CISSP - Certified Information Systems Security Professional...
Access Control
Security architecture that protects the assets of your systems:
- Concepts, methodologies and techniques
- Effectiveness
- Attacks
Telecommunications & Network Security
Network structures, transmission methods, transport formats and security measures that provide availability, integrity and confidentiality:
- Network architecture and design
- Communication channels
- Network components
- Network attacks
Information Security Governance & Risk Management
Identifying an organisation’s information assets, and the development, documentation and implementation of policies, standards, procedures and guidelines:
- Security governance and policy
- Information classification and ownership
- Contractual agreements and procurement processes
- Risk management concepts
- Personnel security
- Security education, training and awareness
- Certification and accreditation
Software Development Security
The controls found in systems and applications software, and their development:
- Systems Development Life Cycle (SDLC)
- Application environment and security controls
- Effectiveness of application security
Cryptography
The principles, means and methods of disguising information; to ensure its integrity, confidentiality and authenticity:
- Encryption concepts
- Digital signatures
- Cryptanalytic attacks
- Public Key Infrastructure (PKI)
- Information hiding alternatives
Security Architecture & Design
The concepts, principles, structures and standards used to design, implement, monitor, and secure, operating systems, equipment, networks and applications:
- Fundamental concepts of security models
- Capabilities of information systems (e.g. memory protection, virtualization)
- Countermeasure principles
- Vulnerabilities and threats (e.g. cloud computing, aggregation, data flow control)
Security Operations (formerly 'Operations Security')
Controls over hardware, media and operators with access privileges:
- Resource protection
- Incident response
- Attack prevention and response
- Patch and vulnerability management
Business Continuity & Disaster Recovery Planning
How to maintain business in the face of major disruptions:
- Business impact analysis
- Recovery strategy
- Disaster recovery process
- Provide training
Legal, Regulations, Investigations and Compliance
Computer crime laws, investigation and how to gather evidence:
- Legal issues
- Investigations
- Forensic procedures
- Compliance requirements/procedures
Physical (Environmental) Security
How to protect your business's resources and sensitive information:
- Site / facility design considerations
- Perimeter security
- Internal security
- Facilities security