ISC2 CISSP Certification Prep
Welcome to the ultimate free study guide for the ISC2 Certified Information Systems Security Professional (CISSP) certification. Every section of the syllabus pairs a YouTube video lesson with a concise written summary and an exam-focused FAQ — designed for quick scanning, search and last-minute revision. The 216 episodes below cover all eight CISSP exam domains.
New episodes are published on the RooCloud YouTube channel — the full series playlist is at https://www.youtube.com/playlist?list=PLWmb7vxXz464 — and you can test yourself with chapter-wise multiple-choice questions and full-length practice exams at RooCloud.com.
The CISSP exam is organised into eight domains:
- Security and Risk Management — Episodes 1–35
- Asset Security — Episodes 36–42
- Security Architecture and Engineering — Episodes 43–101
- Communication and Network Security — Episodes 102–141
- Identity and Access Management — Episodes 142–155
- Security Assessment and Testing — Episodes 156–163
- Security Operations — Episodes 164–197
- Software Development Security — Episodes 198–216
📝 Notes + videos are only half the prep
The written notes and video lessons in this guide are designed to be used alongside practice. Reinforce every chapter with chapter-wise MCQs and full-length mock exams at RooCloud.com — read or watch the lesson here, then test your recall and exam-readiness there.
Table of Contents
Domain 1: Security and Risk Management
- Episode 1: CISSP 1.1 - Security 101
- Episode 2: CISSP 1.2 - Understand & Apply Security Concepts (Part 1 of 2)
- Episode 3: CISSP 1.2 - Understand & Apply Security Concepts (Part 2 of 2)
- Episode 4: CISSP 1.3 - Security Boundaries
- Episode 5: CISSP 1.4 - Evaluate & Apply Security Governance Principles
- Episode 6: CISSP 1.5 - Manage the Security Function (Part 1 of 2)
- Episode 7: CISSP 1.5 - Manage the Security Function (Part 2 of 2)
- Episode 8: CISSP 1.6 - Security Policy, Standards, Procedures, & Guidelines
- Episode 9: CISSP 1.7 - Threat Modeling
- Episode 10: CISSP 1.8 - Supply Chain Risk Management
- Episode 11: CISSP 2.1 - Personnel Security Policies & Procedures (Part 1 of 2)
- Episode 12: CISSP 2.1 - Personnel Security Policies & Procedures (Part 2 of 2)
- Episode 13: CISSP 2.2 - Understand & Apply Risk Management Concepts (Part 1 of 5)
- Episode 14: CISSP 2.2 - Understand & Apply Risk Management Concepts (Part 2 of 5)
- Episode 15: CISSP 2.2 - Understand & Apply Risk Management Concepts (Part 3 of 5)
- Episode 16: CISSP 2.2 - Understand & Apply Risk Management Concepts (Part 4 of 5)
- Episode 17: CISSP 2.2 - Understand & Apply Risk Management Concepts (Part 5 of 5)
- Episode 18: CISSP 2.3 - Social Engineering (Part 1 of 3)
- Episode 19: CISSP 2.3 - Social Engineering (Part 2 of 3)
- Episode 20: CISSP 2.3 - Social Engineering (Part 3 of 3)
- Episode 21: CISSP 2.4 - Establish & Maintain a Security Awareness, Education, & Training Program
- Episode 22: CISSP 3.1 - Planning for Business Continuity
- Episode 23: CISSP 3.2 - Project Scope & Planning (Part 1 of 2)
- Episode 24: CISSP 3.2 - Project Scope & Planning (Part 2 of 2)
- Episode 25: CISSP 3.3 - Business Impact Analysis
- Episode 26: CISSP 3.4 - Continuity Planning
- Episode 27: CISSP 3.5 - Plan Approval & Implementation
- Episode 28: CISSP 4.1 - Categories of Laws
- Episode 29: CISSP 4.2 - Laws (Part 1 of 4)
- Episode 30: CISSP 4.2 - Laws (Part 2 of 4)
- Episode 31: CISSP 4.2 - Laws (Part 3 of 4)
- Episode 32: CISSP 4.2 - Laws (Part 4 of 4)
- Episode 33: CISSP 4.3 - State Privacy Laws
- Episode 34: CISSP 4.4 - Compliance
- Episode 35: CISSP 4.5 - Contracting & Procurement
Domain 2: Asset Security
- Episode 36: CISSP 5.1 - Identifying & Classifying Information & Assets (Part 1 of 2)
- Episode 37: CISSP 5.1 - Identifying & Classifying Information & Assets (Part 2 of 2)
- Episode 38: CISSP 5.2 - Establishing Information & Asset Handling Requirements (Part 1 of 2)
- Episode 39: CISSP 5.2 - Establishing Information & Asset Handling Requirements (Part 2 of 2)
- Episode 40: CISSP 5.3 - Data Protection Methods
- Episode 41: CISSP 5.4 - Understanding Data Roles
- Episode 42: CISSP 5.5 - Using Security Baselines
Domain 3: Security Architecture and Engineering
- Episode 43: CISSP 6.1 - Cryptographic Foundations (Part 1 of 3)
- Episode 44: CISSP 6.1 - Cryptographic Foundations (Part 2 of 3)
- Episode 45: CISSP 6.1 - Cryptographic Foundations (Part 3 of 3)
- Episode 46: CISSP 6.2 - Modern Cryptography (Part 1 of 2)
- Episode 47: CISSP 6.2 - Modern Cryptography (Part 2 of 2)
- Episode 48: CISSP 6.3 - Symmetric Cryptography (Part 1 of 2)
- Episode 49: CISSP 6.3 - Symmetric Cryptography (Part 2 of 2)
- Episode 50: CISSP 6.4 - Cryptographic Life Cycle
- Episode 51: CISSP 7.1 - Asymmetric Cryptography (Part 1 of 2)
- Episode 52: CISSP 7.1 - Asymmetric Cryptography (Part 2 of 2)
- Episode 53: CISSP 7.2 - Hash Functions
- Episode 54: CISSP 7.3 - Digital Signatures
- Episode 55: CISSP 7.4 - Public Key Infrastructure
- Episode 56: CISSP 7.5 - Asymmetric Key Management
- Episode 57: CISSP 7.6 - Hybrid Cryptography
- Episode 58: CISSP 7.7 - Applied Cryptography (Part 1 of 2)
- Episode 59: CISSP 7.7 - Applied Cryptography (Part 2 of 2)
- Episode 60: CISSP 7.8 - Cryptographic Attacks
- Episode 61: CISSP 8.1 - Secure Design Principles (Part 1 of 3)
- Episode 62: CISSP 8.1 - Secure Design Principles (Part 2 of 3)
- Episode 63: CISSP 8.1 - Secure Design Principles (Part 3 of 3)
- Episode 64: CISSP 8.2 - Techniques for Ensuring CIA
- Episode 65: CISSP 8.3 - Understand the Fundamental Concepts of Security Models (Part 1 of 3)
- Episode 66: CISSP 8.3 - Understand the Fundamental Concepts of Security Models (Part 2 of 3)
- Episode 67: CISSP 8.3 - Understand the Fundamental Concepts of Security Models (Part 3 of 3)
- Episode 68: CISSP 8.4 - Select Controls Based on Systems Security Requirements
- Episode 69: CISSP 8.5 - Understand Security Capabilities of Information Systems
- Episode 70: CISSP 9.1 - Shared Responsibility
- Episode 71: CISSP 9.2 - Data Localization & Data Sovereignty
- Episode 72: CISSP 9.3 - Assess & Mitigate Vulnerabilities of Security Architectures (Part 1 of 3)
- Episode 73: CISSP 9.3 - Assess & Mitigate Vulnerabilities of Security Architectures (Part 2 of 3)
- Episode 74: CISSP 9.3 - Assess & Mitigate Vulnerabilities of Security Architectures (Part 3 of 3)
- Episode 75: CISSP 9.4 - Client-Based Systems
- Episode 76: CISSP 9.5 - Server-Based Systems
- Episode 77: CISSP 9.6 - Industrial Control Systems
- Episode 78: CISSP 9.7 - Distributed Systems
- Episode 79: CISSP 9.8 - High-Performance Computing Systems
- Episode 80: CISSP 9.9 - Real-Time Operating Systems
- Episode 81: CISSP 9.10 - Internet of Things
- Episode 82: CISSP 9.11 - Edge & Fog Computing
- Episode 83: CISSP 9.12 - Embedded Devices & Cyber-Physical Systems
- Episode 84: CISSP 9.13 - Microservices
- Episode 85: CISSP 9.14 - Infrastructure as Code
- Episode 86: CISSP 9.15 - Immutable Architecture
- Episode 87: CISSP 9.16 - Virtualized Systems (Part 1 of 2)
- Episode 88: CISSP 9.16 - Virtualized Systems (Part 2 of 2)
- Episode 89: CISSP 9.17 - Containerization
- Episode 90: CISSP 9.18 - Mobile Devices (Part 1 of 3)
- Episode 91: CISSP 9.18 - Mobile Devices (Part 2 of 3)
- Episode 92: CISSP 9.18 - Mobile Devices (Part 3 of 3)
- Episode 93: CISSP 9.19 - Essential Security Protection Mechanisms
- Episode 94: CISSP 9.20 - Common Security Architecture Flaws & Issues
- Episode 95: CISSP 10.1 - Apply Security Principles to Site & Facility Design
- Episode 96: CISSP 10.2 - Implement Site & Facility Security Controls (Part 1 of 4)
- Episode 97: CISSP 10.2 - Implement Site & Facility Security Controls (Part 2 of 4)
- Episode 98: CISSP 10.2 - Implement Site & Facility Security Controls (Part 3 of 4)
- Episode 99: CISSP 10.2 - Implement Site & Facility Security Controls (Part 4 of 4)
- Episode 100: CISSP 10.3 - Implement & Manage Physical Security (Part 1 of 2)
- Episode 101: CISSP 10.3 - Implement & Manage Physical Security (Part 2 of 2)
Domain 4: Communication and Network Security
- Episode 102: CISSP 11.1 - OSI Model (Part 1 of 2)
- Episode 103: CISSP 11.1 - OSI Model (Part 2 of 2)
- Episode 104: CISSP 11.2 - TCP-IP Model
- Episode 105: CISSP 11.3 - Analyzing Network Traffic
- Episode 106: CISSP 11.4 - Common Application Layer Protocols
- Episode 107: CISSP 11.5 - Transport Layer Protocols
- Episode 108: CISSP 11.6 - Domain Name System
- Episode 109: CISSP 11.7 - Internet Protocol Networking
- Episode 110: CISSP 11.8 - ARP Concerns
- Episode 111: CISSP 11.9 - Secure Communication Protocols
- Episode 112: CISSP 11.10 - Implications of Multilayer Protocols
- Episode 113: CISSP 11.11 - Segmentation
- Episode 114: CISSP 11.12 - Edge Networks
- Episode 115: CISSP 11.13 - Wireless Networks (Part 1 of 3)
- Episode 116: CISSP 11.13 - Wireless Networks (Part 2 of 3)
- Episode 117: CISSP 11.13 - Wireless Networks (Part 3 of 3)
- Episode 118: CISSP 11.14 - Satellite Communications
- Episode 119: CISSP 11.15 - Cellular Networks
- Episode 120: CISSP 11.16 - Content Distribution Networks
- Episode 121: CISSP 11.17 - Secure Network Components (Part 1 of 5)
- Episode 122: CISSP 11.17 - Secure Network Components (Part 2 of 5)
- Episode 123: CISSP 11.17 - Secure Network Components (Part 3 of 5)
- Episode 124: CISSP 11.17 - Secure Network Components (Part 4 of 5)
- Episode 125: CISSP 11.17 - Secure Network Components (Part 5 of 5)
- Episode 126: CISSP 12.1 - Protocol Security Mechanisms
- Episode 127: CISSP 12.2 - Secure Voice Communications
- Episode 128: CISSP 12.3 - Remote Access Security Management
- Episode 129: CISSP 12.4 - Multimedia Collaboration
- Episode 130: CISSP 12.5 - Monitoring & Management
- Episode 131: CISSP 12.6 - Load Balancing
- Episode 132: CISSP 12.7 - Manage Email Security
- Episode 133: CISSP 12.8 - Virtual Private Network (Part 1 of 2)
- Episode 134: CISSP 12.8 - Virtual Private Network (Part 2 of 2)
- Episode 135: CISSP 12.9 - Switching & Virtual LANs
- Episode 136: CISSP 12.10 - Network Address Translation
- Episode 137: CISSP 12.11 - Third-Party Connectivity
- Episode 138: CISSP 12.12 - Switching Technologies
- Episode 139: CISSP 12.13 - WAN Technologies
- Episode 140: CISSP 12.14 - Fiber-Optic Links
- Episode 141: CISSP 12.15 - Prevent or Mitigate Network Attacks
Domain 5: Identity and Access Management
- Episode 142: CISSP 13.1 - Controlling Access to Assets
- Episode 143: CISSP 13.2 - The AAA Model (Part 1 of 3)
- Episode 144: CISSP 13.2 - The AAA Model (Part 2 of 3)
- Episode 145: CISSP 13.2 - The AAA Model (Part 3 of 3)
- Episode 146: CISSP 13.3 - Implementing Identity Management
- Episode 147: CISSP 13.4 - Managing the Identity & Access Provisioning Life Cycle
- Episode 148: CISSP 14.1 - Comparing Access Control Models (Part 1 of 2)
- Episode 149: CISSP 14.1 - Comparing Access Control Models (Part 2 of 2)
- Episode 150: CISSP 14.2 - Implementing Authentication Systems (Part 1 of 2)
- Episode 151: CISSP 14.2 - Implementing Authentication Systems (Part 2 of 2)
- Episode 152: CISSP 14.3 - Zero-Trust Access Policy Enforcement
- Episode 153: CISSP 14.4 - Understanding Access Control Attacks (Part 1 of 3)
- Episode 154: CISSP 14.4 - Understanding Access Control Attacks (Part 2 of 3)
- Episode 155: CISSP 14.4 - Understanding Access Control Attacks (Part 3 of 3)
Domain 6: Security Assessment and Testing
- Episode 156: CISSP 15.1 - Building a Security Assessment & Testing Program
- Episode 157: CISSP 15.2 - Performing Vulnerability Assessments (Part 1 of 3)
- Episode 158: CISSP 15.2 - Performing Vulnerability Assessments (Part 2 of 3)
- Episode 159: CISSP 15.2 - Performing Vulnerability Assessments (Part 3 of 3)
- Episode 160: CISSP 15.3 - Testing Your Software (Part 1 of 2)
- Episode 161: CISSP 15.3 - Testing Your Software (Part 2 of 2)
- Episode 162: CISSP 15.4 - Training & Exercises
- Episode 163: CISSP 15.5 - Security Management Processes & Collecting Security Process Data
Domain 7: Security Operations
- Episode 164: CISSP 16.1 - Apply Foundational Security Operations Concepts (Part 1 of 2)
- Episode 165: CISSP 16.1 - Apply Foundational Security Operations Concepts (Part 2 of 2)
- Episode 166: CISSP 16.2 - Address Personnel Safety & Security
- Episode 167: CISSP 16.3 - Provision Information & Assets Securely
- Episode 168: CISSP 16.4 - Apply Resource Protection
- Episode 169: CISSP 16.5 - Managed Services in the Cloud
- Episode 170: CISSP 16.6 - Perform Configuration Management
- Episode 171: CISSP 16.7 - Manage Change
- Episode 172: CISSP 16.8 - Manage Patches & Reduce Vulnerabilities
- Episode 173: CISSP 17.1 - Conducting Incident Management (Part 1 of 2)
- Episode 174: CISSP 17.1 - Conducting Incident Management (Part 2 of 2)
- Episode 175: CISSP 17.2 - Implementing Detection & Preventive Measures (Part 1 of 5)
- Episode 176: CISSP 17.2 - Implementing Detection & Preventive Measures (Part 2 of 5)
- Episode 177: CISSP 17.2 - Implementing Detection & Preventive Measures (Part 3 of 5)
- Episode 178: CISSP 17.2 - Implementing Detection & Preventive Measures (Part 4 of 5)
- Episode 179: CISSP 17.2 - Implementing Detection & Preventive Measures (Part 5 of 5)
- Episode 180: CISSP 17.3 - Logging & Monitoring (Part 1 of 2)
- Episode 181: CISSP 17.3 - Logging & Monitoring (Part 2 of 2)
- Episode 182: CISSP 17.4 - Automating Incident Response (Part 1 of 2)
- Episode 183: CISSP 17.4 - Automating Incident Response (Part 2 of 2)
- Episode 184: CISSP 18.1 - The Nature of Disaster (Part 1 of 2)
- Episode 185: CISSP 18.1 - The Nature of Disaster (Part 2 of 2)
- Episode 186: CISSP 18.2 - Understand System Resilience, High Availability, & Fault Tolerance
- Episode 187: CISSP 18.3 - Recovery Strategy (Part 1 of 2)
- Episode 188: CISSP 18.3 - Recovery Strategy (Part 2 of 2)
- Episode 189: CISSP 18.4 - Recovery Plan Development (Part 1 of 2)
- Episode 190: CISSP 18.4 - Recovery Plan Development (Part 2 of 2)
- Episode 191: CISSP 18.5 - Training, Awareness, & Documentation
- Episode 192: CISSP 18.6 - Testing & Maintenance
- Episode 193: CISSP 19.1 - Investigations (Part 1 of 3)
- Episode 194: CISSP 19.1 - Investigations (Part 2 of 3)
- Episode 195: CISSP 19.1 - Investigations (Part 3 of 3)
- Episode 196: CISSP 19.2 - Major Categories of Computer Crime
- Episode 197: CISSP 19.3 - Ethics
Domain 8: Software Development Security
- Episode 198: CISSP 20.1 - Introducing Systems Development Controls (Part 1 of 5)
- Episode 199: CISSP 20.1 - Introducing Systems Development Controls (Part 2 of 5)
- Episode 200: CISSP 20.1 - Introducing Systems Development Controls (Part 3 of 5)
- Episode 201: CISSP 20.1 - Introducing Systems Development Controls (Part 4 of 5)
- Episode 202: CISSP 20.1 - Introducing Systems Development Controls (Part 5 of 5)
- Episode 203: CISSP 20.2 - Establishing Databases & Data Warehousing (Part 1 of 2)
- Episode 204: CISSP 20.2 - Establishing Databases & Data Warehousing (Part 2 of 2)
- Episode 205: CISSP 20.3 - Storage Threats
- Episode 206: CISSP 20.4 - Understanding Knowledge-Based Systems
- Episode 207: CISSP 21.1 - Malware (Part 1 of 3)
- Episode 208: CISSP 21.1 - Malware (Part 2 of 3)
- Episode 209: CISSP 21.1 - Malware (Part 3 of 3)
- Episode 210: CISSP 21.2 - Malware Prevention
- Episode 211: CISSP 21.3 - Application Attacks
- Episode 212: CISSP 21.4 - Injection Vulnerabilities
- Episode 213: CISSP 21.5 - Exploiting Authorization Vulnerabilities
- Episode 214: CISSP 21.6 - Exploiting Web Application Vulnerabilities
- Episode 215: CISSP 21.7 - Application Security Controls
- Episode 216: CISSP 21.8 - Secure Coding Practices
Browse the other RooCloud courses at the RooCloud @ GitHub hub, watch the lessons on YouTube, and practice at RooCloud.com.