Start with 7 free days of training.

Gain instant access to our entire IT training library, free for your first week.
Train anytime on your desktop, tablet, or mobile devices.

Certified Information Systems Security Professional

ISC(2) updated the CISSP exam on April 15, 2015. As a result, this course no longer maps to the exam. However, we believe it retains value as an IT resource. We are planning to update this training in the future....
ISC(2) updated the CISSP exam on April 15, 2015. As a result, this course no longer maps to the exam. However, we believe it retains value as an IT resource. We are planning to update this training in the future.

This (ISC)2 CISSP video training with Keith Barker covers information security, including topics from the 10 Common Bodies of Knowledge that will be tested in the CISSP certification exam.

Related Area of Expertise:
  • IT Security

Recommended skills:
  • At least 5 years experience in two of the following areas:
    Access control, telecommunications and network security, information security governance and risk management, software development security, cryptography, security architecture and design, operations security, business continuity and disaster recovery planning, legal, regulations, investigations and compliance, physical (environmental) security.

Recommended equipment:
  • None

Related certifications:
  • CISSP® - Certified Information Systems Security Professional

Related job functions:
  • Security consultant
  • Security analyst
  • Security manager
  • Security systems engineer
  • IT director
  • Chief information security officer
  • Security auditor
  • Security architect
  • Network architect

CISSP certification one of the most respected certifications available, and is currently in great demand by organizations of all types. From banking and financial institutions to government and public utilities as well as high-tech and hospitality, the skills of a CISSP are needed by nearly every industry.
In this CISSP training, you'll focus on the 10 Common Bodies of Knowledge that will be tested in the CISSP certification exam. Benefits of being a CISSP include:
  • Demonstrated working knowledge of information security
  • Confirmed commitment to profession
  • A career differentiator, with enhanced credibility and marketability

All trademarks and copyrights are the property of their respective holders.
 show less
1. Welcome to CISSP (7 min)
2. CBK-1: Authentication (29 min)
3. CBK-1: Centralized Access Management (38 min)
4. CBK-1: Models and Techniques (22 min)
5. CBK-2: OSI layers 1-3ish (36 min)
6. CBK-2: OSI layers 3 and Up (20 min)
7. CBK-2: Firewalls (28 min)
8. CBK-2: VPNs (26 min)
9. CBK-2: Attacks (37 min)
10. CBK-3: Polices and Risks (30 min)
11. CBK-3: Reducing Risk (30 min)
12. CBK-4: Databases (12 min)
13. CBK-4: Development Life Cycle (30 min)
14. CBK-5: Symmetric Cryptography (42 min)
15. CBK-5: Asymmetric Cryptography (35 min)
16. CBK-6: System Evaluation (23 min)
17. CBK-6: Security Models (22 min)
18. CBK-6: Availability and Integrity (13 min)
19. CBK-7: IDS (26 min)
20. CBK-7: Control Types (20 min)
21. CBK-7: Separation of Duties (27 min)
22. CBK-7: Backups and Malware (35 min)
23. CBK-8: Plan B (29 min)
24. CBK-9: Evidence (11 min)
25. CBK-9: Law (18 min)
26. CBK-9: Investigation (14 min)
27. CBK-10: FIRE!!! (18 min)
28. CBK-10: Physical Controls (13 min)
29. CBK-10: Power and Location (13 min)

Welcome to CISSP


Hello, my name is Keith Barker. And on behalf of the entire CBT Nuggets family, I'd like to welcome you to CISSP. Earlier this morning I finished the last technical video for this course. And oh my goodness, I am so excited about this journey that you and I are taking together to prepare you for your CISSP.


A couple of things I wanted you to be aware of first. The website, isc2.org, I'd like you to check that out. And on that website, when you click on certifications in CISSP, it'll have the details regarding eligibility and endorsement for CISSP certification.


What it boils down to is this, you'll need five years of real, hands-on experience working with Information Security, in some aspect. And there's 10 different domains, but you need to have that experience. And secondly, you need to have someone who personally knows you and can vouch for your work history, who's also currently certified from ISC, before you'll get your certification.


Secondly, you can also go to isc2.org to begin the process of scheduling the exam, which is now done at VUE testing centers. It used to be done on paper. That has changed. Now it's done at VUE testing centers. The test is six hours long, and it has 250 questions.


25 of the questions you'll be answering aren't actually graded, but they don't tell you which questions those are. So if they're working with some different types of questions, and seeing how students do with them, they're going to mix those in to your real exam.


But at the end of the day, you need a 70% score-- and that's going to be focused on the questions that they're actually grading-- to pass the exam. Most of the questions are going to be multiple choice. And most of them are going to be scenario based.


Here's a scenario, which one of these four possible answers are correct? And I would strongly encourage you to read the question twice, just to make sure you're not overlooking something. For example, they may have a question that says which of these is least likely to cause this result?


Or all of these are factors in xyz except for what? And then you want to answer the single correct answer. They also have drag and drop, where they might have some information over on the left, and they ask you to drop some information over on the right.


So for example, if there was eight choices here, and the question might say, please drag and drop the protocols that use symmetrical encryption, or asymmetrical encryption. Or please drag and drop the protocols that would be used for authentication purposes.


So you'd drag over the ones you think are correct, and click on Next to continue. In the exam you actually can go backwards and forwards. Before completing the exam, you have the option for reviewing all of your answers. And so in the review process you can say I want to review incomplete answers, where you didn't select answer.


Or I want to review marked questions, where you're in the question and you flagged it as one you want to come back to. And you definitely don't want to rush anything, especially the reading of the questions. And sometimes you're going to see a question-- that maybe it's one of their test questions, or it's just a really creative scenario-- where you might think, oh my gosh.


If I had not had the real world experience in working with this, I would not have gotten that right answer. And that, my friend, is one of the mechanisms they've done to help make sure that only people who really do have the experience become CISSP. That demonstrates they have that real world experience.


This course has been, for me, unique from every other course I've ever created for CBT Nuggets. And that's because the CISSP is a mile wide and an inch deep. It's mostly about concepts regarding Information Security. So for example, if we have a question and we think, wow, answer two and answer three, they both look really good.


I want you to put on a manager's hat for a moment. That's the attitude I want you to take as you look at every single question. What would be senior management's take on this scenario? Is it improving return on investment? Is it helping to reduce risk?


Is it going to make sure I'm compliant with some regulation or law that's requiring me and my organization to be that way? So take it from the perspective of senior management if you're trying to decide between two answers that look really close. The other item I'd ask you to look at when you're trying to consider two answers that look pretty good, is focus on the intent.


For example, if one answer is talking about AES, and the other answer is talking about RSA-- which are both great, AES for encryption, RSA very likely for authentication-- I would focus on what the question is asking me about. Is it asking me or hinting at authentication or validation of who I'm talking to, or is it focusing on confidentiality?


Because these are both protocols we could find for example, in something like IPsec. And a lot of these questions, these scenarios, are going to be asking you to apply your knowledge of concepts to those scenarios to come up with the right answer. The other thing I would encourage you to do is not take any question too deep.


It's really about the main concept in the question, and we're looking for the answer. The main resource that you're going to draw on for CISSP certification is your experience. Now to assist you with that and getting CISSP certified, I have carefully crafted the videos in this course to address each of the common bodies of knowledge that are going to be tested on in CISSP.


And I would strongly recommend that, as we take those, we're going to do them in order. So you're watching the intro video right now. That's great. The next video is going to be on Access Control. And many of the domains I have in three separate videos.


Some of the domains I have in two videos. It just depends on how much content I felt was critical, as far as getting you ready for your CISSP, that I needed to cover. Now as you and I go through this together, we're going to hit some concepts where you are very comfortable with them, and yet other concepts which may be newer to you.


And the reality is, we are going to get a sample of questions from each of the common bodies of knowledge. So we need to be prepared for each of them. So as we're going through together, if we come across some concept, and you think, wow I want to know more and more about that, there's very likely a course here at CBT Nuggets that you could dive into to learn more about that.


I also remember when I took my CISSP back in 2010, I actually purchased several books to assist me in my study, as well as a reference book that I could keep and go back to if I needed to look into any specific topic. And I would recommend that you have some additional resource as well.


Now if you have a subscription to Safari Books online, you have access to the entire library, including CISSP content. If you do a Google search for CISSP, there's tons of flash cards and practice exams available for it. In fact, if you're a corporate or annual subscriber with CBT Nuggets, the Transcender exam for CISSP is available to you as part of your subscription as well.


So I wanted to share with you the author, Shon Harris. Back in 2010, that is one of the books that I purchased, and she updates that periodically. For example, when ISC updated the CISSP exam, she-- referring to Shon Harris-- came out shortly thereafter with an updated version of her book.


And it is like 1,400 pages long. It's very, very thorough. So it's not something that you'd actually sit down and read the entire thing through, for the average person. But it could be an excellent resource if you did want to dive deeper into any specific topic.


I am genuinely excited about taking this journey with you. And your action item right now is simple. It's to start that next video, as we look together at the world of Access Control. I hope this has been informative for you. And I'd like to thank you for viewing.

CBK-1: Authentication

CBK-1: Centralized Access Management

CBK-1: Models and Techniques

CBK-2: OSI layers 1-3ish

CBK-2: OSI layers 3 and Up

CBK-2: Firewalls


CBK-2: Attacks

CBK-3: Polices and Risks

CBK-3: Reducing Risk

CBK-4: Databases

CBK-4: Development Life Cycle

CBK-5: Symmetric Cryptography

CBK-5: Asymmetric Cryptography

CBK-6: System Evaluation

CBK-6: Security Models

CBK-6: Availability and Integrity


CBK-7: Control Types

CBK-7: Separation of Duties

CBK-7: Backups and Malware

CBK-8: Plan B

CBK-9: Evidence

CBK-9: Law

CBK-9: Investigation

CBK-10: FIRE!!!

CBK-10: Physical Controls

CBK-10: Power and Location

Please help us improve by sharing your feedback on training courses and videos. For customer service questions, please contact our support team. The views expressed in comments reflect those of the author and not of CBT Nuggets. We reserve the right to remove comments that do not adhere to our community standards.

comments powered by Disqus
Intermediate 12 hrs 29 videos


Training Features

Practice Exams
These practice tests help you review your knowledge and prepare you for exams.

Virtual Lab
Use a virtual environment to reinforce what you are learning and get hands-on experience.

Offline Training
Our iOS and Android mobile apps offer the ability to download videos and train anytime, anywhere offline.

Accountability Coaching
Develop and maintain a study plan with one-to-one assistance from coaches.

Supplemental Files
Files/materials that supplement the video training.

Speed Control
Play videos at a faster or slower pace.

Included in this course
Pick up where you left off watching a video.

Included in this course
Jot down information to refer back to at a later time.

Closed Captions
Follow what the trainers are saying with ease.
Keith Barker
Nugget trainer since 2012