Préparation CISSP · Exam Outline ISC2 2024

Réussir le CISSP
du premier coup

Le guide complet de préparation au CISSP, en français : cours des huit domaines, examens blancs, drills et référentiel — plus de 1 200 questions corrigées.

Contenu
30 chapitres · 8 domaines
Entraînement
Plus de 1 200 questions corrigées
Langue
Cours en français · questions en anglais

Commencer le chapitre 0 →   ·   Télécharger le livre en PDF

Par Abdoulaye Dembélé — Directeur des Systèmes d'Information & RSSI

Partie IFondations

Partie IILes huit domaines

Partie IIIRévision et entraînement final

CouvertureCorrespondance avec l'Exam Outline ISC2 2024

Les 62 objectifs du CISSP Detailed Content Outline ISC2 (en vigueur depuis le 15 avril 2024), et le chapitre qui traite chacun. Couverture vérifiée : 62/62.

Domaine 1 · Security and Risk Management16%
1.1Understand, adhere to, and promote professional ethicsch. 1
1.2Understand and apply security conceptsch. 1
1.3Evaluate and apply security governance principlesch. 1
1.4Understand legal, regulatory, and compliance issues that pertain to information security in a holistic contextch. 1
1.5Understand requirements for investigation types (i.e., administrative, criminal, civil, regulatory, industry standards)ch. 2
1.6Develop, document, and implement security policy, standards, procedures, and guidelinesch. 2
1.7Identify, analyze, assess, prioritize, and implement Business Continuity (BC) requirementsch. 2
1.8Contribute to and enforce personnel security policies and proceduresch. 2
1.9Understand and apply risk management conceptsch. 3
1.10Understand and apply threat modeling concepts and methodologiesch. 3
1.11Apply Supply Chain Risk Management (SCRM) conceptsch. 3
1.12Establish and maintain a security awareness, education, and training programch. 3
Domaine 2 · Asset Security10%
2.1Identify and classify information and assetsch. 4
2.2Establish information and asset handling requirementsch. 4
2.3Provision information and assets securelych. 4
2.4Manage data lifecyclech. 4
2.5Ensure appropriate asset retention (e.g., End of Life (EOL), End of Support)ch. 5
2.6Determine data security controls and compliance requirementsch. 5
Domaine 3 · Security Architecture and Engineering13%
3.1Research, implement and manage engineering processes using secure design principlesch. 6
3.2Understand the fundamental concepts of security models (e.g., Biba, Star Model, Bell-LaPadula)ch. 6
3.3Select controls based upon systems security requirementsch. 6
3.4Understand security capabilities of Information Systems (IS) (e.g., memory protection, TPM, encryption/decryption)ch. 6
3.5Assess and mitigate the vulnerabilities of security architectures, designs, and solution elementsch. 7
3.6Select and determine cryptographic solutionsch. 8
3.7Understand methods of cryptanalytic attacksch. 8
3.8Apply security principles to site and facility designch. 9
3.9Design site and facility security controlsch. 9
3.10Manage the information system lifecyclech. 9
Domaine 4 · Communication and Network Security13%
4.1Apply secure design principles in network architecturesch. 10 · ch. 11
4.2Secure network componentsch. 12
4.3Implement secure communication channels according to designch. 12
Domaine 5 · Identity and Access Management (IAM)13%
5.1Control physical and logical access to assetsch. 13
5.2Design identification and authentication strategy (e.g., people, devices, and services)ch. 13
5.3Federated identity with a third-party servicech. 14
5.4Implement and manage authorization mechanismsch. 14
5.5Manage the identity and access provisioning lifecyclech. 15
5.6Implement authentication systemsch. 15
Domaine 6 · Security Assessment and Testing12%
6.1Design and validate assessment, test, and audit strategiesch. 16
6.2Conduct security control testingch. 16
6.3Collect security process data (e.g., technical and administrative)ch. 17
6.4Analyze test output and generate reportch. 17
6.5Conduct or facilitate security auditsch. 17
Domaine 7 · Security Operations13%
7.1Understand and comply with investigationsch. 18
7.2Conduct logging and monitoring activitiesch. 19
7.3Perform Configuration Management (CM) (e.g., provisioning, baselining, automation)ch. 19
7.4Apply foundational security operations conceptsch. 19
7.5Apply resource protectionch. 19
7.6Conduct incident managementch. 19
7.7Operate and maintain detection and preventative measuresch. 19
7.8Implement and support patch and vulnerability managementch. 20
7.9Understand and participate in change management processesch. 20
7.10Implement recovery strategiesch. 20
7.11Implement Disaster Recovery (DR) processesch. 20
7.12Test Disaster Recovery Plans (DRP)ch. 20
7.13Participate in Business Continuity (BC) planning and exercisesch. 21
7.14Implement and manage physical securitych. 21
7.15Address personnel safety and security concernsch. 21
Domaine 8 · Software Development Security10%
8.1Understand and integrate security in the Software Development Life Cycle (SDLC)ch. 22
8.2Identify and apply security controls in software development ecosystemsch. 22
8.3Assess the effectiveness of software securitych. 23
8.4Assess security impact of acquired softwarech. 23
8.5Define and apply secure coding guidelines and standardsch. 23
Comment utiliser ce livre
  • Suivre les chapitres dans l'ordre, au rythme du plan de 8 semaines détaillé au chapitre 0 (§ 0.5).
  • Jalon de progression : ≥ 80 % à chaque quiz avant de passer au chapitre suivant.
  • Le chapitre 24 est l'aide-mémoire des 7 derniers jours ; le chapitre 29 sert au re-drill ciblé après les examens blancs.
  • Chaque page s'imprime proprement (Cmd+P) pour réviser sur papier.
À propos de l'auteur

Abdoulaye Dembélé est Directeur des Systèmes d'Information et RSSI, membre de comité de direction. En quinze ans, il a dirigé et sécurisé des systèmes d'information critiques dans la santé, la protection sociale, les finances publiques et la banque — de la création d'une DSI (Carte Blanche Partenaires) à la doctrine API de la DGFiP, en passant par la transformation digitale d'un groupe de protection sociale (Audiens). Titulaire d'un Master of Science in Information Technology (SUPINFO Paris / London), il prépare les certifications CISSP et CISM. Il a écrit ce guide au fil de sa propre préparation.

abdoulayedembele.com  ·  LinkedIn