Study resources | ThorTeaches CISSP, CISM, & PMP training

Videos Tests Books Free stuff Groups/CPEs Links

Thor Teaches – All videos and practice questions
25+ hours of CISSP video
500 hard CISSP questions, 1,000 easy/mid CISSP questions
240+ page study guides, 500 CISSP links, CISSP study plan, (optional: Boson hard questions)
$169.95 – 12 months full access

Thor Teaches – Free CISSP study course
2 hours of CISSP videos on how to study, find materials, make study plans, and approach practice questions

FREE

Study Notes and Theory – Luke Ahmed
170 videos, 450 practice questions, 700 flash cards.
$29.99 per month, $144,99 for 6 months

itpro.tv – Adam Gordon
33 hours (accelerated) – 80 hours (full course)
$29 per month, $ 299 /year – get an additional 30% off /year with this code: ADAM30

Thor Teaches – All practice questions
500 hard CISSP questions
1,000 easy/mid CISSP questions
(optional: Boson hard questions)
$99.95 – 12 months full access

Thor Teaches – All HARD practice questions
500 hard CISSP questions
(optional: Boson hard questions)
$49.95 – 12 months full access

Study Notes and Theory – Luke Ahmed
170 videos, 450 practice questions, 700 flash cards.
$29.99 per month, $144,99 for 6 months

Boson ExSim-Max for CISSP
As an current student of ThorTeaches you can get a discount on the Boson test.

CISSP Official (ISC)2 Practice Tests – Book

~$40

CISSP Practice Exams, Fifth Edition 5th Edition

~$40

(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide 8th Edition

~$20

CISSP All-in-One Exam Guide 8th Edition

~$43

How To Think Like A Manager for the CISSP Exam

~$10-19

The Effective CISSP: Security and Risk Management
by Wentz Wu

$10 – 30

Eleventh Hour CISSP®: Study Guide 3rd Edition
(2015 version, but still worth it).

~$25

Our free CISSP study course:

Thor Teaches – Free CISSP study course:
2 hours of CISSP videos on how to study, find materials, make study plans, and approach practice questions

Free

Study plan:
Thorteaches CISSP study plan with daily task breakdown – 2021.

Free questions:

Free CISSP practice questions Elsevier (2015 version)

Free daily CISSP practice questions (Facebook group)

Wentz Wu QOTD (Blog)

Adam Gordon QOTD (LinkedIn)

IT Dojo (YouTube)

Study Guides:

Study guide (free) – The memory palace – Prashant Mohan v3.1

Study guide (free) – Sunflower notes – Maarten de Frankrijker v2.0

Study guide (free) – CISSP Process guide – Fadi Sodah (madunix) v21.0

Study guide – CISSP notes – Luc Desfosses

Other:

CISSP Glossary – Student Guide

ISACA Cybersecurity Fundementals Glossary

Flash cards – Brainscrape

Awesome Security – Github

GDPR – Advisera

OWASP top 10 – 2013

OWASP top 10 – 2017

All relevant NIST documents

NIST 800-30 – Guide for Conducting Risk Assessments
https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final

NIST 800-12 – An Introduction to Information Security
https://csrc.nist.gov/publications/detail/sp/800-12/rev-1/final

NIST 800-34 – Contingency Planning Guide for Information Technology Systems https://csrc.nist.gov/publications/detail/sp/800-34/rev-1/final

NIST 800-37 – Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy
https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final

NIST 800-39 – Managing Information Security Risk: Organization, Mission, and Information System View
https://csrc.nist.gov/publications/detail/sp/800-39/final

NIST 800-53 – Security and Privacy Controls for Federal Information Systems and Organization
https://csrc.nist.gov/publications/detail/sp/800-53/rev-4/final
https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft

NIST 800-86 – Guide to Integrating Forensic Techniques into Incident Response https://csrc.nist.gov/publications/detail/sp/800-86/final

NIST 800-88 – Guidelines for Media Sanitization
https://csrc.nist.gov/publications/detail/sp/800-88/rev-1/final

NIST 800-115 – Technical Guide to Information Security Testing and Assessment
https://csrc.nist.gov/publications/detail/sp/800-115/final

NIST 800-128 – Guide for Security-Focused Configuration Management of Information Systems https://csrc.nist.gov/publications/detail/sp/800-128/final

NIST 800-137 – Information Security Continuous Monitoring
https://csrc.nist.gov/publications/detail/sp/800-137/final

NIST 800-145 – The NIST Definition of Cloud Computing
https://csrc.nist.gov/publications/detail/sp/800-145/final

NIST 800-46 – Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security
https://csrc.nist.gov/publications/detail/sp/800-46/rev-2/final

NIST 800-61 Computer Security Incident Handling Guide
https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final

NIST 800-160 Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems
https://csrc.nist.gov/publications/detail/sp/800-160/vol-1/final

Facebook – CISSP, CISM and PMP certification training and mentoring by Thor Teaches!

Facebook – Effective CISSP by Wentz Wu

Facebook – CISSP Exam Preparation – Study Notes and Theory!

Discord study group CISSP, CISM, PMP – by Thor Teaches.

Discord study group C ertification Station.

Reddit – CISSP subreddit!

Infosecinstitute forum!

CISSP Free CPE’s: (ISC)² explaining how the CPE’s work

(ISC)² – 500+ CPE’s available (Webinar).

SANS – 500+ CPE’s available (Webinar).

ISACA – 100+ CPE’s available (Webinar).

Infosecurity-magazine + 350+ CPE’s available (Webinar).

wh1t3rabbit – 250+ CPE’s available (Podcast).

OWASP 100+ CPE’s available (Podcast).

Certs.org – 200+ CPE’s available (Podcast).

Edx.org – 250+ CPE’s available (Online training).

Coursera – 250+ CPE’s available (Online training).

Securitytube – 10,000+ CPE’s available (Videos).

Youtube – 100,000+ CPE’s available (Videos).

CISSP Links:

If a link is broken please let me know so I can fix it!

(ISC)² and the CISSP certification links:

https://www.isc2.org/Certifications/CISSP

https://www.forbes.com/sites/stevemorgan/2016/01/02/one-million-cybersecurity-job-openings-in-2016/2/#6874bcd17ca9

https://www.isc2.org/Certifications/Associate

https://www.isc2.org/Ethics

https://downloads.isc2.org/credentials/cissp/CISSP-Detailed-Content-Outline.pdf

https://community.isc2.org/

https://public.cyber.mil/cw/cwmp/dod-approved-8570-baseline-certifications/

https://www.isc2.org/Certifications/CISSP#steps-to-certification

https://www.isc2.org/Certifications/CISSP#accordion-b56dcdc46ed244be824785f1b433a1f8

http://www.pearsonvue.com/isc2/ http://blog.isc2.org/isc2_blog/

https://www.isc2.org/en/About/Member-Counts

All NIST publications

Portal:Computer security – Wikipedia

Information security – Wikipedia

CISSP certification 2018 Domain (Common body of knowledge) domains:

US Laws you should know for the CISSP exam:

CFAA( wiki) – Computer Fraud and Abuse Act, part of Comprehensive Crime Control Act of 1984 (CCCA) “Since then, the Act has been amended a number of times—in 1989, 1994, 1996, in 2001 by the USA PATRIOT Act, 2002, and in 2008 by the Identity Theft Enforcement and Restitution Act.”

CSA( EPIC)- Computer Security Act of 1987 Federal Sentencing Guidelines – Chapter 2: Particularly Parts B, H.3. and M.5.

National Information Infrastructure Protection Act of 1996, (Title II)

Paperwork Reduction Act of 1995, of 1980, additional info

GISRA – Government Information Security Reform Act of 2000

FISMA – Federal Information Security Management Act, 2002; of 2014

Economic Espionage Act of 1996 UCITA (Final) – Uniform Computer Information Transactions Act; Summary

Computer Export Controls from US Department of Commerce, Bureau of Industry and Security

CCL– Commerce Control List

EAR– Export Administration Regulations

HIPAA – Health Insurance Portability and Accountability Act.

PCI-DSS – Payment Card Industry Data Security Standard. Sarbanes–Oxley Act of 2002

Videos Tests Books Free stuff Groups/CPEs Links

Thor Teaches
19+ hours of CISM videos, 150 practice questions, 300+ page study guide, 400 CISM links
$59.99 – 12 months full access

CISM Review QAE, 9th Edition
$156 on Amazon – totally worth it!
These are retired CISM exam questions, you will learn exactly HOW ISACA asks the questions!

CISM AIO Practice Exams 1st Edition

$35

CISM Review Manual
15th Edition by ISACA
$87-98 on Amazon – Official book

CISM AIO (All-in-One)
Exam Guide 1st Edition
$35-49 on Amazon
I like this book better than the official book, more in detail and cheaper.

Free CISM Resources:

CISSP, CISM, and PMP study group and free daily practice questions (Facebook group)

Study guide – The memory palace – Prashant Mohan

Study guide – Sunflower notes – Maarten de Frankrijker

Study guide – CISSP Process guide – Fadi Sodah (madunix)

ISACA Cybersecurity Fundementals Glossary

Awesome Security – Github

GDPR – Advisera

Thorteaches study plan with daily task breakdown.

Facebook groups and forums:

Facebook – CISSP, CISM, and CISA certification training and mentoring by Thor Teaches!

Discord study group CISSP, CISM, PMP – by Thor Teaches.

Facebook – CISM study group

Reddit – CISSP/CISM subreddit!

Infosecinstitute forum!

CISM CPEs:

ISACA CPE reporting FAQs CISM How to report and earn CPEs
(ISC)² – 500+ CPE’s available (Webinar).
SANS – 500+ CPE’s available (Webinar).
ISACA – 100+ CPE’s available (Webinar).
Infosecurity-magazine + 350+ CPE’s available (Webinar).
wh1t3rabbit – 250+ CPE’s available (Podcast).
OWASP 100+ CPE’s available (Podcast).
Certs.org – 200+ CPE’s available (Podcast).
Edx.org – 250+ CPE’s available (Online training).
Coursera – 250+ CPE’s available (Online training).
Securitytube – 10,000+ CPE’s available (Videos).
Youtube – 100,000+ CPE’s available (Videos).

General CISM and ISACA links:

https://www.youtube.com/watch?v=B-X__iJmFHE

http://www.isaca.org/Certification/Code-of-Professional-Ethics/Pages/default.aspx

http://www.isaca.org/certification/pages/taking-the-exam.aspx

http://www.isaca.org/Certification/CISM-Certified-Information-Security-Manager/Maintain-Your-CISM/Pages/default.aspx

http://www.isaca.org/Certification/CISM-Certified-Information-Security-Manager/Pages/FAQs.aspx

http://www.isaca.org/Certification/CISM-Certified-Information-Security-Manager/Pages/default.aspx

http://www.isaca.org/Certification/CISM-Certified-Information-Security-Manager/Maintain-Your-CISM/Pages/default.aspx#qualifying

http://www.isaca.org/certification/cism-certified-information-security-manager/job-practice-areas/Pages/default.aspx

http://www.isaca.org/Certification/CISM-Certified-Information-Security-Manager/Prepare-for-the-Exam/Pages/CISMSelfAssessment.aspx?id=100001

https://www.forbes.com/sites/stevemorgan/2016/01/02/one-million-cybersecurity-job-openings-in-2016/

https://iase.disa.mil/iawip/Pages/iabaseline.aspx

All NIST publications

Portal:Computer security – Wikipedia

Information security – Wikipedia

CISM Domain 1 links:

https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard

https://www.pcisecuritystandards.org/pci_security/

https://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act

https://en.wikipedia.org/wiki/Copyright

https://en.wikipedia.org/wiki/Trademark

https://en.wikipedia.org/wiki/Patent

https://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act

https://en.wikipedia.org/wiki/Patriot_Act

https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act

https://en.wikipedia.org/wiki/Gramm%E2%80%93Leach%E2%80%93Bliley_Act

https://en.wikipedia.org/wiki/Sarbanes%E2%80%93Oxley_Act

https://en.wikipedia.org/wiki/Wassenaar_Arrangement

https://en.wikipedia.org/wiki/Computer_Ethics_Institute

https://en.wikipedia.org/wiki/Internet_Architecture_Board

http://www.ncsl.org/research/telecommunications-and-information-technology/security-breach-notification-laws.aspx

http://www.oecd.org/sti/ieconomy/2013-oecd-privacy-guidelines.pdf

https://en.wikipedia.org/wiki/Security_modes

https://en.wikipedia.org/wiki/Security_clearance

https://en.wikipedia.org/wiki/Data_at_rest

https://en.wikipedia.org/wiki/Data_in_use

CISM Domain 2 links:

https://en.wikipedia.org/wiki/COBIT

http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx

https://en.wikipedia.org/wiki/Committee_of_Sponsoring_Organizations_of_the_Treadway_Commission

https://en.wikipedia.org/wiki/ITIL

https://www.axelos.com/best-practice-solutions/itil

https://en.wikipedia.org/wiki/ISO/IEC_27000-series

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r1.pdf

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf

https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf

https://en.wikipedia.org/wiki/IT_risk_management#NIST_SP_800_30_framework

https://csrc.nist.gov/publications/detail/sp/800-12/rev-1/final

https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf

https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-92.pdf

https://en.wikipedia.org/wiki/IT_risk

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf

https://en.wikipedia.org/wiki/Artificial_intelligence

https://en.wikipedia.org/wiki/Race_condition

https://en.wikipedia.org/wiki/Capability_Maturity_Model

https://en.wikipedia.org/wiki/Commercial_off-the-shelf

https://www.experts-exchange.com/articles/33288/Secure-SDLC-Principles-and-Practices.html

https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

https://www.owasp.org/index.php/Security_by_Design_Principles

https://www.owasp.org/index.php/Category:Vulnerability

https://en.wikipedia.org/wiki/Programming_language

https://en.wikipedia.org/wiki/Object-oriented_programming

https://en.wikipedia.org/wiki/Computer-aided_software_engineering

https://en.wikipedia.org/wiki/Open-source_model

https://en.wikipedia.org/wiki/Shareware

https://en.wikipedia.org/wiki/Crippleware

https://en.wikipedia.org/wiki/Freeware

https://en.wikipedia.org/wiki/End-user_license_agreement

https://en.wikipedia.org/wiki/GNU

https://en.wikipedia.org/wiki/Berkeley_Software_Distribution

https://en.wikipedia.org/wiki/Software_development_process

https://en.wikipedia.org/wiki/Waterfall_mode

l https://en.wikipedia.org/wiki/Agile_software_development

https://en.wikipedia.org/wiki/Scrum_(software_development)

https://en.wikipedia.org/wiki/Extreme_programming

https://en.wikipedia.org/wiki/Spiral_model

https://en.wikipedia.org/wiki/Rapid_application_development

https://en.wikipedia.org/wiki/Prototype-based_programming

https://en.wikipedia.org/wiki/Software_development_process

https://csrc.nist.gov/publications/detail/sp/800-128/final

https://en.wikipedia.org/wiki/Database

https://en.wikipedia.org/wiki/Relational_database_management_system

https://en.wikipedia.org/wiki/Data_definition_language

https://en.wikipedia.org/wiki/Data_manipulation_language

https://en.wikipedia.org/wiki/Object_database

https://en.wikipedia.org/wiki/Object_request_broker

https://www.owasp.org/index.php/Main_Page

https://en.wikipedia.org/wiki/Change_management

https://en.wikipedia.org/wiki/Zero-day_(computing)

https://en.wikipedia.org/wiki/Stuxnet

https://en.wikipedia.org/wiki/Backup

https://en.wikipedia.org/wiki/Ransomware

https://en.wikipedia.org/wiki/Computer_security_incident_management

https://en.wikipedia.org/wiki/Incident_management

https://en.wikipedia.org/wiki/Intrusion_detection_system

https://en.wikipedia.org/wiki/Security_information_and_event_management

https://en.wikipedia.org/wiki/Honeypot_(computing)

https://en.wikipedia.org/wiki/RAID

https://en.wikipedia.org/wiki/Mean_time_to_repair

https://en.wikipedia.org/wiki/Mean_time_between_failures

https://www.experts-exchange.com/articles/32316/What-Gives-SIEM-a-Good-Name.html

http://www.cert.org/resilience/products-services/octave/index.cfm

https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf

https://en.wikipedia.org/wiki/Dynamic_testing

https://en.wikipedia.org/wiki/Penetration_test

https://en.wikipedia.org/wiki/Fuzzing

https://www.experts-exchange.com/articles/31763/Incident-Handling-and-Response-Plan.html

https://en.wikipedia.org/wiki/Information_technology_security_audit

https://en.wikipedia.org/wiki/Information_security_audit

https://en.wikipedia.org/wiki/Information_technology_audit

https://en.wikipedia.org/wiki/Audit_trail

https://en.wikipedia.org/wiki/Social_engineering_(security)

https://metasploit.com/

http://www.coresecurity.com/

http://www.immunitysec.com/ http://sectools.org/

https://www.kali.org/ http://map.norsecorp.com/#/

https://en.wikipedia.org/wiki/Traceability_matrix

https://en.wikipedia.org/wiki/All-pairs_testing

https://en.wikipedia.org/wiki/Code_coverage

https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc2report.html

https://en.wikipedia.org/wiki/NIST_Special_Publication_800-92

https://en.wikipedia.org/wiki/Nessus_(software)

https://en.wikipedia.org/wiki/Duplex_(telecommunications)

https://en.wikipedia.org/wiki/Quality_of_service

https://en.wikipedia.org/wiki/OSI_model

https://en.wikipedia.org/wiki/Internet_protocol_suite

https://en.wikipedia.org/wiki/Network_topology

https://en.wikipedia.org/wiki/Carrier-sense_multiple_access

https://en.wikipedia.org/wiki/User_Datagram_Protocol

https://en.wikipedia.org/wiki/Transmission_Control_Protocol

https://en.wikipedia.org/wiki/MAC_address

https://en.wikipedia.org/wiki/IPv4 https://en.wikipedia.org/wiki/IPv6

https://en.wikipedia.org/wiki/Ping_(networking_utility)

https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

https://quizlet.com/165853858/cissp-common-ports-and-protocols-flash-cards

https://en.wikipedia.org/wiki/Internet_Assigned_Numbers_Authority

https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing

https://en.wikipedia.org/wiki/Address_Resolution_Protocol

https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol

https://en.wikipedia.org/wiki/Secure_Shell

https://en.wikipedia.org/wiki/File_Transfer_Protocol

https://en.wikipedia.org/wiki/Domain_Name_System

https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol

https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol

https://en.wikipedia.org/wiki/Ethernet

https://en.wikipedia.org/wiki/Twisted_pair

https://en.wikipedia.org/wiki/Coaxial_cable

https://en.wikipedia.org/wiki/Fiber-optic_communication

https://en.wikipedia.org/wiki/Frame_Relay

https://en.wikipedia.org/wiki/Multiprotocol_Label_Switching

https://en.wikipedia.org/wiki/Voice_over_IP

https://en.wikipedia.org/wiki/Wireless_LAN h

ttps://en.wikipedia.org/wiki/Bluetooth

https://en.wikipedia.org/wiki/Virtual_LAN

https://en.wikipedia.org/wiki/Routing_protocol

https://en.wikipedia.org/wiki/Firewall_(computing)

https://en.wikipedia.org/wiki/Modem

https://en.wikipedia.org/wiki/Extensible_Authentication_Protocol

https://en.wikipedia.org/wiki/Virtual_private_network

https://en.wikipedia.org/wiki/Remote_Desktop_Protocol

https://en.wikipedia.org/wiki/Network_switch

https://en.wikipedia.org/wiki/Router_(computing)

http://sectools.org/tag/fuzzers/

https://www.cisecurity.org/

https://cloudsecurityalliance.org/

https://www.enisa.europa.eu/

https://iase.disa.mil/stigs/Pages/index.aspx

https://www.experts-exchange.com/articles/32132/Better-Security-in-the-Cloud.html

http://www.mindcert.com/resources/MindCert_CISSP_Physical_Security_MindMap.pdf

https://en.wikipedia.org/wiki/Rainbow_Series

https://en.wikipedia.org/wiki/Trusted_Computer_System_Evaluation_Criteria

https://en.wikipedia.org/wiki/Common_Criteria

https://en.wikipedia.org/wiki/Trusted_Platform_Module https://en.wikipedia.org/wiki/Hypervisor

https://en.wikipedia.org/wiki/Cloud_computing

https://en.wikipedia.org/wiki/Internet_of_things https://en.wikipedia.org/wiki/Malware

https://www.owasp.org/index.php/Top_10-2017_Top_10

https://en.wikipedia.org/wiki/Mobile_device_management

https://en.wikipedia.org/wiki/Industrial_control_system

https://en.wikipedia.org/wiki/Pretty_Good_Privacy

https://en.wikipedia.org/wiki/Fire_class

https://en.wikipedia.org/wiki/Fire_sprinkler_system

https://en.wikipedia.org/wiki/Montreal_Protocol

CISM Domain 3 links:

https://en.wikipedia.org/wiki/Discretionary_access_control

https://en.wikipedia.org/wiki/Mandatory_access_control

https://en.wikipedia.org/wiki/Role-based_access_control

https://en.wikipedia.org/wiki/Attribute-based_access_control

https://en.wikipedia.org/wiki/Bell%E2%80%93LaPadula_model

https://en.wikipedia.org/wiki/Biba_Model

https://en.wikipedia.org/wiki/Graham-Denning_model

https://www.experts-exchange.com/articles/31744/Cloud-Security-Threats-Risks-and-Concerns.html

https://en.wikipedia.org/wiki/HRU_(security)

https://en.wikipedia.org/wiki/Clark%E2%80%93Wilson_model

https://en.wikipedia.org/wiki/Take-grant_protection_model

https://en.wikipedia.org/wiki/Access_Control_Matrix

https://en.wikipedia.org/wiki/Zachman_Framework

https://en.wikipedia.org/wiki/Security_modes

http://www.mindcert.com/resources/MindCert_CISSP_Cryptography_MindMap.pdf

https://en.wikipedia.org/wiki/Cryptography

https://en.wikipedia.org/wiki/One-time_pad

https://en.wikipedia.org/wiki/Wassenaar_Arrangement

https://en.wikipedia.org/wiki/Public-key_cryptography

https://en.wikipedia.org/wiki/Symmetric-key_algorithm

https://en.wikipedia.org/wiki/Hybrid_cryptosystem

https://en.wikipedia.org/wiki/Hash_function

https://en.wikipedia.org/wiki/Social_engineering_(security)

https://en.wikipedia.org/wiki/Public_key_infrastructure

https://en.wikipedia.org/wiki/Digital_signature

https://en.wikipedia.org/wiki/Transport_Layer_Security

https://en.wikipedia.org/wiki/IPsec

https://en.wikipedia.org/wiki/Authentication

https://en.wikipedia.org/wiki/Multi-factor_authentication

https://en.wikipedia.org/wiki/Authentication_protocol

https://en.wikipedia.org/wiki/Mutual_authentication

https://en.wikipedia.org/wiki/Computer_security

https://en.wikipedia.org/wiki/Challenge%E2%80%93response_authentication

https://en.wikipedia.org/wiki/RADIUS

https://en.wikipedia.org/wiki/AAA_(computer_security)

https://en.wikipedia.org/wiki/Diameter_(protocol)

https://en.wikipedia.org/wiki/Password

https://en.wikipedia.org/wiki/Rainbow_table

https://en.wikipedia.org/wiki/Brute-force_attack

https://en.wikipedia.org/wiki/Keystroke_logging

https://en.wikipedia.org/wiki/Cryptographic_nonce

https://en.wikipedia.org/wiki/Salt_(cryptography)

https://en.wikipedia.org/wiki/Password_cracking

https://en.wikipedia.org/wiki/Initialization_vector

https://en.wikipedia.org/wiki/Biometrics

https://en.wikipedia.org/wiki/Discretionary_access_control

https://en.wikipedia.org/wiki/Mandatory_access_control

https://en.wikipedia.org/wiki/Role-based_access_control

https://en.wikipedia.org/wiki/Attribute-based_access_control

https://en.wikipedia.org/wiki/Access_control

https://en.wikipedia.org/wiki/Federated_identity

https://en.wikipedia.org/wiki/Single_sign-on

https://en.wikipedia.org/wiki/Infrastructure_as_a_service

https://en.wikipedia.org/wiki/Platform_as_a_service

https://en.wikipedia.org/wiki/Software_as_a_service

https://en.wikipedia.org/wiki/Kerberos_(protocol)

https://en.wikipedia.org/wiki/Identity_management

https://en.wikipedia.org/wiki/RADIUS https://en.wikipedia.org/wiki/Diameter_(protocol)

https://en.wikipedia.org/wiki/TACACS

https://en.wikipedia.org/wiki/Password_Authentication_Protocol

https://en.wikipedia.org/wiki/Challenge-Handshake_Authentication_Protocol

https://en.wikipedia.org/wiki/Authentication_protocol

https://en.wikipedia.org/wiki/Active_Directory

https://en.wikipedia.org/wiki/Non-disclosure_agreement

https://www.bakerlaw.com/files/uploads/Documents/Privacy/2016-Data-Security-Incident-Response-Report.pdf

https://na.theiia.org/standards-guidance/recommended-guidance/practice-guides/Pages/GTAG9.aspx

https://en.wikipedia.org/wiki/Change_management

https://en.wikipedia.org/wiki/Access_control

https://en.wikipedia.org/wiki/Principle_of_least_privilege

https://www.experts-exchange.com/articles/33330/Threat-Modeling-Process-Basics-and-Purpose.html

https://www.experts-exchange.com/articles/31793/Vulnerability-Assessments-versus-Penetration-Tests.html

https://csrc.nist.gov/projects/role-based-access-control/faqs

CISM Domain 4 links:

https://en.wikipedia.org/wiki/Recovery_time_objective

https://en.wikipedia.org/wiki/Backup_site

https://en.wikipedia.org/wiki/Crisis_management

https://en.wikipedia.org/wiki/Emergency_operations_center

https://en.wikipedia.org/wiki/ISO_22301

http://www.iso27001security.com/html/27031.html

https://www.thebci.org/

https://www.experts-exchange.com/articles/33356/Internet-of-Things-Guidelines-to-prevent-common-IoT-security-risks.html

https://www.experts-exchange.com/articles/33009/Disaster-Recovery-Solution-Design.html

https://nws.weather.gov/nthmp/Minutes/oct-nov07/post-disaster_recovery_planning_forum_uo-csc-2.pdf

https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-34r1.pdf

https://en.wikipedia.org/wiki/Digital_forensics

https://en.wikipedia.org/wiki/Disaster_recovery_plan

https://en.wikipedia.org/wiki/Business_continuity_planning

https://en.wikipedia.org/wiki/Disaster_recovery

https://www.fema.gov/media-library-data/5c4896dd74fd2b18bc900e60935debe9/COOP_Planning_Template.pdf

https://en.wikipedia.org/wiki/List_of_digital_forensics_tools

US Laws you should know for the CISM exam:

CFAA( wiki) – Computer Fraud and Abuse Act, part of Comprehensive Crime Control Act of 1984 (CCCA)“Since then, the Act has been amended a number of times—in 1989, 1994, 1996, in 2001 by the USA PATRIOT Act, 2002, and in 2008 by the Identity Theft Enforcement and Restitution Act.”

CSA( EPIC) – Computer Security Act of 1987

Federal Sentencing Guidelines – Chapter 2: Particularly Parts B, H.3. and M.5.