Xastray
Week 1 study guide
General
The “Mind Map” – “CISSP.pdf” is a list of all areas you need to learn.
The 10 Domains https://www.isc2.org/cissp-domains/default.aspx CISSP practice tests
Start with doing some flash cards and quizzes http://www.cccure.org/modules.php?name=Web_Links&l_op=viewlink&cid=168 http://quizlet.com/2398073/cissp-250-500-flash-cards/
Read – The basic terms in Security etc.
• “Doc01.pdf”
Read up on Risk - Risk Management, Security Compliance and Audit Controls
“Risk Management, Security Compliance and Audit Controls.pdf”
This includes:
• Risk Analysis
• Risk Assessment
• Business Impact Analysis
• Defense in Depth Model
• Data Classification
• Risk Management
• Compliance and Audit Controls
• FMECA Fault Trees
• Event Trees
• CCA
• TBA
Part 1 Access Controls
Reading
http://en.wikipedia.org/wiki/Access_control
Reading – Security Policy overview
“A– Policy Issues.pdf”
This includes:
• The Role of Policy and Procedures in Information Systems Defense
• Interpreting Policy as an Auditor
• Identifying Preventive, Detective and Corrective Controls
• Security Policy Development
Reading - Assessing Security Awareness and Knowledge of Policy
“Assessing Security Awareness and Knowledge of Policy.pdf”
This includes:
• The creation of an awareness program.
• Testing Knowledge and Security Awareness
Reading - Policy Issues and Fundamentals
“B– Policy Issues.pdf”
This includes:
• The Role in Relation to Policy Creation and Compliance
Part 2 – Software Design and development Security
Reading
http://en.wikipedia.org/wiki/Application_security
SWEBOK
http://www.computer.org/portal/web/swebok
OWASP
http://www.computer.org/portal/web/swebok
Attacks
http://ha.ckers.org/xss.html https://www.owasp.org/index.php/HTTP_Response_Splitting http://www.owasp.org/index.php/SQL_Injection
Read - Auditing
General
The “Mind Map” – “CISSP.pdf” is a list of all areas you need to learn.
The 10 Domains https://www.isc2.org/cissp-domains/default.aspx CISSP practice tests
Start with doing some flash cards and quizzes http://www.cccure.org/modules.php?name=Web_Links&l_op=viewlink&cid=168 http://quizlet.com/2398073/cissp-250-500-flash-cards/
Read – The basic terms in Security etc.
• “Doc01.pdf”
Read up on Risk - Risk Management, Security Compliance and Audit Controls
“Risk Management, Security Compliance and Audit Controls.pdf”
This includes:
• Risk Analysis
• Risk Assessment
• Business Impact Analysis
• Defense in Depth Model
• Data Classification
• Risk Management
• Compliance and Audit Controls
• FMECA Fault Trees
• Event Trees
• CCA
• TBA
Part 1 Access Controls
Reading
http://en.wikipedia.org/wiki/Access_control
Reading – Security Policy overview
“A– Policy Issues.pdf”
This includes:
• The Role of Policy and Procedures in Information Systems Defense
• Interpreting Policy as an Auditor
• Identifying Preventive, Detective and Corrective Controls
• Security Policy Development
Reading - Assessing Security Awareness and Knowledge of Policy
“Assessing Security Awareness and Knowledge of Policy.pdf”
This includes:
• The creation of an awareness program.
• Testing Knowledge and Security Awareness
Reading - Policy Issues and Fundamentals
“B– Policy Issues.pdf”
This includes:
• The Role in Relation to Policy Creation and Compliance
Part 2 – Software Design and development Security
Reading
http://en.wikipedia.org/wiki/Application_security
SWEBOK
http://www.computer.org/portal/web/swebok
OWASP
http://www.computer.org/portal/web/swebok
Attacks
http://ha.ckers.org/xss.html https://www.owasp.org/index.php/HTTP_Response_Splitting http://www.owasp.org/index.php/SQL_Injection
Read - Auditing