ISC2 CISSP Certification Prep
Welcome to the ultimate free study guide for the ISC2 Certified Information Systems Security Professional (CISSP) certification. This site pairs every YouTube lesson with a concise written summary and an exam-focused FAQ you can scan, search and revise from. Together the 216 episodes cover the entire CISSP syllabus across its eight domains.
Watch the full series on the RooCloud YouTube channel (series playlist: https://www.youtube.com/playlist?list=PLWmb7vxXz464) and test yourself with chapter-wise multiple-choice questions and full-length practice exams at RooCloud.com.
The exam is organised into eight domains: Security and Risk Management (Episodes 1–35), Asset Security (Episodes 36–42), Security Architecture and Engineering (Episodes 43–101), Communication and Network Security (Episodes 102–141), Identity and Access Management (Episodes 142–155), Security Assessment and Testing (Episodes 156–163), Security Operations (Episodes 164–197), Software Development Security (Episodes 198–216).
📝 Notes + videos are only half the prep
The written notes and video lessons in this guide are designed to be used alongside practice. Reinforce every chapter with chapter-wise MCQs and full-length mock exams at RooCloud.com — read or watch the lesson here, then test your recall and exam-readiness there.
Domain 1: Security and Risk Management
- Episode 1: CISSP 1.1 - Security 101
- Episode 2: CISSP 1.2 - Understand & Apply Security Concepts (Part 1 of 2)
- Episode 3: CISSP 1.2 - Understand & Apply Security Concepts (Part 2 of 2)
- Episode 4: CISSP 1.3 - Security Boundaries
- Episode 5: CISSP 1.4 - Evaluate & Apply Security Governance Principles
- Episode 6: CISSP 1.5 - Manage the Security Function (Part 1 of 2)
- Episode 7: CISSP 1.5 - Manage the Security Function (Part 2 of 2)
- Episode 8: CISSP 1.6 - Security Policy, Standards, Procedures, & Guidelines
- Episode 9: CISSP 1.7 - Threat Modeling
- Episode 10: CISSP 1.8 - Supply Chain Risk Management
- Episode 11: CISSP 2.1 - Personnel Security Policies & Procedures (Part 1 of 2)
- Episode 12: CISSP 2.1 - Personnel Security Policies & Procedures (Part 2 of 2)
- Episode 13: CISSP 2.2 - Understand & Apply Risk Management Concepts (Part 1 of 5)
- Episode 14: CISSP 2.2 - Understand & Apply Risk Management Concepts (Part 2 of 5)
- Episode 15: CISSP 2.2 - Understand & Apply Risk Management Concepts (Part 3 of 5)
- Episode 16: CISSP 2.2 - Understand & Apply Risk Management Concepts (Part 4 of 5)
- Episode 17: CISSP 2.2 - Understand & Apply Risk Management Concepts (Part 5 of 5)
- Episode 18: CISSP 2.3 - Social Engineering (Part 1 of 3)
- Episode 19: CISSP 2.3 - Social Engineering (Part 2 of 3)
- Episode 20: CISSP 2.3 - Social Engineering (Part 3 of 3)
- Episode 21: CISSP 2.4 - Establish & Maintain a Security Awareness, Education, & Training Program
- Episode 22: CISSP 3.1 - Planning for Business Continuity
- Episode 23: CISSP 3.2 - Project Scope & Planning (Part 1 of 2)
- Episode 24: CISSP 3.2 - Project Scope & Planning (Part 2 of 2)
- Episode 25: CISSP 3.3 - Business Impact Analysis
- Episode 26: CISSP 3.4 - Continuity Planning
- Episode 27: CISSP 3.5 - Plan Approval & Implementation
- Episode 28: CISSP 4.1 - Categories of Laws
- Episode 29: CISSP 4.2 - Laws (Part 1 of 4)
- Episode 30: CISSP 4.2 - Laws (Part 2 of 4)
- Episode 31: CISSP 4.2 - Laws (Part 3 of 4)
- Episode 32: CISSP 4.2 - Laws (Part 4 of 4)
- Episode 33: CISSP 4.3 - State Privacy Laws
- Episode 34: CISSP 4.4 - Compliance
- Episode 35: CISSP 4.5 - Contracting & Procurement
Domain 2: Asset Security
- Episode 36: CISSP 5.1 - Identifying & Classifying Information & Assets (Part 1 of 2)
- Episode 37: CISSP 5.1 - Identifying & Classifying Information & Assets (Part 2 of 2)
- Episode 38: CISSP 5.2 - Establishing Information & Asset Handling Requirements (Part 1 of 2)
- Episode 39: CISSP 5.2 - Establishing Information & Asset Handling Requirements (Part 2 of 2)
- Episode 40: CISSP 5.3 - Data Protection Methods
- Episode 41: CISSP 5.4 - Understanding Data Roles
- Episode 42: CISSP 5.5 - Using Security Baselines
Domain 3: Security Architecture and Engineering
- Episode 43: CISSP 6.1 - Cryptographic Foundations (Part 1 of 3)
- Episode 44: CISSP 6.1 - Cryptographic Foundations (Part 2 of 3)
- Episode 45: CISSP 6.1 - Cryptographic Foundations (Part 3 of 3)
- Episode 46: CISSP 6.2 - Modern Cryptography (Part 1 of 2)
- Episode 47: CISSP 6.2 - Modern Cryptography (Part 2 of 2)
- Episode 48: CISSP 6.3 - Symmetric Cryptography (Part 1 of 2)
- Episode 49: CISSP 6.3 - Symmetric Cryptography (Part 2 of 2)
- Episode 50: CISSP 6.4 - Cryptographic Life Cycle
- Episode 51: CISSP 7.1 - Asymmetric Cryptography (Part 1 of 2)
- Episode 52: CISSP 7.1 - Asymmetric Cryptography (Part 2 of 2)
- Episode 53: CISSP 7.2 - Hash Functions
- Episode 54: CISSP 7.3 - Digital Signatures
- Episode 55: CISSP 7.4 - Public Key Infrastructure
- Episode 56: CISSP 7.5 - Asymmetric Key Management
- Episode 57: CISSP 7.6 - Hybrid Cryptography
- Episode 58: CISSP 7.7 - Applied Cryptography (Part 1 of 2)
- Episode 59: CISSP 7.7 - Applied Cryptography (Part 2 of 2)
- Episode 60: CISSP 7.8 - Cryptographic Attacks
- Episode 61: CISSP 8.1 - Secure Design Principles (Part 1 of 3)
- Episode 62: CISSP 8.1 - Secure Design Principles (Part 2 of 3)
- Episode 63: CISSP 8.1 - Secure Design Principles (Part 3 of 3)
- Episode 64: CISSP 8.2 - Techniques for Ensuring CIA
- Episode 65: CISSP 8.3 - Understand the Fundamental Concepts of Security Models (Part 1 of 3)
- Episode 66: CISSP 8.3 - Understand the Fundamental Concepts of Security Models (Part 2 of 3)
- Episode 67: CISSP 8.3 - Understand the Fundamental Concepts of Security Models (Part 3 of 3)
- Episode 68: CISSP 8.4 - Select Controls Based on Systems Security Requirements
- Episode 69: CISSP 8.5 - Understand Security Capabilities of Information Systems
- Episode 70: CISSP 9.1 - Shared Responsibility
- Episode 71: CISSP 9.2 - Data Localization & Data Sovereignty
- Episode 72: CISSP 9.3 - Assess & Mitigate Vulnerabilities of Security Architectures (Part 1 of 3)
- Episode 73: CISSP 9.3 - Assess & Mitigate Vulnerabilities of Security Architectures (Part 2 of 3)
- Episode 74: CISSP 9.3 - Assess & Mitigate Vulnerabilities of Security Architectures (Part 3 of 3)
- Episode 75: CISSP 9.4 - Client-Based Systems
- Episode 76: CISSP 9.5 - Server-Based Systems
- Episode 77: CISSP 9.6 - Industrial Control Systems
- Episode 78: CISSP 9.7 - Distributed Systems
- Episode 79: CISSP 9.8 - High-Performance Computing Systems
- Episode 80: CISSP 9.9 - Real-Time Operating Systems
- Episode 81: CISSP 9.10 - Internet of Things
- Episode 82: CISSP 9.11 - Edge & Fog Computing
- Episode 83: CISSP 9.12 - Embedded Devices & Cyber-Physical Systems
- Episode 84: CISSP 9.13 - Microservices
- Episode 85: CISSP 9.14 - Infrastructure as Code
- Episode 86: CISSP 9.15 - Immutable Architecture
- Episode 87: CISSP 9.16 - Virtualized Systems (Part 1 of 2)
- Episode 88: CISSP 9.16 - Virtualized Systems (Part 2 of 2)
- Episode 89: CISSP 9.17 - Containerization
- Episode 90: CISSP 9.18 - Mobile Devices (Part 1 of 3)
- Episode 91: CISSP 9.18 - Mobile Devices (Part 2 of 3)
- Episode 92: CISSP 9.18 - Mobile Devices (Part 3 of 3)
- Episode 93: CISSP 9.19 - Essential Security Protection Mechanisms
- Episode 94: CISSP 9.20 - Common Security Architecture Flaws & Issues
- Episode 95: CISSP 10.1 - Apply Security Principles to Site & Facility Design
- Episode 96: CISSP 10.2 - Implement Site & Facility Security Controls (Part 1 of 4)
- Episode 97: CISSP 10.2 - Implement Site & Facility Security Controls (Part 2 of 4)
- Episode 98: CISSP 10.2 - Implement Site & Facility Security Controls (Part 3 of 4)
- Episode 99: CISSP 10.2 - Implement Site & Facility Security Controls (Part 4 of 4)
- Episode 100: CISSP 10.3 - Implement & Manage Physical Security (Part 1 of 2)
- Episode 101: CISSP 10.3 - Implement & Manage Physical Security (Part 2 of 2)
Domain 4: Communication and Network Security
- Episode 102: CISSP 11.1 - OSI Model (Part 1 of 2)
- Episode 103: CISSP 11.1 - OSI Model (Part 2 of 2)
- Episode 104: CISSP 11.2 - TCP-IP Model
- Episode 105: CISSP 11.3 - Analyzing Network Traffic
- Episode 106: CISSP 11.4 - Common Application Layer Protocols
- Episode 107: CISSP 11.5 - Transport Layer Protocols
- Episode 108: CISSP 11.6 - Domain Name System
- Episode 109: CISSP 11.7 - Internet Protocol Networking
- Episode 110: CISSP 11.8 - ARP Concerns
- Episode 111: CISSP 11.9 - Secure Communication Protocols
- Episode 112: CISSP 11.10 - Implications of Multilayer Protocols
- Episode 113: CISSP 11.11 - Segmentation
- Episode 114: CISSP 11.12 - Edge Networks
- Episode 115: CISSP 11.13 - Wireless Networks (Part 1 of 3)
- Episode 116: CISSP 11.13 - Wireless Networks (Part 2 of 3)
- Episode 117: CISSP 11.13 - Wireless Networks (Part 3 of 3)
- Episode 118: CISSP 11.14 - Satellite Communications
- Episode 119: CISSP 11.15 - Cellular Networks
- Episode 120: CISSP 11.16 - Content Distribution Networks
- Episode 121: CISSP 11.17 - Secure Network Components (Part 1 of 5)
- Episode 122: CISSP 11.17 - Secure Network Components (Part 2 of 5)
- Episode 123: CISSP 11.17 - Secure Network Components (Part 3 of 5)
- Episode 124: CISSP 11.17 - Secure Network Components (Part 4 of 5)
- Episode 125: CISSP 11.17 - Secure Network Components (Part 5 of 5)
- Episode 126: CISSP 12.1 - Protocol Security Mechanisms
- Episode 127: CISSP 12.2 - Secure Voice Communications
- Episode 128: CISSP 12.3 - Remote Access Security Management
- Episode 129: CISSP 12.4 - Multimedia Collaboration
- Episode 130: CISSP 12.5 - Monitoring & Management
- Episode 131: CISSP 12.6 - Load Balancing
- Episode 132: CISSP 12.7 - Manage Email Security
- Episode 133: CISSP 12.8 - Virtual Private Network (Part 1 of 2)
- Episode 134: CISSP 12.8 - Virtual Private Network (Part 2 of 2)
- Episode 135: CISSP 12.9 - Switching & Virtual LANs
- Episode 136: CISSP 12.10 - Network Address Translation
- Episode 137: CISSP 12.11 - Third-Party Connectivity
- Episode 138: CISSP 12.12 - Switching Technologies
- Episode 139: CISSP 12.13 - WAN Technologies
- Episode 140: CISSP 12.14 - Fiber-Optic Links
- Episode 141: CISSP 12.15 - Prevent or Mitigate Network Attacks
Domain 5: Identity and Access Management
- Episode 142: CISSP 13.1 - Controlling Access to Assets
- Episode 143: CISSP 13.2 - The AAA Model (Part 1 of 3)
- Episode 144: CISSP 13.2 - The AAA Model (Part 2 of 3)
- Episode 145: CISSP 13.2 - The AAA Model (Part 3 of 3)
- Episode 146: CISSP 13.3 - Implementing Identity Management
- Episode 147: CISSP 13.4 - Managing the Identity & Access Provisioning Life Cycle
- Episode 148: CISSP 14.1 - Comparing Access Control Models (Part 1 of 2)
- Episode 149: CISSP 14.1 - Comparing Access Control Models (Part 2 of 2)
- Episode 150: CISSP 14.2 - Implementing Authentication Systems (Part 1 of 2)
- Episode 151: CISSP 14.2 - Implementing Authentication Systems (Part 2 of 2)
- Episode 152: CISSP 14.3 - Zero-Trust Access Policy Enforcement
- Episode 153: CISSP 14.4 - Understanding Access Control Attacks (Part 1 of 3)
- Episode 154: CISSP 14.4 - Understanding Access Control Attacks (Part 2 of 3)
- Episode 155: CISSP 14.4 - Understanding Access Control Attacks (Part 3 of 3)
Domain 6: Security Assessment and Testing
- Episode 156: CISSP 15.1 - Building a Security Assessment & Testing Program
- Episode 157: CISSP 15.2 - Performing Vulnerability Assessments (Part 1 of 3)
- Episode 158: CISSP 15.2 - Performing Vulnerability Assessments (Part 2 of 3)
- Episode 159: CISSP 15.2 - Performing Vulnerability Assessments (Part 3 of 3)
- Episode 160: CISSP 15.3 - Testing Your Software (Part 1 of 2)
- Episode 161: CISSP 15.3 - Testing Your Software (Part 2 of 2)
- Episode 162: CISSP 15.4 - Training & Exercises
- Episode 163: CISSP 15.5 - Security Management Processes & Collecting Security Process Data
Domain 7: Security Operations
- Episode 164: CISSP 16.1 - Apply Foundational Security Operations Concepts (Part 1 of 2)
- Episode 165: CISSP 16.1 - Apply Foundational Security Operations Concepts (Part 2 of 2)
- Episode 166: CISSP 16.2 - Address Personnel Safety & Security
- Episode 167: CISSP 16.3 - Provision Information & Assets Securely
- Episode 168: CISSP 16.4 - Apply Resource Protection
- Episode 169: CISSP 16.5 - Managed Services in the Cloud
- Episode 170: CISSP 16.6 - Perform Configuration Management
- Episode 171: CISSP 16.7 - Manage Change
- Episode 172: CISSP 16.8 - Manage Patches & Reduce Vulnerabilities
- Episode 173: CISSP 17.1 - Conducting Incident Management (Part 1 of 2)
- Episode 174: CISSP 17.1 - Conducting Incident Management (Part 2 of 2)
- Episode 175: CISSP 17.2 - Implementing Detection & Preventive Measures (Part 1 of 5)
- Episode 176: CISSP 17.2 - Implementing Detection & Preventive Measures (Part 2 of 5)
- Episode 177: CISSP 17.2 - Implementing Detection & Preventive Measures (Part 3 of 5)
- Episode 178: CISSP 17.2 - Implementing Detection & Preventive Measures (Part 4 of 5)
- Episode 179: CISSP 17.2 - Implementing Detection & Preventive Measures (Part 5 of 5)
- Episode 180: CISSP 17.3 - Logging & Monitoring (Part 1 of 2)
- Episode 181: CISSP 17.3 - Logging & Monitoring (Part 2 of 2)
- Episode 182: CISSP 17.4 - Automating Incident Response (Part 1 of 2)
- Episode 183: CISSP 17.4 - Automating Incident Response (Part 2 of 2)
- Episode 184: CISSP 18.1 - The Nature of Disaster (Part 1 of 2)
- Episode 185: CISSP 18.1 - The Nature of Disaster (Part 2 of 2)
- Episode 186: CISSP 18.2 - Understand System Resilience, High Availability, & Fault Tolerance
- Episode 187: CISSP 18.3 - Recovery Strategy (Part 1 of 2)
- Episode 188: CISSP 18.3 - Recovery Strategy (Part 2 of 2)
- Episode 189: CISSP 18.4 - Recovery Plan Development (Part 1 of 2)
- Episode 190: CISSP 18.4 - Recovery Plan Development (Part 2 of 2)
- Episode 191: CISSP 18.5 - Training, Awareness, & Documentation
- Episode 192: CISSP 18.6 - Testing & Maintenance
- Episode 193: CISSP 19.1 - Investigations (Part 1 of 3)
- Episode 194: CISSP 19.1 - Investigations (Part 2 of 3)
- Episode 195: CISSP 19.1 - Investigations (Part 3 of 3)
- Episode 196: CISSP 19.2 - Major Categories of Computer Crime
- Episode 197: CISSP 19.3 - Ethics
Domain 8: Software Development Security
- Episode 198: CISSP 20.1 - Introducing Systems Development Controls (Part 1 of 5)
- Episode 199: CISSP 20.1 - Introducing Systems Development Controls (Part 2 of 5)
- Episode 200: CISSP 20.1 - Introducing Systems Development Controls (Part 3 of 5)
- Episode 201: CISSP 20.1 - Introducing Systems Development Controls (Part 4 of 5)
- Episode 202: CISSP 20.1 - Introducing Systems Development Controls (Part 5 of 5)
- Episode 203: CISSP 20.2 - Establishing Databases & Data Warehousing (Part 1 of 2)
- Episode 204: CISSP 20.2 - Establishing Databases & Data Warehousing (Part 2 of 2)
- Episode 205: CISSP 20.3 - Storage Threats
- Episode 206: CISSP 20.4 - Understanding Knowledge-Based Systems
- Episode 207: CISSP 21.1 - Malware (Part 1 of 3)
- Episode 208: CISSP 21.1 - Malware (Part 2 of 3)
- Episode 209: CISSP 21.1 - Malware (Part 3 of 3)
- Episode 210: CISSP 21.2 - Malware Prevention
- Episode 211: CISSP 21.3 - Application Attacks
- Episode 212: CISSP 21.4 - Injection Vulnerabilities
- Episode 213: CISSP 21.5 - Exploiting Authorization Vulnerabilities
- Episode 214: CISSP 21.6 - Exploiting Web Application Vulnerabilities
- Episode 215: CISSP 21.7 - Application Security Controls
- Episode 216: CISSP 21.8 - Secure Coding Practices
Browse the other RooCloud courses at the RooCloud @ GitHub hub.