CS - CISSP Certification Training

CS-CISSP®

• Domain 00 - Introduction

  14:46Preview

  • 1 CISSP®—Introduction

    01:03

  • 2 Objectives

    00:20

  • 3 CISSP®

    01:19

  • 4 (ISC)²®

    00:58

  • 5 CISSP® Domains

    02:47

  • 6 Benefits of CISSP® for Professionals

    01:01

  • 7 Benefits of CISSP® for Employers

    01:05

  • 8 CISSP® Certification Requirements

    00:42

  • 9 CISSP® Certification Requirements (contd.)

    00:20

  • 10 CISSP® Certification Requirements (contd.)

    00:56

  • 11 CISSP® Certification Requirements (contd.)

    01:04

  • 12 CISSP® Examination

    02:36

  • 13 CISSP® Examination (contd.)

    00:30

  • 14 Conclusion

    00:05

• Domain 01 - Security and Risk Management

  02:11:41Preview

  • 1 Domain 01-Security and Risk Management

    00:13

  • 2 Objectives

    00:31

  • 3 Importance of Information Security and Risk Management

    01:02

  • 4 Role and Importance of CIA in ISM

    01:06

  • 5 Confidentiality

    01:50

  • 6 Integrity

    01:32

  • 7 Availability

    00:57

  • 8 Information Security

    00:32

  • 9 Information Security Management

    00:26

  • 10 Information Security Governance

    01:06

  • 11 IT Security and Organizational Goals, Mission, and Objectives

    00:29

  • 12 Goals, Mission, and Objectives

    01:54

  • 13 Aligning Security with Goals, Mission, and Objectives

    00:41

  • 14 Business Scenario

    01:13

  • 15 Organizational Processes

    01:27

  • 16 Auditing

    00:21

  • 17 Control Framework

    00:39

  • 18 Due Care

    00:30

  • 19 Due Diligence

    00:28

  • 20 Security Controls

    00:46

  • 21 Service Level Agreements

    00:57

  • 22 Managing Third - Party Governance

    02:23

  • 23 Offshoring Privacy Requirements and Compliance

    01:06

  • 24 Business Scenario

    00:52

  • 25 Layers of Responsibility

    01:03

  • 26 Security Policies

    01:30

  • 27 Types of Security Policies

    01:34

  • 28 Security Policy Implementation

    02:06

  • 29 Policy Chart

    01:07

  • 30 Standards, Guidelines, Procedures, and Baselines

    02:06

  • 31 Business Scenario

    00:30

  • 32 Compliance-Need for Compliance

    01:23

  • 33 Regulatory Compliance

    00:44

  • 34 Compliance

    00:38

  • 35 Compliance (contd.)

    00:56

  • 36 Compliance (contd.)

    00:48

  • 37 Standards/Manuals/Guidelines for Compliance

    01:09

  • 38 Computer Crimes

    00:27

  • 39 Introduction to Computer Crimes

    00:53

  • 40 Categories of Computer Crimes

    02:28

  • 41 Business Scenario

    00:50

  • 42 Major Legal Systems

    00:44

  • 43 Common Law and Civil Law

    01:42

  • 44 Customary Law and Religious Law

    01:44

  • 45 Mixed Law

    00:28

  • 46 Business Scenario

    00:36

  • 47 Introduction to Intellectual Property (IP) Law

    01:01

  • 48 Types of Intellectual Property (IP) Law

    01:51

  • 49 Types of Intellectual Property (IP) Law (contd.)

    01:43

  • 50 Types of Intellectual Property (IP) Law (contd.)

    01:00

  • 51 Business Scenario

    00:39

  • 52 Import or Export Controls and Trans - Border Data Flow

    01:10

  • 53 Introduction to Privacy

    01:59

  • 54 U.S. Privacy Laws

    01:13

  • 55 U.S. Privacy Laws (contd.)

    01:21

  • 56 U.S. Guidelines for Managing Privacy

    01:41

  • 57 EU Council Directive (Law) on Data Protection

    01:18

  • 58 The U.S.-European Union Safe Harbor

    05:44

  • 59 Security Definitions

    02:40

  • 60 Information Risk Management

    01:09

  • 61 Business Scenario

    00:54

  • 62 Introduction to Risk Analysis

    01:05

  • 63 Goals of Risk Analysis

    00:25

  • 64 Risk Analysis Team

    00:53

  • 65 Steps for Risk Analysis

    00:50

  • 66 Information and Assets Valuation

    01:16

  • 67 Risk Analysis Types

    00:41

  • 68 Quantitative Risk Analysis-Steps

    01:47

  • 69 Quantitative Risk Analysis-Problem

    00:39

  • 70 Qualitative Risk Analysis

    01:10

  • 71 Delphi Technique

    01:03

  • 72 Quantitative vs.Qualitative

    00:28

  • 73 Hybrid Analysis

    00:45

  • 74 Countermeasure Selection-Problem

    00:55

  • 75 Countermeasure Selection-Other Factors

    00:57

  • 76 Handling Risk

    01:38

  • 77 Business Scenario

    00:51

  • 78 Threat Modeling

    00:58

  • 79 Need for Business Continuity Planning

    00:54

  • 80 Basic Concepts-Disruptive Events

    02:26

  • 81 Basic Concepts-Business Continuity Planning

    00:47

  • 82 Importance of Business Continuity Planning

    00:31

  • 83 Business Continuity Planning Phases

    00:53

  • 84 BCP/DRP Phase 1-Project Initiation and Scoping

    02:54

  • 85 BCP/DRP Phase 2-Business Impact Analysis (BIA)

    01:10

  • 86 BIA-Goals

    01:20

  • 87 BIA-Steps

    03:32

  • 88 BIA Steps-Business Unit Level

    01:06

  • 89 Maximum Tolerable Downtime (MTD)

    01:46

  • 90 Failure and Recovery Metrics

    02:51

  • 91 Failure and Recovery Metrics (contd.)

    01:45

  • 92 Stages of Failure and Recovery

    00:52

  • 93 BCP/DRP Phase 3-Identify Preventive Controls

    01:14

  • 94 Importance of Managing Personnel Security

    00:51

  • 95 Managing Personnel Security-Hiring Practices

    00:53

  • 96 Managing Personnel Security-Employee Termination

    00:46

  • 97 Vendor, Contractors, and Consultant Controls

    00:46

  • 98 Best Work Practices

    01:44

  • 99 Business Scenario

    00:47

  • 100 Importance of Security Awareness Training

    00:53

  • 101 Security Awareness Training: Awareness, Training, and Education

    01:27

  • 102 Implementation of Security Awareness Training Program

    00:38

  • 103 Importance of Content Updates

    00:23

  • 104 Importance of Managing Security Function

    00:53

  • 105 Best Practices-Budget and Establish Security Metrics

    01:28

  • 106 Best Practices-Resources and Develop and Implement Strategies

    01:22

  • 107 Best Practices-Completeness and Effectiveness of the Program

    00:25

  • 108 Business Scenario

    00:43

  • 109 (ISC)² Code of Ethics

    02:30

  • 110 Quiz

  • 111 Summary

    00:54

  • 112 Conclusion

    00:06

• Domain 02 - Asset Security

  57:30Preview

  • 1 Domain 02 Asset Security

    00:11

  • 2 Objectives

    00:27

  • 3 Importance of Asset Security

    00:38

  • 4 Need for Information Classification

    01:12

  • 5 Information Classification Objectives

    00:56

  • 6 Government or Military Sector Classification

    01:32

  • 7 Commercial or Private Sector Classification

    01:50

  • 8 Information Classification Criteria

    01:51

  • 9 Data Classification Considerations

    00:46

  • 10 Role Responsible for Data Classification

    00:50

  • 11 Business Scenario

    00:37

  • 12 Data Management

    00:52

  • 13 Best Practices for Data Management

    00:54

  • 14 Data Policy

    01:13

  • 15 Data Ownership

    00:54

  • 16 Data Ownership Best Practices

    00:45

  • 17 Data Custodians

    01:15

  • 18 Data Custodians (contd.)

    00:33

  • 19 Data Quality

    01:09

  • 20 Data Quality-Aspects

    00:31

  • 21 Data Quality Assurance and Quality Control

    00:49

  • 22 Data Documentation

    00:43

  • 23 Data Documentation Practices

    01:27

  • 24 Data Standards

    00:57

  • 25 Data Control Lifecycle

    00:33

  • 26 Data Specification and Modeling

    00:37

  • 27 Database Maintenance

    00:38

  • 28 Data Audit

    00:41

  • 29 Data Storage and Archiving

    00:59

  • 30 Data Security

    00:57

  • 31 Data Access, Sharing, and Dissemination

    00:56

  • 32 Data Publishing

    00:31

  • 33 Data Handling Requirements

    01:24

  • 34 Media Resource Protection

    03:31

  • 35 Data Remanence

    01:50

  • 36 Business Scenario

    00:44

  • 37 Asset Management

    01:16

  • 38 Software Licensing

    00:45

  • 39 Equipment Lifecycle

    01:00

  • 40 Protecting Privacy

    01:35

  • 41 Ensuring Appropriate Retention

    01:06

  • 42 Data Security Controls

    01:35

  • 43 Data in Transit-Best Practices

    01:10

  • 44 Scoping and Tailoring

    00:52

  • 45 Scoping and Tailoring (contd.)

    01:01

  • 46 Standards Selection-US DoD

    02:09

  • 47 Standards Selection-International Standards

    01:45

  • 48 Standards Selection National Cyber Security Framework Manual

    00:48

  • 49 Standards Selection Center for Strategic and International Studies

    01:01

  • 50 Standards Selection Critical Security Controls

    01:23

  • 51 Standards Selection Security Content Automation Protocol

    01:19

  • 52 Framework for Improving Critical Infrastructure Cybersecurity

    01:04

  • 53 Business Scenario

    00:38

  • 54 Quiz

  • 55 Summary

    00:43

  • 56 Conclusion

    00:07

• Domain 03 - Security Engineering

  02:46:30Preview

  • 1 Domain 03 Security Engineering

    00:12

  • 2 Objectives

    00:23

  • 3 Security Architecture and Design - Case Study

    00:42

  • 4 Security Engineering

    00:30

  • 5 Architecture Framework

    01:28

  • 6 Zachman Framework

    01:10

  • 7 TOGAF

    00:44

  • 8 ITIL

    01:31

  • 9 Creating a Security Architecture

    02:59

  • 10 Enterprise Security Architecture

    02:05

  • 11 Common Security Services in ESA

    01:28

  • 12 SABSA Framework

    00:58

  • 13 SABSA Matrix

    04:01

  • 14 Business Scenario

    00:41

  • 15 ISO/IEC 27001:2013 Security Standards

    01:07

  • 16 ISO/IEC 27002 Code of Practice for Information Security Management

    01:37

  • 17 Security Models

    01:06

  • 18 State Machine Model

    00:24

  • 19 Multilevel Security Models

    01:06

  • 20 Matrix-Based Model

    00:47

  • 21 Non-Interference Model

    00:56

  • 22 Information flow model

    00:40

  • 23 Examples of Security Models: Bell-LaPadula Confidentiality Model

    02:12

  • 24 Examples of Security Models: Biba Integrity Model

    01:25

  • 25 Examples of Security Models: Clark-Wilson integrity model

    01:12

  • 26 Brewer Nash, Graham Denning, and Harrison Ruzzo Ullman models

    01:15

  • 27 Business Scenario

    00:34

  • 28 Evaluation Criteria

    01:04

  • 29 CSEC

    02:19

  • 30 Information Technology Security Evaluation Criteria

    01:19

  • 31 Common Criteria

    01:15

  • 32 Common Criteria Evaluation Process

    00:50

  • 33 Common Criteria Levels

    01:22

  • 34 Payment Card Industry Data Security Standard

    00:51

  • 35 Certification and Accreditation

    00:35

  • 36 Certification and Accreditation Standards

    01:32

  • 37 SEI-CMMI

    01:48

  • 38 SEI-CMMI Levels

    00:45

  • 39 Business Scenario

    01:11

  • 40 System Security Architecture

    01:19

  • 41 Mainframes and Other Thin Client Systems

    01:39

  • 42 Middleware and Embedded Systems

    00:22

  • 43 Pervasive Computing and Mobile Computing Devices

    00:14

  • 44 System Components Processors

    01:07

  • 45 System Components Memory

    00:50

  • 46 System Components Storage

    00:17

  • 47 System Components Trusted Computing Base (TCB)

    00:22

  • 48 System Components Reference Monitor

    00:29

  • 49 System Components-Trusted Platform Module (TPM)

    00:37

  • 50 System Components Peripherals and Other Input/Output Devices

    00:41

  • 51 System Components Operating System

    00:39

  • 52 System Components Ring Model

    00:34

  • 53 System Components System Kernel

    00:53

  • 54 Distributed Systems

    00:33

  • 55 Virtualization

    00:27

  • 56 Hypervisor

    00:45

  • 57 Cloud Computing

    00:10

  • 58 Service models

    01:14

  • 59 Grid Computing

    00:12

  • 60 Peer to Peer Networking (P2P)

    00:19

  • 61 Business Scenario

    00:56

  • 62 Security Threats and Countermeasures

    00:22

  • 63 Assessing and Mitigating Vulnerabilities and Threats

    01:29

  • 64 Assessing and Mitigating Vulnerabilities and Threats (contd.)

    00:53

  • 65 Assessing and Mitigating Vulnerabilities and Threats (contd.)

    01:05

  • 66 Best Practices

    00:45

  • 67 Best Practices (contd.)

    00:29

  • 68 Best Practices Techniques and Technologies

    00:58

  • 69 Best Practices Techniques and Technologies (contd.)

    00:29

  • 70 Best Practices Techniques and Technologies (contd.)

    00:24

  • 71 Best Practices Techniques and Technologies (contd.)

    00:37

  • 72 Best Practices Techniques and Technologies (contd.)

    00:42

  • 73 Introduction to Cryptography

    02:39

  • 74 Cryptographic Lifecycle

    00:56

  • 75 Algorithm or Protocol Governance

    00:51

  • 76 Cryptography Terms

    02:45

  • 77 Strength of a Cryptosystem

    01:28

  • 78 Cryptography Methods Substitution Cipher

    01:31

  • 79 Cryptography Methods Transposition Cipher

    00:23

  • 80 Cryptography Methods Book or Running Key Cipher

    01:08

  • 81 Cryptography Methods Concealment Cipher

    00:42

  • 82 Cryptography Methods Steganography and DRM

    01:19

  • 83 Business Scenario

    00:35

  • 84 Introduction to Symmetric Cryptography

    02:01

  • 85 Symmetric Key Ciphers

    01:16

  • 86 Block Cipher

    00:46

  • 87 Stream Cipher

    02:01

  • 88 Block Cipher Designs

    00:40

  • 89 Data Encryption Standard (DES)

    01:32

  • 90 DES Algorithm

    01:34

  • 91 DES Operation Modes Electronic Code Book

    01:00

  • 92 DES Operation Modes Cipher Block Chaining

    01:07

  • 93 DES Operation Modes Cipher Feed Back

    01:22

  • 94 DES Operation Modes Output Feed Back

    00:44

  • 95 DES Operation Modes-Counter

    01:00

  • 96 Triple DES

    01:46

  • 97 Advanced Encryption Standard (AES)

    01:16

  • 98 AES Algorithm

    00:14

  • 99 AES Algorithm Key Expansion and Initial Round

    00:15

  • 100 Advanced Encryption Standard (AES) Algorithm-Rounds

    02:00

  • 101 AES Algorithm Final Round

    00:08

  • 102 Other Symmetric Systems

    01:53

  • 103 Other Symmetric Systems (contd.)

    01:10

  • 104 Business Scenario

    00:43

  • 105 Introduction to Asymmetric Cryptography

    02:07

  • 106 Introduction to Asymmetric Cryptography Diagram

    00:08

  • 107 Introduction to RSA Algorithm

    00:54

  • 108 RSA Algorithm Process

    01:19

  • 109 Other Types of Asymmetric Cryptography Elliptic Curve Cryptosystems

    01:02

  • 110 Other Types of Asymmetric Cryptography Diffie-Hellman Key Exchange

    00:34

  • 111 Public Key Cryptography

    01:24

  • 112 Symmetric vs. Asymmetric Cryptography

    02:45

  • 113 Advantages and Disadvantages

    00:54

  • 114 Introduction to Public Key Infrastructure

    02:14

  • 115 PKI Certification

    01:48

  • 116 PKI Certification (contd.)

    00:32

  • 117 PKI Steps-Part 1

    00:44

  • 118 PKI Steps-Part 2

    00:57

  • 119 One-Way Hash

    01:12

  • 120 Hashing Algorithms

    02:08

  • 121 Hashing Algorithms (contd.)

    01:41

  • 122 Salting

    00:34

  • 123 Message Authentication Code (MAC)

    01:50

  • 124 Digital Signatures

    01:15

  • 125 Key Management

    01:29

  • 126 Key Management Principles

    01:50

  • 127 Escrowed Encryption

    01:49

  • 128 Business Scenario

    00:57

  • 129 Need for Physical and Environmental Security

    01:49

  • 130 Business Scenario

    01:01

  • 131 Site and Facility Design Criteria

    02:27

  • 132 Information Protection Environment

    00:53

  • 133 Crime Prevention Through Environmental Design (CPTED)

    01:02

  • 134 Site Location

    01:37

  • 135 Construction

    01:08

  • 136 Support Facilities

    01:46

  • 137 Business Scenario

    00:50

  • 138 Secure Operational Areas

    03:15

  • 139 Business Scenario

    00:49

  • 140 Environmental Controls

    00:20

  • 141 Environmental Controls (Contd.)

    01:05

  • 142 Fire Detection and Suppression

    00:43

  • 143 Power Supply

    02:03

  • 144 Power Supply (contd.)

    00:56

  • 145 HVAC

    00:43

  • 146 Training and Awareness

    00:23

  • 147 Business Scenario

    00:59

  • 148 Quiz

  • 149 Summary

    00:47

  • 150 Conclusion

    00:06

• Domain 04 - Communications and Network Security

  02:06:37Preview

  • 1 Domain 04 - Communications and Network Security

    00:13

  • 2 Objectives

    00:26

  • 3 Importance of Communications and Network Security - Case Study

    00:39

  • 4 Introduction to Secure Network Architecture and Design

    00:26

  • 5 Open Systems Interconnection

    03:42

  • 6 OSI Model Layers

    01:14

  • 7 Physical Layer

    01:09

  • 8 Data Link Layer

    01:18

  • 9 Network Layer

    00:48

  • 10 Transport Layer

    01:00

  • 11 Session Layer

    00:51

  • 12 Presentation Layer

    01:16

  • 13 Application Layer

    00:47

  • 14 Transmission Control Protocol/Internet Protocol (TCP/IP) Model

    01:08

  • 15 Network Access Layer and Internet Layer

    01:07

  • 16 Host-to-Host Layer and Application Layer

    01:09

  • 17 Comparison of OSI and TCP/IP Models

    01:17

  • 18 Introduction to IP Addressing

    00:48

  • 19 IPv4 and IPv6

    02:35

  • 20 Classful IP Addressing

    00:37

  • 21 Class A

    00:30

  • 22 Class B

    00:30

  • 23 Class C

    00:27

  • 24 Class D and Class E

    00:29

  • 25 Classless Inter-Domain Routing

    02:41

  • 26 Private Networks and Loopback Address

    01:41

  • 27 Types of IP Addressing

    01:15

  • 28 Routed and Routing Protocols

    01:56

  • 29 Types of Network Protocols

    00:14

  • 30 Transmission Control Protocol (TCP)

    01:06

  • 31 User Datagram Protocol (UDP)

    00:46

  • 32 Internet Protocol

    00:19

  • 33 Address Resolution Protocol

    01:36

  • 34 Internet Control Message Protocol (ICMP)

    00:29

  • 35 Hypertext Transfer Protocol (HTTP)

    01:55

  • 36 Implications of Multi-Layer Protocols

    00:53

  • 37 Distributed Network Protocol

    01:07

  • 38 LAN/Network Technologies

    04:13

  • 39 Transmission Media

    00:26

  • 40 Twisted Pair

    02:00

  • 41 Coaxial Cable box

    01:45

  • 42 Fiber-Optic Cable Box

    01:41

  • 43 Network Topologies

    01:52

  • 44 Media Access Technologies

    00:45

  • 45 Carrier-Sense Multiple Access with Collision Detection

    01:19

  • 46 Carrier-Sense Multiple Access with Collision Avoidance

    01:04

  • 47 Flavors of LAN transmission methods

    00:29

  • 48 List of Networking Devices

    02:32

  • 49 VLANs

    02:07

  • 50 Gateways

    01:03

  • 51 Network Access Control Devices

    00:38

  • 52 Packet-Filtering and Application-Level

    02:40

  • 53 Circuit-Level and Stateful-Inspection

    01:38

  • 54 Firewall Architectures

    02:37

  • 55 Network Security Terms

    01:51

  • 56 Business Scenario

    00:25

  • 57 Networks

    01:09

  • 58 Types of Networks

    01:08

  • 59 WAN Technologies

    01:11

  • 60 WAN Switching and Devices

    01:54

  • 61 Network Address Translation and Frame Relay

    01:36

  • 62 Multi-Protocol Label Switching and VoIP

    00:58

  • 63 Fiber Channel over Ethernet and Internet Small Computer System Interface

    01:04

  • 64 Virtualized Networks

    01:02

  • 65 Introduction to Remote Access

    00:44

  • 66 VPN using PPTP and L2TP

    01:44

  • 67 Internet Security Protocol (IPsec)

    01:05

  • 68 Internet Security Protocol (IPsec) Modes of Operation

    01:46

  • 69 IPsec Security Protocols - Authentication Header (AH)

    02:44

  • 70 IPsec Security Protocols - Encapsulating Security Payload (ESP)

    01:25

  • 71 Components of the IPsec Process

    01:27

  • 72 Components of the IPsec Process (contd.)

    01:18

  • 73 IPsec Process

    00:58

  • 74 Secure Access Protocols

    02:48

  • 75 Secure Access Protocols (contd.)

    02:09

  • 76 Secure Access Protocols (contd.)

    01:02

  • 77 Remote Access Security Methods

    00:31

  • 78 Multimedia Collaboration

    00:51

  • 79 Wireless Technologies

    00:29

  • 80 IEEE Wireless Standards and Spread-Spectrum Technologies

    01:16

  • 81 Direct Sequence Spread Spectrum and Frequency-Hopping Spread Spectrum

    01:20

  • 82 WLAN Operational Modes

    01:30

  • 83 Bluetooth

    01:37

  • 84 Bluetooth Attack

    00:14

  • 85 Blue Jacking and Blue Snarfing

    01:09

  • 86 Blue bugging, Backdoor Attacks, and Denial of Service Attacks

    01:06

  • 87 Wireless Security

    06:28

  • 88 Business Scenario

    00:48

  • 89 Network Attacks

    02:33

  • 90 Network Attacks (contd.)

    02:16

  • 91 Network Attacks - Countermeasures

    03:02

  • 92 Quiz

  • 93 Summary

    00:39

  • 94 Conclusion

    00:07

• Domain 05 - Identity and Access Management

  01:31:39Preview

  • 1 Domain 05 - Identity and Access Management

    00:13

  • 2 Objectives

    00:31

  • 3 Importance of Identity and Access Management in Information Security

    00:59

  • 4 Controlling Physical and Logical Access to Assets

    01:22

  • 5 Controlling Physical and Logical Access to Assets (contd.)

    01:50

  • 6 Access Subject Object and Access controls

    01:13

  • 7 Identity and Access Management Policy

    00:47

  • 8 Identification Authentication and Authorization

    01:20

  • 9 Identity Management

    00:31

  • 10 Identity and Access Provisioning Lifecycle

    01:27

  • 11 Identity and Access Provisioning Lifecycle (contd.)

    00:47

  • 12 Guidelines for User Identification

    00:53

  • 13 Verifying Identification Information

    01:40

  • 14 Strong Authentication

    01:26

  • 15 Biometrics - Characteristics

    02:10

  • 16 Types of Biometrics

    01:41

  • 17 FRR FAR CER

    02:03

  • 18 Passwords

    01:14

  • 19 Password Types

    01:43

  • 20 Tokens

    00:30

  • 21 Token Device - Synchronous

    00:48

  • 22 Token Device - Asynchronous

    00:40

  • 23 Memory Cards and Smart Cards

    01:38

  • 24 Attacks on Smart Cards - Fault Generation and Micro-Probing

    02:08

  • 25 Access Criteria

    02:04

  • 26 Authorization Concepts

    02:21

  • 27 Identity Management Implementation

    00:31

  • 28 Password Management

    02:01

  • 29 Directory Management

    01:05

  • 30 Directory Technologies

    01:34

  • 31 Accounts Management

    01:16

  • 32 Profile Management

    00:49

  • 33 Web Access Management

    00:29

  • 34 Single Sign-On (SSO)

    01:48

  • 35 SSO Technologies

    01:00

  • 36 Kerberos

    02:41

  • 37 Kerberos Steps

    01:35

  • 38 Problems with Kerberos

    00:54

  • 39 Business Scenario

    01:01

  • 40 Access Control Types - Security Layer

    01:16

  • 41 Access Control Types - Functionality

    01:39

  • 42 Business Scenario

    00:23

  • 43 Access Control Models - DAC

    01:00

  • 44 Access Control Models - MAC

    01:00

  • 45 Access Control Models - RBAC

    00:51

  • 46 Business Scenario

    00:27

  • 47 Access Control Concepts

    03:11

  • 48 Types of Access Control Administration

    02:19

  • 49 Remote Authentication Dial-In User Service (RADIUS)

    01:50

  • 50 TACACS and TACACS

    00:55

  • 51 DIAMETER

    00:57

  • 52 Accountability

    01:42

  • 53 Accountability (contd.)

    00:40

  • 54 Session Management

    00:55

  • 55 Registration and Proof of Identity

    00:41

  • 56 Credential Management Systems

    00:46

  • 57 Credential Management Systems - Risks and benefits

    00:42

  • 58 Federated Identity Management

    00:44

  • 59 Federated Identity Management Models

    00:50

  • 60 Federated Identity Management Models (contd.)

    01:05

  • 61 Federated Identity Management Models (contd.)

    00:47

  • 62 Identity as a Service

    00:44

  • 63 Identity as a Service - Functionality

    01:52

  • 64 Identity as a Service - Possible Issues

    01:06

  • 65 Integrate Third-Party Identity Services

    01:04

  • 66 Integrate Third-Party Identity Services (contd.)

    00:48

  • 67 Unauthorized Disclosure of Information

    03:37

  • 68 Threats to Access Control

    04:26

  • 69 Protection against Access Control Attacks

    00:38

  • 70 Access Control Best Practices

    00:53

  • 71 Access Control Best Practices (contd.)

    00:28

  • 72 Quiz

  • 73 Summary

    00:33

  • 74 Conclusion

    00:07

• Domain 06 - Security Assessment and Testing

  45:38Preview

  • 1 Domain 06 - Security Assessment and Testing

    00:12

  • 2 Objectives

    00:24

  • 3 Security Assessment and Testing - Introduction

    00:36

  • 4 Assessment and Test Strategies

    00:48

  • 5 Vulnerability Assessment

    01:04

  • 6 Penetration Testing

    01:18

  • 7 Log Management

    01:13

  • 8 Log Management - Advantages and Challenges

    00:43

  • 9 Log Management - Best Practices

    00:47

  • 10 Log Management - Operational Process

    00:39

  • 11 Logged Events

    00:27

  • 12 Synthetic Transactions

    00:59

  • 13 Reasons to Use Synthetic Transactions

    00:51

  • 14 Code Review and Testing

    00:49

  • 15 Testing Techniques

    01:15

  • 16 Security Testing in the SDLC

    01:55

  • 17 Software Product Testing Levels

    01:05

  • 18 Misuse Case Testing

    00:37

  • 19 Misuse Case Testing - Scenarios

    01:18

  • 20 Test Coverage Analysis

    00:37

  • 21 Interface Testing

    00:34

  • 22 API Testing (contd.)

    00:58

  • 23 Interface Testing (contd.)

    00:26

  • 24 GUI Testing

    00:50

  • 25 Common Software Vulnerabilities

    01:27

  • 26 Business Scenario

    00:54

  • 27 Information Security Continuous Monitoring

    01:32

  • 28 Information Security Continuous Monitoring - Strategy and Process

    01:54

  • 29 Risk Evaluation and Control - Metrics

    00:59

  • 30 Security Controls Monitoring Frequencies

    02:23

  • 31 ISCM - Benefits

    00:50

  • 32 Key Performance and Risk Indicators

    01:12

  • 33 Internal and Third Party Audits

    01:32

  • 34 Audit Frequency and Scope

    00:47

  • 35 Statement on Auditing Standards No. 70

    01:42

  • 36 Service Organization Controls

    00:57

  • 37 SOC 1 Report

    01:22

  • 38 SOC 2 Report

    01:39

  • 39 Reports (contd.)

    01:06

  • 40 SOC 3 Report

    00:41

  • 41 SOC 1, SOC 2, and SOC 3 Comparison

    00:57

  • 42 Audit Process - Audit Preparation Phase

    01:03

  • 43 Audit Process - Audit Phase

    00:42

  • 44 Business Scenario

    00:36

  • 45 Quiz

  • 46 Summary

    00:52

  • 47 Conclusion

    00:06

• Domain 07 - Security Operations

  03:08:04Preview

  • 1 Domain 07 - Security Operations

    00:12

  • 2 Objectives

    00:24

  • 3 Importance of Security Operations - Case Study

    00:47

  • 4 Introduction to Investigations

    00:41

  • 5 Investigation Challenges

    01:04

  • 6 Investigations - Primary Activities

    01:50

  • 7 Crime Scene

    00:51

  • 8 Forensic Investigation Guidelines

    01:06

  • 9 Incident Response Terminologies

    01:52

  • 10 Incident Response Goals

    00:28

  • 11 Incident Response Team

    01:39

  • 12 Incident Response Procedures

    02:18

  • 13 Incident Response Procedures (contd.)

    00:59

  • 14 Incident Response Procedures (contd.)

    00:26

  • 15 Incident Response Procedures (contd.)

    00:30

  • 16 Business Scenario

    00:52

  • 17 Evidence

    01:20

  • 18 Evidence Lifecycle

    01:16

  • 19 Chain of Evidence

    01:03

  • 20 Types of Evidence

    03:47

  • 21 Computer Forensics Procedure

    00:49

  • 22 Requirements for Investigation Types

    01:15

  • 23 Logging and Monitoring Activities

    00:40

  • 24 Intrusion Detection System

    05:26

  • 25 Intrusion Prevention System

    02:29

  • 26 Security Information and Event Management (SIEM)

    01:11

  • 27 Security Information and Event Management (SIEM) - Characteristics

    00:45

  • 28 Continuous Monitoring

    00:53

  • 29 Egress Filtering

    01:00

  • 30 Data Leak or Loss Prevention (DLP)

    01:25

  • 31 Steganography and Digital Watermarking

    00:58

  • 32 Business Scenario

    00:43

  • 33 Secure Provisioning of Resources through Configuration Management

    01:08

  • 34 Secure Provisioning of Resources through Configuration Management (contd.)

    00:51

  • 35 Introduction to Security Operations

    00:37

  • 36 Security Operations Concepts

    00:44

  • 37 Security Operations

    00:51

  • 38 Effects of Operations Controls on C.I.A.

    00:29

  • 39 Business Scenario

    01:03

  • 40 Operational Resilience

    01:08

  • 41 Threats to Operations

    02:11

  • 42 Threats to Operations (contd.)

    02:36

  • 43 Vulnerabilities

    03:29

  • 44 Controls

    01:48

  • 45 Business Scenario

    00:43

  • 46 Need for Controlling Privileged Accounts

    01:17

  • 47 Identity and Access Management

    01:30

  • 48 Types of Accounts

    01:28

  • 49 Commonly Used Roles

    01:00

  • 50 Commonly Used Roles (contd.)

    01:52

  • 51 Monitoring Special Privileges

    00:32

  • 52 Service Level Agreements (SLAs)

    01:14

  • 53 Business Scenario

    00:45

  • 54 Protect Valuable Assets

    01:27

  • 55 Protecting Physical Assets

    00:44

  • 56 Protecting Information Assets

    01:07

  • 57 Protecting Resources

    01:32

  • 58 Controls for Protecting Assets - Hardware Controls

    01:51

  • 59 Controls for Protecting Assets - Software Controls

    02:02

  • 60 Controls for Protecting Assets - Media Controls

    02:00

  • 61 Controls for Protecting Assets - Administrative Controls

    02:50

  • 62 Cloud and Virtual Storage

    00:53

  • 63 Cloud and Virtual Storage Security Issues

    00:53

  • 64 Types of Virtualized Storage

    01:59

  • 65 Hard Copy Records

    00:46

  • 66 Business Scenario

    00:33

  • 67 Incident Management

    01:45

  • 68 Security Measurements, Metrics, and Reporting

    00:31

  • 69 Managing Security Technologies

    00:41

  • 70 Incident Management - Detection Phase

    00:26

  • 71 Intrusion Detection System

    00:45

  • 72 Security Information Event Management (SIEM)

    02:38

  • 73 Anti-Malware Systems

    00:59

  • 74 Monitoring Techniques - Violation Analysis

    01:11

  • 75 Incident Management - Other Phases

    01:11

  • 76 Trusted Recovery and System Recovery

    01:53

  • 77 Problem Management

    01:29

  • 78 Operating and Maintaining Preventive Measures

    01:02

  • 79 Patch Management

    01:14

  • 80 Vulnerability Management

    01:18

  • 81 Change Management

    01:38

  • 82 Change Control Process

    01:22

  • 83 Configuration Management

    02:24

  • 84 Configuration Management (contd.)

    00:25

  • 85 Business Scenario

    00:37

  • 86 Develop a Recovery Strategy

    01:17

  • 87 Types of Recovery - Business Recovery and Facility and Supply Recovery

    00:44

  • 88 Types of Recovery - User Recovery

    00:29

  • 89 Types of Recovery - Operational Recovery

    00:55

  • 90 Recovery Partners Strategy

    02:44

  • 91 Backup Sites

    00:51

  • 92 Backup Sites (contd.)

    03:05

  • 93 Backup Sites (contd.)

    01:36

  • 94 Backup Methods

    01:35

  • 95 Importance of Maintaining Resilient Systems

    02:34

  • 96 Redundancy and Fault Tolerance

    01:53

  • 97 Redundancy and Fault Tolerance Methods

    01:13

  • 98 Redundancy and Fault Tolerance Methods (contd.)

    04:21

  • 99 Best Practices for Backup and Recovery

    00:54

  • 100 Business Scenario

    00:43

  • 101 Disaster Recovery - Planning Design and Development

    00:37

  • 102 Planning Design and Development - Step 1 and Step 2

    01:37

  • 103 Planning Design and Development - Step 3 and Step 4

    02:19

  • 104 Disaster Recovery Phases - Implementation, Testing, and Training

    00:43

  • 105 Importance of Testing

    00:18

  • 106 Types of Testing

    01:03

  • 107 Types of Testing (contd.)

    01:29

  • 108 Types of Testing (contd.)

    01:54

  • 109 Training

    02:56

  • 110 Disaster Recovery Phases - Maintenance

    02:49

  • 111 Disaster Recovery Phases - Maintenance (contd.)

    00:25

  • 112 Business Scenario

    01:04

  • 113 Perimeter Security

    01:32

  • 114 Barriers

    00:36

  • 115 Fences

    01:13

  • 116 Gates

    01:39

  • 117 Walls and Bollards

    01:12

  • 118 Perimeter Intrusion Detection

    04:26

  • 119 Business Scenario

    00:41

  • 120 Importance of Lighting

    01:12

  • 121 Types of Lighting Systems

    01:20

  • 122 Types of Lights

    01:21

  • 123 Access Control

    01:41

  • 124 Types of Access Control Systems

    06:33

  • 125 Business Scenario

    00:42

  • 126 Building and Inside Security

    08:04

  • 127 Personnel Security

    01:28

  • 128 Business Scenario

    00:50

  • 129 Quiz

  • 130 Summary

    00:59

  • 131 Conclusion

    00:06

• Domain 08 - Software Development Security

  01:50:10Preview

  • 1 Domain 08 - Software Development Security

    00:13

  • 2 Objectives

    00:24

  • 3 Importance of Software Development Security

    00:51

  • 4 System Environments

    01:07

  • 5 Distributed Environment

    00:10

  • 6 Client/Server Systems and Local Environment

    00:34

  • 7 Distributed Data Processing and Agents

    00:44

  • 8 Applets

    00:41

  • 9 Programming Concepts

    01:26

  • 10 Complier Vs Interpreter

    01:39

  • 11 Programming and Software

    01:39

  • 12 Threats in the Software Environment

    01:14

  • 13 Threats in the Software Environment (contd.)

    02:10

  • 14 Threats in the Software Environment (contd.)

    01:06

  • 15 Threats in the Software Environment (contd.)

    01:03

  • 16 Threats in the Software Environment (contd.)

    00:49

  • 17 Threats in the Software Environment (contd.)

    00:45

  • 18 Business Scenario

    01:11

  • 19 System Life Cycle and Systems Development

    02:34

  • 20 Systems Development Life Cycle

    02:31

  • 21 SDLC - Operation and Maintenance

    00:41

  • 22 Integrated Product Team (IPT)

    00:42

  • 23 DevOps

    00:38

  • 24 Software Testing Methods

    03:17

  • 25 Software Testing Levels

    00:42

  • 26 Application Controls

    00:35

  • 27 Software Development Methods

    01:08

  • 28 Software Development Methods (contd.)

    01:09

  • 29 Software Development Methods (contd.)

    00:53

  • 30 Software Development Methods (contd.)

    00:54

  • 31 Software Development Methods (contd.)

    01:31

  • 32 Java Security

    00:56

  • 33 Secure Software Development Best Practices

    00:46

  • 34 Business Scenario

    01:04

  • 35 Object - Oriented Programming Terms

    01:00

  • 36 Object - Oriented Programming Terms (contd.)

    00:33

  • 37 Object - Oriented Programming - Definition

    01:23

  • 38 Distributed Object - Oriented Systems

    01:46

  • 39 Object Request Brokers

    00:48

  • 40 COM - Component Object Model

    00:28

  • 41 DCOM - Distributed Component Object Model

    00:38

  • 42 CORBA - Common Object Request Broker Architecture

    00:58

  • 43 Software Security and Assurance

    01:17

  • 44 Software Security and Assurance (contd.)

    00:42

  • 45 Software Security and Assurance (contd.)

    00:52

  • 46 Software Security and Assurance (contd.)

    00:41

  • 47 Software Security and Assurance (contd.)

    00:40

  • 48 Software Security and Assurance (contd.)

    00:50

  • 49 Software Security and Assurance (contd.)

    00:39

  • 50 Software Security and Assurance (contd.)

    00:54

  • 51 Software Security and Assurance (contd.)

    00:40

  • 52 Software Security and Assurance (contd.)

    00:36

  • 53 Software Security and Assurance (contd.)

    00:56

  • 54 Software Security and Assurance (contd.)

    00:53

  • 55 Software Security and Assurance (contd.)

    00:35

  • 56 Software Security XML and Security Assertion Markup Language

    01:23

  • 57 Software Security SOA

    02:15

  • 58 Audit and Assurance Mechanisms

    02:23

  • 59 Assessing the Effectiveness of Software Security

    00:51

  • 60 Assessing the Effectiveness of Software Security (contd.)

    00:50

  • 61 Assessing the Security Impact of Acquired Software

    01:15

  • 62 Code Repositories and Application Programming Interfaces

    01:04

  • 63 Business Scenario

    00:46

  • 64 Database and Data Warehousing Environments

    01:25

  • 65 Database Terms

    01:09

  • 66 Types of Databases

    00:27

  • 67 Types of Databases (contd.)

    00:26

  • 68 Types of Databases (contd.)

    00:41

  • 69 Types of Databases (contd.)

    00:29

  • 70 Types of Databases (contd.)

    00:43

  • 71 Database - Threats and Vulnerabilities

    04:40

  • 72 Introduction to Data Warehousing

    01:03

  • 73 Data Warehousing Concepts

    01:57

  • 74 Database Normalization

    01:16

  • 75 DBMS Controls

    04:26

  • 76 Business Scenario

    00:38

  • 77 Malwares - Types

    04:56

  • 78 Malware Protection

    01:30

  • 79 Business Scenario

    00:35

  • 80 Importance and Role of Knowledge Management

    01:03

  • 81 Knowledge - Based System Artificial Intelligence

    00:33

  • 82 Knowledge - Based System - Expert System

    01:22

  • 83 Knowledge - Based System - Neural Network

    01:33

  • 84 Web Application Environment - Threats and Vulnerabilities

    01:35

  • 85 Web Application Environment Security

    01:02

  • 86 Web Application Environment Security (contd.)

    01:14

  • 87 Web Application Environment Security (contd.)

    00:34

  • 88 Web Application Environment Security (contd.)

    00:45

  • 89 The Ten Best Practices for Secure Software Development - (ISC)

    06:28

  • 90 Quiz

  • 91 Summary

    01:07

  • 92 Conclusion

    00:10