Udemy Business

Teach on Udemy

Turn what you know into an opportunity and reach millions around the world.

Learn More

Your cart is empty.

Keep shopping

CISSP Certification: CISSP Domain 7 & 8 Boot Camp 2026 Exam

Name: CISSP Certification: CISSP Domain 7 & 8 Boot Camp 2026 Exam
Rating: 4.7 (5672 reviews)

Take the CISSP Domain 7 and 8 2026 certifications boot camp: Get 8 hours of video, study guides, and practice questions.

Created byThor Pedersen | 670,000+ Enrollments Worldwide, ThorTeaches Support

Last updated 4/2026

English

What you'll learn

Prepare for the 2025 version of the Certified Information Systems Security Professional (CISSP) Certification Exam.
Includes the April 2024 CISSP exam updates.
Get your free 89-page CISSP Study Guide and your 36-pages Quick Sheets for download (PDF).
Join the over 760,000 people who have enrolled from 209 countries.
117 CISSP practice questions.
Gain a clear understanding of CISSP Domain 7 (Security Operations) and Domain 8 (Software Development Security).
Understand IT Security and Cyber Security from a management-level perspective.
11 Detailed CISSP Mind Maps.

Course content

4 sections • 67 lectures • 8h 13m total length

Introduction and connect with me on Social media.0:53
What we cover: Course orientation and external study resources for certification preparation.
Why it matters: Resource awareness supports consistent learning and reduces gaps in security knowledge.
Exam relevance: Not directly tested, but supports readiness through practice questions and supplemental review.
Download your free study guides and the Udemy ratings system1:35
What we cover: Course logistics for downloading study guides and submitting an instructor review.
Why it matters: Effective study resource use supports consistent knowledge retention and self-assessment during preparation.
Exam relevance: No direct exam objectives are tested, but it affects readiness and performance on exam-style questions.
How to get the most out of my courses and the Udemy interface2:29
What we cover: Course notation cues that flag high-priority topics, partial lists, and keywords for memorization.
Why it matters: Clear signal interpretation improves accurate terminology recall and reduces misunderstanding of scope.
Exam relevance: Tested indirectly through precise term recognition and selecting correct definitions when distractors use incomplete lists.
General CISSP links.0:54

Domain 7 - What we will be covering.2:08
What we cover: Security operations focus on business continuity planning and how supporting plans roll up into it.
Why it matters: Clear plan hierarchy enables consistent operational resilience and coordinated recovery actions during disruptions.
Exam relevance: Tested as conceptual distinctions between BCP and subordinate plans and selecting appropriate continuity controls in scenarios.
Domain 7 key concepts.6:21
What we cover: Core continuity and resilience terms across BCP, DRP, COOP, disaster categories, MTBF versus MTTR, and RAID basics.
Why it matters: Correctly separating continuity planning, recovery planning, reliability metrics, and storage redundancy supports appropriate control selection.
Exam relevance: Tested as terminology distinctions and scenario-based selection of the correct plan, metric, or RAID concept.
Administrative personnel controls.15:52
What we cover: Administrative personnel security controls and the distinction between least privilege and need-to-know.
Why it matters: These controls reduce insider risk by limiting access, enforcing accountability, and improving detection of misuse.
Exam relevance: Tested as control-type identification and scenario-based selection among least privilege, need-to-know, separation of duties, job rotation, mandatory vacations, NDAs, background checks, PAM, logging versus monitoring, threat intelligence, threat hunting, and UEBA.
Administrative personnel controls.
Digital forensics.12:52
What we cover: Digital forensics versus incident response and core evidence-handling concepts for investigations.
Why it matters: Proper preservation, integrity validation, and custody documentation keep evidence reliable and legally defensible.
Exam relevance: Tested as choosing correct forensic actions, ordering volatile collection, and identifying integrity controls like hashing and write-blocking.
Spinning disk forensics.4:00
What we cover: Disk forensics storage areas including allocated, unallocated, slack space, and bad sectors, and why bit-level imaging captures them.
Why it matters: Hidden or recoverable data can persist outside active file structures and be missed by normal file access.
Exam relevance: Identify when to choose bit-level disk imaging versus logical collection based on where evidence may reside.
Network and Software forensics.14:05
What we cover: Network forensics methods, embedded device evidence handling, egress monitoring controls, and the EDRM e-discovery workflow.
Why it matters: These concepts preserve volatile evidence integrity and reduce data exfiltration through appropriate monitoring and governance.
Exam relevance: Tested as choosing correct forensic approach, DLP placement, chain-of-custody requirements, and ordering e-discovery phases.
Digital forensics. Spinning disk forensics. Network and Software forensics.
Incident Management definitions.9:05
What we cover: Incident management definitions and classification of events, alerts, incidents, problems, and severity levels.
Why it matters: Clear categorization drives consistent administrative response selection and prioritization during security disruptions.
Exam relevance: Tested as terminology distinctions and scenario-based classification decisions, including natural, human, and environmental incident sources.
Incident Management - Part 1.8:44
What we cover: The incident management lifecycle and the distinction between detection, containment, eradication, recovery, remediation, and lessons learned.
Why it matters: Correct phase selection drives appropriate control actions and preserves evidence while limiting spread and restoring operations.
Exam relevance: Tested as phase identification and best-action selection, including SIEM versus SOAR roles and mitigation versus remediation distinctions.
Incident Management - Part 2.10:41
What we cover: Incident response phases from mitigation through lessons learned with root-cause analysis and reporting.
Why it matters: Correct phase actions prevent reinfection, ensure stakeholder coordination, and drive durable control improvements.
Exam relevance: Tested as selecting the correct incident response phase activity and distinguishing mitigation, recovery, remediation, and lessons learned.
Incident Management
Intrusion detection and prevention systems.12:22
What we cover: IDS versus IPS roles and detection methods across network-based and host-based deployments.
Why it matters: Correct control selection balances visibility, response capability, and tuning effort to reduce missed attacks and noise.
Exam relevance: Tested through scenario choices distinguishing IDS from IPS, signature from heuristic detection, and true/false positive/negative outcomes.
Intrusion detection and prevention systems.
SIEM and SOAR systems.4:08
What we cover: The distinction between SIEM log aggregation and SOAR orchestration with automated incident response.
Why it matters: Centralized monitoring improves detection and response when access is restricted and logging is protected.
Exam relevance: Identify SIEM versus SOAR capabilities in tool-selection questions and incident response workflow decisions.
SIEM and SOAR systems.
Application positive-listing.3:47
What we cover: Application allowlisting and removable media controls as endpoint preventive security controls.
Why it matters: These controls reduce unauthorized software execution and limit device-based compromise paths.
Exam relevance: Identify allowlisting versus blocklisting and choose centralized port control methods in scenario-based questions.
Honeynets and Honeypots.3:00
What we cover: Honeypots versus honeynets as deceptive security monitoring controls for collecting attacker behavior.
Why it matters: They improve detection intelligence while requiring isolation and governance to prevent misuse and liability.
Exam relevance: Identify honeypot versus honeynet definitions and choose proper deployment considerations including segmentation, logging, and legal approval.
Application positive listing. Honeynets and Honeypots.
Configuration Management.5:20
What we cover: Configuration management as a preventive control using secure baselines and controlled deviations.
Why it matters: It reduces attack surface and prevents unauthorized drift from hardened configurations.
Exam relevance: Tested as selecting baseline hardening, change control, and configuration monitoring to maintain secure system states.
Patch Management.7:00
What we cover: Patch management as a corrective control within configuration and change management.
Why it matters: Timely, tested patching reduces exposure by fixing known vulnerabilities before exploitation.
Exam relevance: Identify corrective controls and choose proper patch testing, deployment timing, and change control in scenarios.
Change management.7:25
What we cover: Change management versus change control as formal processes for approving and governing environment modifications.
Why it matters: It enforces risk-assessed, documented, authorized changes to maintain security and operational stability.
Exam relevance: Tested as selecting the correct governance process step, board role, or PDCA-aligned phase in scenarios.
0-day attacks.5:23
What we cover: Zero-day vulnerability, exploit, and attack distinctions and their relationship to patch and signature availability.
Why it matters: Zero-days require layered controls because known-signature defenses may not detect unknown flaws.
Exam relevance: Tested as terminology differentiation and control selection when no patch exists and detection relies on behavior.
Configuration Management. Patch Management. Change management. 0-day attacks.
Backups.12:45
What we cover: Backup types and archive bit behavior as fault-tolerance and resilience controls.
Why it matters: Correct backup selection and retention ensures recoverability and reliable restoration after compromise or disaster.
Exam relevance: Tested through distinguishing full, incremental, differential, and copy backups and choosing restore requirements and retention impacts.
RAID (Redundant Array of Independent Disks).7:21
What we cover: RAID storage redundancy types and their fault-tolerance characteristics.
Why it matters: Correct RAID selection balances availability and performance while limiting data loss from disk failure.
Exam relevance: Tested as conceptual differentiation of RAID 0, 1, and 5, including minimum disks and failure tolerance.
Redundancy.10:17
What we cover: High availability design using redundancy, clustering, and backup-adjacent recovery methods for fault tolerance and resiliency.
Why it matters: Redundancy removes single points of failure and enables continuity during component, path, or site outages.
Exam relevance: Tested as selecting active-active versus active-passive failover and distinguishing shadowing, electronic vaulting, and remote journaling.
Redundancy. Backups. RAID (Redundant Array of Independent Disks).
BCP and DRP - Part 1.9:58
What we cover: The distinction between business continuity planning and disaster recovery planning within resilience and contingency controls.
Why it matters: Clear plan scope drives correct governance, prioritization, and recovery objectives across business and IT.
Exam relevance: Tested as conceptual differentiation and scenario-based selection of the correct plan type and scope.
BCP and DRP - Part 2.7:59
What we cover: Disaster categories and disruptive event types used in disaster recovery and business continuity planning.
Why it matters: Correct classification drives appropriate administrative, technical, and physical countermeasure selection for resilience.
Exam relevance: Tested as conceptual differentiation and control selection when given a disruption source and required continuity response.
Warfare, terrorism, sabotage, and ransomware.6:26
What we cover: Human-caused disasters as threat sources including nation-state cyberwarfare and financially motivated attacks.
Why it matters: Correctly classifying adversary intent drives appropriate defensive control prioritization and resilience planning.
Exam relevance: Tested through distinguishing threat actors and attack types and selecting mitigations like patch management against ransomware.
Personnel.6:25
What we cover: Personnel shortage planning within business continuity and disaster recovery using role-based staffing redundancy.
Why it matters: Continuity depends on identifying critical positions and ensuring coverage through cross-training and updated plans.
Exam relevance: Tested as selecting appropriate continuity controls and distinguishing role-based assignments from name-based documentation.
DRP basics.6:52
What we cover: Disaster recovery planning lifecycle phases and role-based authority for declaring, notifying, and executing the plan.
Why it matters: Clear responsibilities and escalation paths enable coordinated response and recovery under disruption.
Exam relevance: Tested as selecting the correct DRP phase and identifying proper roles, notifications, and escalation order.
Developing our BCP and DRP.11:44
What we cover: The BCDR planning lifecycle and the distinction between rescue, recovery, and salvage teams.
Why it matters: Clear roles and priorities ensure safe response, rapid restoration of critical services, and controlled return to normal operations.
Exam relevance: Tested through keyword-driven scenarios requiring correct selection of failover versus failback order and team responsibility.
BIA (Business Impact Analysis).9:31
What we cover: Business impact analysis metrics for recovery planning, including RPO, RTO, WRT, MTD, MTBF, MTTR, and MOR.
Why it matters: These values define acceptable data loss and downtime to align continuity controls with system criticality.
Exam relevance: Tested as terminology differentiation and constraint logic, especially MTD relative to RTO plus WRT and RPO.
BCP and DRP. BIA (Business Impact Analysis).
Supply and infrastructure redundancy.3:15
What we cover: Non-IT recovery strategies for supply chain resilience and external connectivity redundancy.
Why it matters: Business continuity depends on utilities, vendors, and communications beyond internal systems.
Exam relevance: Tests selecting appropriate continuity controls when outages involve suppliers, fuel, or upstream network dependencies.
Supply and infrastructure redundancy.
Disaster Recovery sites.9:05
What we cover: Disaster recovery site types as availability controls aligned to maximum tolerable downtime and recovery objectives.
Why it matters: Correct site selection determines achievable recovery time and data currency during outages.
Exam relevance: Tested as distinguishing hot, warm, cold, redundant, reciprocal, mobile, and cloud sites by recovery speed and data replication.
Other BCP sub plans.11:53
What we cover: BCP sub-plans and their distinct scopes across continuity, recovery, incident response, safety, and crisis communications.
Why it matters: Correct plan selection clarifies responsibilities and preserves operations, personnel safety, and coordinated response during disruptions.
Exam relevance: Tested as conceptual distinctions and scenario-based identification of the appropriate plan and communication structure.
Employee redundancy.11:08
What we cover: Business continuity plan handling using off-site storage, content-based access control, EOC purpose, MOA/MOU role assignment, and staff redundancy.
Why it matters: These administrative controls preserve plan availability while limiting exposure and ensuring continuity through clear authority and cross-training.
Exam relevance: Tested as BCP/DR documentation and governance distinctions, including selecting EOC placement, MOA/MOU usage, and least-privilege plan access.
Testing the Plans - Part 1.8:18
What we cover: Disaster recovery plan testing phases from document review through exercises, failover drills, and external audit.
Why it matters: Testing validates completeness and feasibility while training roles and responsibilities before a real disruption.
Exam relevance: Identify appropriate DR testing type by intrusiveness and purpose, and distinguish tabletop walkthroughs from simulations and interruptions.
Testing the Plans - Part 2.6:49
What we cover: Disaster recovery plan training, awareness, and iterative updates as administrative controls for continuity readiness.
Why it matters: Trained staff and current plans enable predictable execution during disruptions and reduce errors from outdated procedures.
Exam relevance: Tested as selecting appropriate continuity activities, distinguishing training versus awareness, and identifying when plans must be updated.
After a disruption.8:37
What we cover: Lessons learned as a post-disruption control to improve BCP and DRP currency and effectiveness.
Why it matters: It drives continuous improvement without blame and keeps recovery planning aligned to current systems and roles.
Exam relevance: Tested as selecting the correct post-incident activity and identifying governance, testing, training, and versioning gaps in continuity plans.
DR sites. Employee redundancy. Testing the Plans. After a disruption
What we covered in Domain 7.3:37
What we cover: Core security operations controls across monitoring, incident response, forensics, vulnerability management, and resilience planning.
Why it matters: Correct control selection preserves evidence integrity, reduces exposure windows, and sustains availability during failures and disasters.
Exam relevance: Tested through scenario-based distinctions among alert types, IDS versus IPS methods, change control, zero-day mitigations, and BCP versus DRP.
(Bonus) Domain 7 - 30 practice questions.
Domain 7 links.1:27

Domain 8 - What we will be covering.2:49
What we cover: Secure software development lifecycle integration as a preventive control category across build, buy, and outsourced software.
Why it matters: Early security requirements and design reduce defects and align development activities with security objectives.
Exam relevance: Tested as selecting SDLC phases and controls where security must be embedded rather than added later.
Designing security into our software.8:50
What we cover: Secure-by-design software development with change management, configuration management, and risk analysis as governance controls.
Why it matters: Early security requirements reduce exploitable weaknesses and keep implementations controlled and consistent across environments.
Exam relevance: Tested as selecting appropriate SDLC governance controls and distinguishing errors versus vulnerabilities in security decisions.
Programming Concepts - Part 1.7:12
What we cover: Differences between machine code, source code, assembly, compiled code, interpreted code, and bytecode.
Why it matters: Correctly classifying code form clarifies where translation occurs and where security controls apply.
Exam relevance: Tested as conceptual distinctions and terminology recognition for selecting the correct code type in questions.
Programming Concepts - Part 2.8:39
What we cover: Software development approaches and software licensing categories including open versus closed source and common license terms.
Why it matters: Licensing and development choices affect code transparency, modification rights, and legal constraints on distribution.
Exam relevance: Tested as conceptual distinctions and scenario-based selection between licensing models, EULA implications, and top-down versus bottom-up design.
Designing security into our software. Programming Concepts
Software development methodologies - Part 1.8:43
What we cover: Differences between waterfall and agile software development methodologies as project management control approaches.
Why it matters: Method choice determines how security requirements are handled when change occurs during development.
Exam relevance: Tested as conceptual distinctions and scenario-based selection between linear phase-gated models and iterative adaptive models.
Software development methodologies - Part 2.7:50
What we cover: Key distinctions among Scrum, Extreme Programming, Spiral, RAD, and Prototyping software development methodologies.
Why it matters: Method selection drives control placement, risk handling, and stakeholder accountability across the development lifecycle.
Exam relevance: Tested as conceptual comparisons and scenario-based selection of the best methodology given requirements volatility and risk focus.
Software development methodologies - Part 3.9:56
What we cover: SDLC phases and the distinction between projects, programs, portfolios, and operations.
Why it matters: Clear lifecycle and scope boundaries enable consistent security integration and governance accountability.
Exam relevance: Tested as selecting the correct SDLC phase or work type and rejecting options that omit built-in security.
Software development methodologies - Part 4.5:53
What we cover: Source code escrow, source code repositories, API security, and configuration and change management governance.
Why it matters: These controls preserve software integrity and availability through secure integration, controlled changes, and vendor continuity.
Exam relevance: Tested as selecting the correct control or governance mechanism for third-party code, APIs, and baseline change control.
DevOps and DevSecOps.2:39
What we cover: DevOps versus DevSecOps integration across development, QA, and operations using CI/CD automation.
Why it matters: Embedding security into the delivery pipeline improves secure code outcomes through consistent, automated controls.
Exam relevance: Tests distinguishing DevOps from DevSecOps and selecting CI/CD and automation concepts in secure SDLC questions.
Software development methodologies DevOps and DevSecOps.
SAFe - Scaled Agile Frameworks10:34
What we cover: SAFe scaling of agile delivery and where security integrates across team, program, and portfolio governance.
Why it matters: It clarifies how security becomes built-in quality through coordinated roles and continuous assurance.
Exam relevance: It appears as DevSecOps and SDLC integration choices, including governance alignment and security testing placement.
Databases - Part 1.7:58
What we cover: Relational database structure including tables, tuples, attributes, DBMS, and primary key versus foreign key relationships.
Why it matters: Correct key design and integrity enforcement preserve accurate, consistent data across linked tables.
Exam relevance: Tested as conceptual identification of relational components and integrity failures in scenario-based questions.
Databases - Part 2.8:50
What we cover: Database integrity controls including user-defined integrity, normalization, views, data dictionaries, and schema constraints.
Why it matters: Integrity controls prevent unauthorized or invalid data changes and preserve consistent, reliable records across concurrent operations.
Exam relevance: Tested as selecting appropriate database security and integrity mechanisms and distinguishing access control from metadata and schema enforcement.
Databases - Part 3.6:39
What we cover: Database query language categories and database types plus database resilience mechanisms.
Why it matters: Correctly separating schema changes, data changes, and recovery replication controls prevents integrity loss and downtime.
Exam relevance: Tested as conceptual distinctions and scenario-based selection between DDL vs DML, relational vs hierarchical vs object-oriented, and shadowing vs e-vaulting vs remote journaling.
Databases - Part 4.8:31
What we cover: Coupling versus cohesion as software design qualities and the ACID transaction properties in relational databases.
Why it matters: These concepts guide secure system reliability, maintainability, and data integrity under change and concurrent access.
Exam relevance: Tested as terminology distinctions and selecting the correct property or design quality from brief technical descriptions.
Databases
OWASP - Part 1.7:04
What we cover: OWASP Top 10 concepts focused on broken access control and cryptographic failures as web application risk categories.
Why it matters: Correct access enforcement and strong cryptography prevent unauthorized actions and data exposure across applications.
Exam relevance: Tested through scenario-based identification of web attacks and selecting appropriate mitigations rather than OWASP list numbering.
OWASP - Part 2.7:25
What we cover: OWASP web risks covering injection, insecure design, security misconfiguration, and vulnerable or outdated components.
Why it matters: These weaknesses enable unauthorized actions through untrusted input, flawed architecture, unsafe settings, or unpatched dependencies.
Exam relevance: Tested as selecting preventive controls like allowlisting, secure design patterns, hardening, and patch management in web scenarios.
OWASP - Part 3.8:18
What we cover: OWASP risks covering authentication failures, software integrity failures, and logging and monitoring failures.
Why it matters: These control gaps enable account takeover, supply chain compromise, and delayed detection due to missing or ignored telemetry.
Exam relevance: Tested as choosing preventive and detective controls for identity, software integrity validation, and centralized logging with alerting.
OWASP - Part 4.8:26
What we cover: Key web attack types and distinctions across SSRF, CSRF, and XSS plus detection and response gaps.
Why it matters: Correctly classifying web threats drives appropriate preventive controls across application, network, and monitoring layers.
Exam relevance: Tested via scenario-based identification and selecting the best mitigation while avoiding confusion between similarly named attacks.
OWASP
Software Vulnerabilities, Attacks, and Mitigations9:27
What we cover: Key software attack types and secure development concepts including buffer overflow, race conditions, privilege escalation, and SOAR.
Why it matters: These weaknesses enable unauthorized code execution and access, requiring correct control selection across development and operations.
Exam relevance: Tested as terminology distinctions and scenario-based identification of attack type, disclosure approach, and SIEM versus SOAR capability.
Software Vulnerabilities, Attacks, and Mitigations
Maturity Models - Part 1.10:34
What we cover: CMM and CMMI maturity models for process improvement from ad hoc to optimizing using metrics.
Why it matters: Maturity models guide selecting governance controls that increase process repeatability, predictability, and continuous improvement.
Exam relevance: Tested as recognizing maturity level characteristics and distinguishing CMM software focus from CMMI organization-wide integration.
Maturity Models - Part 2.10:21
What we cover: OWASP SAMM maturity model pillars and customizable maturity levels for software assurance activities.
Why it matters: It enables measurable, risk-based improvement planning for secure development practices across governance and delivery.
Exam relevance: Tested as identifying maturity models and selecting appropriate acceptance testing types for software release decisions.
Maturity Models
Buying software from other companies.13:05
What we cover: Third-party software acquisition controls and cloud responsibility models across deployment and service types.
Why it matters: Due diligence and contractual assurance prevent unmanaged vendor risk and unclear security ownership.
Exam relevance: Tested as selecting appropriate vendor governance and mapping shared responsibility across IaaS, PaaS, SaaS, and cloud deployments.
Buying software from other companies.
<NEW 2024> SCA - Software Composition Analysis.9:29
What we cover: Software component analysis as an application security control for third-party and open-source dependency risk.
Why it matters: It enables vulnerability and license visibility for components so teams can manage supply chain exposure.
Exam relevance: Tested as selecting SCA versus other testing tools and recognizing limits like false results and no proprietary code coverage.
Artificial intelligence (AI).5:13
What we cover: AI types used in security tooling: expert systems, artificial neural networks, and genetic programming.
Why it matters: These approaches drive automated detection and decision support, affecting control selection and trust in outputs.
Exam relevance: Tested as conceptual differentiation of AI methods and their fit for security monitoring and analysis tasks.
Artificial intelligence (AI).
What we covered in Domain 8.1:00
What we cover: Secure software development as a built-in requirement across SDLC, DevSecOps, OWASP risks, and third-party software.
Why it matters: It guides selecting preventive application security controls early and maintaining accountability through development and acquisition.
Exam relevance: Tested through scenario-based identification of secure SDLC practices, OWASP-related risk recognition, and vendor software security decisions.
(Bonus) Domain 8 - 30 practice questions.
Domain 8 links.1:12

Requirements

A basic understanding and knowledge of computers, networks, IT, and cyber security.
Personal cyber security knowledge and experience are bonuses but not required. The CISSP certification is THE senior-level cyber security certification and will assume an intermediate understanding of cyber security concepts.
Wanting to learn about management level IT Security and Cyber Security.

Description

* Updated for the 2024 CISSP curriculum and exam. We do in-place updates, meaning any future exam updates you get for free*

Welcome, I am Thor Pedersen, here to help you pass your CISSP certification and advance your career.

Get your CISSP certification, the gold standard in IT Security, and unlock career opportunities with an average salary of over $147,000 in the US.

There are over 82,000 CISSP job openings, so now is the perfect time to get certified.

Join the over 760,000 enrollments from 209 countries who have taken my “Best Selling” and “Highest Rated” CISSP, CISM, and Certified in Cybersecurity (CC) courses here on Udemy.

I think my courses are fantastic but don't just take my word for it. Here's what some of my other students have to say about them:

Thor's videos played a major factor in my ability to pass I cannot recommend them enough! (Blair, ★★★★★).
I passed the CISSP with the ISC Book and Thor's lectures and practice questions. Enough said! (Warren, ★★★★★).
Thor the Legend Pedersen! His course material here, his training site which has other supplementary stuff and his facebook channel all helped me in passing my CISSP. (Kenny, ★★★★★).
This content helped me pass my CISSP first time! It was the main material I used for studying! Very helpful! (Duncan, ★★★★★).
This course assisted me in successfully passing the CISSP Exam! Highly recommend! (Patrick, ★★★★★).
Hi Thor, I used your test and videos and passed the exam at first attempt. (Shan, ★★★★★).

Join our community of successful students and reach your certification goals!

When you buy this course you get all this:

8 hours of CISSP videos: Covering the CISSP Domain 7 and 8 exam topics.
89-page PDF CISSP study guides: Detailed guides made from our lectures.
11 Detailed CISSP Mind Maps.
36-page PDF Quick Sheets: For your review sessions.
2-page PDF CISSP Mnemonics: Memory aids to help you remember key concepts.
60 Domain 7-8 practice questions: Test your knowledge with 30 questions from each domain.
57 topic-specific questions: Reaffirm your knowledge after each major topic.
113 website links: Additional resources to deepen your understanding of Domain 7 and 8 topics.
Subtitles in multiple languages: nglish, Spanish (Latin America), Portuguese (Brazil), French, Arabic, Japanese, Chinese, and Hindi.
An automatic certificate of completion: Hang on your wall or use for CEUs/PDUs. (8 CEUs).
30-day money-back guarantee: No questions asked.
Lifetime Access to the course and all course updates.
Offline video viewing: Available on the Udemy mobile apps.

In Domain 7 we cover:

7.1 Understand and comply with investigations

7.2 Conduct logging and monitoring activities

7.3 Perform configuration management (CM) (e.g., provisioning, baselining, automation)

7.4 Apply foundational security operations concepts

7.5 Apply resource protection

7.6 Conduct incident management

7.7 Operate and maintain detection and preventative measures

7.8 Implement and support patch and vulnerability management

7.9 Understand and participate in change management processes

7.10 Implement recovery strategies

7.11 Implement disaster recovery (DR) processes

7.12 Test disaster recovery plan (DRP)

7.13 Participate in Business Continuity (BC) planning and exercises

7.14 Implement and manage physical security

7.15 Address personnel safety and security concerns

In Domain 8 we cover:

8.1 Understand and integrate security in the Software Development Life Cycle (SDLC)

8.2 Identify and apply security controls in software development ecosystems

8.3 Assess the effectiveness of software security

8.4 Assess security impact of acquired software

8.5 Define and apply secure coding guidelines and standards

We continue to update our courses to make sure you have the latest and most effective study materials:

2025: Added 11 CISSP Domain 7-8 Mind Maps. Updated quiz and practice questions.
2024: Updated for the 2024 curriculum. New videos on SAFe - Scaled Agile Frameworks, SCA - Software Composition Analysis. Added subtitles in Japanese and Portuguese (Brazil).
2023: 20+ updates with new content, clearer explanations, practice questions, and study guides. Added subtitles in Spanish (Latin America), French, Arabic, Chinese, and Hindi, and added topic quizzes with 57 questions.
2022: 20+ updates with new content, clearer explanations, practice questions, and study guides.
2021: Full course update for the 2021 curriculum.
2020: 30+ updates with new content, clearer explanations, practice questions, and study guides.
2019: 20+ updates with new content, clearer explanations, practice questions, and study guides.
2018: Full course update for the 2018 curriculum.

Start Your Certification Journey Today!

Join thousands of successful professionals who have transformed their careers with ThorTeaches. Let me guide you to CISSP certification success.

Enroll now and let's achieve your certification goals together!

Thor Pedersen

Who this course is for:

Students preparing for their CISSP exam.
Anyone wanting to get a deeper understanding of Cyber security at a management level.
Cyber Security professionals wanting to grow their knowledge.
Professionals needing CEUs/PDUs for other certifications. (8 CEUs).

CISSP Certification: CISSP Domain 7 & 8 Boot Camp 2026 Exam

What you'll learn

Explore related topics

Course content

Introduction4 lectures • 6min

CISSP Domain 7: Security Operations.36 lectures • 4hr 46min

CISSP Domain 8: Software Development Security.26 lectures • 3hr 17min

Bonus lectures.1 lecture • 6min

Requirements

Description

Who this course is for: