If you want to climb the IT career ladder, you should consider getting certified. One of the most popular and respected certifications is the Certified Information Systems Security Professionals (CISSP). Developed and maintained by the international non-profit organization (ISC)², CISSP validates a professional’s skills and experience in implementing and managing security architects for their organization. Show
The CISSP exam has eight parts, known as domains. You will need to be proficient in each domain to get the certification. In this post, we will break down each of the eight domains, including how much weight they hold in the exam. But first, let’s take a look at the upcoming CISSP exam changes. New CISSP exam version effective May 1, 2021An updated version of the CISSP certification exam went into effect on May 1, 2021. The new version of the CISSP common body of knowledge (CBK) reflects the most pertinent issues around cybersecurity, along with the measures for mitigating those problems. The names and number of CISSP CBK domains are the same as in the 2018 CISSP exam, but the domain weights have changed for two of the eight domains. Essentially, domain four now has one percent less weight while domain eight’s weight has increased by one percent. The weights of all other domains remain unchanged. View the CISSP exam outline for even more detail about the (ISC)² CISSP CBK. A brief overview of the eight CISSP domains(ISC)² defines and organizes the CISSP domains based on its survey of the cybersecurity industry, often referred to as a job task study (JTA). The CISSP CBK domains are updated every three years to keep up ensure professionals are tested on the latest topic areas relevant to the roles and responsibilities of today’s practicing information security professionals. Many organizations rely on this test to ensure the readiness of their IT security teams. For example, the CISSP cert is DoD 8570 approved by the U.S. Department of Defense for workers conducting information assurance (IA) functions. Because CISSP is globally recognized and is one of the most sought-after certifications in information security, it is listed as one of the top security certifications you should acquire. Here are the eight domains to be studied for the refreshed CISSP exam: Domain 1: Security and risk managementThe security and risk management domain covers general concepts in information security. Candidates are evaluated on skills related to the implementation of user awareness programs as well as security procedures. Emphasis is also placed on risk management concerning the acquisition of new services, hardware and software (supply chain). CISSP 2021 will also test candidates’ knowledge of phishing and social engineering defense mechanisms and how they can use gamification to bolster their company’s cybersecurity. This domain makes up 15% of the CISSP exam and includes the following exam objectives:
Domain 2: Asset securityThis is an important domain as it deals with the issues related to the collection, storage, maintenance, retention and destruction of data. It also validates candidates’ knowledge of different roles regarding data handling (owner, controller and custodian) as well as data protection methods and data states. Other topics tested include resource provision, asset classification and data lifecycle management. The asset security domain makes up 10% of the CISSP exam and includes the following exam objectives:
Domain 3: Security architecture and engineeringThe security architecture and engineering part covers important security engineering topics using plans, designs and principles. Candidates are tested on assessing and mitigating information system vulnerabilities, fundamental concepts of security models and security architectures in critical areas like access control. Cloud systems, cryptography, system infiltrations (ransomware, fault-injection and more) and virtualized systems are also covered in this domain. The security architecture and engineering domain makes up 13% of the CISSP exam and includes the following exam objectives:
Domain 4: Communication and network securityCISSP’s fourth domain tests candidates’ ability to secure communication channels and networks. Exam takers will have to answer questions on secure and converged protocols, wireless networks, cellular networks, hardware operation (warranty and redundant power) and third-party connectivity. IP networking (IPSec, IPv4 and IPv6) are also included in this domain. The communication and network security domain previously comprised 14% of the exam, but it was adjusted to 13% weight in the latest version of CISSP. It includes the following exam objectives:
Domain 5: Identity and access management (IAM)This section of the exam covers the attacks that target the human gateway to gain access to data. Plus, candidates are tested on ways to identify users with rights to access the information and servers. Identify and access management covers the topics of applications, Single sign-on authentication, privilege escalation, Kerberos, rule-based or risk-based access control, proofing and establishment of identity. The identity and access management domain makes up 13% of the CISSP exam and includes the following exam objectives:
Domain 6: Security assessment and testingThis domain deals with all the techniques and tools used to find system vulnerabilities, weaknesses and potential areas of concern not addressed by security procedures and policies. Attack simulations and ethical disclosure also fall under this domain. Additionally, candidates are tested on penetration testing and vulnerability assessment. The latest version of the CISSP exam also lists compliance checks as one of the topics tested. The security assessment and testing domain makes up 12% of the CISSP exam and includes the following exam objectives:
Domain 7: Security operationsAnother practical and very broad subset, security operations covers topics ranging from investigations and digital forensic to detection and intrusion prevention tools, sandboxing and firewalls. Topics tested include user and entity behavior analytics, threat intelligence (threat hunting and threat feeds) log management, artifacts (mobile, computer and network) and machine learning and AI-based tools. The security operations domain makes up 13% of the CISSP exam and includes the following exam objectives:
Domain 8: Software development securityAs the name indicates, this domain deals with implementing software-based security protocols within environments for which the IT professional is responsible. Risk analysis, vulnerability identification and auditing of source codes are all covered in this subset. Also, candidates are tested on software-designed security, maturity models, development methodologies, open-source and third-party development security. The software development security domain previously comprised 10% of the exam, but it was adjusted to 11% weight in the latest version of CISSP. It includes the following exam objectives:
More about the CISSP examThe CISSP CBK tests your competence in the eight domains mentioned. Learning each domain will give you the knowledge you need to pass the exam, excel in this career and perform related operational duties. The (ISC)² CISSP exam uses computerized adaptive testing (CAT) for all English exams; all other languages are administered as linear, fixed-form exams. Read our article about the CISSP exam to learn more about the exam format, duration and scheduling. The CISSP is one of the most recognized information security certifications and can increase your marketability, allowing you to move into better-paying roles. Get our free ebook of CISSP exam tips for advice on passing the exam on your first attempt. Sources
How many domains does the Certified Information Systems Security Professional CISSP certification test cover?Developed and maintained by the international non-profit organization (ISC)², CISSP validates a professional's skills and experience in implementing and managing security architects for their organization. The CISSP exam has eight parts, known as domains.
What are the 8 domains of the CISSP?The CISSP exam is six hours long and comprises of 250 MCQs and complex innovative questions examining the applicant's knowledge and understanding of the eight CISSP domains, security, and risk management, asset security, communications and network security, security engineering, security assessment and testing, ...
How many domains are in the Cissp CBK?Those who sit the CISSP CBK (Common Body of Knowledge) exam will be tested on each of the eight domains.
What are the 10 domains of cybersecurity?The Security Domains. Access Control.. Telecommunications and Network Security.. Information Security Governance and Risk Management.. Software Development Security.. Cryptography.. Security Architecture and Design.. Operations Security.. Business Continuity and Disaster Recovery Planning.. |