O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Learning Path: Preparation for CISSP Certification, Domains 5-8

Video Description

CISSP (Certified Information Systems Security Professional) certification is considered by many to be the must-have certification for information security practitioners. With this Learning Path you'll prepare for a crucial requirement of your certification—the CISSP exam. You'll work through the last 4 of 8 Domains included on the exam.

Table of Contents

  1. Identity And Access Management
    1. About The Instructor 00:03:34
  2. Introduction And Key Terms
    1. Key Terms - Part 1 00:07:12
    2. Key Terms - Part 2 00:07:01
  3. Identification And Authentication
    1. Provisioning - Part 1 00:08:13
    2. Provisioning - Part 2 00:07:02
    3. Provisioning - Part 3 00:09:39
    4. Identification And Authentication Mechanisms 00:09:43
    5. Something You Know - Part 1 00:07:45
    6. Something You Know - Part 2 00:08:16
    7. Something You Know - Part 3 00:08:04
    8. Password Management 00:08:27
    9. Attacks On Passwords - Part 1 00:10:02
    10. Attacks On Passwords - Part 2 00:08:05
    11. Authentication Protocols 00:07:49
    12. Something You Have 00:07:04
    13. Memory Card Smart Card 00:06:39
    14. Token Devices 00:06:55
    15. Challenge Response Token Devices 00:03:33
    16. X.509 Digital Certificates 00:05:50
    17. Something You Are 00:06:28
    18. Biometrics - Part 1 00:07:50
    19. Biometrics - Part 2 00:06:13
    20. Errors In Biometrics 00:06:11
    21. Multifactor And Mutual Authentication 00:06:21
  4. Single Sign-On And Federated Identity Management
    1. SSO And Federated Identity Management 00:08:00
    2. X.500 Directory Services - Part 1 00:06:42
    3. X.500 Directory Services - Part 2 00:07:41
    4. Kerberos - Part 1 00:08:11
    5. Kerberos - Part 2 00:09:42
    6. Kerberos - Part 3 00:06:31
    7. Sesame 00:06:23
    8. Federated Identity Management - X.500 00:09:09
    9. Federated Identity Management - SAML, OpenID, And IDaaS 00:09:18
  5. Authorization
    1. Authorization And Access Controls 00:10:59
    2. Access Control Types - Part 1 00:05:27
    3. Access Control Types - Part 2 00:10:29
    4. Access Control Types - Part 3 00:08:11
    5. Obscurity Layers Authorization Lifecycle 00:07:51
    6. Access Control Models - MAC - Part 1 00:09:33
    7. Access Control Models - MAC - Part 2 00:06:02
    8. Access Control Models - DAC - Part 1 00:08:31
    9. Access Control Models - DAC - Part 2 00:08:30
    10. Access Control Matrix 00:04:47
    11. Access Control Models - RBAC 00:07:37
    12. Access Control Models - Rule Based 00:06:53
    13. Centralized And Decentralized Access Control Models - Part 1 00:08:46
    14. Centralized And Decentralized Access Control Models - Part 2 00:02:34
    15. Distributed Hybrid Access Control Models 00:03:29
    16. Controlling Remote Access - Radius - Part 1 00:08:15
    17. Controlling Remote Access - Radius - Part 2 00:12:06
    18. Controlling Remote Access - TACACS Diameter 00:07:53
    19. Credential Management Content Context 00:08:34
    20. Additional Access Controls 00:08:57
    21. Attacks On Authorization 00:03:32
  6. Conclusion
    1. Wrap Up 00:05:18
  7. Security Assessment And Testing
    1. Introduction 00:10:57
  8. Security Control Testing Strategies
    1. Security Control Testing Strategies Overview 00:10:29
    2. The Security Assessment 00:06:04
    3. Vulnerability Testing - Part 1 00:08:24
    4. Vulnerability Testing - Part 2 00:07:53
    5. Vulnerability Testing - Part 3 00:11:03
    6. Penetration Testing 00:10:23
    7. Passive Reconnaissance 00:10:28
    8. Active Reconnaissance 00:07:39
    9. Exploit And Entrench 00:10:09
    10. Covering Tracks. Pillage. Pivot. Post Test 00:11:20
    11. Social Engineering - Part 1 00:08:00
    12. Social Engineering - Part 2 00:09:17
    13. Secure Code Review 00:07:25
    14. Application Testing 00:09:12
    15. Testing Users. Internal. External 00:08:31
  9. Collecting Security Process Data
    1. Collecting Security Process Data 00:10:42
  10. Auditing
    1. Auditing 00:08:44
  11. Wrap Up
    1. Conclusion 00:07:33
  12. Security Operations
    1. Introduction 00:05:39
  13. Provisioning
    1. Change Management 00:09:16
    2. Physical, Virtual, And Cloud 00:09:58
    3. Infrastructure And Firewalls 00:08:14
    4. Security Components 00:10:24
    5. Services, Servers, WS, And VOIP 00:08:36
    6. Apps, Protocols, And Users 00:09:24
    7. Asset Inventory 00:07:15
    8. Planning 00:08:27
    9. Acquisition 00:10:15
    10. Deployment 00:08:51
  14. Maintaining Systems And Services
    1. Maintenance 00:07:28
    2. Repairs And AV 00:09:17
    3. Logging 00:09:30
    4. Remote Log Repository 00:08:51
    5. Auditing 00:03:26
    6. IDS And IPS 00:07:21
    7. NIDS 00:09:31
    8. NIDS, NIPS, And HIPS 00:08:47
    9. DLP 00:07:44
    10. Honeypot, Honeynet, And Honeytoken 00:09:09
    11. SIEM And Inspections 00:06:25
    12. Monitoring Users 00:09:40
    13. Configuration And Performance Testing 00:09:55
    14. Vulnerability And Penetration Testing 00:10:27
    15. Reports And Decommissioning 00:08:29
  15. Incident Response
    1. Incident Response Introduction 00:06:40
    2. Escalation Process 00:08:15
    3. Litigation And Criminal Act 00:09:22
    4. Preparation 00:10:43
    5. Detection And Containment 00:10:12
    6. Eradication 00:05:33
    7. Recovery And Incident Review 00:04:59
  16. Investigations
    1. Investigations 00:08:05
    2. Evidence - Part 1 00:06:41
    3. Evidence - Part 2 00:06:07
    4. Digital Forensics 00:11:04
    5. Legal Proceedings And EDiscovery 00:09:54
  17. BCP And DRP
    1. BCP And DRP Introduction 00:06:54
    2. BCP And DRP Timelines 00:12:15
    3. BCP And DRP Details 00:08:57
    4. DRP Planning And BIA 00:07:43
    5. DRP Plan Development 00:06:44
    6. DR Teams And Plan Testing 00:09:02
    7. DRP Approval Initiation And Termination 00:07:59
    8. Maintaining The Plans 00:05:05
  18. Recovery Strategies
    1. Recovery Strategies 00:07:57
    2. Alternate Facilities - Part 1 00:08:04
    3. Alternate Facilities - Part 2 00:07:22
    4. Network Recovery 00:08:02
    5. Raid 0 1 00:08:18
    6. Raid 2 3 4 5 And Parity 00:08:49
    7. Full Backup 00:06:35
    8. INC Diff Backups 00:07:58
    9. Backups Electronic Vaulting And Shadow Copies 00:09:57
    10. Journaling, RPO, And RTO 00:09:33
    11. Recovery Of Services And Personnel 00:10:41
  19. Physical Security And Safety
    1. Physical Security And Safety 00:08:17
  20. Wrap Up
    1. Wrap Up 00:04:53
  21. Application Architecture
    1. Application Architecture Introduction 00:08:35
    2. Application Architecture Review 00:10:56
  22. The Software Development Lifecycle And Related Development Models
    1. The Software Development Lifecycle 00:09:08
    2. CMM, SDL, And OWASP 00:09:55
    3. Waterfall, Spiral, And Prototyping 00:07:38
    4. Agile Development Platforms And DevOps 00:07:45
  23. Risks Within Software
    1. Risks Within Software 00:12:15
    2. Buffer Overflow And Injection 00:10:18
  24. Controls To Secure Software Development
    1. Development Environment, Version Control, And Security Controls 00:08:00
    2. Stack Canary, NX Memory, And Garbage Collection 00:08:25
    3. Sandboxing 00:07:25
    4. Input, Process, And Output Controls 00:09:14
    5. Software Development Controls Summary 00:08:16
  25. Testing Software
    1. Code And Software Testing 00:07:58
    2. Web Application Testing 00:09:18
  26. Wrap Up
    1. Wrap Up 00:05:09