CISSP Domain 5 and Domain 6 - Bootcamp Course

This is an ideal course for any student who is preparing for CISSP. The course content covers Domain 5 and Domain 6 in detail.

Design and validate assessment, test, and audit strategies

• Internal

• External

• Third-party

Conduct security control testing

• Vulnerability assessment

• Penetration testing

• Log reviews

• Synthetic transactions

• Code review and testing

• Misuse case testing

• Test coverage analysis

• Interface testing

• Breach attack simulations

• Compliance checks

Collect security process data (e.g., technical and administrative)

• Account management

• Management review and approval

• Key performance and risk indicators

• Backup verification data

• Training and awareness

• Disaster Recovery (DR) and Business Continuity (BC)

Analyze test output and generate reports

• Remediation

• Exception handling

• Ethical disclosure

Conduct or facilitate security audits

• Internal

• External

• Third-party

Control physical and logical access to assets

• Information

• Systems

• Devices

• Facilities

• Applications

Manage identification and authentication of people, devices, and services

• Identity Management (IdM) implementation

• Single/Multi-Factor Authentication (MFA)

• Accountability

• Session management

• Registration, proofing, and establishment of identity

• Federated Identity Management (FIM)

• Credential management systems

• Single Sign On (SSO)

• Just-In-Time (JIT)

Federated identity with a third-party service

• On-premises

• Cloud

• Hybrid

Implement and manage authorization mechanisms

• Role Based Access Control (RBAC)

• Rule based access control

• Mandatory Access Control (MAC)

• Discretionary Access Control (DAC)

• Attribute Based Access Control (ABAC)

• Risk based access control

Manage the identity access provisioning lifecycle

• Account access review (e.g., user, system, service)

• Provisioning and deprovisioning (E.g., on/off boarding and transfers)

• Role definition (e.g., people assigned to new roles)

• Privilege escalation (e.g., manage service accounts, use of sudo, minimizing its use)

Implement authentication systems

• OPENid Connect (OIDC)/Open Authorization (Oauth)

• Security Assertion Markup Language (SAML)

• Kerberos

• Remote Authentication Dial-In User Service (RADIUS)/Terminal Access Controller Access Control System Plus (TACACS+)

The CISSP exam is governed by the International Information Systems  Security Certification Consortium (ISC) . (ISC) is a global not-for-profit organization. It has four primary mission goals:

Maintain the Common Body of Knowledge (CBK) for the field of information systems security.

Provide certification for information systems security professionals and practitioners.

Conduct certification training and administer the certification exams.

Oversee the ongoing accreditation of qualified certification candidates through continued education.

The (ISC)2 is operated by a board of directors elected from the ranks of its certified practitioners.

Subscribe now! The CISSP exam is governed by the International Information Systems  Security Certification Consortium (ISC) . (ISC) is a global not-for-profit organization.