Training and Tips that are very helpful to gain knowledge in the field of information Security and passing your CISSP Exam .

1. ASM EDUCATIONAL CENTER INC. (ASM)
WHERE TRAINING, TECHNOLOGY & SERVICE CONVERGE
WWW.ASMED.COM
BECOME CISSP CERTIFIED?

2. BECOME CISSP CERTIFIED?
 The road to CISSPdom!
 Requirements
 Thorough Preparations
 Examination – 250 Questions for 6 hours -Approximately 70% of people pass
 Get Certified – Needs a sponsor
 Maintain Certification – 120 CPE credits, etc.
 Other Security Certifications – i.e. CISM, CISA, GIAC, CPP, CAP, CIPP, ITIL, Security+, etc.

3. THE CISSP EXAM
 The CISSP exam requires the student to apply knowledge and make a best judgment; unlike other multiple choice
exams that ask for simple, factual information.
 The CISSP exam covers a broad set of material, often in greater depth than other certification exams.
 However, with careful preparation, one can pass the CISSP exam at first attempt.

4. GO BEYOND CISSP?
“SKY IS THE LIMIT”
The ISSEP, ISSAP, ISSMP Concentration Examinations:
 ISSEP – Info Systems Security Engineering Professional
 ISSAP - Info Systems Security Architecture Professional
 ISSMP - Info Systems Security Management Professional

5. THE OLD 10 DOMAINS
 Access Control
 Telecommunications & Network Security
 Information Security Governance & Risk Management
 Software Development Security
 Cryptography
 Security Architecture & Design
 Operations Security
 Business Continuity & Disaster Recovery Planning
 Legal, Regulations, Investigations, & Compliance
 Physical & Environmental Security

6. THE NEW 8 DOMAINS
As of April 15, 2015:
 Security & Risk Management
 Asset Security
 Security Engineering
 Communications & Network Security
 Identity & Access Management
 Security Assessment & Testing
 Security Operations
 Security in the Software Development Life Cycle

7. FUNDAMENTAL SECURITY PRINCIPLES
 Least Privilege
 Grant users access to what they need to perform their daily job, and nothing more.
 Separation of Duties
 A security principle that ensures that no single user has excessive privileges to enable him/her to have full control over a
 Violation of this principle will enable such user to compromise systems easily.
 Due Diligence
 Investigative steps taken by management, all in an effort to protect the assets of the organization.
 Due Care
 Exercising a “prudent man’s judgment” to protect an organization’s assets.
 Failure to exercise due care leads to legal liabilities that may be civil, criminal, or both.
 Single Point of Failure
 The old proverbial “putting all your eggs into one basket”.

8. FUNDAMENTAL SECURITY PRINCIPLES
 Defense in-Depth
 A security strategy that employs several layers of protective mechanisms.
 Primary benefit is the failure of one control will be compensated by other controls.
 AAA of Security
 Authentication – proving who you say you are
 Authorization – accessing which resources you have privileges to
 Accountability – accounting for your behavior while you are logically into a system.
 Nonrepudiation
 This concept in security ensures that a party cannot deny or repudiate an action already taken.

9. GOOD LUCK!
ASM EDUCATIONAL CENTER INC. (ASM)
WHERE TRAINING, TECHNOLOGY & SERVICE CONVERGE
WWW.ASMED.COM