As a result of a rigorous, methodical process that (ISC)(2) follows to routinely update its credential exams, it has announced that enhancements will be made to both the Certified Information Systems Security Professional (CISSP) credential, beginning April 15, 2015. (ISC)(2) conducts this process on a regular basis to ensure that the examinations and subsequent training and continuing professional education requirements encompass the topic areas relevant to the roles and responsibilities of today's practicing information security professionals.
Refreshed technical content has been added to the official (ISC)(2) CISSP CBK to reflect the most current topics in the information security industry today. Some topics have been expanded (e.g., asset security, security assessment and testing), while other topics have been realigned under different domains. The result is an exam that most accurately reflects the technical and managerial competence required from an experienced information security professional to effectively design, engineer, implement and manage an organization's information security program within an ever-changing security landscape.
The domain names have been updated as follows:
CISSP Domains, Effective April 15, 2015
Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity) Asset Security (Protecting Security of Assets) Security Engineering (Engineering and Management of Security) Communications and Network Security (Designing and Protecting Network Security) Identity and Access Management (Controlling Access and Managing Identity) Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing) Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery) Software Development Security (Understanding, Applying, and Enforcing Software Security)
Some candidates may be wondering how these updates affect training materials for the CISSP credential. As part of the organization's comprehensive education strategy and certifying body best practices, (ISC)(2) training materials do not teach directly to its credential examinations. Rather, (ISC)(2) Education is focused on teaching the core competencies relevant to the roles and responsibilities of today's practicing information security professional. It is designed to refresh and enhance the knowledge of experienced industry professionals.
Domain 1 - Security & Risk Management Security & Risk Management Confidentiality, Integrity, and Availability Security Governance The Complete and Effective Security Program Compliance Global Legal and Regulatory Issues Understand Professional Ethics Develop and Implement Security Policy Business Continuity (BC) & Disaster Recovery (DR) Requirements Manage Personnel Security Risk Management Concepts Threat Modeling Acquisitions Strategy and Practice Security Education, Training, and Awareness
Domain 2 - Asset Security Asset Security Data Management: Determine and Maintain Ownership Data Standards Longevity and Use Classify Information and Supporting Assets Asset Management Protect Privacy Ensure Appropriate Retention Determine Data Security Controls Standards Selection
Domain 3 - Security Engineering Security Engineering The Engineering Lifecycle Using Security Design Principles Fundamental Concepts of Security Models Information Systems Security Evaluation Models Security Capabilities of Information Systems Vulnerabilities of Security Architectures Database Security Software and System Vulnerabilities and Threats Vulnerabilities in Mobile Systems Vulnerabilities in Embedded Devices and Cyber-Physical Systems The Application and Use of Cryptography Site and Facility Design Considerations Site Planning Implementation and Operation of Facilities Security
Domain 4 - Communications & Network Security Communications & Network Security Secure Network Architecture and Design Implications of Multi-Layer Protocols Converged Protocols Securing Network Components Secure Communication Channels Network Attacks
Domain 5 - Identity & Access Management Identity & Access Management Physical and Logical Access to Assets Identification and Authentication of People and Devices Identity Management Implementation Identity as a Service (IDaaS) Integrate Third-Party Identity Services Implement and Manage Authorization Mechanisms Prevent or Mitigate Access Control Attacks Identity and Access Provisioning Lifecycle
Domain 6 - Security Assessment & Testing Security Assessment & Testing Assessment and Test Strategies Collect Security Process Data Internal and Third-Party Audits
Domain 7 - Security Operations Security Operations Investigations Provisioning of Resources through Configuration Management Resource Protection Incident Response Preventative Measures against Attacks Patch and Vulnerability Management Change and Configuration Management The Disaster Recovery Process Test Plan Review Business Continuity and Other Risk Areas Access Control Personnel Safety
Domain 8 - Security in the Software Development Life Cycle Security in the Software Development Life Cycle Software Development Security Outline Environment and Security Controls Security of the Software Environment Software Protection Mechanisms Assess the Effectiveness of Software Security Assess Software Acquisition Security
Shop Now. Enjoy Now. Pay Later.
Pay in four simple instalments, available instantly at checkout.
All you need is:
1) A New Zealand credit or debit card; 2) To be at least 18 years of age; 3) To live in New Zealand
To see Afterpay's complete terms, visit https://www.afterpay.com/en-NZ/terms