Study materials and notes for the CISSP Information Systems Security Management Professional (ISSMP) concentration. Includes a Jupyter notebook with domain notes, reference NIST publications, and CTID threat-informed defence materials.
| File | Description |
|---|---|
CISSP- ISSMP.ipynb |
Domain-by-domain study notes |
subnotes/ |
Sub-topic breakdowns and supplementary notes |
NIST800-160.pdf |
Systems Security Engineering (NIST SP 800-160) |
NISTSP800-150.pdf |
Guide to Cyber Threat Information Sharing (NIST SP 800-150) |
NISTSP800128.pdf |
Security-Focused Configuration Management (NIST SP 800-128) |
nist800-300r1.pdf |
Guide for Conducting Risk Assessments (NIST SP 800-30r1) |
CTID Campaign Sample Report.pdf |
MITRE CTID campaign report example |
CTID-CampaignReportTemplate.docx |
CTID campaign report template |
- Security program governance and strategic alignment
- Business case development and budget justification
- Security metrics and reporting to executives
- Organisational security culture and awareness
- Security requirements in SDLC (NIST SP 800-160)
- Security architecture reviews at each lifecycle phase
- Configuration management baselines (NIST SP 800-128)
- DevSecOps integration and secure pipeline controls
- Risk assessment methodology (NIST SP 800-30r1)
- Risk treatment: accept, mitigate, transfer, avoid
- Third-party and supply chain risk
- Residual risk acceptance and continuous monitoring
- Threat intelligence sharing frameworks (NIST SP 800-150, STIX/TAXII)
- CTID campaign-based threat modelling
- Incident response lifecycle and coordination
- Threat hunting and adversary emulation
- Business Continuity Planning (BCP) and Disaster Recovery (DR)
- RTO/RPO alignment with business impact analysis
- Backup strategies and recovery testing
- Crisis communications and escalation paths
- Legal frameworks: GDPR, HIPAA, SOX, CCPA
- Cross-border data transfer and jurisdictional issues
- (ISC)2 code of ethics application
- Audit preparation and regulatory engagement
The Center for Threat-Informed Defense (CTID) campaign report format documents adversary behaviour using MITRE ATT&CK, mapping TTPs across the full attack lifecycle. Included templates support structured threat reporting aligned to ATT&CK Navigator.
- (ISC)2 CISSP ISSMP Official Study Guide
- NIST SP 800-160: https://csrc.nist.gov/publications/detail/sp/800-160/vol-1/final
- NIST SP 800-30r1: https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final
- MITRE ATT&CK: https://attack.mitre.org
- CTID: https://ctid.mitre-engenuity.org