The Full CISSP Course
A guided path through all eight domains — 62 lessons mapped one-to-one to the official objectives, with exam-focused summaries, the key topics that matter, linked readings, and knowledge checks drawn from your question bank.
0 / 62 lessons done
Domains
Security and Risk Management
The foundation of the entire CBK and the most heavily weighted domain. It establishes the language of security — the CIA triad and its extensions, governance, law and compliance, risk management, and the human program (ethics, BCP, personnel, awareness). Master the risk vocabulary here; it recurs in every other domain.
Asset Security
Protecting data and assets across their full lifecycle. Classification drives every downstream control, so be precise about data roles (owner, controller, custodian, processor, subject), states (at rest, in transit, in use), retention, remanence, and destruction.
Security Architecture and Engineering
The most technical domain. Secure design principles, formal security models, the security capabilities of systems, architectural vulnerabilities across modern platforms (cloud, IoT, ICS, serverless), cryptography end-to-end, and physical/site security all live here.
Communication and Network Security
Networking through a security lens. The OSI and TCP/IP models anchor everything; layer on secure protocols, modern segmentation (VLANs, micro-segmentation, zero trust), wireless and cellular, SDN/SD-WAN, and secure channels for voice, remote access, and third-party connectivity.
Identity and Access Management (IAM)
Who can access what, and how that is proven and governed. Covers identification/authentication (incl. MFA and passwordless), the access-control models (RBAC, ABAC, MAC, DAC, rule/risk-based), federation and SSO, the provisioning lifecycle, and Zero Trust enforcement points.
Security Assessment and Testing
Verifying that controls actually work. Covers assessment/test/audit strategy, the full toolbox of control testing (vulnerability scans, pen tests, code review, misuse cases), collecting process data (KPIs/KRIs), reporting with remediation, and internal/external/third-party audits.
Security Operations
The day-to-day defense of the enterprise — the broadest domain by objective count. Investigations and forensics, logging/monitoring (SIEM, UEBA, threat intel), foundational ops concepts, incident management, detective/preventive tooling, patch and change management, and the full DR/BCP execution and testing cycle, plus physical and personnel safety.
Software Development Security
Building security into software. Integrating security across the SDLC and methodologies (Agile, DevSecOps), securing the development ecosystem and toolchain (CI/CD, SAST/DAST/IAST, repositories), assessing software effectiveness and acquired/third-party software, and applying secure coding standards against source-level weaknesses and API risks.