Introduction How to take the CISSP Exam Domain 1: Access Control Confidentiality, integrity, and availability Identity, authentication, authorization, and accountability Categories and Controls Types of authentication Access control attacks Access provisioning lifecycle Domain 2: Telecommunications and Network Security Network Security Concepts The OSI and TCP/IP models Network devices End-point security Network attacks, detection, and mitigation Defense in depth Protocols Remote access Domain 3: Information Security Governance and Risk Management Policies, Procedures, Standards, Guidelines and Baselines Defense-in-depth Risk Management formulas Quantitative and Qualitative Risk Analysis Total cost of ownership and return on investment Outsourcing and offshoring Certification and accreditation Control frameworks Managing 3rd-party governance Domain 4: Software Development Security Software-based Controls The Software Development Lifecycle Object oriented systems Artificial intelligence Domain 5: Cryptography Crypto history Cryptography Concepts and Algorithms Symmetric encryption, Asymmetric encryption, and hashes Digital Signatures Cryptanalysis Steganography and watermarking Non-repudiation Domain 6: Security Architecture and Design Security architecture principles Trusted Computing Base The security kernel and reference monitor Secure hardware Covert channels XML, SAML and OWASP Domain 7: Security Operations Backups and Media Change Control Controls Categories Object marking, handling, an storage Separation of duties and rotation of duties Operational attacks Incident response Domain 8: Business Continuity and Disaster Recovery Planning The BCP process Business Impact Analysis and Maximum Allowable Downtime Hot, warm, and cold sites BCP/DRP testing Site restoration Activities Databases and data warehousing Domain 9: Legal, Regulations, Investigations, and Compliance Professional Ethics Major Legal Systems Criminal, Civil, and Regulatory Law Laws and Information Security Forensic investigations Cloud computing Domain 10: Physical (Environmental) Security Physical controls Environmental controls Perimeter security Locks, alarms and cameras Guards and dogs Site Location.