CISSP: Certified Information Systems Security Professional (2024)
CISSP: Certified Information Systems Security Professional (2024) Overview
This course is designed to prepare IT professionals for the CISSP certification exam and expand their knowledge and understanding of information security concepts and practices. You'll delve into essential domains including Security and Risk Management, Asset Security, Security Architecture, and Engineering, among others. Whether you're understanding secure communication channels, exploring identity management systems, or getting insights into secure software development, this course aligns with the latest CISSP curriculum to ensure you get the knowledge you need, not just to pass the exam, but also to excel in your career.
0h 8m
(Music) Welcome in. I'm your
host Lauren Deal, and I'll be
your learner advocate as we go
along. I am so pleased to
welcome my dear friend, Robin
Abernathy to the show. How are
you doing? I'm doing great.
How are you Lauren? I am
thrilled to be jumping into
this course with you. We're
going to be having a discussion
about CISSP. This is a very big
course, Robin. What are some of
the things that we need to talk
about before we even launch
into the topics?
You need to keep in mind
that the CISSP exam is geared
toward a management level
certification. It is not a
practitioner level
certification. As such, it
covers a wide range of topics.
I tell people that the CISSP
topics wise is about a mile
long, but it only goes about an
inch deep. Because you are
looking at things from a
management level. You're not
the practitioner that has to go
and do all the security
controls and configure
everything. You're the manager
that has to make the decision
of what you're going to do.
And then you give the IT
department folks their marching
orders so they can do their
jobs as well. So that's what
the CISSP exam is all about.
Management level
cybersecurity. And this is a
really great starting point to
have our discussion kind of go
into a little bit more depth
about the experience you may
need.
So what does that look like?
So the experience that you're
going to need when you're
taking the CISSP exam is they
do require that you have five
years of cumulative experience
in two or more than eight
domains. The eight domains are
your main areas of knowledge
within the exam. And they want
that five years, you're going
to have to actually prove that
you have. It's just more of a,
I worked in this project and I
did this. I worked for this
many years managing these kind
of devices. And it's in two or
more of the domains, five
years. However, just because
you like the experience,
it doesn't mean you have to
totally discount this exam and
say, I can't take the exam.
Because what they do allow you
to do is if you take and pass
the exam, you can do something
called becoming associate of
ISC2. And what happens then is
you get that associate status
and you have a certain amount
of time to get the required
work experience to become a
full fledged CISSP. So it's
like a provisional
certification that you get
until that experience comes
along. So if you're taking this
course, you don't really have
the experience, don't let that
keep you from taking the exam.
Let me tell you a little bit
about the exam. Now the exam is
what's called a CAT exam.
It's computerized adaptive
testing. What this means is
this
exam has an algorithm built
in it where they try to
minimize the number of
questions that they give you.
And they start with kind of a
lower level difficulty. And as
you get questions right, and as
you progress through the exam,
the questions get harder and
harder. And in the background,
this algorithm is learning
about you and determining
whether you've got the
knowledge to pass this exam.
You'll get three hours to take
the exam. You will get between
125 and 150 questions maximum.
25 of those questions generally
are not graded. You are not
gonna know which ones are not
graded. They're not marked in
any way. And the reason they do
this is it gives them a chance
to have like a pretest of
questions. Those 25 ungraded
questions don't count toward or
against your score, but it
allows the psychometricians in
the background to determine if
they're really a good question.
If a question has gotten
consistently wrong, it may not
be a good question. But your
questions start at a lower
level and progress and get
higher. And at some point,
you'll quit getting and you'll
either get your pass or your
fail. The format of the
questions is you will see
mostly multiple choice
questions, but there are what
they call advanced innovative
items. These are things like
matching questions where you're
matching terms and definitions
or matching a wireless
deployments and their speeds,
stuff like that. There's also a
listing question where you're
putting things steps in an
order. You can see things like
a hotspot question where you're
given a graphic and you've got
to click on a particular
component in that graphic.
And there's also in some cases,
you might have some other items
that are more lab like. The
passing grade for this exam is
700 out of 1000. And remember
with the computer adaptive
testing with that three hour
time limit, if you get up,
the timer does not stop.
In other words, if you need to
take a break and go get a
drink, whatever, you can do so,
but the timer does not stop.
Now finally, I want to discuss
the examination domains and the
weightings they're given.
As I mentioned in an earlier
thing, you need to get that,
you need to have experience in
two of the eight domains.
Well, here's the eight domains.
As you can see, the eight
domains have various
weightings. Some of them are as
high as 16%, some of them are
as low as 10%. And that just
basically explains to you or
shows you the weighting given
to those domains. Now,
something that I do suggest to
folks is if they have a domain
they feel pretty good about,
still go through the learning
material, but maybe you don't
spend as much of a focus as you
would on those domains that
you'd know. If you look at this
and you go, whoa, you know that
software development security,
I am not a developer and I'm
gonna really have to do a deep
dive into that. Well, spend a
little bit more time on that.
Give yourself a preparation
plan,
but when you're planning, go
ahead and book your examination
date because it's so easy if we
don't set that goal of this is
the day I wanna go take it, we
keep putting it off and we keep
putting it off. You can, by the
way, if you set the date,
you can move it as long as you
move it within a certain time
limit.
But if you don't set the date,
it's so easy to just keep
pushing that certification
attempt down the road. Guys,
this exam is not hard,
but you do have to have a
certain level of knowledge
and you can do it. Go through
this course and like I said,
on those topics that you don't
really know, go circle back,
do a deeper dive if you need
to. Look at our notes. It's not
just about that personality on
screen
and the
information they're
imparting. They've also given
you some notes and there's also
gonna be references that you
can go out to. Speaking of
references,
Lauren, I'm in the video
world now, but prior to
stepping over into the video
world, I have always been a
writer. For 20 years now, I've
written
IT certification topics
as far as prep materials.
Well, about a decade ago,
I started writing books and my
first foray into writing books
was writing a cert guide on the
CISSP exam. Now, I started this
a decade ago and currently the
published edition is the fourth
edition. And that, if you go to
pearson.com and you type in my
name, Robin Abernathy, you'll
see the fourth edition of this
book available. Now, we are
currently writing and revising
the fifth edition. So the fifth
edition is written to the
latest objectives, the 2024
objectives. So it should be
released soon, but right now
the fourth edition, now I will
tell you this, there's not a
huge difference between the
fourth edition and the fifth
edition. With the fourth
edition, to go into the fifth
edition, there was one domain,
the communication and network
security domain, domain four,
it had a pretty heavy edit, but
all of the other domains were
just minor little tweaks they
did. So the fourth edition
isn't out of date. It's just
gonna have a few things that
might be missing from there.
So I'm not saying you can't get
the fourth edition, but if you
can delay taking that
certification exam and wait for
that fifth edition to come out,
that's what I'd suggest.
So there you have it, the CISSP
exam. It's a great exam to get.
The Department of Defense
recognizes it as part of their
8570.1 initiative as a
management level cert. So
Lauren, it's a lot. It's a lot,
but it's- A mile long.
An inch deep. An inch deep.
Okay, so Robin and I will be,
some of the faces that you see,
but you'll get a chance to see
a lot of edutainers taking
apart each of their domains and
helping you learn along the
way. You will see another host
like myself named Sophie who
will be your learner advocate.
And remember there are so many
resources put together by the
edutainers that have notes and
check out Robin's book and
some, maybe some links that you
can check out as well. So
Robin, I'm ready to get started
if you are. Here we go. Let's
do it. We'll see you soon.
(Upbeat Music)
Overview
This course is designed to prepare IT professionals for the CISSP certification exam and expand their knowledge and understanding of information security concepts and practices. You'll delve into essential domains including Security and Risk Management, Asset Security, Security Architecture, and Engineering, among others. Whether you're understanding secure communication channels, exploring identity management systems, or getting insights into secure software development, this course aligns with the latest CISSP curriculum to ensure you get the knowledge you need, not just to pass the exam, but also to excel in your career.
Learning Style
On Demand
Includes
Practice Test
Length of course
39h 32m
159 Episodes
Here are the topics we'll cover
- Course Overview
- Security Risk and Management
- Asset Security
- Security Architecture and Engineering
- Communication and Network Security
- Identity and Access Management (IAM)
- Security Assessment Testing
- Security Operations
- Secure Software Development
Learning Options