Full Course Outline (Aligned to the 2026 ISC2 Certified in Cybersecurity Exam Blueprint) The ISC2 CC exam consists of five domains. This course covers 100% of them, with practical scenarios tailored for absolute beginners.
Exam Details: 100–125 multiple-choice questions | 2-hour time limit | Passing score 700/1000.
Phase 0: Course Kickoff & Mindset (Pre-Week)
Topic 0.1: Why the CC exam is the perfect starting point for career changers
Topic 0.2: How to use this course (hands-on labs, study groups, practice exams)
Topic 0.3: Setting up your digital notebook (OneNote, Notion, or Obsidian)
Topic 0.4: Cybersecurity ethics and the ISC2 Code of Ethics — why integrity matters from Day 1
Domain 1: Security Principles (26% of exam)
"Understanding the foundational rules that keep digital assets safe."
Week 1: The CIA Triad & Core Security Concepts
Confidentiality, Integrity, Availability — with real-world stories (data breaches, ransomware attacks)
Non-repudiation, authentication, authorization, and accounting (AAA)
Physical security vs. logical security
Privacy concepts and why they matter for compliance
Week 2: Risk Management & Security Controls
Risk identification, assessment, and treatment (accept, mitigate, transfer, avoid)
Security controls: administrative, technical, and physical
Control types: preventive, deterrent, detective, corrective, compensating
Introduction to Zero Trust principles
Threat intelligence basics: how organizations stay ahead of attackers
Hands-On Lab: Run your first basic vulnerability scan in a safe virtual lab (using free tools).
Domain 2: Business Continuity (BC), Disaster Recovery (DR) & Incident Response (10% of exam)
"What happens when things go wrong? How do organizations survive and recover?"
Week 3: Incident Response (IR)
The incident response lifecycle (Preparation → Detection → Containment → Eradication → Recovery → Lessons Learned)
Indicators of compromise (IoCs) vs. indicators of attack (IoAs)
Incident response teams (CSIRT, SOC) and their roles
Forensic fundamentals for beginners
Week 4: Business Continuity & Disaster Recovery
Business continuity (keeping business running) vs. disaster recovery (restoring IT systems)
RTO (Recovery Time Objective) and RPO (Recovery Point Objective)
Backup strategies, types (full, incremental, differential), and 3-2-1 backup rule
Disaster recovery testing — why "hope is not a strategy"
Hands-On Lab: Simulate a ransomware incident and walk through containment, eradication, and recovery steps using a guided scenario.
Domain 3: Access Controls Concepts (22% of exam)
"Who gets in? And what can they do once they're inside?"
Week 5: Access Control Models & Methods
Discretionary Access Control (DAC), Mandatory Access Control (MAC), Role-Based Access Control (RBAC)
Rule-based access control and Attribute-Based Access Control (ABAC)
Physical access controls: badges, biometrics, mantraps
Week 6: Authentication & Authorization
Authentication factors: something you know, have, or are
Multi-Factor Authentication (MFA) — why SMS is weak and app-based is better
Single Sign-On (SSO) and federation (explained without jargon)
Principle of least privilege and need-to-know
Hands-On Lab: Configure MFA on a mock user account and identify which access control model fits different real-world scenarios.
Domain 4: Network Security (Exam domain — approx. 20–22%)
"How data travels and how attackers intercept it."
Week 7: Networking Basics for Security Beginners
IP addresses (IPv4 vs. IPv6), ports, and protocols (TCP, UDP)
OSI model (using a pizza delivery analogy so it actually sticks)
Subnetting — enough to understand what a network segment is
DNS, DHCP, and ARP (explained in plain English)
Week 8: Network Security Controls & Threats
Firewalls (stateless vs. stateful), intrusion detection/prevention systems (IDS/IPS)
Network segmentation and DMZs
Common network attacks: sniffing, spoofing, DDoS, man-in-the-middle
VPNs, encryption in transit, and wireless security fundamentals
Hands-On Lab: Explore a simulated network topology and identify where firewalls, IDS, and segmentation should be placed.
Domain 5: Security Operations (Exam domain — approx. 20%–22%)
"Day-to-day security: logging, monitoring, and keeping systems healthy."
Week 9: Security Monitoring & Log Management
What is a Security Operations Center (SOC)? What do analysts actually do?
Log sources: system, application, security, network
SIEM (Security Information and Event Management) — what it does at a beginner level
Alert triage: distinguishing noise from real threats
Week 10: Endpoint Security & Vulnerability Management
Antivirus, EDR (Endpoint Detection and Response), and application whitelisting
Patching and update management — why unpatched systems are attacker magnets
Hardening systems (default passwords, unnecessary services, least privilege)
Week 11: Data Security & Cryptography Basics
Data states: at rest, in transit, and in use
Encryption basics: symmetric vs. asymmetric (with everyday analogies)
Hashing, digital signatures, and certificates
Data Loss Prevention (DLP) and data classification
Hands-On Lab: Review a set of sample security logs and identify which alerts require immediate action.
Phase 7: Exam Readiness & Final Prep (Weeks 12–13)
Week 12: Practice Exams & Question Breakdown
Full-length practice exam (100 questions, timed)
Detailed answer explanations — not just "why A is correct," but "why B, C, and D are wrong"
Test-taking strategies for the CAT (computer-adaptive testing) format
Time management: how to finish 100+ questions in 2 hours
Week 13: Final Review & Certification
Domain-by-domain rapid-fire review
What comes next: The CC exam is just your launchpad. We'll map out possible career paths (SOC Analyst, Junior Penetration Tester, GRC Analyst, etc.) and which certifications to pursue next (Security+, CySA+, PenTest+, etc.).