CISSP Certification: Domains 5, 6, 7 & 8 Video Training-2021

1. Domain 8 Overview: This domain focuses on the implementation, assessment, testing, and auditing of security practices within an organization. It emphasizes the importance of ongoing security evaluation to ensure that policies are being followed, security controls are effective, and systems remain secure.

2. Assessment and Audit Strategies: You should understand how to design and validate assessment and audit strategies, which include both internal and external assessments as well as third-party audits. These assessments help identify areas of risk and ensure that security controls are operating as intended.

3. Security Control Testing: This involves conducting various types of tests such as vulnerability assessments, penetration testing, log reviews, synthetic transactions, code reviews, misuse case testing, test coverage analysis, interface testing, and more. These tests help identify weaknesses or gaps in security controls.

4. Security Process Data Collection: You should know how to collect data on various aspects of security processes, including account management, management review and approval, key performance indicators (KPIs), risk indicators, backup verification data, training and awareness programs, disaster recovery (DR) and business continuity planning (BCP).

5. Analyze Test Output and Generate Report: After conducting tests, you need to analyze the results and generate reports that can be used to make informed decisions about security improvements.

6. Conduct or Facilitate Security Audits: These audits can be internal, external, or third-party and are essential for ensuring compliance with standards, policies, and regulations, as well as for validating the effectiveness of implemented security controls.

Notes / Disclaimers:

• Knowledge and Experience: The CISSP exam tests your substantial knowledge gained through experience and formal education. It's not just about theoretical understanding but also practical application.

• Language Versions: Although the test is originally in English, there are multiple language versions available for candidates who are not native English speakers.

• Test Format: The CISSP exam uses a Computerized Adaptive Testing (CAT) format and consists of 100-150 questions that must be completed within 3 hours.

• Study Resources: Utilize various study materials, including test banks, books, and other educational resources to cover the breadth of topics included in the CISSP domain. Do not rely on a single source for your learning.

• Proactive Thinking: The questions should be answered from the perspective of a manager or CISO, focusing on proactive measures rather than reactive ones.

• Vulnerability Management Program: Implementing a Vulnerability Management Program before issues arise is crucial for maintaining security.

• Continuous Learning: Stay up-to-date with the latest security trends and best practices by attending conferences, workshops, and other professional development opportunities.

• CAT Format: The CAT format means that the difficulty of each question you answer will determine the next one you receive, so it's important to read each question carefully and provide the most accurate response based on your knowledge.

Remember, passing the CISSP exam requires a deep understanding of security concepts, practical experience, and the ability to apply these in various scenarios. Continuous learning and staying informed about the latest trends and technologies in cybersecurity are key to preparing for and excelling in the CISSP certification exam.