Certified Information Systems Security Professional (CISSP®)

Authors: Evan Morgan, Kevin Henry, Lee Allen

Important, we are working towards updating this series to align to the latest exam blueprint. This series provides an overview of the technical knowledge needed to design,... Read more

Certified Information Systems Security Professional (CISSP®)

Through this series, you will expand your knowledge of how to design, engineer, implement, and manage an information security program through exposure to the eight domains of the CISSP CBK.


CISSP® - Security and Risk Management

by Lee Allen

Apr 18, 2016 / 4h 3m

Beginner • 4h 3m

Start Course

If you are looking to begin your journey towards the highly respected CISSP credential, then you have come to the right place! This course covers a broad range of topics listed in ISC2's Certified Information System Security Professional (CISSP) Common Body of Knowledge (CBK) - Security and Risk Management domain. In this course, you will learn the foundations of security and risk management, including topics such as cyber crime, legal and regulatory concerns, threat modeling, and much, much more. When you are finished with this course, you will have a good security and risk management foundation that will provide you with the context and knowledge needed to be successful in the information security profession.

Table of contents
  1. Course Overview
    1m 44s
  2. Introduction
    5m 24s
  3. Fundamental Security Principles
    35m 32s
  4. Legal and Regulatory
    13m 4s
  5. Computer Crime
    20m 13s
  6. Intellectual Property
    6m 3s
  7. Privacy
    16m 4s
  8. Licensing
    15m 1s
  9. Trans-border Data Flow
    8m 17s
  10. Security Awareness
    15m 39s
  11. Aligning Security to the Organization
    16m 30s
  12. Creating Policies, Procedures, Guidelines, and Baselines
    19m 6s
  13. Continuity Planning and Disaster Recovery
    11m 4s
  14. Threat Modeling
    14m 9s
  15. Risk Assessment Concepts
    16m 52s
  16. Countermeasure Selection Process
    15m 8s
  17. Frameworks
    13m 4s

CISSP® - Asset Security

by Evan Morgan

Oct 15, 2015 / 1h 4m

Intermediate • 1h 4m

Start Course

Earn your CISSP! Dive deep into the Asset Security domain of the CISSP, including information and asset classification, data and system ownership, protecting privacy, appropriate retention, data security controls, and handling requirements.

Table of contents
  1. Introduction
    1m 28s
  2. Information and Asset Classification
    17m 42s
  3. Data and System Ownership
    9m 32s
  4. Privacy Protection
    10m 13s
  5. Appropriate Retention
    9m 15s
  6. Data Security Controls
    11m 36s
  7. Handling Requirements
    4m 59s

CISSP® - Security Engineering

by Evan Morgan

Jan 27, 2016 / 2h 29m

Intermediate • 2h 29m

Start Course

Deep dive into the Security Engineering domain of the Certified Information Systems Security Professional (CISSP®) certification, including Secure Design Principles and Processes, Fundamental Concepts of Security Models, Security Evaluation Models, Security Capabilities of Information Systems, Vulnerabilities in Security Architecture and Technology Components, Cryptography, and Site and Facility Secure Design

Table of contents
  1. Introduction
    2m 17s
  2. Secure Design Principles and Processes
    43m 11s
  3. Fundamental Concepts of Security Models
    19m 21s
  4. Security Evaluation Models
    22m 24s
  5. Security Capabilities of Information Systems
    8m 49s
  6. Vulnerabilities in Security Architecture and Technology Components
    13m 52s
  7. Cryptography
    28m 14s
  8. Site and Facility Secure Design
    11m 34s

CISSP® - Communications and Network Security

by Evan Morgan

Apr 22, 2016 / 1h 39m

Intermediate • 1h 39m

Start Course

If you want to learn practical communications and network security skills while preparing for your CISSP®, this course will show you how! Deep dive into the Communications and Network Security domain of the Certified Information Systems Security Professional (CISSP®) certification. You'll gain knowledge and skills in the areas of secure network architecture and design as well as supervisory control and data acquisition (SCADA). Next, you'll go over network protocols and securing their components. Finally, you'll learn more about communication channels and network attacks. By the end of this course, you will be more prepared for the CISSP exam and you'll also be more knowledgeable when it comes to communications and network security.

Table of contents
  1. Course Overview
    1m 2s
  2. Introduction
    1m 54s
  3. Secure Network Architecture and Design
    21m 24s
  4. Supervisory Control and Data Acquisition (SCADA)
    5m 17s
  5. Network Protocols
    16m 42s
  6. Securing Network Components
    12m 50s
  7. Communication Channels
    26m 59s
  8. Network Attacks
    13m 2s

CISSP® - Identity and Access Management

by Kevin Henry

Mar 23, 2017 / 2h 24m

Intermediate • 2h 24m

Start Course

Access controls lie at the very heart of an information security program. After all, information security is all about access control - who can get on our systems, networks, and our buildings and what can they do when they gain access? In this course, CISSP® - Identity and Access Management, you'll learn about the concepts and theory of identity and access management. Next, you'll learn about mandatory and discretionary access control along with types of controls and related risk. Finally, you'll learn about access control attacks. By the end of this course, you'll have an understanding of identity and access management and be able to approach these areas in the CISSP® examination with confidence.

Table of contents
  1. Course Overview
    2m 17s
  2. Control Physical and Logical Access to Assets
    37m 5s
  3. Manage Identification and Authentication of People and Devices
    48m 7s
  4. Integrate Identity as a Service
    6m 5s
  5. Integrate Third-party Identity Services
    3m 31s
  6. Implement and Manage Authorization Mechanisms
    23m 54s
  7. Prevent or Mitigate Access Control Attacks
    12m 23s
  8. Manage the Identity and Access Provisioning Lifecycle
    11m 32s

CISSP®: Security Assessment and Testing

by Lee Allen

Oct 12, 2016 / 2h 3m

Intermediate • 2h 3m

Start Course

Your controls have been selected and implemented, users have been educated, and everything seems to be in order. Even if this is the case, odds are that there are still unidentified risks in your environment. If you want to be certain that your controls are working as intended, you will need to perform risk assessments and penetration testing. The 6th domain of the CISSP CBK addresses this concern with topics such as information assurance, testing strategies including penetration testing, log reviews, and third party assessment. In this course, CISSP®: Security Assessment and Testing, you build upon the skills learned in previous CISSP domain and learn to put them all to use when validating the effectiveness of your controls. First, you'll learn about security assessment and test strategies. Next, you'll learn about security controls validation, security and related data collection, as well as analyzing test results. Finally, the course will wrap up by covering third-party risk assessments. By the end this course, you should be familiar with a broad spectrum of topics that are covered within the sixth domain of the CISSP.

Table of contents
  1. Course Overview
    1m 35s
  2. Assessment and Testing Strategies
    31m 22s
  3. Security Control Effectiveness Testing
    53m 45s
  4. Security Process Data Collection
    9m 2s
  5. Test Result Analysis
    11m 48s
  6. Third-party Assessment
    7m 11s
  7. Information Security Continuous Monitoring
    8m 15s

CISSP® - Security Operations

by Lee Allen

Feb 7, 2017 / 3h 3m

Intermediate • 3h 3m

Start Course

This course, CISSP® - Security Operations, covers the wide breadth of topics within the Security Operations domain of the CISSP. This includes activities such as evidence collection and handling, investigative techniques and types, monitoring and logging activities such as intrusion detection and prevention, event management, and egress monitoring. In addition to this, there will also be a focus on securing the provisioning of resources, understanding foundational security operational concepts such the information lifecycle, and job rotation. The course also covers topics such as resource protection, incident management, operation of preventative measures such as firewalls, implementing a patch management program, understanding how to implement change management, and learning about recovery strategies. By the end this course, you should be familiar with a broad spectrum of topics that are covered within the Security Operations domain of the CISSP. This course will provide you with the background information that you will need when addressing questions related to Security Operations.

Table of contents
  1. Course Overview
    1m 34s
  2. Introduction to Security Operations
    5m 54s
  3. Digital Forensics
    19m 3s
  4. Logging and Monitoring
    17m 44s
  5. Vulnerability Management
    12m 14s
  6. Change Management
    7m 33s
  7. Operate and Maintain Protective Controls
    11m 4s
  8. Incident Management
    8m 49s
  9. Investigative Types
    4m 49s
  10. Evidence Handling
    4m 35s
  11. Resource Provisioning
    8m 3s
  12. Recovery Strategies
    9m 18s
  13. Personnel Privacy and Safety
    13m 24s
  14. Business Continuity and Disaster Recovery
    8m 24s
  15. Internal Physical Security
    17m 36s
  16. Securing Assets
    7m 35s
  17. External Physical Security
    25m 19s

CISSP® - Software Development Security

by Lee Allen

Mar 30, 2015 / 3h 6m

Intermediate • 3h 6m

Start Course

This course provides coverage of the Software Development Security (Understanding, Applying, and Enforcing Software Security) domain from the April 2015 ISC2 CISSP® exam objectives. You will be made familiar with the importance of building security into the development process and learn about system life cycle security, the basics of software development, the different types of threats that applications face, and some countermeasure examples. This course is focused on the 8th of 8 domains in the CISSP® exam, and as such there will basic to intermediate coverage of many different concepts that CISSP® candidates will be expected to have some understanding of. The goal of the course will be to ensure the learner has a basic understanding of the concepts, why they are important, and when they should be used.

Table of contents
  1. Introduction
    6m 54s
  2. Application Security
    36m 19s
  3. Development Life Cycle
    31m 24s
  4. Security Impact of Acquired Software
    20m 4s
  5. Software Threats
    26m 4s
  6. Programming Language Concepts and Concerns
    23m 17s
  7. Secure Coding and Security Control Concepts
    42m 31s

What you will learn

  • Security and Risk Management
  • Asset Security
  • Security Engineering
  • Communications and Network Security
  • Identity and Access Management
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security


CISSP® candidates are required to have a minimum of five years of full time work experience in at least two of the eight CISSP® domains. One year of experience is waived with a four year college degree or a credential from the (ISC)²® approved credential list.

Knowledge is power

A Professional or Enterprise Pluralsight account is required to access Transcender®* practice exams. Sign in below or sign up for a free team trial.