Analyze Test Output and Generate a Report Security experts must be able to analyze log and test data, and report this information in meaningful ways, to senior management teams so they are alert of possible risks or harm, and make informed security decisions. Organizations usually have different levels of management. Security professionals need to [...]
Collect Security Process Data In this part of this tutorial, we'll take a look at collecting security process data to help you understand the different aspects of security process data. Organizations should collect data about policies and procedures and review it because Assessment of security management processes and systems helps an organization determine the [...]
Conduct Security Control Testing- Part 2 This page is dedicated to continuing the Conduct Security Control Testing title. In this part of this tutorial, we'll take a look at control testing to help you understand the different aspects of control testing. You can see the previous section here. Log Reviews Reviewing various security logs [...]
Conduct Security Control Testing- Part 1 One of the most important topics in CISSP course is conduct security control testing. In this part of this tutorial, we'll take a look at control testing to help you understand the different aspects of control testing. Security control testing employs various tools and techniques, including vulnerability assessments, [...]
Manage the Identity and Access Provisioning Lifecycle The life cycle consists of the assignment of privileges through roles and designation. The following design, a typical identity and provisioning life cycle consists of these steps: Enrolment of user or create user Determining roles, privileges, and access requirements to systems and applications Provisioning user accounts to [...]
Manage Identification and Authentication of People, Devices, and Services In this part of this tutorial, we'll take a look at Manage Identification and Authentication of People, Devices, and Services to help you understand the different aspects of authentication. Identity Management Implementation The core activity within identity and access management (IAM) is the management of [...]
Control Physical and Logical Access to Assets Controlling access to assets is one of the central approaches to security. In this section; an asset includes information, systems, devices, and facilities. Systems An organization’s systems include any IT systems, which provide one or more services. Like a SQL Server, a FTP server, a Domain Controller, [...]
Secure Communication Channels This section focuses on securing data in motion. Such as voice, e-mail, web, fax, remote access and virtualized networks. One of the important topics in CISSP course is secure communication channels. So, in this part of this tutorial, we'll take a look at secure communication to help you understand the different [...]
Secure Network Components Network equipment must be securely operated and maintained. In this part of this tutorial, we'll take a look at secure networks to help you understand the different aspects of secure network components. You as a CISSP candidate need to understand security fundamentals and concepts specifically related to different types of network [...]