Preparation for CISSP
                     Preparation for CISSP
www.infosectrain.com | [email protected]
•CISSP is known as a Certified Information System Security Professional. Now it is one of the 
most globally recognized certifications in information security. So, the certificate is taken by 
people who are responsible for maintaining the security posture for an enterprise-level.
•It is not at all entry-level certification that requires a minimum of 5 years of experience in 
information security and two or more eight domains of CISSP.
•You will understand how important this certification is because it has been more than 26 
years since CISSP launched in 1994, and since then, there are only 140 thousand people 
certified across the globe.
www.infosectrain.com | [email protected]
Part of CISSP certification: There are eight domains of CISSP Certification:
Domain 1: Security and risk management (15%):  It is all about 
security risk and control. It will give you a complete perspective of security risk, 
governance risk management, and it also talks about at an enterprise-level, how 
you can take care of business continuity planning. It also gives you a flavor of 
understanding the loss that’s is following across the globe. This particular domain 
has the highest percentage in the examination.
Domain 2: Asset Security (10%): The next part is assets security, a 
relatively short domain but indeed a significant one. We will talk about various 
things that we deal with to protect assets (it is about the information assets that 
are the data).
Domain 3: Security Architecture and engineering (13%): It is one of 
the humongous domains in CISSP; it includes five different modules and three 
other parts. It talks about cryptography, security architecture, and engineering, 
system architecture, and it also talks about physical security. So it is essential for 
the examination perspective.
Domain 4: Communication and network security (14%): It is one of 
the most extensive fields in CISSP from a content perspective and indeed 
important once. Many people do not have a networking background; they have 
difficulty understanding many of the concepts from this domain.
www.infosectrain.com | [email protected]
Domain 5: Identity and access management (ISM) 
(13%): Indeed, it is one of the binding domain essentials, but there are few 
concepts in specific parts that are testable from an examination perspective.
Domain 6: Security assessment and testing (12%): In this 
domain, we look at various aspects that we need to know from an application 
security perspective: the different things we need to understand while we 
asset or test an application from a security perspective.
Domain 7: Security operations (13%): Many people have first-hand 
experience in this domain because it talks about the concepts that 
everybody follows or sees at their day to day level. So it is going to change 
management, patch management, or vulnerability management. Many 
people who have worked in information security have done at least one thing 
in the security operations section.
Domain 8: Software development security (10%): In this, we 
will see various ways of developing software (like software development life 
cycle, life cycle model, and activity of malicious code and their impact on 
applications, including your software applications).
www.infosectrain.com | [email protected]
Exam Specifics:
•CISSP is a CAT (Computer Adaptive Test)
•How exactly CAT format works: When you start the examination, 
you will give the first question; the question would have four 
responses; choose one of the right answers. Now the movement, 
you select a reply and submit the response; the next question will 
base on the previous question’s response. If someone has done 
the last question correctly, the next question will be a slight 
difficulty level. If someone has done the previous question 
incorrectly, the next question will be a slightly lower difficulty 
level.
•When the examination gets over, the result will decide based on 
the three rules.
•Confidence interval rule.
•Minimum length exam rule.
•Run out of time rule.
•3 hours of duration.
•You can not flag the question and go back to the previous one.
•You will be given a “Wipr Board” and pen with an inbuilt 
calculator in the testing system.
•Questions are weighted.
www.infosectrain.com | [email protected]
Domain:1 Security Risk and governance:
Domain Agenda:
•Understand and apply the concept of confidentiality, integrity, 
and availability.
•Develop, and implement security policy, standards, procedures, 
and guidelines.
•Understanding risk management concepts.
•Identify, analyze, and prioritize business continuity 
requirements.
Understanding CIA:
Confidentiality: Confidentiality means any communication or 
any information intended for a specific audience; we will only 
share with those audiences. The best method to protect the 
confidentiality of the data would be encryption. Now data at any 
state needs to be protected. So data has typically three different 
forms:
1.1.DIM (Data in motion)
2.2.DAR (Data at rest)
3.3.DIU (Data in use)
www.infosectrain.com | [email protected]
Integrity: Any unauthorized modification of the data by an authorized or unauthorized 
person called as there is a compromise or breach in the integrity. We need to ensure that 
any unauthorized modification or alteration of any data by any authorized and 
unauthorized person will be called a compromise or a breach of integrity—the best 
method or approach for the examination perspective made through the concept of 
hashing.
Availability: Availability is going to ensure that the data is available whenever it’s 
needed. Whenever someone wants to access the information, it should be available to 
us. The best method to achieve availability is fault-tolerance.
•Develop, and implement security policy, standards, procedures, and guidelines.
What exactly is your policy? Now, these documents are essential for any organization. 
They need to keep a hold of these documents because if we do not have these 
documents, it is difficult for any enterprise or organization to create security or drive a 
security project at any organization.
Policy: It is a mandatory document that precisely the system is going to state. It is a 
high-level requirement for security for any organization. Some security policies are:
•Access control
•Network security
•Risk management
•Training and awareness
www.infosectrain.com | [email protected]
Standards: Standards are also mandatory. Standard suggests that 
it(policies) is compulsory for every newly hired employee. So whenever 
someone joins the very first time the organization, they go through the 
mandatory orientation program.
Guidelines: Policy and standard are mandatory, but guidelines are 
optional. It is going to suggest the best practice.
Baseline: Just like policy and the standard, the baseline is also 
mandatory. The baseline is the minimum-security requirement. It suggests 
to you how the guidelines and measures can implement.
Procedure: Procedure is the step by step process to conduct any 
business tasks.
• Understanding risk management concepts:  
• Identify, analyze, and prioritize business continuity 
requirements:
• Understand legal and regulatory issues that pertain to 
information security in a global context:
www.infosectrain.com | [email protected]
Domain:2 Asset security
Data classification is essential because any security control you want to implement in 
any system determined through data classification.
Determine and Maintain information and asset ownership:
Data owner: Ultimately responsible for the data.
Data Custodian: Take efforts to protect the data, backup.
System owner: Person who owns the system, which processes the sensitive data.
Business owners: Sales department head will be responsible for the sales dept. 
However, the system used in the sales department will own by the IT department.
Data controller: Person or entity who controls the processing of data.
Data processor: Person or entity who processes personal data on behalf of the data 
controller.
Establish information and asset handling requirements:
Marking: Labelling (protection mechanism assigned based on data labels).
Handling sensitive data: Secure transportation of data through the entire lifecycle.
Storing sensitive data: 
Proper encryption (AES 256)
Store in a temperature-controlled place.
Destroying sensitive data: Deleting, clearing, purging, sanitization, degaussing, and 
destruction. 
www.infosectrain.com | [email protected]
Domain:3 Security Architecture and engineering
Domain 4: Communication and network security
Domain 5: Identity and access management (ISM)
Domain 6: Security assessment and testing
Domain 7: Security operations
Domain 8: Software development security
www.infosectrain.com | [email protected]
InfosecTrain is one of the best consulting organizations, 
focusing on a range of IT security training and information 
security services and providing all the necessary CISSP 
certification exam preparation. Certified instructors deliver all 
training with years of industry experience. You can check and 
enroll in our CISSP-certification-training to prepare for the 
certification exam.
www.infosectrain.com | [email protected]
About InfosecTrain
• Established in 2016, we are one of the finest 
Security and Technology Training and 
Consulting company
• Wide range of professional training programs, 
certifications & consulting services in the IT 
and Cyber Security domain
• High-quality technical services, certifications 
or customized training programs curated with 
professionals of over 15 years of combined 
experience in the domain
www.infosectrain.com | [email protected]
Our Endorsements
www.infosectrain.com | [email protected]
Why InfosecTrain Global Learning Partners
Certified and Flexible modes Access to the 
Experienced Instructors of Training recorded 
sessions
Post training Tailor Made 
completion Training
www.infosectrain.com | [email protected]
Our Trusted Clients
www.infosectrain.com | [email protected]

Contact us
Get your workforce reskilled 
by our certified and 
experienced instructors!
IND: 1800-843-7890 (Toll Free) / US: +1 657-221-
1127  / UK : +44 7451 208413
[email protected]
www.infosectrain.com