Our free CISSP study course:
Study plan:
Thorteaches CISSP study plan with daily task breakdown – 2021.
Free questions:
Free CISSP practice questions Elsevier (2015 version)
Free daily CISSP practice questions (Facebook group)
Study Guides:
Study guide (free) – The memory palace – Prashant Mohan v2.0
Study guide (free) – Sunflower notes – Maarten de Frankrijker v2.0
Study guide (free) – CISSP Process guide – Fadi Sodah (madunix) v21.0
Study guide – CISSP notes – Luc Desfosses
Other:
CISSP Glossary – Student Guide
ISACA Cybersecurity Fundementals Glossary
All relevant NIST documents
NIST 800-30 – Guide for Conducting Risk Assessments
https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final
NIST 800-12 – An Introduction to Information Security
https://csrc.nist.gov/publications/detail/sp/800-12/rev-1/final
NIST 800-34 – Contingency Planning Guide for Information Technology Systems https://csrc.nist.gov/publications/detail/sp/800-34/rev-1/final
NIST 800-37 – Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy
https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final
NIST 800-39 – Managing Information Security Risk: Organization, Mission, and Information System View
https://csrc.nist.gov/publications/detail/sp/800-39/final
NIST 800-53 – Security and Privacy Controls for Federal Information Systems and Organization
https://csrc.nist.gov/publications/detail/sp/800-53/rev-4/final
https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft
NIST 800-86 – Guide to Integrating Forensic Techniques into Incident Response https://csrc.nist.gov/publications/detail/sp/800-86/final
NIST 800-88 – Guidelines for Media Sanitization
https://csrc.nist.gov/publications/detail/sp/800-88/rev-1/final
NIST 800-115 – Technical Guide to Information Security Testing and Assessment
https://csrc.nist.gov/publications/detail/sp/800-115/final
NIST 800-128 – Guide for Security-Focused Configuration Management of Information Systems https://csrc.nist.gov/publications/detail/sp/800-128/final
NIST 800-137 – Information Security Continuous Monitoring
https://csrc.nist.gov/publications/detail/sp/800-137/final
NIST 800-145 – The NIST Definition of Cloud Computing
https://csrc.nist.gov/publications/detail/sp/800-145/final
NIST 800-46 – Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security
https://csrc.nist.gov/publications/detail/sp/800-46/rev-2/final
NIST 800-61 Computer Security Incident Handling Guide
https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final
NIST 800-160
Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems
https://csrc.nist.gov/publications/detail/sp/800-160/vol-1/final
Facebook – CISSP, CISM and PMP certification training and mentoring by Thor Teaches!
Facebook – Effective CISSP by Wentz Wu
Facebook – CISSP Exam Preparation – Study Notes and Theory!
Discord study group CISSP, CISM, PMP – by Thor Teaches.
Discord study group C ertification Station.
CISSP Free CPE’s: (ISC)² explaining how the CPE’s work
(ISC)² – 500+ CPE’s available (Webinar).
SANS – 500+ CPE’s available (Webinar).
ISACA – 100+ CPE’s available (Webinar).
Infosecurity-magazine + 350+ CPE’s available (Webinar).
wh1t3rabbit – 250+ CPE’s available (Podcast).
OWASP 100+ CPE’s available (Podcast).
Certs.org – 200+ CPE’s available (Podcast).
Edx.org – 250+ CPE’s available (Online training).
Coursera – 250+ CPE’s available (Online training).
Securitytube – 10,000+ CPE’s available (Videos).
Youtube – 100,000+ CPE’s available (Videos).
CISSP Links:
If a link is broken please let me know so I can fix it!
(ISC)² and the CISSP certification links:
https://www.isc2.org/Certifications/CISSP
https://www.isc2.org/Certifications/Associate
https://downloads.isc2.org/credentials/cissp/CISSP-Detailed-Content-Outline.pdf
https://public.cyber.mil/cw/cwmp/dod-approved-8570-baseline-certifications/
https://www.isc2.org/Certifications/CISSP#steps-to-certification
https://www.isc2.org/Certifications/CISSP#accordion-b56dcdc46ed244be824785f1b433a1f8
http://www.pearsonvue.com/isc2/ http://blog.isc2.org/isc2_blog/
https://www.isc2.org/en/About/Member-Counts
Portal:Computer security – Wikipedia
Information security – Wikipedia
CISSP certification 2018 Domain (Common body of knowledge) domains:
Domain 1: Security and Risk Management
https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard
https://www.pcisecuritystandards.org/pci_security/
https://en.wikipedia.org/wiki/COBIT
http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx
https://en.wikipedia.org/wiki/Committee_of_Sponsoring_Organizations_of_the_Treadway_Commission
https://en.wikipedia.org/wiki/ITIL https://www.axelos.com/best-practice-solutions/itil
https://en.wikipedia.org/wiki/ISO/IEC_27000-series
https://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act
https://en.wikipedia.org/wiki/Copyright https://en.wikipedia.org/wiki/Trademark
https://en.wikipedia.org/wiki/Patent
https://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act
https://en.wikipedia.org/wiki/Patriot_Act
https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act
https://en.wikipedia.org/wiki/Gramm%E2%80%93Leach%E2%80%93Bliley_Act
https://en.wikipedia.org/wiki/Sarbanes%E2%80%93Oxley_Act
https://en.wikipedia.org/wiki/Wassenaar_Arrangement
https://www.isc2.org/Ethics https://en.wikipedia.org/wiki/Computer_Ethics_Institute
https://en.wikipedia.org/wiki/Internet_Architecture_Board
https://en.wikipedia.org/wiki/IT_risk_management#NIST_SP_800_30_framework
https://csrc.nist.gov/publications/detail/sp/800-12/rev-1/final
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-92.pdf
http://www.mindcert.com/resources/MindCert_CISSP_Law_MindMap.pdf
https://en.wikipedia.org/wiki/IT_risk
https://www.copyright.gov/fls/fl102.
html http://www.oecd.org/sti/ieconomy/2013-oecd-privacy-guidelines.pdf
Domain 2: Asset Security
https://en.wikipedia.org/wiki/Security_modes
https://en.wikipedia.org/wiki/Security_clearance
https://en.wikipedia.org/wiki/Data_at_rest
https://en.wikipedia.org/wiki/Data_in_use
https://en.wikipedia.org/wiki/Read-only_memory
https://en.wikipedia.org/wiki/Random-access_memory
https://en.wikipedia.org/wiki/Firmware
https://en.wikipedia.org/wiki/Flash_memory
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf
Domain 3: Security Architecture and Engineering
https://en.wikipedia.org/wiki/Discretionary_access_control
https://en.wikipedia.org/wiki/Mandatory_access_control
https://en.wikipedia.org/wiki/Role-based_access_control
https://en.wikipedia.org/wiki/Attribute-based_access_control
https://en.wikipedia.org/wiki/Bell%E2%80%93LaPadula_model
https://en.wikipedia.org/wiki/Biba_Model
https://en.wikipedia.org/wiki/Graham-Denning_model
https://www.experts-exchange.com/articles/31744/Cloud-Security-Threats-Risks-and-Concerns.html
https://en.wikipedia.org/wiki/HRU_(security)
https://en.wikipedia.org/wiki/Clark%E2%80%93Wilson_model
https://en.wikipedia.org/wiki/Take-grant_protection_model
https://en.wikipedia.org/wiki/Access_Control_Matrix
https://en.wikipedia.org/wiki/Zachman_Framework
https://en.wikipedia.org/wiki/Security_modes
https://en.wikipedia.org/wiki/Rainbow_Series
https://en.wikipedia.org/wiki/Trusted_Computer_System_Evaluation_Criteria
https://en.wikipedia.org/wiki/Common_Criteria
https://en.wikipedia.org/wiki/Trusted_Platform_Module
https://en.wikipedia.org/wiki/Kernel_(operating_system)
https://en.wikipedia.org/wiki/Hypervisor
https://en.wikipedia.org/wiki/Cloud_computing
https://en.wikipedia.org/wiki/Internet_of_things
https://en.wikipedia.org/wiki/Malware
https://www.owasp.org/index.php/Top_10-2017_Top_10
https://en.wikipedia.org/wiki/Mobile_device_management
https://en.wikipedia.org/wiki/Industrial_control_system
https://en.wikipedia.org/wiki/Cryptography
https://en.wikipedia.org/wiki/One-time_pad
https://en.wikipedia.org/wiki/SIGABA
https://en.wikipedia.org/wiki/Wassenaar_Arrangement
https://en.wikipedia.org/wiki/Public-key_cryptography
https://en.wikipedia.org/wiki/Symmetric-key_algorithm
https://en.wikipedia.org/wiki/Hybrid_cryptosystem
https://en.wikipedia.org/wiki/Hash_function
https://en.wikipedia.org/wiki/Social_engineering_(security)
https://en.wikipedia.org/wiki/Public_key_infrastructure
https://en.wikipedia.org/wiki/Digital_signature
https://en.wikipedia.org/wiki/Transport_Layer_Security
https://en.wikipedia.org/wiki/IPsec
https://en.wikipedia.org/wiki/Pretty_Good_Privacy
https://en.wikipedia.org/wiki/Fire_class
https://en.wikipedia.org/wiki/Fire_sprinkler_system
https://en.wikipedia.org/wiki/Montreal_Protocol
http://www.mindcert.com/resources/MindCert_CISSP_Physical_Security_MindMap.pdf
http://www.mindcert.com/resources/MindCert_CISSP_Cryptography_MindMap.pdf
https://iase.disa.mil/stigs/Pages/index.aspx
https://www.experts-exchange.com/articles/32132/Better-Security-in-the-Cloud.html
https://cloudsecurityalliance.org/
Domain 4: Communication and Network Security
https://en.wikipedia.org/wiki/Duplex_(telecommunications)
https://en.wikipedia.org/wiki/Quality_of_service
https://en.wikipedia.org/wiki/OSI_model
https://en.wikipedia.org/wiki/Internet_protocol_suite
https://en.wikipedia.org/wiki/Network_topology
https://en.wikipedia.org/wiki/Carrier-sense_multiple_access
https://en.wikipedia.org/wiki/User_Datagram_Protocol
https://en.wikipedia.org/wiki/Transmission_Control_Protocol
https://en.wikipedia.org/wiki/MAC_address
https://en.wikipedia.org/wiki/IPv4 https://en.wikipedia.org/wiki/IPv6
https://en.wikipedia.org/wiki/Ping_(networking_utility)
https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
https://quizlet.com/165853858/cissp-common-ports-and-protocols-flash-cards/
https://en.wikipedia.org/wiki/Internet_Assigned_Numbers_Authority
https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing
https://en.wikipedia.org/wiki/Address_Resolution_Protocol
https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol
https://en.wikipedia.org/wiki/Secure_Shell
https://en.wikipedia.org/wiki/File_Transfer_Protocol
https://en.wikipedia.org/wiki/Domain_Name_System
https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol
https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol
https://en.wikipedia.org/wiki/Ethernet
https://en.wikipedia.org/wiki/Twisted_pair
https://en.wikipedia.org/wiki/Coaxial_cable
https://en.wikipedia.org/wiki/Fiber-optic_communication
https://en.wikipedia.org/wiki/Frame_Relay
https://en.wikipedia.org/wiki/Multiprotocol_Label_Switching
https://en.wikipedia.org/wiki/Voice_over_IP
https://en.wikipedia.org/wiki/Wireless_LAN
https://en.wikipedia.org/wiki/Bluetooth
https://en.wikipedia.org/wiki/Virtual_LAN
https://en.wikipedia.org/wiki/Routing_protocol
https://en.wikipedia.org/wiki/Firewall_(computing)
https://en.wikipedia.org/wiki/Modem
https://en.wikipedia.org/wiki/Extensible_Authentication_Protocol
https://en.wikipedia.org/wiki/Virtual_private_network
https://en.wikipedia.org/wiki/Remote_Desktop_Protocol
https://en.wikipedia.org/wiki/Network_switch
https://en.wikipedia.org/wiki/Router_(computing)
http://sectools.org/tag/fuzzers/
https://en.wikipedia.org/wiki/List_of_digital_forensics_tools
http://www.ciscopress.com/articles/article.asp?p=31289
https://www.internetsociety.org/internet/history-internet/brief-history-internet-related-networks
Domain 5: Identity and Access Management (IAM)
https://en.wikipedia.org/wiki/Authentication
https://en.wikipedia.org/wiki/Multi-factor_authentication
https://en.wikipedia.org/wiki/Authentication_protocol
https://en.wikipedia.org/wiki/Mutual_authentication
https://en.wikipedia.org/wiki/Computer_security
https://en.wikipedia.org/wiki/Challenge%E2%80%93response_authentication
https://en.wikipedia.org/wiki/RADIUS
https://en.wikipedia.org/wiki/AAA_(computer_security)
https://en.wikipedia.org/wiki/Diameter_(protocol)
https://en.wikipedia.org/wiki/Password
https://en.wikipedia.org/wiki/Rainbow_table
https://en.wikipedia.org/wiki/Brute-force_attack
https://en.wikipedia.org/wiki/Keystroke_logging
https://en.wikipedia.org/wiki/Cryptographic_nonce
https://en.wikipedia.org/wiki/Salt_(cryptography)
https://en.wikipedia.org/wiki/Password_cracking
https://en.wikipedia.org/wiki/Initialization_vector
https://en.wikipedia.org/wiki/Biometrics
https://en.wikipedia.org/wiki/Discretionary_access_control
https://en.wikipedia.org/wiki/Mandatory_access_control
https://en.wikipedia.org/wiki/Role-based_access_control
https://en.wikipedia.org/wiki/Attribute-based_access_control
https://en.wikipedia.org/wiki/Access_control
https://en.wikipedia.org/wiki/Federated_identity
https://en.wikipedia.org/wiki/Single_sign-on
https://en.wikipedia.org/wiki/Infrastructure_as_a_service
https://en.wikipedia.org/wiki/Platform_as_a_service
https://en.wikipedia.org/wiki/Software_as_a_service
https://en.wikipedia.org/wiki/Kerberos_(protocol)
https://en.wikipedia.org/wiki/Identity_management
https://en.wikipedia.org/wiki/RADIUS
https://en.wikipedia.org/wiki/Diameter_(protocol)
https://en.wikipedia.org/wiki/TACACS
https://en.wikipedia.org/wiki/Password_Authentication_Protocol
https://en.wikipedia.org/wiki/Challenge-Handshake_Authentication_Protocol
https://en.wikipedia.org/wiki/Authentication_protocol
https://en.wikipedia.org/wiki/Active_Directory
https://en.wikipedia.org/wiki/Non-disclosure_agreement
http://www.mindcert.com/resources/MindCert_CISSP_Access_Control_MindMap.pdf
https://na.theiia.org/standards-guidance/recommended-guidance/practice-guides/Pages/GTAG9.aspx
https://csrc.nist.gov/projects/role-based-access-control/faqs
Domain 6: Security Assessment and Testing
http://www.cert.org/resilience/products-services/octave/index.cfm
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf
https://en.wikipedia.org/wiki/Dynamic_testing
https://en.wikipedia.org/wiki/Penetration_test
https://en.wikipedia.org/wiki/Fuzzing
https://www.experts-exchange.com/articles/31763/Incident-Handling-and-Response-Plan.html
https://en.wikipedia.org/wiki/Information_technology_security_audit
https://en.wikipedia.org/wiki/Information_security_audit
https://en.wikipedia.org/wiki/Information_technology_audit
https://en.wikipedia.org/wiki/Audit_trail
https://en.wikipedia.org/wiki/Social_engineering_(security)
http://www.coresecurity.com/ http://www.immunitysec.com/ http://sectools.org/
https://en.wikipedia.org/wiki/Traceability_matrix
https://en.wikipedia.org/wiki/All-pairs_testing
https://en.wikipedia.org/wiki/Code_coverage
https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc2report.html
https://en.wikipedia.org/wiki/NIST_Special_Publication_800-92
https://en.wikipedia.org/wiki/Nessus_(software)
Domain 7: Security Operations
https://en.wikipedia.org/wiki/Business_continuity_planning
https://en.wikipedia.org/wiki/Disaster_recovery
https://www.fema.gov/media-library-data/5c4896dd74fd2b18bc900e60935debe9/COOP_Planning_Template.pdf
https://en.wikipedia.org/wiki/Disaster_recovery_plan
https://en.wikipedia.org/wiki/Mean_time_between_failures
https://www.experts-exchange.com/articles/32316/What-Gives-SIEM-a-Good-Name.html
https://en.wikipedia.org/wiki/Mean_time_to_repair
https://www.experts-exchange.com/articles/33330/Threat-Modeling-Process-Basics-and-Purpose.html
https://en.wikipedia.org/wiki/RAID
https://en.wikipedia.org/wiki/Principle_of_least_privilege
https://en.wikipedia.org/wiki/Access_control
https://en.wikipedia.org/wiki/Digital_forensics
https://en.wikipedia.org/wiki/Computer_security_incident_management
https://en.wikipedia.org/wiki/Incident_management
https://en.wikipedia.org/wiki/Intrusion_detection_system
https://en.wikipedia.org/wiki/Security_information_and_event_management
https://en.wikipedia.org/wiki/Honeypot_(computing)
https://en.wikipedia.org/wiki/Change_management
https://en.wikipedia.org/wiki/Zero-day_(computing)
https://en.wikipedia.org/wiki/Stuxnet
https://en.wikipedia.org/wiki/Backup
https://en.wikipedia.org/wiki/Ransomware
https://en.wikipedia.org/wiki/Recovery_time_objective
https://en.wikipedia.org/wiki/Backup_site
https://en.wikipedia.org/wiki/Crisis_management
https://en.wikipedia.org/wiki/Emergency_operations_center
https://en.wikipedia.org/wiki/ISO_22301
http://www.iso27001security.com/html/27031.html
https://www.experts-exchange.com/articles/33009/Disaster-Recovery-Solution-Design.html
https://nws.weather.gov/nthmp/Minutes/oct-nov07/post-disaster_recovery_planning_forum_uo-csc-2.pdf
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-34r1.pdf
Domain 8: Software Development Security
https://www.owasp.org/index.php/Security_by_Design_Principles
https://www.owasp.org/index.php/Category:Vulnerability
https://en.wikipedia.org/wiki/Programming_language
https://en.wikipedia.org/wiki/Object-oriented_programming
https://en.wikipedia.org/wiki/Computer-aided_software_engineering
https://en.wikipedia.org/wiki/Open-source_model
https://en.wikipedia.org/wiki/Shareware
https://en.wikipedia.org/wiki/Crippleware
https://en.wikipedia.org/wiki/Freeware
https://en.wikipedia.org/wiki/End-user_license_agreement
https://en.wikipedia.org/wiki/GNU
https://en.wikipedia.org/wiki/Berkeley_Software_Distribution
https://en.wikipedia.org/wiki/Software_development_process
https://en.wikipedia.org/wiki/Waterfall_model
https://en.wikipedia.org/wiki/Agile_software_development
https://en.wikipedia.org/wiki/Scrum_(software_development)
https://en.wikipedia.org/wiki/Extreme_programming
https://en.wikipedia.org/wiki/Spiral_model
https://en.wikipedia.org/wiki/Rapid_application_development
https://en.wikipedia.org/wiki/Prototype-based_programming
https://en.wikipedia.org/wiki/Software_development_process
https://csrc.nist.gov/publications/detail/sp/800-128/final
https://en.wikipedia.org/wiki/Database
https://en.wikipedia.org/wiki/Relational_database_management_system
https://en.wikipedia.org/wiki/Data_definition_language
https://en.wikipedia.org/wiki/Data_manipulation_language
https://en.wikipedia.org/wiki/Object_database
https://en.wikipedia.org/wiki/Object_request_broker
https://www.owasp.org/index.php/Main_Page
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
https://en.wikipedia.org/wiki/Buffer_overflow
https://en.wikipedia.org/wiki/Race_condition
https://en.wikipedia.org/wiki/Capability_Maturity_Model
https://en.wikipedia.org/wiki/Commercial_off-the-shelf
https://en.wikipedia.org/wiki/Artificial_intelligence
https://www.experts-exchange.com/articles/33288/Secure-SDLC-Principles-and-Practices.html
US Laws you should know for the CISSP exam:
CFAA( wiki) – Computer Fraud and Abuse Act, part of Comprehensive Crime Control Act of 1984 (CCCA) “Since then, the Act has been amended a number of times—in 1989, 1994, 1996, in 2001 by the USA PATRIOT Act, 2002, and in 2008 by the Identity Theft Enforcement and Restitution Act.”
CSA( EPIC)- Computer Security Act of 1987 Federal Sentencing Guidelines – Chapter 2: Particularly Parts B, H.3. and M.5.
National Information Infrastructure Protection Act of 1996, (Title II)
Paperwork Reduction Act of 1995, of 1980, additional info
GISRA – Government Information Security Reform Act of 2000
FISMA – Federal Information Security Management Act, 2002; of 2014
Economic Espionage Act of 1996 UCITA (Final) – Uniform Computer Information Transactions Act; Summary
Computer Export Controls from US Department of Commerce, Bureau of Industry and Security
CCL– Commerce Control List
EAR– Export Administration Regulations
HIPAA – Health Insurance Portability and Accountability Act.
PCI-DSS – Payment Card Industry Data Security Standard. Sarbanes–Oxley Act of 2002
Free CISM Resources:
CISSP, CISM, and PMP study group and free daily practice questions (Facebook group)
Study guide – The memory palace – Prashant Mohan
Study guide – Sunflower notes – Maarten de Frankrijker
Study guide – CISSP Process guide – Fadi Sodah (madunix)
Facebook groups and forums:
Facebook – CISSP, CISM, and CISA certification training and mentoring by Thor Teaches!
Discord study group CISSP, CISM, PMP – by Thor Teaches.
Facebook – CISM study group
Reddit – CISSP/CISM subreddit!
CISM CPEs:
ISACA
CPE reporting FAQs CISM
How to report and earn CPEs
(ISC)² – 500+ CPE’s available (Webinar).
SANS – 500+ CPE’s available (Webinar).
ISACA – 100+ CPE’s available (Webinar).
Infosecurity-magazine + 350+ CPE’s available (Webinar).
wh1t3rabbit – 250+ CPE’s available (Podcast).
OWASP 100+ CPE’s available (Podcast).
Certs.org – 200+ CPE’s available (Podcast).
Edx.org – 250+ CPE’s available (Online training).
Coursera – 250+ CPE’s available (Online training).
Securitytube – 10,000+ CPE’s available (Videos).
Youtube – 100,000+ CPE’s available (Videos).
General CISM and ISACA links:
https://www.youtube.com/watch?v=B-X__iJmFHE
http://www.isaca.org/Certification/Code-of-Professional-Ethics/Pages/default.aspx
http://www.isaca.org/certification/pages/taking-the-exam.aspx
http://www.isaca.org/Certification/CISM-Certified-Information-Security-Manager/Pages/FAQs.aspx
http://www.isaca.org/Certification/CISM-Certified-Information-Security-Manager/Pages/default.aspx
https://www.forbes.com/sites/stevemorgan/2016/01/02/one-million-cybersecurity-job-openings-in-2016/
https://iase.disa.mil/iawip/Pages/iabaseline.aspx
Portal:Computer security – Wikipedia
Information security – Wikipedia
CISM Domain 1 links:
https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard
https://www.pcisecuritystandards.org/pci_security/
https://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act
https://en.wikipedia.org/wiki/Copyright
https://en.wikipedia.org/wiki/Trademark
https://en.wikipedia.org/wiki/Patent
https://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act
https://en.wikipedia.org/wiki/Patriot_Act
https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act
https://en.wikipedia.org/wiki/Gramm%E2%80%93Leach%E2%80%93Bliley_Act
https://en.wikipedia.org/wiki/Sarbanes%E2%80%93Oxley_Act
https://en.wikipedia.org/wiki/Wassenaar_Arrangement
https://en.wikipedia.org/wiki/Computer_Ethics_Institute
https://en.wikipedia.org/wiki/Internet_Architecture_Board
http://www.oecd.org/sti/ieconomy/2013-oecd-privacy-guidelines.pdf
https://en.wikipedia.org/wiki/Security_modes
https://en.wikipedia.org/wiki/Security_clearance
https://en.wikipedia.org/wiki/Data_at_rest
https://en.wikipedia.org/wiki/Data_in_use
CISM Domain 2 links:
https://en.wikipedia.org/wiki/COBIT
http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx
https://en.wikipedia.org/wiki/Committee_of_Sponsoring_Organizations_of_the_Treadway_Commission
https://en.wikipedia.org/wiki/ITIL
https://www.axelos.com/best-practice-solutions/itil
https://en.wikipedia.org/wiki/ISO/IEC_27000-series
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r1.pdf
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf
https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
https://en.wikipedia.org/wiki/IT_risk_management#NIST_SP_800_30_framework
https://csrc.nist.gov/publications/detail/sp/800-12/rev-1/final
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-92.pdf
https://en.wikipedia.org/wiki/IT_risk
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf
https://en.wikipedia.org/wiki/Artificial_intelligence
https://en.wikipedia.org/wiki/Race_condition
https://en.wikipedia.org/wiki/Capability_Maturity_Model
https://en.wikipedia.org/wiki/Commercial_off-the-shelf
https://www.experts-exchange.com/articles/33288/Secure-SDLC-Principles-and-Practices.html
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
https://www.owasp.org/index.php/Security_by_Design_Principles
https://www.owasp.org/index.php/Category:Vulnerability
https://en.wikipedia.org/wiki/Programming_language
https://en.wikipedia.org/wiki/Object-oriented_programming
https://en.wikipedia.org/wiki/Computer-aided_software_engineering
https://en.wikipedia.org/wiki/Open-source_model
https://en.wikipedia.org/wiki/Shareware
https://en.wikipedia.org/wiki/Crippleware
https://en.wikipedia.org/wiki/Freeware
https://en.wikipedia.org/wiki/End-user_license_agreement
https://en.wikipedia.org/wiki/GNU
https://en.wikipedia.org/wiki/Berkeley_Software_Distribution
https://en.wikipedia.org/wiki/Software_development_process
https://en.wikipedia.org/wiki/Waterfall_mode
l https://en.wikipedia.org/wiki/Agile_software_development
https://en.wikipedia.org/wiki/Scrum_(software_development)
https://en.wikipedia.org/wiki/Extreme_programming
https://en.wikipedia.org/wiki/Spiral_model
https://en.wikipedia.org/wiki/Rapid_application_development
https://en.wikipedia.org/wiki/Prototype-based_programming
https://en.wikipedia.org/wiki/Software_development_process
https://csrc.nist.gov/publications/detail/sp/800-128/final
https://en.wikipedia.org/wiki/Database
https://en.wikipedia.org/wiki/Relational_database_management_system
https://en.wikipedia.org/wiki/Data_definition_language
https://en.wikipedia.org/wiki/Data_manipulation_language
https://en.wikipedia.org/wiki/Object_database
https://en.wikipedia.org/wiki/Object_request_broker
https://www.owasp.org/index.php/Main_Page
https://en.wikipedia.org/wiki/Change_management
https://en.wikipedia.org/wiki/Zero-day_(computing)
https://en.wikipedia.org/wiki/Stuxnet
https://en.wikipedia.org/wiki/Backup
https://en.wikipedia.org/wiki/Ransomware
https://en.wikipedia.org/wiki/Computer_security_incident_management
https://en.wikipedia.org/wiki/Incident_management
https://en.wikipedia.org/wiki/Intrusion_detection_system
https://en.wikipedia.org/wiki/Security_information_and_event_management
https://en.wikipedia.org/wiki/Honeypot_(computing)
https://en.wikipedia.org/wiki/RAID
https://en.wikipedia.org/wiki/Mean_time_to_repair
https://en.wikipedia.org/wiki/Mean_time_between_failures
https://www.experts-exchange.com/articles/32316/What-Gives-SIEM-a-Good-Name.html
http://www.cert.org/resilience/products-services/octave/index.cfm
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf
https://en.wikipedia.org/wiki/Dynamic_testing
https://en.wikipedia.org/wiki/Penetration_test
https://en.wikipedia.org/wiki/Fuzzing
https://www.experts-exchange.com/articles/31763/Incident-Handling-and-Response-Plan.html
https://en.wikipedia.org/wiki/Information_technology_security_audit
https://en.wikipedia.org/wiki/Information_security_audit
https://en.wikipedia.org/wiki/Information_technology_audit
https://en.wikipedia.org/wiki/Audit_trail
https://en.wikipedia.org/wiki/Social_engineering_(security)
http://www.immunitysec.com/ http://sectools.org/
https://www.kali.org/ http://map.norsecorp.com/#/
https://en.wikipedia.org/wiki/Traceability_matrix
https://en.wikipedia.org/wiki/All-pairs_testing
https://en.wikipedia.org/wiki/Code_coverage
https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc2report.html
https://en.wikipedia.org/wiki/NIST_Special_Publication_800-92
https://en.wikipedia.org/wiki/Nessus_(software)
https://en.wikipedia.org/wiki/Duplex_(telecommunications)
https://en.wikipedia.org/wiki/Quality_of_service
https://en.wikipedia.org/wiki/OSI_model
https://en.wikipedia.org/wiki/Internet_protocol_suite
https://en.wikipedia.org/wiki/Network_topology
https://en.wikipedia.org/wiki/Carrier-sense_multiple_access
https://en.wikipedia.org/wiki/User_Datagram_Protocol
https://en.wikipedia.org/wiki/Transmission_Control_Protocol
https://en.wikipedia.org/wiki/MAC_address
https://en.wikipedia.org/wiki/IPv4 https://en.wikipedia.org/wiki/IPv6
https://en.wikipedia.org/wiki/Ping_(networking_utility)
https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
https://quizlet.com/165853858/cissp-common-ports-and-protocols-flash-cards
https://en.wikipedia.org/wiki/Internet_Assigned_Numbers_Authority
https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing
https://en.wikipedia.org/wiki/Address_Resolution_Protocol
https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol
https://en.wikipedia.org/wiki/Secure_Shell
https://en.wikipedia.org/wiki/File_Transfer_Protocol
https://en.wikipedia.org/wiki/Domain_Name_System
https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol
https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol
https://en.wikipedia.org/wiki/Ethernet
https://en.wikipedia.org/wiki/Twisted_pair
https://en.wikipedia.org/wiki/Coaxial_cable
https://en.wikipedia.org/wiki/Fiber-optic_communication
https://en.wikipedia.org/wiki/Frame_Relay
https://en.wikipedia.org/wiki/Multiprotocol_Label_Switching
https://en.wikipedia.org/wiki/Voice_over_IP
https://en.wikipedia.org/wiki/Wireless_LAN h
ttps://en.wikipedia.org/wiki/Bluetooth
https://en.wikipedia.org/wiki/Virtual_LAN
https://en.wikipedia.org/wiki/Routing_protocol
https://en.wikipedia.org/wiki/Firewall_(computing)
https://en.wikipedia.org/wiki/Modem
https://en.wikipedia.org/wiki/Extensible_Authentication_Protocol
https://en.wikipedia.org/wiki/Virtual_private_network
https://en.wikipedia.org/wiki/Remote_Desktop_Protocol
https://en.wikipedia.org/wiki/Network_switch
https://en.wikipedia.org/wiki/Router_(computing)
http://sectools.org/tag/fuzzers/
https://cloudsecurityalliance.org/
https://iase.disa.mil/stigs/Pages/index.aspx
https://www.experts-exchange.com/articles/32132/Better-Security-in-the-Cloud.html
http://www.mindcert.com/resources/MindCert_CISSP_Physical_Security_MindMap.pdf
https://en.wikipedia.org/wiki/Rainbow_Series
https://en.wikipedia.org/wiki/Trusted_Computer_System_Evaluation_Criteria
https://en.wikipedia.org/wiki/Common_Criteria
https://en.wikipedia.org/wiki/Trusted_Platform_Module https://en.wikipedia.org/wiki/Hypervisor
https://en.wikipedia.org/wiki/Cloud_computing
https://en.wikipedia.org/wiki/Internet_of_things https://en.wikipedia.org/wiki/Malware
https://www.owasp.org/index.php/Top_10-2017_Top_10
https://en.wikipedia.org/wiki/Mobile_device_management
https://en.wikipedia.org/wiki/Industrial_control_system
https://en.wikipedia.org/wiki/Pretty_Good_Privacy
https://en.wikipedia.org/wiki/Fire_class
https://en.wikipedia.org/wiki/Fire_sprinkler_system
https://en.wikipedia.org/wiki/Montreal_Protocol
CISM Domain 3 links:
https://en.wikipedia.org/wiki/Discretionary_access_control
https://en.wikipedia.org/wiki/Mandatory_access_control
https://en.wikipedia.org/wiki/Role-based_access_control
https://en.wikipedia.org/wiki/Attribute-based_access_control
https://en.wikipedia.org/wiki/Bell%E2%80%93LaPadula_model
https://en.wikipedia.org/wiki/Biba_Model
https://en.wikipedia.org/wiki/Graham-Denning_model
https://www.experts-exchange.com/articles/31744/Cloud-Security-Threats-Risks-and-Concerns.html
https://en.wikipedia.org/wiki/HRU_(security)
https://en.wikipedia.org/wiki/Clark%E2%80%93Wilson_model
https://en.wikipedia.org/wiki/Take-grant_protection_model
https://en.wikipedia.org/wiki/Access_Control_Matrix
https://en.wikipedia.org/wiki/Zachman_Framework
https://en.wikipedia.org/wiki/Security_modes
http://www.mindcert.com/resources/MindCert_CISSP_Cryptography_MindMap.pdf
https://en.wikipedia.org/wiki/Cryptography
https://en.wikipedia.org/wiki/One-time_pad
https://en.wikipedia.org/wiki/Wassenaar_Arrangement
https://en.wikipedia.org/wiki/Public-key_cryptography
https://en.wikipedia.org/wiki/Symmetric-key_algorithm
https://en.wikipedia.org/wiki/Hybrid_cryptosystem
https://en.wikipedia.org/wiki/Hash_function
https://en.wikipedia.org/wiki/Social_engineering_(security)
https://en.wikipedia.org/wiki/Public_key_infrastructure
https://en.wikipedia.org/wiki/Digital_signature
https://en.wikipedia.org/wiki/Transport_Layer_Security
https://en.wikipedia.org/wiki/IPsec
https://en.wikipedia.org/wiki/Authentication
https://en.wikipedia.org/wiki/Multi-factor_authentication
https://en.wikipedia.org/wiki/Authentication_protocol
https://en.wikipedia.org/wiki/Mutual_authentication
https://en.wikipedia.org/wiki/Computer_security
https://en.wikipedia.org/wiki/Challenge%E2%80%93response_authentication
https://en.wikipedia.org/wiki/RADIUS
https://en.wikipedia.org/wiki/AAA_(computer_security)
https://en.wikipedia.org/wiki/Diameter_(protocol)
https://en.wikipedia.org/wiki/Password
https://en.wikipedia.org/wiki/Rainbow_table
https://en.wikipedia.org/wiki/Brute-force_attack
https://en.wikipedia.org/wiki/Keystroke_logging
https://en.wikipedia.org/wiki/Cryptographic_nonce
https://en.wikipedia.org/wiki/Salt_(cryptography)
https://en.wikipedia.org/wiki/Password_cracking
https://en.wikipedia.org/wiki/Initialization_vector
https://en.wikipedia.org/wiki/Biometrics
https://en.wikipedia.org/wiki/Discretionary_access_control
https://en.wikipedia.org/wiki/Mandatory_access_control
https://en.wikipedia.org/wiki/Role-based_access_control
https://en.wikipedia.org/wiki/Attribute-based_access_control
https://en.wikipedia.org/wiki/Access_control
https://en.wikipedia.org/wiki/Federated_identity
https://en.wikipedia.org/wiki/Single_sign-on
https://en.wikipedia.org/wiki/Infrastructure_as_a_service
https://en.wikipedia.org/wiki/Platform_as_a_service
https://en.wikipedia.org/wiki/Software_as_a_service
https://en.wikipedia.org/wiki/Kerberos_(protocol)
https://en.wikipedia.org/wiki/Identity_management
https://en.wikipedia.org/wiki/RADIUS https://en.wikipedia.org/wiki/Diameter_(protocol)
https://en.wikipedia.org/wiki/TACACS
https://en.wikipedia.org/wiki/Password_Authentication_Protocol
https://en.wikipedia.org/wiki/Challenge-Handshake_Authentication_Protocol
https://en.wikipedia.org/wiki/Authentication_protocol
https://en.wikipedia.org/wiki/Active_Directory
https://en.wikipedia.org/wiki/Non-disclosure_agreement
https://na.theiia.org/standards-guidance/recommended-guidance/practice-guides/Pages/GTAG9.aspx
https://en.wikipedia.org/wiki/Change_management
https://en.wikipedia.org/wiki/Access_control
https://en.wikipedia.org/wiki/Principle_of_least_privilege
https://www.experts-exchange.com/articles/33330/Threat-Modeling-Process-Basics-and-Purpose.html
https://csrc.nist.gov/projects/role-based-access-control/faqs
CISM Domain 4 links:
https://en.wikipedia.org/wiki/Recovery_time_objective
https://en.wikipedia.org/wiki/Backup_site
https://en.wikipedia.org/wiki/Crisis_management
https://en.wikipedia.org/wiki/Emergency_operations_center
https://en.wikipedia.org/wiki/ISO_22301
http://www.iso27001security.com/html/27031.html
https://www.experts-exchange.com/articles/33009/Disaster-Recovery-Solution-Design.html
https://nws.weather.gov/nthmp/Minutes/oct-nov07/post-disaster_recovery_planning_forum_uo-csc-2.pdf
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-34r1.pdf
https://en.wikipedia.org/wiki/Digital_forensics
https://en.wikipedia.org/wiki/Disaster_recovery_plan
https://en.wikipedia.org/wiki/Business_continuity_planning
https://en.wikipedia.org/wiki/Disaster_recovery
https://www.fema.gov/media-library-data/5c4896dd74fd2b18bc900e60935debe9/COOP_Planning_Template.pdf
https://en.wikipedia.org/wiki/List_of_digital_forensics_tools
US Laws you should know for the CISM exam:
CFAA( wiki) – Computer Fraud and Abuse Act, part of Comprehensive Crime Control Act of 1984 (CCCA)“Since then, the Act has been amended a number of times—in 1989, 1994, 1996, in 2001 by the USA PATRIOT Act, 2002, and in 2008 by the Identity Theft Enforcement and Restitution Act.”
CSA( EPIC) – Computer Security Act of 1987
Federal Sentencing Guidelines – Chapter 2: Particularly Parts B, H.3. and M.5.
National Information Infrastructure Protection Act of 1996, (Title II)
Paperwork Reduction Act of 1995, of 1980, additional info
GISRA – Government Information Security Reform Act of 2000
FISMA – Federal Information Security Management Act, 2002; of 2014
Economic Espionage Act of 1996
UCITA (Final) – Uniform Computer Information Transactions Act; Summary
Computer Export Controls from US Department of Commerce, Bureau of Industry and Security
CCL– Commerce Control List
EAR– Export Administration Regulations
HIPAA – Health Insurance Portability and Accountability Act.
PCI-DSS – Payment Card Industry Data Security Standard.

Thorteaches CISA class – ETA Not sure, after CISSP/CISM updates are done.
Free CISA Resources:
Study guide – CISA notes – Fadi Sodah (madunix)
CISSP, CISM, CISA study group (Facebook group)
https://www.facebook.com/groups/CISAStudty/
https://www.reddit.com/r/CISA/
https://www.facebook.com/groups/InformationAudit/
https://www.isaca.org/Knowledge-Center/Documents/Glossary/Cybersecurity_Fundamentals_glossary.pdf
https://community.infosecinstitute.com/categories/isaca-cisa-cism
https://itauditsecurity.wordpress.com/
https://www.youtube.com/watch?v=QmuArWVvpWw
http://m.isaca.org/Certification/Documents/Exam-Candidate-Guide-Continuous-Testing.pdf
https://www.youtube.com/channel/UCrP-kcQ77iiQGTVLJYs8miQ
https://www.auditscripts.com/free-resources/cisa-exam-references/cisa-practice-tests/
Facebook groups and forums:
Facebook – CISSP, CISM, CISA certification training and mentoring by Thor Teaches!
Discord study group CISSP, CISM, PMP – by Thor Teaches.
https://www.facebook.com/groups/InformationAudit/
CISA CPEs:
ISACA CPE reporting FAQs CISA How to report and earn CPEs
(ISC)² – 500+ CPE’s available (Webinar).
SANS – 500+ CPE’s available (Webinar).
ISACA – 100+ CPE’s available (Webinar).
Infosecurity-magazine + 350+ CPE’s available (Webinar).
wh1t3rabbit – 250+ CPE’s available (Podcast). OWASP 100+ CPE’s available (Podcast).
Certs.org – 200+ CPE’s available (Podcast).
Edx.org – 250+ CPE’s available (Online training).
Coursera – 250+ CPE’s available (Online training).
Securitytube – 10,000+ CPE’s available (Videos).
Youtube – 100,000+ CPE’s available (Videos).