(ISC)²

CNG 1031 X40 Principles of Information Assurance

(CCA-CNG-1031X40.AE1)
Lessons
Lab
TestPrep
AI Tutor (Add-on)
Get A Free Trial

Skills You’ll Get

Download Course Outline

1

Introduction

  • Overview of the CISSP Exam
  • The Elements of This Study Guide
  • Study Guide Exam Objectives
  • Objective Map
2

Security Governance Through Principles and Policies

  • Security 101
  • Understand and Apply Security Concepts
  • Security Boundaries
  • Evaluate and Apply Security Governance Principles
  • Manage the Security Function
  • Security Policy, Standards, Procedures, and Guidelines
  • Threat Modeling
  • Supply Chain Risk Management
  • Summary
  • Exam Essentials
  • Written Lab
3

Personnel Security and Risk Management Concepts

  • Personnel Security Policies and Procedures
  • Understand and Apply Risk Management Concepts
  • Social Engineering
  • Establish and Maintain a Security Awareness, Education, and Training Program
  • Summary
  • Exam Essentials
  • Written Lab
4

Business Continuity Planning

  • Planning for Business Continuity
  • Project Scope and Planning
  • Business Impact Analysis
  • Continuity Planning
  • Plan Approval and Implementation
  • Summary
  • Exam Essentials
  • Written Lab
5

Laws, Regulations, and Compliance

  • Categories of Laws
  • Laws
  • State Privacy Laws
  • Compliance
  • Contracting and Procurement
  • Summary
  • Exam Essentials
  • Written Lab
6

Protecting Security of Assets

  • Identifying and Classifying Information and Assets
  • Establishing Information and Asset Handling Requirements
  • Data Protection Methods
  • Understanding Data Roles
  • Using Security Baselines
  • Summary
  • Exam Essentials
  • Written Lab
7

Cryptography and Symmetric Key Algorithms

  • Cryptographic Foundations
  • Modern Cryptography
  • Symmetric Cryptography
  • Cryptographic Lifecycle
  • Summary
  • Exam Essentials
  • Written Lab
8

PKI and Cryptographic Applications

  • Asymmetric Cryptography
  • Hash Functions
  • Digital Signatures
  • Public Key Infrastructure
  • Asymmetric Key Management
  • Hybrid Cryptography
  • Applied Cryptography
  • Cryptographic Attacks
  • Summary
  • Exam Essentials
  • Written Lab
9

Principles of Security Models, Design, and Capabilities

  • Secure Design Principles
  • Techniques for Ensuring CIA
  • Understand the Fundamental Concepts of Security Models
  • Select Controls Based on Systems Security Requirements
  • Understand Security Capabilities of Information Systems
  • Summary
  • Exam Essentials
  • Written Lab
10

Security Vulnerabilities, Threats, and Countermeasures

  • Shared Responsibility
  • Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements
  • Client-Based Systems
  • Server-Based Systems
  • Industrial Control Systems
  • Distributed Systems
  • High-Performance Computing (HPC) Systems
  • Internet of Things
  • Edge and Fog Computing
  • Embedded Devices and Cyber-Physical Systems
  • Specialized Devices
  • Microservices
  • Infrastructure as Code
  • Virtualized Systems
  • Containerization
  • Serverless Architecture
  • Mobile Devices
  • Essential Security Protection Mechanisms
  • Common Security Architecture Flaws and Issues
  • Summary
  • Exam Essentials
  • Written Lab
11

Physical Security Requirements

  • Apply Security Principles to Site and Facility Design
  • Implement Site and Facility Security Controls
  • Implement and Manage Physical Security
  • Summary
  • Exam Essentials
  • Written Lab
12

Secure Network Architecture and Components

  • OSI Model
  • TCP/IP Model
  • Analyzing Network Traffic
  • Common Application Layer Protocols
  • Transport Layer Protocols
  • Domain Name System
  • Internet Protocol (IP) Networking
  • ARP Concerns
  • Secure Communication Protocols
  • Implications of Multilayer Protocols
  • Microsegmentation
  • Wireless Networks
  • Other Communication Protocols
  • Cellular Networks
  • Content Distribution Networks (CDNs)
  • Secure Network Components
  • Summary
  • Exam Essentials
  • Written Lab
13

Secure Communications and Network Attacks

  • Protocol Security Mechanisms
  • Secure Voice Communications
  • Remote Access Security Management
  • Multimedia Collaboration
  • Load Balancing
  • Manage Email Security
  • Virtual Private Network
  • Switching and Virtual LANs
  • Network Address Translation
  • Third-Party Connectivity
  • Switching Technologies
  • WAN Technologies
  • Fiber-Optic Links
  • Security Control Characteristics
  • Prevent or Mitigate Network Attacks
  • Summary
  • Exam Essentials
  • Written Lab
14

Managing Identity and Authentication

  • Controlling Access to Assets
  • Managing Identification and Authentication
  • Implementing Identity Management
  • Managing the Identity and Access Provisioning Lifecycle
  • Summary
  • Exam Essentials
  • Written Lab
15

Controlling and Monitoring Access

  • Comparing Access Control Models
  • Implementing Authentication Systems
  • Understanding Access Control Attacks
  • Summary
  • Exam Essentials
  • Written Lab
16

Security Assessment and Testing

  • Building a Security Assessment and Testing Program
  • Performing Vulnerability Assessments
  • Testing Your Software
  • Implementing Security Management Processes
  • Summary
  • Exam Essentials
  • Written Lab
17

Managing Security Operations

  • Apply Foundational Security Operations Concepts
  • Addressing Personnel Safety and Security
  • Provision Resources Securely
  • Apply Resource Protection
  • Managed Services in the Cloud
  • Perform Configuration Management (CM)
  • Managing Change
  • Managing Patches and Reducing Vulnerabilities
  • Summary
  • Exam Essentials
  • Written Lab
18

Preventing and Responding to Incidents

  • Conducting Incident Management
  • Implementing Detective and Preventive Measures
  • Logging and Monitoring
  • Automating Incident Response
  • Summary
  • Exam Essentials
  • Written Lab
19

Disaster Recovery Planning

  • The Nature of Disaster
  • Understand System Resilience, High Availability, and Fault Tolerance
  • Recovery Strategy
  • Recovery Plan Development
  • Training, Awareness, and Documentation
  • Testing and Maintenance
  • Summary
  • Exam Essentials
  • Written Lab
20

Investigations and Ethics

  • Investigations
  • Major Categories of Computer Crime
  • Ethics
  • Summary
  • Exam Essentials
  • Written Lab
21

Software Development Security

  • Introducing Systems Development Controls
  • Establishing Databases and Data Warehousing
  • Storage Threats
  • Understanding Knowledge-Based Systems
  • Summary
  • Exam Essentials
  • Written Lab
22

Malicious Code and Application Attacks

  • Malware
  • Malware Prevention
  • Application Attacks
  • Injection Vulnerabilities
  • Exploiting Authorization Vulnerabilities
  • Exploiting Web Application Vulnerabilities
  • Application Security Controls
  • Secure Coding Practices
  • Summary
  • Exam Essentials
  • Written Lab

1

Security Governance Through Principles and Policies

  • Encrypting the Disk
  • Encrypting a File or Folder
  • Understanding documentation review
2

Personnel Security and Risk Management Concepts

  • Understanding and Applying Risk Management Concepts
  • Understanding Security Controls
3

Business Continuity Planning

  • Understanding Business Continuity Planning
4

Laws, Regulations, and Compliance

  • Understanding Laws related to IT
5

Protecting Security of Assets

  • Understanding Data Loss Prevention System
6

Cryptography and Symmetric Key Algorithms

  • Understanding Cryptographic Systems
  • Understanding Symmetric Encryption Algorithms
7

PKI and Cryptographic Applications

  • Observing an MD5-Generated Hash Value
  • Observing an SHA-Generated Hash Value
  • Using OpenSSL to Create a Public/Private Key Pair
  • Understanding the Diffie-Hellman Algorithm
  • Understanding the RSA Algorithm
  • Hiding Text Using Steganography
  • Understanding the Hardware Security Module
8

Principles of Security Models, Design, and Capabilities

  • Understanding Secure Design Principles
  • Understanding Evaluation Assurance Levels
  • Understanding Constrained Interface
9

Security Vulnerabilities, Threats, and Countermeasures

  • Understanding the Lifecycle of an Executed Process
  • Understanding the Internet Files Cache
  • Understanding Hypervisor
  • Understanding a Rootkit
10

Physical Security Requirements

  • Understanding Fire Detection Systems
  • Understanding Security Controls
  • Understanding Programmable Lock
11

Secure Network Architecture and Components

  • Understanding the OSI Model
  • Understanding the Application Layer Protocols
  • Configuring IPSec
  • Understanding IP Classes
  • Understanding Virtual eXtensible LAN
  • Understanding 802.11 Wireless Networking Amendments
  • Understanding LiFi and Zigbee
  • Using Windows Firewall
  • Understanding Network Topologies
12

Secure Communications and Network Attacks

  • Configuring a VPN
  • Understanding IPsec's Encryption of a Packet in Transport and Tunnel Modes
  • Configuring VLANs
  • Configuring Dynamic NAT
  • Configuring Static NAT
  • Understanding NAT and PAT
  • Understanding Third-Party Connectivity
  • Understanding Circuit Switching and Packet Switching
13

Managing Identity and Authentication

  • Restricting Local Accounts
14

Controlling and Monitoring Access

  • Assigning Permissions to Folders
  • Examining Kerberos Settings
  • Performing Spoofing
  • Simulating an Eavesdropping Attack Using Wireshark
  • Using Rainbow Tables
15

Security Assessment and Testing

  • Configuring Audit Group Policy
  • Using nmap for Scanning
  • Conducting Vulnerability Scanning Using Nessus
  • Exploiting Windows 7 Using Metasploit
  • Scanning Ports Using Metasploit
  • Understanding Penetration Testing
  • Understanding Penetration Tests
  • Understanding the Fagan Inspections
  • Understanding Training and Awareness Program
16

Managing Security Operations

  • Understanding Security Operations
  • Understanding Privileged Account Management
  • Understanding Cloud Shared Responsibility Model
17

Preventing and Responding to Incidents

  • Performing DoS Attack with SYN Flood
  • Enabling Intrusion Prevention and Detection
  • Understanding Honeypots and Honeynets
  • Understanding Security Information and Event Management
18

Disaster Recovery Planning

  • Configuring RAID 5
  • Taking Incremental Backup
  • Taking a Full Backup
19

Investigations and Ethics

  • Completing the Chain of Custody
  • Understanding Organizational Code of Ethics
20

Software Development Security

  • Understanding Software Development Lifecycle
  • Understanding Software Capability Maturity Model
  • Understanding ACID Model
  • Understanding a Neural Network
21

Malicious Code and Application Attacks

  • Causing a DarkComet Trojan Infection
  • Understanding Antimalware Software
  • Exploiting a Website Using SQL Injection
  • Conducting a Cross-Site Request Forgery Attack
  • Attacking a Website Using XSS Injection

Any questions?
Check out the FAQs

Still have unanswered questions and need to get in touch?

Contact Us Now

CNG 1031 X40 Principles of Information Assurance

$279.99

Buy Now

Related Courses

All Courses
We use cookies for improving site experience and analytics. Learn More