CISSP

CISSP Study Resources

Certified Information Systems Security Professional — 8 domains · 100–150 CAT · Passing: 700/1000

35 articles published · New articles added dailyPractice CISSP Questions →

Domain 1

Security and Risk Management

8 articles

Legal, Regulatory, and Privacy Compliance: GDPR, CCPA, and Cross-Border Data Flows

The legal and regulatory landscape for information security has grown dramatically more complex over the past decade. For the CISSP exam, you do not need to memorise the text of every privacy law — bu…

10 min

Business Continuity Planning: BIA, RTO, RPO, and How CISSP Tests Them

Business continuity planning (BCP) is the discipline of ensuring that critical business functions can continue during and after a disruptive event. For the CISSP exam, BCP is tested heavily in Domain…

10 min

Risk Management Frameworks: ISO, NIST, and COBIT for the CISSP Exam

Risk management is the systematic process of identifying, assessing, and responding to risks that could affect an organisation's objectives. For the CISSP, risk management is not just a Domain 1 topic…

11 min

The 5 Pillars of Information Security: CIA Triad + Authenticity & Non-Repudiation

If you have studied for the CISSP even briefly, you have encountered the CIA triad. Confidentiality, Integrity, and Availability are the three pillars taught in every security course — but the exam te…

Done with Security and Risk Management?

Test whether you can apply it under exam pressure — the way ISC² actually tests it.

Practice Domain 1 Questions →

Domain 2

Asset Security

3 articles

Data Lifecycle Management: Collection, Retention, Remanence, and Secure Destruction

Data lifecycle management is the governance of data from creation to destruction. For the CISSP exam, this is tested as both a technical and a policy topic: understanding the phases of the data lifecy…

10 min

Data Classification: Government vs Commercial Models and Why It Matters

Data classification is the process of organising data into categories based on its sensitivity, value, and the impact of its unauthorised disclosure, modification, or destruction. For the CISSP exam,…

9 min

Data Protection Methods: DRM, DLP, and CASB Explained for the CISSP Exam

Protecting data requires matching the right control to the right data state and context. The CISSP exam tests three categories of data protection control that operate across different dimensions: Data…

10 min

Domain 3

Security Architecture and Engineering

6 articles

Zero Trust Architecture: Why 'Never Trust, Always Verify' Dominates the 2024 Exam

Zero trust architecture represents the most significant conceptual shift in enterprise security thinking in the past two decades. For the CISSP exam, zero trust is tested as a secure design principle…

11 min

Cryptanalytic Attacks: Brute Force, Side-Channel, Pass-the-Hash, and Ransomware

Cryptanalysis is the art of attacking cryptographic systems to recover plaintext, discover keys, or forge authenticated messages without authorised access to the key. The CISSP exam tests cryptanalyti…

11 min

Cryptography Fundamentals: Symmetric, Asymmetric, PKI, and Quantum Threats

Cryptography is one of the most technically dense topics on the CISSP exam. Domain 3 tests cryptographic concepts at the level of: how do the different types of cryptography work, when is each appropr…

12 min

Domain 4

Communication and Network Security

4 articles

OSI vs TCP/IP Models: How CISSP Tests Them (And Why It's Not Just Memorisation)

The OSI and TCP/IP models are the foundational frameworks for understanding how network communications are structured and where security controls operate. The CISSP exam does not test whether you can…

10 min

Secure Protocols: IPSec, TLS, SSH, and When to Use Each

Secure communication protocols are the technical mechanisms that protect data in transit. For the CISSP exam, Domain 4 tests whether candidates understand how the major secure protocols work, what sec…

11 min

Network Segmentation: VLANs, VPNs, Micro-Segmentation, and Zero Trust Networks

Network segmentation is the practice of dividing a network into smaller, isolated sections to limit the lateral movement of attackers, contain breaches, and enforce security policies. The CISSP exam t…

10 min

Domain 5

Identity and Access Management

4 articles

Privileged Access Management: Just-In-Time, Least Privilege, and PAM Systems

Privileged access is the greatest single risk factor in enterprise security. Attackers who gain privileged credentials — domain administrator accounts, root access, or service accounts with broad perm…

10 min

Federated Identity and SSO: SAML, OAuth, OpenID Connect, and Kerberos

Federated identity and Single Sign-On (SSO) are mechanisms that allow a single authentication event to provide access to multiple systems and domains. The CISSP exam tests these topics extensively in…

11 min

Access Control Models: RBAC, MAC, DAC, ABAC — CISSP Scenario Guide

Access control models define the policies and mechanisms that determine how subjects (users, processes) interact with objects (files, systems, data). For the CISSP exam, access control models are test…

10 min

Domain 6

Security Assessment and Testing

3 articles

Penetration Testing: Red Team, Blue Team, Purple Team — CISSP’s View

Security assessment and testing is the set of activities that validates whether security controls are working as intended. For the CISSP exam, Domain 6 is less technically deep than other domains but…

10 min

Security Audits: Internal, External, Third-Party, and How to Report Findings

Security audits are systematic examinations of an organisation's security controls, policies, and procedures to determine whether they are effective, appropriate, and compliant with applicable require…

10 min

Code Review, SAST, DAST, and Interface Testing — Application Security Assessment

Application security testing is the practice of evaluating software applications for security vulnerabilities through a combination of manual and automated techniques. For the CISSP exam, Domain 6 tes…

10 min

Domain 7

Security Operations

6 articles

SIEM, UEBA, and Threat Hunting: How SOC Teams Detect the Undetectable

Modern security operations have evolved from reactive event monitoring to proactive threat detection. The CISSP exam tests Domain 7's security operations concepts at the managerial level: understandin…

11 min

Incident Response: Detection, Containment, Eradication, Recovery — CISSP Lifecycle

Incident response (IR) is the organised process for managing the aftermath of a security incident to limit damage, reduce recovery time, and prevent recurrence. The CISSP exam tests incident response…

10 min

Firewalls, IDS/IPS, Honeypots, and Next-Gen Security Controls

Network security controls are the technical tools that implement security policies at the network and application layer. For the CISSP exam, these controls are tested at the conceptual level: what doe…

10 min

Domain 8

Software Development Security

1 article

Secure SDLC: DevSecOps, Agile Security, and Shifting Left

Software development security is the practice of integrating security throughout the software development lifecycle rather than treating it as an afterthought or a final gate. For the CISSP exam, Doma…

10 min

You've reached the end of the CISSP library.

That's 35 articles across 8domains. If you've read this far, you're more prepared than most candidates who sit this exam. Now test whether that understanding holds under exam pressure.

Try 5 Free Scenario Questions →

No account · No credit card · 10 minutes

CISSP Study Resources

Security and Risk Management

Legal, Regulatory, and Privacy Compliance: GDPR, CCPA, and Cross-Border Data Flows

Business Continuity Planning: BIA, RTO, RPO, and How CISSP Tests Them

Risk Management Frameworks: ISO, NIST, and COBIT for the CISSP Exam

The 5 Pillars of Information Security: CIA Triad + Authenticity & Non-Repudiation

Asset Security

Data Lifecycle Management: Collection, Retention, Remanence, and Secure Destruction

Data Classification: Government vs Commercial Models and Why It Matters

Data Protection Methods: DRM, DLP, and CASB Explained for the CISSP Exam

Security Architecture and Engineering

Zero Trust Architecture: Why 'Never Trust, Always Verify' Dominates the 2024 Exam

Cryptanalytic Attacks: Brute Force, Side-Channel, Pass-the-Hash, and Ransomware

Cryptography Fundamentals: Symmetric, Asymmetric, PKI, and Quantum Threats

Communication and Network Security

OSI vs TCP/IP Models: How CISSP Tests Them (And Why It's Not Just Memorisation)

Secure Protocols: IPSec, TLS, SSH, and When to Use Each

Network Segmentation: VLANs, VPNs, Micro-Segmentation, and Zero Trust Networks

Identity and Access Management

Privileged Access Management: Just-In-Time, Least Privilege, and PAM Systems

Federated Identity and SSO: SAML, OAuth, OpenID Connect, and Kerberos

Access Control Models: RBAC, MAC, DAC, ABAC — CISSP Scenario Guide

Security Assessment and Testing

Penetration Testing: Red Team, Blue Team, Purple Team — CISSP’s View

Security Audits: Internal, External, Third-Party, and How to Report Findings

Code Review, SAST, DAST, and Interface Testing — Application Security Assessment

Security Operations

SIEM, UEBA, and Threat Hunting: How SOC Teams Detect the Undetectable

Incident Response: Detection, Containment, Eradication, Recovery — CISSP Lifecycle

Firewalls, IDS/IPS, Honeypots, and Next-Gen Security Controls

Software Development Security

Secure SDLC: DevSecOps, Agile Security, and Shifting Left

You've reached the end of the CISSP library.

CISSP Study Resources

Security and Risk Management

Legal, Regulatory, and Privacy Compliance: GDPR, CCPA, and Cross-Border Data Flows

Business Continuity Planning: BIA, RTO, RPO, and How CISSP Tests Them

Risk Management Frameworks: ISO, NIST, and COBIT for the CISSP Exam

The 5 Pillars of Information Security: CIA Triad + Authenticity & Non-Repudiation

Asset Security

Data Lifecycle Management: Collection, Retention, Remanence, and Secure Destruction

Data Classification: Government vs Commercial Models and Why It Matters

Data Protection Methods: DRM, DLP, and CASB Explained for the CISSP Exam

Security Architecture and Engineering

Zero Trust Architecture: Why 'Never Trust, Always Verify' Dominates the 2024 Exam

Cryptanalytic Attacks: Brute Force, Side-Channel, Pass-the-Hash, and Ransomware

Cryptography Fundamentals: Symmetric, Asymmetric, PKI, and Quantum Threats

Communication and Network Security

OSI vs TCP/IP Models: How CISSP Tests Them (And Why It's Not Just Memorisation)

Secure Protocols: IPSec, TLS, SSH, and When to Use Each

Network Segmentation: VLANs, VPNs, Micro-Segmentation, and Zero Trust Networks

Identity and Access Management

Privileged Access Management: Just-In-Time, Least Privilege, and PAM Systems

Federated Identity and SSO: SAML, OAuth, OpenID Connect, and Kerberos

Access Control Models: RBAC, MAC, DAC, ABAC — CISSP Scenario Guide

Security Assessment and Testing

Penetration Testing: Red Team, Blue Team, Purple Team — CISSP’s View

Security Audits: Internal, External, Third-Party, and How to Report Findings

Code Review, SAST, DAST, and Interface Testing — Application Security Assessment

Security Operations

SIEM, UEBA, and Threat Hunting: How SOC Teams Detect the Undetectable

Incident Response: Detection, Containment, Eradication, Recovery — CISSP Lifecycle

Firewalls, IDS/IPS, Honeypots, and Next-Gen Security Controls

Software Development Security

Secure SDLC: DevSecOps, Agile Security, and Shifting Left

You've reached the end of the CISSP library.

Security Governance: Aligning Security to Business Strategy

Supply Chain Risk Management: Third-Party Risks, SBOMs, and Silicon Root of Trust

Personnel Security: Hiring, Onboarding, Separation, and Insider Threat

Threat Modeling Methodologies: STRIDE, PASTA, and DREAD for CISSP

Security Models: Bell-LaPadula, Biba, Clark-Wilson, and When to Use Each

Physical Security Design: Data Centers, Server Rooms, HVAC, and Environmental Controls

Cloud Security Architecture: IaaS, PaaS, SaaS — and the Shared Responsibility Model

Wireless Network Security: Wi-Fi, Bluetooth, 5G, and Satellite — CISSP Coverage

Authentication Methods: MFA, Passwordless, Biometrics, and How CISSP Tests Them

Digital Forensics: Evidence Collection, Chain of Custody, and CISSP Scenarios

Disaster Recovery: RTO, RPO, Recovery Sites, and Testing Your DRP

Vulnerability and Patch Management: The CISSP Manager’s Approach