1. Access Control
    1. Introduction
    2. Access Control Concepts
    3. Access Control Principles
    4. Information Classifi cation
    5. Access Control Requirements
    6. Access Control Categories
    7. Access Control Types
    8. Access Control Strategies
    9. Identity Management
    10. Access Control Technologies
    11. Data Access Controls
    12. Intrusion Detection and Intrusion Prevention Systems
    13. Threats
  2. Software Development Security
    1. Domain Description and Introduction
    2. Applications Development and Programming Concepts and Protection
    3. Audit and Assurance Mechanisms
    4. Malicious Software (Malware)
    5. The Database and Data Warehousing Environment
    6. Web Application Environment
  3. Business Continuity & Disaster Recovery Planning
    1. Project Initiation and Management
    2. Senior Leadership Support
    3. Hidden Benefi ts of the Planning Process
    4. Defi ning the Scope of the Planning Effort
    5. Company Policy or Standard
    6. Legal and Regulatory Requirements
    7. The Ten Professional Practice Areas
    8. Regulations for Financial Institutions
    9. Legal Standards
    10. Resource Requirements
    11. Understanding the Organization
    12. Business Impact Analysis
    13. Selecting a Recovery Strategy
    14. Documenting the Plan
    15. Managing Recovery Communications
    16. Testing the Plan
    17. Training and Awareness Programs
    18. Update and Maintenance of the Plan
    19. Transitioning from Project to Program
    20. Roles and Responsibilities
  4. Cryptography
    1. Introduction
    2. Concepts and Defi nitions
    3. Encryption Systems
    4. Message Integrity Controls
    5. Digital Signatures
    6. Encryption Management
    7. Cryptanalysis and Attacks
    8. Statistical Analysis
    9. Encryption Usage
  5. Information Security Governance & Risk Management
    1. Introduction
    2. The Business Case for Information Security Management
    3. Information Security Management Governance
    4. Organizational Behavior
    5. Security Awareness, Training, and Education
    6. Risk Management
    7. Ethics
  6. Legal Regulation Investigations and Compliance
    1. Introduction
    2. Major Legal Systems
    3. Information Technology Laws and Regulations
    4. Incident Response
  7. Security Operations
    1. Introduction
    2. CISSP Expectations
    3. Key Themes
    4. Maintaining Operational Resilience
    5. Protecting Valuable Assets
    6. Controlling Privileged Accounts
    7. Managing Security Services Effectively
  8. Physical (Environmental) Security
    1. Introduction
    2. CISSP Expectations
    3. Innovation and Leadership
    4. Site and Facility Design Criteria
    5. Location Threats
    6. Perimeter Security
    7. Gates and Fences
    8. Perimeter Intrusion Detection
    9. Lighting
    10. Access Control
    11. Closed Circuit TV
    12. Guards
    13. Design Requirements
    14. Building and Inside Security
    15. Interior Intrusion Detection Systems
    16. Escort and Visitor Control
    17. Secure Operational Areas
    18. Environmental Controls
  9. Security Architecture & Design
    1. Introduction
    2. CISSP Expectations
    3. The Basics of Secure Design
    4. Enterprise Security Architecture
    5. System Security Architecture
  10. Telecommunication & Network Security
    1. Introduction
    2. CISSP Expectations
    3. Layer 1: Physical Layer
    4. Layer 2: Data-Link Layer
    5. Layer 3: Network Layer
    6. Layer 4: Transport Layer
    7. Layer 5: Session Layer
    8. Layer 6: Presentation Layer
    9. Layer 7: Application Layer