This is exactly what I was talking about being a consolidated framework video! Very impressed with your material!

*Security & Risk Management - Domain 1* 2:50 NIST 800-37 4:35 Other RMF - OCTAVE, FAIR, TARA 4:52 BCP 5:20 Threat Modeling - 5:31 Approaches - Focused on Assets/Attackers/Software 6:16 Threat Modeling Frameworks - STRIDE, PASTA, VAST, DREAD, TRIKE 10:06 Security Control Framework - COBIT: Control OBjectives for Information & other related Tech *Asset Security - Domain 2* 11:22 Data Classification for Govt Entities & Non-Govt Entities *Security Architecture & Engineering - Domain 3* 13:20 Common Criteria (ISO-IEC 15048), TCSEC, ITSEC 14:30 Common Criteria as a process- is of two kinds - Community Protection Profile(Black Box), Evaluation Assurance Level(White Box) 16:09 Classes of TCSEC, ITSEC & Common Criteria 17:20 Security Models 18:22 Security Model Properties - Simple Security Property(read), * Security Property(write), Invocation 18:50 Security Models - Integrity (BIBA, Clark-wilson, Goguen Meseguer, Sutherland Model), Confidentiality (Bell LaPadula, Brewer & Nash, Take Grant) 26:43 State Machine Model 27:35 Information Flow Model 28:28 *Communication & Network Security Model - Domain 4* 28:30 OSI Model *Identity & Access Management - Domain 5* 30:19 Access Provisioning Life Cycle *Security Assessment & Testing - Domain 6* 31:06 NIST SP 800-53A Rev. 5 (superseding existing SP in Jan, 2023) Assessing Security and Privacy Controls in Information Systems and Organizations calls out best practices for conducting security & privacy assessments 31:35 NIST SP 800-53A Rev. 5 - components/specifications/documents *Security Operations - Domain 7* 32:40 Change Management 33:23 Information Lifecycle 35:02 NIST SP 800-61 Rev. 2 : Computer Security Incident Handling Guide that enumerates 7 step process - primary incident response framework is referenced here 37:34 BCP 39:16 BCP vs DRP 40:02 Patch Management Lifecycle 41:23 *Software Development Security - Domain 8* 42:11 SW-CMM 43:25 CMMI 45:44 IDEAL model 46:43 SDLC 48:25 AGILE model 49:43 Waterfall model 53:19 Spiral Model

Cleared CISSP last friday. Your videos were instrumental in my success. I watched this specific video multiple times and it 100% payed dividends during the exam. Keep up the great content

Glad that I was able to see this series of CISSP CRAM videos the week before my exam, which clarified some points I was not sure before. and i have passed :) Thanks

After 175 questions, I am pleased to announce that I provisionally passed the CISSP today. May God continue to bless you and everything you do and if I can donate, help, or support your vision and generosity in any way, please let me know. I will be more than happy to help. Take care!

I used your videos on the CISSP exam and the study guide and managed to pass the first try. Thank you for putting these videos out. Wouldn't have been able to do it without you.

Can’t thank you enough for putting out these videos. They were very helpful in helping me prepare for the test. Passed it yesterday first try!!! Thanks again

Thank you for doing this, very much appreciated!

Thank you for these videos - I passed the CISSP exam today at the first attempt. Spent 2 months learning the study guide inside out. I watched all of the Exam Cram videos in the days leading up to the exam and they really helped!

This is a fantastic presentation. Been preparing for the CISSP for over two months and really needed this to help consolidate it all.

Pete Zerger... Thank you so much for these videos. They helped me pass the CISSP on the first attempt! I am so grateful for the content you put out!

Thanks for these summary videos. Very helpful for my prep. I provisionally cleared cissp exam couple of hours ago. Gratitude!!

I have provisionally passed the CISSP exam just on 100 questions yesterday. Thank you so much for your inspiring videos, slides and the 50 questions. It helped me a lot in summarizing the vast domains of the exam. So keep up the good work.

Another awesome study guide... Thank You!!

Top notch content. Delivered in a no nonsense and to the point, manner. Plus, great voice which makes it so much more easier to take in. Thank you

Still super useful. You are a pillar of the CISSP community.

Thank you sir, great stuff!

Thank you so much for this video. I took my exam this week (2nd attempt) and this time I had less time to prepare. This video helped me organized my preparation with limited time

Many thanks for this concise and informative video. It helps to remove a lot of confusion about frameworks and focus on what is important.

This is definitely the hardest part of the CISSP so far, remembering all these different multi-step processes and keeping them separate in your mind.

Thanks a lot for this wonderful videos just before my exam in few weeks.

Very useful summary. I still try to wrap my mind around Graham Denning, if it is orthogonal to the confidentiality and integrity properties or if it an integrity model. Similar for the Harrizon-Ruzzo-Ullmann Model.

Thanks for Your job

No reference book says that Clark Wilson is a Biba model which you showed here. The distinctive feature of CW is that it enforces SoD (a definitive clearance) and also Auditing. Integrity are ensured in CW in all sort and is done by Integrity Verification Procedures (IVP). These are missing in Biba.

" G 14 classified" hahah that's great. 19 years in USMC and that definitely made me laugh lol :)

Great video! Many thanks! Just in time for my exam. For domain 3, should it be ISO 15048 or 15408?

Small confusion CBK states following classification on basis of severity 1. Confidential 2. Sensitive 3. Private 4. Proprietary 5. Public While other sources illustrate as following 1. Confidential/ Proprietary 2. Private 3. Sensitive 4. Public Which one is the correct classification

Pete, the free CISSP 50 practice questions seem to have been removed from the site. Can they still be accessed somewhere? Thanks.

I know that the OSI model is filled with complexity and sometimes confusion, but wouldn't SSL/TLS be part of Layer 6? I think that they have to at least be above Layer 4 because they run on TCP, Layer 5 is a total mystery to me, but Layer 6 deals with encryption which seems like the right layer for SSL/TLS.

30:08

Hi man thanks for the video, one thing got me confused. First you say that the "Biba" security model is a state machine model (in the overview) and then when you describe it in details you say that it is a lattice based. This got me a bit confused. Could you explain please? Thanks in advance.

You said earlier that Biba (at 19:37) was a "state machine model", then at 27:48 you say Biba and Bell-Lapdula are both "information flow models", Which is it??

Question is not the patch management lifecycle; 1.) evaluate patches, 2.) Test Patches, 3.) Approve Patches, 4.) Deploy patches. 5.) Verify Patches are deployed...?? Please let me know

Is this for current syllabus or 2021 ?please confirm....

sorry for the question but what cram stand's for?

@13:44 Common criteria is 15408 not 15048

I thought clark-wilson was a rule based model and not lattice model? 25:01

CC is ISO-15408 not ISO-15048