CISSP: Certified Information Systems Security Professional (2024)

CISSP: Certified Information Systems Security Professional (2024) Overview
This course is designed to prepare IT professionals for the CISSP certification exam and expand their knowledge and understanding of information security concepts and practices. You'll delve into essential domains including Security and Risk Management, Asset Security, Security Architecture, and Engineering, among others. Whether you're understanding secure communication channels, exploring identity management systems, or getting insights into secure software development, this course aligns with the latest CISSP curriculum to ensure you get the knowledge you need, not just to pass the exam, but also to excel in your career.
Clock icon0h 8m
(Music) Welcome in. I'm your host Lauren Deal, and I'll be your learner advocate as we go along. I am so pleased to welcome my dear friend, Robin Abernathy to the show. How are you doing? I'm doing great. How are you Lauren? I am thrilled to be jumping into this course with you. We're going to be having a discussion about CISSP. This is a very big course, Robin. What are some of the things that we need to talk about before we even launch into the topics? You need to keep in mind that the CISSP exam is geared toward a management level certification. It is not a practitioner level certification. As such, it covers a wide range of topics. I tell people that the CISSP topics wise is about a mile long, but it only goes about an inch deep. Because you are looking at things from a management level. You're not the practitioner that has to go and do all the security controls and configure everything. You're the manager that has to make the decision of what you're going to do. And then you give the IT department folks their marching orders so they can do their jobs as well. So that's what the CISSP exam is all about. Management level cybersecurity. And this is a really great starting point to have our discussion kind of go into a little bit more depth about the experience you may need. So what does that look like? So the experience that you're going to need when you're taking the CISSP exam is they do require that you have five years of cumulative experience in two or more than eight domains. The eight domains are your main areas of knowledge within the exam. And they want that five years, you're going to have to actually prove that you have. It's just more of a, I worked in this project and I did this. I worked for this many years managing these kind of devices. And it's in two or more of the domains, five years. However, just because you like the experience, it doesn't mean you have to totally discount this exam and say, I can't take the exam. Because what they do allow you to do is if you take and pass the exam, you can do something called becoming associate of ISC2. And what happens then is you get that associate status and you have a certain amount of time to get the required work experience to become a full fledged CISSP. So it's like a provisional certification that you get until that experience comes along. So if you're taking this course, you don't really have the experience, don't let that keep you from taking the exam. Let me tell you a little bit about the exam. Now the exam is what's called a CAT exam. It's computerized adaptive testing. What this means is this exam has an algorithm built in it where they try to minimize the number of questions that they give you. And they start with kind of a lower level difficulty. And as you get questions right, and as you progress through the exam, the questions get harder and harder. And in the background, this algorithm is learning about you and determining whether you've got the knowledge to pass this exam. You'll get three hours to take the exam. You will get between 125 and 150 questions maximum. 25 of those questions generally are not graded. You are not gonna know which ones are not graded. They're not marked in any way. And the reason they do this is it gives them a chance to have like a pretest of questions. Those 25 ungraded questions don't count toward or against your score, but it allows the psychometricians in the background to determine if they're really a good question. If a question has gotten consistently wrong, it may not be a good question. But your questions start at a lower level and progress and get higher. And at some point, you'll quit getting and you'll either get your pass or your fail. The format of the questions is you will see mostly multiple choice questions, but there are what they call advanced innovative items. These are things like matching questions where you're matching terms and definitions or matching a wireless deployments and their speeds, stuff like that. There's also a listing question where you're putting things steps in an order. You can see things like a hotspot question where you're given a graphic and you've got to click on a particular component in that graphic. And there's also in some cases, you might have some other items that are more lab like. The passing grade for this exam is 700 out of 1000. And remember with the computer adaptive testing with that three hour time limit, if you get up, the timer does not stop. In other words, if you need to take a break and go get a drink, whatever, you can do so, but the timer does not stop. Now finally, I want to discuss the examination domains and the weightings they're given. As I mentioned in an earlier thing, you need to get that, you need to have experience in two of the eight domains. Well, here's the eight domains. As you can see, the eight domains have various weightings. Some of them are as high as 16%, some of them are as low as 10%. And that just basically explains to you or shows you the weighting given to those domains. Now, something that I do suggest to folks is if they have a domain they feel pretty good about, still go through the learning material, but maybe you don't spend as much of a focus as you would on those domains that you'd know. If you look at this and you go, whoa, you know that software development security, I am not a developer and I'm gonna really have to do a deep dive into that. Well, spend a little bit more time on that. Give yourself a preparation plan, but when you're planning, go ahead and book your examination date because it's so easy if we don't set that goal of this is the day I wanna go take it, we keep putting it off and we keep putting it off. You can, by the way, if you set the date, you can move it as long as you move it within a certain time limit. But if you don't set the date, it's so easy to just keep pushing that certification attempt down the road. Guys, this exam is not hard, but you do have to have a certain level of knowledge and you can do it. Go through this course and like I said, on those topics that you don't really know, go circle back, do a deeper dive if you need to. Look at our notes. It's not just about that personality on screen and the information they're imparting. They've also given you some notes and there's also gonna be references that you can go out to. Speaking of references, Lauren, I'm in the video world now, but prior to stepping over into the video world, I have always been a writer. For 20 years now, I've written IT certification topics as far as prep materials. Well, about a decade ago, I started writing books and my first foray into writing books was writing a cert guide on the CISSP exam. Now, I started this a decade ago and currently the published edition is the fourth edition. And that, if you go to pearson.com and you type in my name, Robin Abernathy, you'll see the fourth edition of this book available. Now, we are currently writing and revising the fifth edition. So the fifth edition is written to the latest objectives, the 2024 objectives. So it should be released soon, but right now the fourth edition, now I will tell you this, there's not a huge difference between the fourth edition and the fifth edition. With the fourth edition, to go into the fifth edition, there was one domain, the communication and network security domain, domain four, it had a pretty heavy edit, but all of the other domains were just minor little tweaks they did. So the fourth edition isn't out of date. It's just gonna have a few things that might be missing from there. So I'm not saying you can't get the fourth edition, but if you can delay taking that certification exam and wait for that fifth edition to come out, that's what I'd suggest. So there you have it, the CISSP exam. It's a great exam to get. The Department of Defense recognizes it as part of their 8570.1 initiative as a management level cert. So Lauren, it's a lot. It's a lot, but it's- A mile long. An inch deep. An inch deep. Okay, so Robin and I will be, some of the faces that you see, but you'll get a chance to see a lot of edutainers taking apart each of their domains and helping you learn along the way. You will see another host like myself named Sophie who will be your learner advocate. And remember there are so many resources put together by the edutainers that have notes and check out Robin's book and some, maybe some links that you can check out as well. So Robin, I'm ready to get started if you are. Here we go. Let's do it. We'll see you soon. (Upbeat Music)

Overview

This course is designed to prepare IT professionals for the CISSP certification exam and expand their knowledge and understanding of information security concepts and practices. You'll delve into essential domains including Security and Risk Management, Asset Security, Security Architecture, and Engineering, among others. Whether you're understanding secure communication channels, exploring identity management systems, or getting insights into secure software development, this course aligns with the latest CISSP curriculum to ensure you get the knowledge you need, not just to pass the exam, but also to excel in your career.

Learning Style

On Demand

Includes

Practice Test

Length of course

39h 32m
159 Episodes

Here are the topics we'll cover

  • Course Overview
  • Security Risk and Management
  • Asset Security
  • Security Architecture and Engineering
  • Communication and Network Security
  • Identity and Access Management (IAM)
  • Security Assessment Testing
  • Security Operations
  • Secure Software Development
Learning Options

Options for this course