Hello!

Welcome to my ISC2 exam preparation notes website! I created this website with the sole purpose of documenting all my notes for free! Please feel free to navigate all of these study chapters and notes.

Main Page: https://isc-2-prep-notes.vercel.app/

Chapters

• 0.0 Course Introduction
• 0.1 Pre-assessment
• 0.2 Course Content
• 0.3 Course Specifications
• 0.4 Course Disclaimer
• 0.5 ISC2 Code of Ethics
• 1.-1 Domain 1 Information
• 1.0 The Confidentiality, Integrity, and Availability (CIA) Triad
• 1.1 Privacy
• 1.2 Introduction to Risk Management
• 1.3 Threats, Vulnerabilities & Likelihood
• 1.4 Swimming WIth Sharks
• 1.5 Importance of a Professional Code Ethics
• 1.6 Risk in Our Lives
• 1.7 Protecting Information
• 1.8 Making Connections
• 1.9 Theoretical Example - Code of Ethics
• 1.10 Authentication
• 1.11 Professional Code of Conduct
• 1.12 Privacy in the Working Environment
• 1.13 Importance of Governance Elements
• 1.14 Risk Management Terminology
• 1.15 Decision Making Based on Risk Priorities
• 1.16 Importance of Risk Management
• 1.17 Risk Identification
• 1.18 Governance Elements
• 1.19 Proving Identity
• 1.20 Non-repudiation
• 1.21 CIA in the Real World
• 1.22 Methods of Authentication
• 1.23 Risk Priorities
• 1.24 Risk Tolerance Drives Decision Making
• 1.25 Risk Treatment
• 1.26 Risk Tolerance
• 1.27 Risk Assessment
• 1.28 What are Security Controls
• 1.29 CIA Triad Deep Dive
• 2.-1 Domain 2 Intro
• 2.0 Incident Terminology
• 2.1 The Goal of Incident Response
• 2.2 Business Continuity in the Workplace
• 2.3 Components of a Business Continuity Plan
• 2.4 Components of the Incident Response Plan
• 2.5 Incident Response Priorities
• 2.6 The Goal of Disaster Recovery
• 2.7 Components of a Disaster Recovery Plan
• 2.8 The Goal of Business Continuity
• 2.9 Business Continuity in Action
• 2.10 The Importance of Business Continuity
• 2.11 Disaster Recovery in the Real World
• 2.12 Consulting with Management
• 2.13 Incident Response Team
• 3.1 Security Controls
• 3.2 Controls Overview
• 3.3 Defense in Depth
• 3.4 Examples of Least Privillege
• 3.5 Mandatory Access Control (MAC) in the Workplace
• 3.6 Mandatory Access Control (MAC)
• 3.7 What are Logical Access Controls
• 3.8 Defense in Depth in Practice
• 3.9 Controls and Risks
• 3.10 Controls Assessments
• 3.11 What are Physical Security Controls
• 3.12 Role-Based Access Control
• 3.13 How Users Are Provisioned
• 3.14 RBAC in the Workplace
• 3.15 Privileged Accounts
• 3.16 Privileged Access Management
• 3.17 The Benefit of Multiple Controls
• 3.18 Discretionary Access Control (DAC)
• 3.18 Separation of Duties
• 3.19 Authorized Versus Unauthorized Personnel
• 3.20 Types of Physical Access Controls
• 4.1 Networking
• 4.2 Networking at a Glance
• 4.3 What is WiFi
• 4.4 Impacts of Cyber Attack
• 4.5 Microsegmentation
• 4.6 Tools to Identify and Prevent Threats
• 4.7 Microsegmentation Characteristics
• 4.8 Network Segmentation - Demilitarized Zone (DMZ)
• 4.9 DMZ (Demilitarized Zone) Deeper Dive
• 4.10 Virtual Private Network (VPN)
• 4.11 DMZ (Demilitarized Zone) Deeper Dive
• 4.12 Virtual Local Area Network (VLAN)
• 4.13 Intrusion Detection System (IDS)
• 4.14 Preventing Threats
• 4.15 Security of the Network
• 4.16 SYN, SYN-ACK, ACK Handshake
• 4.17 Ports and Protocols (Applications or Services)
• 4.18 Example of Redundancy - Application of
• 4.19 Redundancy
• 4.20 Deep Dive of On-Premises Data Centers
• 4.21 Cloud Redundancy
• 4.22 Service Models
• 4.23 Managed Service Provider (MSP)
• 4.24 Cloud Characteristics
• 4.25 Cloud Computing
• 4.26 Service-Level Agreement (SLA)
• 4.27 Network Design
• 4.28 Types of Threats
• 4.29 Network Access Control (NAC) Deeper Dive
• 4.30 Memorandum of Understanding (MOU) and Memorandum of Agreement (MOA)
• 4.31 Virtual Local Area Network (VLAN) Segmentation
• 4.32 Networking Models
• 4.33 Transmission Control Protocol Internet Protocol - TCP or IP
• 4.34 Segmentation for Embedded Systems and IoT Deeper Dive
• 4.35 Identifying Threats
• 4.36 Segmentation for Embedded Systems and IoT
• 4.37 On-Premises Data Centers
• 4.38 Open Systems Interconnection (OSI) Model
• 4.39 Network Access Control (NAC)
• 4.40 Deployment Models
• 4.41 Zero Trust
• 4.42 Defense in Depth
• 4.43 Internet Protocol (IPv4 and IPv6)
• 4.45 Secure Ports
• 5.1 Data Handling
• 5.2 Data Handling Deep Dive
• 5.3 Encryption Overview
• 5.4 Security Awareness Training
• 5.5 How Passwords Work
• 5.6 Encryption Deep Dive
• 5.7 Hashing Deep Dive
• 5.8 Data Security Event Example
• 5.9 Password Advice and Examples
• 5.10 Phishing
• 5.11 Best Practices of Security Awareness Training
• 5.12 Common Security Policies Deeper Dive
• 5.13 The Risks of Change
• 5.14 Change Management Components in the Workplace
• 5.15 Change Management Components
• 5.16 Logging and Monitoring Security Events
• 5.17 Supporting Security Policies with Procedures
• 5.18 Password Protection
• 5.19 Event Logging Best Practices
• 5.20 Security Awareness Training Example
• 5.21 Symmetric Encryption
• 5.22 Asymmetric Encryption
• 5.23 Social Engineering
• 5.24 Hashing
• 5.25 Configuration Management Overview
• 5.26 Common Security Policies
• 5.27 Data Handling Practices
• 6.1 Flash Cards - Domain 1 - Security Principles
• 6.2 Flash Cards - Domain 2 - Incident Response, Business Continuity and Disaster Recovery Concepts
• 6.3 Flash Cards -Domain 3 - Access Control Concepts
• 6.4 Flash Cards - Domain 4 - Network Security
• 6.5 Flash Cards -Domain 5 - Security Operations
• 7.0 Flashcards from Quizlet
• 8.0 Course Conclusion & Final Assessment - Quizzes
• 9.0 Glossary
• 10.1 Keith's Story
• 10.2 Susan's Morning Cup of Joe
• 10.3 Other Stories