🎧 openpodme

KategorierSøk Podcast
CISSP Central

CISSP Central

Teknologi

Welcome to CISSP Central, the ultimate podcast for aspiring and certified CISSP professionals! Whether you’re studying for the CISSP 2024 syllabus exam or looking to sharpen your cybersecurity skills, this podcast is your go-to resource. Each episode dives deep into the critical domains of cybersecurity, offering insights, tips, and real-world experiences from industry experts.Join us as we explore the latest trends, challenges, and solutions in information security, helping you stay ahead in a rapidly evolving digital world. From encryption to risk management, compliance to cloud security, CISSP Central covers it all!Perfect for CISSP candidates, InfoSec pros, and anyone passionate about safeguarding information in the modern age. Tune in, learn, and become the cybersecurity expert you were meant to be!Note: This entire podcast has been prepared based on a published book on Amazon named C(R)ISSP: The Most Concise Handbook for CISSP 2024, written by myself, which can be purchased directly from Amazon by clicking this link.

Siste episoder av CISSP Central podcast

Side 1 av 1
  1. CISSP Domain8 Section 5 (00:12:57)

    8.5 Define and apply secure coding guidelines and standards8.5.1 Security weaknesses and vulnerabilities at the source-code level8.5.2 Security of application programming interfaces (API)8.5.3 Secure Coding Practices8.5.4 Software-defined security

  2. CISSP Domain8 Section 3 and 4 (00:13:44)

    8.3 Assess the effectiveness of software security8.3.1 Auditing and logging of changes8.3.2 Risk analysis and mitigation8.4 Assess security impact of acquired software8.4.1 Commercial-off-the-shelf (COTS)8.4.2 Open Source8.4.3 Third-Party8.4.4 Managed Services (e.g.., enterprise applications)8.4.5 Cloud Services (e.g.., SaaS, IaaS, PaaS)

  3. CISSP Domain8 Section2 (00:11:26)

    8.2 Identify & apply security controls in development environments8.2.1 Programming languages8.2.2 Libraries8.2.3 Tool sets8.2.4 Integrated Development Environment (IDE)8.2.5 Runtime8.2.6 Continuous Integration and Continuous Delivery (CI / CD)8.2.7 Software Configuration Management (SCM)8.2.8 Code Repositories8.2.9 Application security testing (e.g., SAST, DAST, IAST & SCA)

  4. CISSP Domain8 Intro and Section 1 (00:13:08)

    8.1 Understand and integrate security in the software development lifecycle8.1.1 Development Methodologies8.1.2 Maturity Models (e.g., Capability Maturity Model (CMM), Software Assurance Maturity Model (SAMM))8.1.3 Operations & Maintenance8.1.4 Change Management8.1.5 Integrated Product Team (IPT)

  5. CISSP Domain7 Section 13, 14 and 15 (00:03:45)

    7.13 Participate in Business Continuity (BC) planning and exercises7.14 Implement and manage physical security7.15 Address personnel safety and security concerns7.15.1 Travel7.15.2 Security Training & Awareness7.15.3 Emergency Management7.15.4 Duress

  6. CISSP Domain7 Section 12 (00:10:50)

    7.12 Test Disaster Recovery Plans7.12.1 Read-through/Checklist7.12.2 Walk-through/Tabletop7.12.3 Simulation7.12.4 Parallel7.12.5 Full Interruption7.12.6 Communications (e.g., stakeholders, test status, regulators)

  7. CISSP Domain7 Section 11 (00:13:23)

    7.11 Implement Disaster Recovery Process7.11.1 Response7.11.2 Personnel7.11.3 Communications7.11.4 Assessment7.11.5 Restoration7.11.6 Training & Awareness7.11.7 Lessons Learned

  8. CISSP Domain7 Section 8, 9 and 10 (00:11:55)

    7.8 Implement and support patch and vulnerability management7.9 Understand and participate in change management processes7.10 Implement recovery strategies7.10.1 Backup storage strategies7.10.2 Recovery site strategies7.10.3 Multiple processing sites7.10.4 System resilience, high availability (HA), Quality of Service (QoS), and fault tolerance (FT)

  9. CISSP Domain7 Section 7 (00:07:28)

    7.7 Operate and maintain detection and preventative measures7.7.1 Firewall7.7.2 Intrusion detection and prevention systems7.7.3 Whitelisting/Blacklisting7.7.4 Third-party provided security services7.7.5 Sandboxing7.7.6 Honeypots / Honeynets7.7.7 Anti-malware7.7.8 Machine learning and artificial intelligence (AI) based tools

  10. CISSP Domain7 Section 6 (00:10:45)

    7.6 Conduct incident management7.6.1 Detection7.6.2 Response7.6.3 Mitigation7.6.4 Reporting7.6.5 Recovery7.6.6 Remediation7.6.7 Lessons Learned

  11. CISSP Domain7 Section 5 (00:11:48)

    7.5 Apply resource protection techniques7.5.1 Media Management7.5.2 Hardware and software asset management7.5.3 Data at rest/Data in transit

  12. CISSP Domain7 Section 3 and Section 4 (00:08:39)

    7.3 Perform Configuration Management (e.g., provisioning, baselining, automation)7.4 Apply foundational security operations concepts7.4.1 Need to know/Least privileges7.4.2 Separation of Duties (SoD) and responsibilities7.4.3 Privileged account management7.4.4 Job rotation7.4.5 Service Level Agreement (SLA)

  13. CISSP Domain7 Section 2 (00:15:51)

    7.2 Conduct logging and monitoring activities7.2.1 Intrusion detection and prevention systems (IDPS)7.2.2 Security information and Event Management (SIEM)7.2.3 Security orchestration, automation, and response (SOAR)7.2.4 Continuous Monitoring7.2.5 Egress Monitoring7.2.6 Log Management7.2.7 Threat Intelligence (e.g. Threat feeds, threat hunting)7.2.8 User and Entity Behavior Analytics (UEBA)

  14. CISSP Domain7 Intro and Section 1 (00:17:30)

    7.0 DOMAIN 7: SECURITY OPERATIONS7.1 Understand and support investigations7.1.1 Evidence Collection and Handling7.1.2 Reporting and Documentation7.1.3 Investigation Techniques7.1.4 Digital forensics tools, tactics, and procedures7.1.5 Artifacts (e.g., data, computers, networks, mobile devices)

  15. CISSP Domain6 Intro and Section 4 (00:13:59)

    6.4 Analyze test output and generate report6.4.1 Remediation6.4.2 Exception Handling6.4.3 Ethical disclosure6.5 Conduct or facilitate security audits6.5.1 Internal6.5.2 External6.5.3 Third Party6.5.4 Location

  16. CISSP Domain6 Intro and Section 3 (00:10:02)

    6.3 Collect Security Process data6.3.1 Account Management6.3.2 Management review and approval6.3.3 Key Performance and Risk Indicator6.3.4 Backup Verification data6.3.5 Training and Awareness6.3.6 Disaster Recovery (DR) and Business Continuity (BC)

  17. CISSP Domain6 Section 2 (00:11:43)

    6.2 Conduct Security Control Testing6.2.1 Vulnerability Assessment6.2.2 Penetration Testing6.2.3 Log Reviews6.2.4 Synthetic Transaction6.2.5 Code review and testing6.2.6 Misuse case testing6.2.7 Coverage analysis6.2.8 Interface Testing6.2.9 Breach attack simulations (BAS)6.2.10 Compliance checks

  18. CISSP Domain6 Intro and Section 1 (00:11:25)

    6.0 DOMAIN 6: SECURITY ASSESSMENT AND TESTING6.1 Design and Validate assessment, test, and audit strategies6.1.1 Internal6.1.2 External6.1.3 Third-party6.1.4 Location (e.g. on-premises, cloud, hybrid)

  19. CISSP Domain5 Intro and Section 5 (00:14:08)

    5.5 Manage the identity and access provisioning lifecycle5.5.1 Account access review (e.g., user, system, service)5.5.2 Provisioning and deprovisioning (e.g., on/off boarding & transfers)5.5.3 Role definition & transition (e.g. people assigned to new roles)5.5.4 Privilege escalation (e.g. use of sudo, auditing its use)5.5.5 Service Accounts Management5.5.6 Implement Authentication Systems

  20. CISSP Domain5 Intro and Section 4 (00:10:36)

    5.4 Implement and manage authorization mechanisms

  21. CISSP Domain5 Intro and Section 3 (00:12:12)

    5.3 Federated identity with a third-party service5.3.1 On-Premises5.3.2 Cloud5.3.3 Hybrid

  22. CISSP Domain5 Section 2 (00:18:37)

    5.2 Design identification and authentication Strategy (e.g., people, devices, and services)5.2.1 Groups and Roles5.2.2 Authentication, Authorization and Accounting (AAA) (e.g., MFA, password-less authentication)5.2.3 Session management5.2.4 Registration, proofing, and establishment of identity5.2.5 Federated Identity Management (FIM)5.2.6 Credential Management Systems (e.g. Password vault)5.2.7 Single Sign-on (SSO)5.2.8 Just-in-Time (JIT)

  23. CISSP Domain5 Intro and Section 1 (00:16:28)

    5.0 DOMAIN 5: IDENTITY & ACCESS MANAGEMENT (IAM)5.1 Control physical and logical access to assets5.1.1 Information5.1.2 Systems5.1.3 Devices5.1.4 Facilities5.1.5 Applications5.1.6 Services

  24. CISSP Domain4 Section 3 (00:11:27)

    4.3 Implement secure communication channels according to design4.3.1 Voice, video, and collaboration (e.g., conferencing, Zoom rooms)4.3.2 Remote access (e.g., network administrative functions)4.3.3 Data communications (e.g., backhaul networks, satellite)4.3.4 Third-party connectivity (e.g., telecom providers, h/w support)

  25. CISSP Domain4 Section 2 (00:10:08)

    4.2 Secure Network Components4.2.1 Operation of infrastructure4.2.2 Transmission Media4.2.3 Network Access Control (NAC) devices4.2.4 Endpoint Security (e.g. host-based)

Side 1 av 1
Se podcasten hos PodMe