new in domain 3 in the 2021 release of the exam.
01:40:00 This video covers the new concepts and topics covered in the 2021 edition of the CISSP exam. Topics include zero trust security, fail securely, and cryptanalytic attack methods.
01:45:00 The video discusses changes in the threat landscape, and how these changes have led to a shift away from traditional security practices. It goes on to discuss the importance of privacy by design and the principles that should be followed when implementing it. The video also discusses the benefits of using a layered defense approach and the benefits of simplifying security measures.
01:50:00 The video provides tips for maintaining simplicity in designing cyber security strategies, including the principle of "keeping it simple, stupid." The video also discusses security information event management (SEM) and security orchestration (SOAR). SOAR is a centralized alert and response automation solution that uses threat-specific playbooks.
01:55:00 The video discusses CISSP exam topics, including microservices, service oriented architecture, and containerization. It mentions that these topics may appear on the exam in 2021.
This video provides an overview of the CISSP exam, including a discussion of the different security models that will be covered. The video also outlines the importance of cryptography and digital signatures.
02:00:00 The video discusses the topics of high performance computing, cloud computing, and shared responsibility. Cloud service providers (CSPs) are responsible for security aspects of cloud-hosted services, which may shift some security responsibility to the user. In infrastructure as a service (IaaS), the provider is responsible for the underlying hardware and software infrastructure. In platform as a service (PaaS), the provider manages the underlying infrastructure and provides access to applications and services. In private hybrid cloud, the provider manages the infrastructure, but the user maintains control over the applications and data. In public cloud, the provider manages the infrastructure, but the user does not own or control the applications or data.
02:05:00 The cloud models are public, private, and hybrid. Public cloud models allow for unlimited scalability, whereas private cloud models require investment in the data center. Hybrid cloud models allow for a mix of on-premises and cloud-based services.
02:10:00 The video presents information about the CISSP exam, including the possibility that questions about post-quantum cryptography may be included in the exam in 2021.
02:15:00 This 1-paragraph summary discusses the differences between codes and ciphers, and how cryptography works. Codes are systems of symbols that can imply secret information, but don't always need to be secret, while ciphers are meant to encrypt the true meaning of a message, and always provide confidentiality. Codes and ciphers can both be secret, confidential, or always secret, depending on the type of cipher.
02:20:00 This video provides an overview of the differences between stream and block ciphers, including a discussion of key length and one-time pad security. The video also provides a brief explanation of zero knowledge proof, split knowledge, and role separation.
02:25:00 The video provides an overview of the different modes of data encryption, with electronic code book (ECB) being the least secure and cipher block chaining (CBC) being the most secure. The video then moves on to discuss output feedback (OFB) and counter (CTR) modes, which are also more secure than ECB and CBC, respectively.
02:30:00 In this video, the presenter covers the concept of key clustering and asymmetric cryptography. They explain that key clustering is a weakness in cryptography where a plain text message generates identical ciphertext messages using the same algorithm but using different keys. They also discuss how symmetric and asymmetric cryptography can work together. Finally, they explain a simple example of how asymmetric cryptography can be used to securely transmit a shared key.
02:35:00 The video is a full course on the CISSP exam, which covers all 8 domains. The video discusses the importance of cryptography, including salts, rainbow table attacks, and digital signature standard.
02:40:00 This 1-paragraph summary of the CISSP video "CISSP Exam Cram Full Course (All 8 Domains) UPDATED - 2022 EDITION!" focuses on the importance of remembering the different symmetric and asymmetric cryptography algorithms, as well as the public key crypto systems RSA and ECDSA.
02:45:00 The video provides a brief overview of digital signatures, digital security models, and security models. It outlines how security models help to formalize security policy and provides an example of a security model, the state machine model. The video also discusses the properties of a security model and how it can be used to determine the level of security for an object or subject.
02:50:00 The CISSP exam focuses on eight different security models. These models are designed to address different concerns, such as integrity, confidentiality, and access control. One model, Bellapadula, is focused on preventing interference. Clark Wilson is focused on access control and protecting data. Biba is focused on flow from low to high, while the Star Security Property describes rules for right and the Invocation Property describes rules around invocations. Lattice-based multi-level security policies are also based on the Bellapadula model.
02:55:00 The video discusses integrity verification procedures, which are one type of security model. The video also discusses the state machine model, which is a type of security model that describes a system that is always secure.
The video discusses the CISSP exam and its eight domains, and explains how the concepts of a trusted computing base, a reference model, and a security kernel can be used to evaluate computer security. It also discusses the different levels of access control, including mandatory, discretionary, and non-discrete access control, and describes how role-based access control can be used to endow someone with specific permissions.
03:00:00 This video introduces the concepts of a trusted computing base, a reference model, and security kernel, and explains how these concepts are used to evaluate computer security. Common criteria is a five-step process that can be repeated as necessary.
03:05:00 The video discusses the different levels of access control, including mandatory, discretionary, and non-discrete access control. It also describes role-based access control, which uses well-defined collections of named job roles to endow someone with specific permissions.
03:10:00 The video discusses the CISSP exam and its eight domains. The video explains that a certification mark of compliance with security standards is known as accreditation. The video also discusses authentication, authorization and multitasking.
03:15:00 The video discusses the different processor operating modes, memory types, and security issues around storage. The video also discusses how to secure entry points into an organization's environment.
03:20:00 The video discusses the role of security policy, the role of security technology, and the role of smart devices in protecting an organization's information.
03:25:00 The video discusses the importance of mobile device security and mobile application security, and provides a brief introduction to embedded systems and static environments. It also discusses privilege and accountability, and explains how least privilege and separation of privilege increase the security of systems.
03:30:00 The video discusses the CISSP exam and its various domains, including physical security controls. The video goes on to discuss the various types of administrative controls and their purpose. It also discusses physical security controls, which include things like fences, locks, construction materials, and so on.
03:35:00 The video discusses the different types of security controls, including physical security, electrical security, and fire suppression. It also discusses voltage and static voltage.
03:40:00 This video discusses the different types of firefighting equipment and how they can cause damage. It covers water suppression, electric systems, and gas discharge systems. The video concludes with a discussion of man traps and bollards.
03:45:00 The video explains the importance of site selection and facility design, including the factors that must be considered when selecting a location for an organization's physical security needs. It also discusses ways to secure a facility, including the need for security guards and monitoring systems to prevent unauthorized access.
03:50:00 The video discusses the importance of communication and security, and provides an overview of the content of domain four of the CISSP exam.
03:55:00 The video discusses the new content in domain 4 of the CISSP exam, which covers security concerns around network protocols and technologies, including software-defined networks and virtual extensible lans. It also touches on cellular networks and 5g.
The video covers the topics of the eight domains of the CISSP exam. These include security architecture, security technologies, wireless security, storage security, site survey, and extensible authentication protocol. The video provides an overview of each topic and discusses how it relates to the CISSP exam.
04:00:00 The video introduces the concepts of the CISSP exam, including the eight domains of knowledge. Each domain is introduced with an acronym and a relevant example. The video also provides a brief overview of the protocols and services at each layer of the OSI model.
04:05:00 The video provides an overview of the TCP and UDP protocols, their differences, and how they relate to the osi model. The video also provides an approximation of where the TCP and UDP protocols fall within the osi model.
04:10:00 This 1-paragraph summary explains the differences between the three network topologies: core four, mesh, and bus. Core four is a centralized network in which only one system can transmit data, ring is a network in which systems can transmit data simultaneously, and bus is a network in which all systems can transmit data simultaneously.
04:15:00 Carrier sense multiple access (CSMA) helps reduce network collisions by allowing each station to check the state of the medium before sending. CSMA variants include CSMA just to shorten this up, and CSMA-ca and CSMA-cd. Token passing and polling are two methods of communication using a digital token. CSMA-ca uses collision avoidance, while CSMA-cd uses collision detection.
04:20:00 This 1-paragraph summary provides a brief overview of the topics covered in the video, including wireless technologies, network segmentation, and mobile system attacks.
04:25:00 The video discusses the CISSP exam, which includes eight domains. The first domain is security architecture, which covers aspects such as security policies, security models, and security objectives. The second domain is security technologies, which discusses various wireless security standards such as wi-fi protected access (wpa), wireless security protocol (wpa2), and iscsi. The third domain is wireless network assessment, which covers various methods for detecting and assessing wireless networks. The fourth domain is wireless security, which covers topics such as wireless security protocols (wpa, wpa2, and iscsi), wireless security architecture, and wireless security devices. The fifth domain is storage security, which covers topics such as fiber channel and fiber channel over ethernet. The sixth domain is site survey, which covers methods for investigating wireless reception. The last domain is extensible authentication protocol (eap), which covers topics such as authentication and encryption.
04:30:00 The video covers the topics of CISSP exam domains including authentication, antenna types, captive portals, and network devices. It also discusses firewalls, switches, and routers.
04:35:00 This video explains the different types of firewalls and their roles in network security. It covers static and application-level firewalls, and circuit-level firewalls.
04:40:00 This video covers the different types of firewalls, their purpose, and how they work. It highlights the differences between stateful and deep packet inspection firewalls, and explains how stateless firewalls work. Finally, the video explains the use of content and url filters.
04:45:00 This video tutorial explains the different types of firewalls, their benefits and drawbacks, and how they work. It also covers intrusion detection and prevention systems.
04:50:00 The video discusses the different types of network-based ID systems, network-based intrusion prevention systems, and honeypots. It also discusses the different purposes of each type of system. The video provides examples of how these systems can be used to protect networks from attacks.
04:55:00 Domain five of the CISSP is Identity and Access Management. The topics covered are control physical and logical access to assets, manage identification and authentication of people devices and services, federate identity with a third party service, and manage the identity and access provisioning life cycle.
This YouTube video provides an overview of the eight domains of the CISSP exam, with a focus on authentication, access control, and software testing. The video explains the importance of biometric authentication and discusses the different types of access control models. It also covers security measures, including lights, fences, and guards.
05:00:00 In this video, the author discusses the domains of identification, authentication, and access control. He notes that authentication is typically done by providing credentials like a password, and identification is typically done by providing a username. He also notes that modern approaches to least privilege or more granular approaches to leach least privilege are important for the exam.
05:05:00 This 1-minute video provides an overview of the three primary authentication methods - passwords, smart cards, and tokens - and their respective weaknesses. The video also discusses the importance of biometric authentication and its crossover error rate.
05:10:00 This video discusses the different types of access control models and how they can be used to protect data. It also covers single sign-on and access control models for Domain Five on the CISSP exam.
05:15:00 The video discusses different types of security controls, including preventative, detective, corrective, and compensatory controls. It explains that these controls are implemented in three categories: administratively, logically, and technically. It also discusses security measures, including lights, fences, and guards.
05:20:00 The video provides a summary of the eight domains of the CISSP exam. The video describes access control attacks, including dictionary attacks, brute force attacks, and spoofed logon screens. It also covers sniffing attacks and social engineering.
05:25:00 The video explains the different types of cyber attacks and how to prevent them. It also covers password protection and account lockout policies.
05:30:00 The video discusses the 8 domains of the CISSP exam. Domain five, Security Assessment and Testing, covers the basics of conducting security tests, as well as vulnerability assessments and penetration tests. Domain six, Security Management, covers security control testing, vulnerability assessment, and penetration testing.
05:35:00 This video explains the different types of software testing and how they help to ensure that the software is functioning as intended. It also discusses how static and dynamic software testing work.
05:40:00 The video discusses the different types of fuzzing and how to perform them. It also discusses security management and audits.
05:45:00 The official exam outline for domain 7 includes new technologies such as threat feeds and artificial intelligence. Firewalls in domain 7 include web application firewalls and next generation firewalls.
05:50:00 This YouTube video covers the CISSP domain 7, which covers concepts such as need to know, principle of least privilege, separation of duties, and rotation of employees. The video discusses how these concepts help to prevent fraud and collusion.
05:55:00 The CISSP exam includes 8 domains, of which secure provisioning is one. It is important to secure resources from the moment they are deployed, and to maintain them in a secure manner throughout their lifecycle.
This video provides a comprehensive overview of the CISSP exam, including coverage of all eight domains. It discusses different types of attacks and how to respond to them, as well as how to protect systems from different types of attacks. It also covers auditing and evidence, and provides a full course on the CISSP exam.
06:00:00 The video provides an overview of the CISSP exam, including discussion of the eight domains covered. It explains that these domains encompass virtual assets, virtual machines, virtual networks, virtual storage, hypervisors, virtual machines, and cloud storage. The video also mentions security issues that can arise with virtual assets, such as those in the cloud, and how configuration management can help to mitigate these risks.
06:05:00 The video explains how a system's configuration is typically baselined, imaging is a common baselining method, and configuration management is a process where changes must be requested, approved, tested, and documented. The video also discusses how a vulnerability scanner can help verify patch deployments.
06:10:00 The video discusses the CISSP exam, which focuses on incident response. The seven steps of the response phase are summarized, and key details about each of the attacks are mentioned. The four areas that the exam may focus on are denial of service attacks, amplification attacks, the ping of death attack, and amplification attacks.
06:15:00 The video discusses how attackers use botnets and honeypots to launch attacks on other systems. It also discusses how to protect systems from these types of attacks by enforcing basic security principles and using policy-based enforcement.
06:20:00 This course teaches students about different aspects of the CISSP exam, including viruses, phishing, social engineering, and penetration testing. It also discusses intrusion detection and intrusion prevention.
06:25:00 This video covers the different types of logs a business might keep and how to protect them. It also discusses how to use tools to monitor logs for malicious activity.
06:30:00 The video discusses the importance of audit trails, which are records of events that are created to help investigate incidents and prosecute criminals. It also discusses the different types of audit trails and their benefits.
06:35:00 Auditing is a methodical examination of an environment to ensure compliance with regulations. Auditing frequency is based on risk and the degree of risk affects how often an audit is performed. Security audits and effectiveness reviews are key elements in displaying do care. Only people with sufficient privilege should have access to audit reports.
06:40:00 The video discusses the concepts of access reviews, user entitlement audits, and computer crime. It provides an overview of the six types of computer crimes and their corresponding e-discovery procedures.
06:45:00 This video discusses the different types of evidence that can be used in a legal proceeding, and outlines the procedures for preserving and collecting that evidence. It also discusses how to use search warrants to confiscate evidence without giving the subject an opportunity to alter it.
06:50:00 This video provides a comprehensive overview of the different types of evidence that can be used in a court of law, including examples of the types of evidence that can be used in a criminal or civil trial. The video also discusses the requirements for evidence to be admissible in a court of law, focusing on the concept of reliability. Finally, the video discusses the importance of collecting evidence as soon as possible in order to reduce the amount of information that needs to be processed, and discusses the effects of natural disasters on organizations.
06:55:00 This video provides a full course on the CISSP exam, including coverage of topics such as Disaster recovery, Types of recovery sites, and Mutual assistance agreements.
This video provides a full overview of the CISSP exam, covering all 8 domains. It explains the importance of business continuity planning and disaster recovery, and goes over the different types of attacks that can be carried out against computer systems.
07:00:00 The video provides an overview of the eight domains of the CISSP exam. It explains that business continuity planning is essential for organizations to respond quickly and efficiently in case of a disruption. The video then goes on to discuss the five types of disaster recovery plans, each of which is covered in more detail. The last section of the video discusses the practice and repetition needed for these plans to be effective.
07:05:00 The video discusses the CISSP exam domains of Software Development Security, with emphasis on new topics introduced in Domain 8.2, "identify and apply security controls and software development ecosystems."
07:10:00 The video shows how to secure an application delivery pipeline with continuous integration and continuous delivery, including identity and access management, versioning, and scanning.
07:15:00 This video will teach you about the different aspects of the CISSP exam. It will cover configuration management, code scanning, and relational databases.
07:20:00 This video explains the concept of keys in a relational database, and discusses the two most common database management threats: the aggregation attack and the inference attack.
07:25:00 The video explains the different types of attack that can occur on a database system, and how to avoid them. It also covers how to partition the database and how to use virtual memory.
07:30:00 The Cissp exam expects you to have some knowledge of the waterfall development model. This model consists of seven stages, each of which is intended to return the developer to the previous stage for corrections and to make sure that the product is "close to what the customer wants."
07:35:00 The video goes over the software development life cycle, showing how the Spiral Model is more flexible than the waterfall model. It also discusses the Software Capability Maturity Model.
07:40:00 The video reviews the eight domains of the CISSP exam, discussing change control, release control, acceptance testing, software testing, virus propagation, password security, and password cracking. The video also mentions how modern antivirus software relies on behavior-based detection, cloud-based analysis, and signature updates.
07:45:00 This video covers the different types of attacks that can be carried out against computer systems, including brute force attacks, dictionary attacks, social engineering attacks, and time of use attacks. It also provides a brief overview of rootkits and SQL injection attacks.
07:50:00 This video covers the CISSP exam topics of reconnaissance techniques, data collection, and vulnerability scanning. The video also discusses the security impact of acquired software.
07:55:00 This video is a full course on the CISSP exam. It covers topics such as hijacking phishing, shrink wrap code attack, and misconfiguration attacks.