Vous êtes sur la page 1sur 25
CISSP Domain Changes CISSP 8 Domains: Effective Date of Change: April 15 t h 2015
CISSP Domain Changes CISSP 8 Domains: Effective Date of Change: April 15 t h 2015
CISSP Domain Changes CISSP 8 Domains: Effective Date of Change: April 15 t h 2015
CISSP Domain Changes CISSP 8 Domains: Effective Date of Change: April 15 t h 2015
CISSP Domain Changes CISSP 8 Domains: Effective Date of Change: April 15 t h 2015
CISSP Domain Changes CISSP 8 Domains: Effective Date of Change: April 15 t h 2015
CISSP Domain Changes CISSP 8 Domains: Effective Date of Change: April 15 t h 2015
CISSP Domain Changes CISSP 8 Domains: Effective Date of Change: April 15 t h 2015
CISSP Domain Changes CISSP 8 Domains: Effective Date of Change: April 15 t h 2015
CISSP Domain Changes CISSP 8 Domains: Effective Date of Change: April 15 t h 2015
CISSP Domain Changes CISSP 8 Domains: Effective Date of Change: April 15 t h 2015
CISSP Domain Changes CISSP 8 Domains: Effective Date of Change: April 15 t h 2015
CISSP Domain Changes CISSP 8 Domains: Effective Date of Change: April 15 t h 2015

CISSP Domain Changes

CISSP Domain Changes CISSP 8 Domains: Effective Date of Change: April 15 t h 2015
CISSP Domain Changes CISSP 8 Domains: Effective Date of Change: April 15 t h 2015
CISSP Domain Changes CISSP 8 Domains: Effective Date of Change: April 15 t h 2015
CISSP Domain Changes CISSP 8 Domains: Effective Date of Change: April 15 t h 2015
CISSP Domain Changes CISSP 8 Domains: Effective Date of Change: April 15 t h 2015
CISSP Domain Changes CISSP 8 Domains: Effective Date of Change: April 15 t h 2015
CISSP Domain Changes CISSP 8 Domains: Effective Date of Change: April 15 t h 2015
CISSP Domain Changes CISSP 8 Domains: Effective Date of Change: April 15 t h 2015
CISSP Domain Changes CISSP 8 Domains: Effective Date of Change: April 15 t h 2015
CISSP Domain Changes CISSP 8 Domains: Effective Date of Change: April 15 t h 2015

CISSP 8 Domains:

Effective Date of Change: April 15 th 2015

Domain Changes

CISSP 10 Domains:

1. Access Control

2. Telecommunications and Network Security

3. Information Security Governance and Risk Mgmt.

4. Software Development Security

5. Cryptography

6. Security Architecture and Design

7. Operations Security

8. Business Continuity and Disaster Recovery Planning

9. Legal, Regulations, Investigations, and Compliance

10. Physical (Environmental) Security

New CISSP 8 Domains

10. Physical (Environmental) Security New CISSP 8 Domains CISSP 8 Domains: (Effective April 15, 2015) 1.

CISSP 8 Domains:

(Effective April 15, 2015)

1. Security and Risk Management

2. Asset Security

3. Security Engineering

4. Communications and Network Security

5. Identity and Access Management

6. Security Assessment and Testing

7. Security Operations

8. Software Development Security

Effective Date of Change: April 15 th

2015

CISSP 8 Domains: (Effective April 15, 2015)

1. Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity)

2. Asset Security (Protecting Security of Assets)

3. Security Engineering (Engineering and Management of Security)

4. Communications and Network Security (Designing and Protecting Network Security)

5. Identity and Access Management (Controlling Access and Managing Identity)

6. Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)

7. Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery)

8. Software Development Security (Understanding, Applying, and Enforcing Software Security)

New CISSP 8 Domains

Applying, and Enforcing Software Security) New CISSP 8 Domains Effective Date of Change: April 15 t

Effective Date of Change: April 15 th

2015

1. Security and Risk Management

The Security and Risk Management domain

The Security and Risk Management domain

provides you with the framework and policies,

provides you with the framework and policies,

concepts, principles, structures, and standards used

concepts, principles, structures, and standards used

to establish criteria for the protection of

to establish criteria for the protection of

information assets and to assess the effectiveness

information assets and to assess the effectiveness

of that protection. It includes issues of governance,

of that protection. It includes issues of governance,

organizational behaviour, and security awareness.

organizational behaviour, and security awareness.

New CISSP 8 Domains

organizational behaviour, and security awareness. New CISSP 8 Domains Effective Date of Change: April 15 t

Effective Date of Change: April 15 th

2015

1. Security and Risk Management

• •

• •

• •

• •

• •

• •

Understand and apply concepts of confidentiality, integrity and

Understand and apply concepts of confidentiality, integrity and

availability

availability

Apply security governance principles

Apply security governance principles

Compliance

Compliance

Understand legal and regulatory issues that pertain to information

Understand legal and regulatory issues that pertain to information

security in a global context

security in a global context

Understand professional ethics

Understand professional ethics

Develop and implement documented security policy, standards,

Develop and implement documented security policy, standards,

procedures, and guidelines

procedures, and guidelines

New CISSP 8 Domains

procedures, and guidelines procedures, and guidelines New CISSP 8 Domains Effective Date of Change: April 15

Effective Date of Change: April 15 th

2015

• •

• •

• •

• •

• •

• •

• • • • • • • • • • • • 1. Security and Risk

1. Security and Risk Management

Understand business continuity requirements

Understand business continuity requirements

Contribute to personnel security policies

Contribute to personnel security policies

Understand and apply risk management concepts

Understand and apply risk management concepts

Understand and apply threat modelling

Understand and apply threat modelling

Integrate security risk considerations into acquisition strategy and

Integrate security risk considerations into acquisition strategy and

practice

practice

Establish and manage information security education, training,

Establish and manage information security education, training,

and awareness

and awareness

New CISSP 8 Domains

education, training, and awareness and awareness New CISSP 8 Domains Effective Date of Change: April 15

Effective Date of Change: April 15 th

2015

2. Asset Security

The Asset Security domain provides you with the

The Asset Security domain provides you with the

concepts, principles, structures, and standards used

concepts, principles, structures, and standards used

to monitor and secure assets and those controls

to monitor and secure assets and those controls

used to enforce various levels of confidentiality,

used to enforce various levels of confidentiality,

integrity, and availability.

integrity, and availability.

New CISSP 8 Domains

and availability. integrity, and availability. New CISSP 8 Domains Effective Date of Change: April 15 t

Effective Date of Change: April 15 th

2015

2. Asset Security

• •

• •

• •

• •

• •

• •

Classify information and supporting assets

Classify information and supporting assets

Determine and maintain ownership

Determine and maintain ownership

Protect privacy

Protect privacy

Ensure appropriate retention

Ensure appropriate retention

Determine data security controls

Determine data security controls

Establish handling requirements

Establish handling requirements

handling requirements Establish handling requirements New CISSP 8 Domains Effective Date of Change: April 15 t
handling requirements Establish handling requirements New CISSP 8 Domains Effective Date of Change: April 15 t

New CISSP 8 Domains

Effective Date of Change: April 15 th

2015

3. Security Engineering

The Security Engineering domain provides you with

The Security Engineering domain provides you with

the concepts, principles, structures, and standards

the concepts, principles, structures, and standards

used to design, implement, monitor, and secure

used to design, implement, monitor, and secure

operating systems, equipment, networks,

operating systems, equipment, networks,

applications, and those controls used to enforce

applications, and those controls used to enforce

various levels of confidentiality, integrity, and

various levels of confidentiality, integrity, and

availability.

availability.

New CISSP 8 Domains

integrity, and availability. availability. New CISSP 8 Domains Effective Date of Change: April 15 t h

Effective Date of Change: April 15 th

2015

• •

• •

• •

• •

• •

3. Security Engineering

Implement and manage engineering processes using secure design

Implement and manage engineering processes using secure design

principles

principles

Understand the fundamental concepts of security models

Understand the fundamental concepts of security models

Select controls and countermeasures based upon systems security

Select controls and countermeasures based upon systems security

evaluation models

evaluation models

Understand security capabilities of information systems

Understand security capabilities of information systems

Assess and mitigate the vulnerabilities of security architectures, designs,

Assess and mitigate the vulnerabilities of security architectures, designs,

and solution elements

and solution elements

New CISSP 8 Domains

designs, and solution elements and solution elements New CISSP 8 Domains Effective Date of Change: April

Effective Date of Change: April 15 th

2015

• •

• •

• •

• •

• •

• •

3. Security Engineering

Assess and mitigate the vulnerabilities in web-based systems

Assess and mitigate the vulnerabilities in web-based systems

Assess and mitigate vulnerabilities in mobile systems

Assess and mitigate vulnerabilities in mobile systems

Assess and mitigate vulnerabilities in embedded devices and cyber-

Assess and mitigate vulnerabilities in embedded devices and cyber-

physical systems

physical systems

Apply cryptography

Apply cryptography

Apply secure principles to site and facility design

Apply secure principles to site and facility design

Design and implement physical security

Design and implement physical security

New CISSP 8 Domains

physical security Design and implement physical security New CISSP 8 Domains Effective Date of Change: April

Effective Date of Change: April 15 th

2015

4. Communication & Network Security

The Communications and Network Security domain

The Communications and Network Security domain

provides you with an understanding of network

provides you with an understanding of network

security related to structures, methods, formats,

security related to structures, methods, formats,

and measures for the transmission of information.

and measures for the transmission of information.

New CISSP 8 Domains

and measures for the transmission of information. New CISSP 8 Domains Effective Date of Change: April

Effective Date of Change: April 15 th

2015

4. Communication & Network Security

• •

• •

• •

• •

Apply secure design principles to network architecture

Apply secure design principles to network architecture

Secure network components

Secure network components

Design and establish secure communication channels

Design and establish secure communication channels

Prevent or mitigate network attacks

Prevent or mitigate network attacks

New CISSP 8 Domains

network attacks Prevent or mitigate network attacks New CISSP 8 Domains Effective Date of Change: April
network attacks Prevent or mitigate network attacks New CISSP 8 Domains Effective Date of Change: April

Effective Date of Change: April 15 th

2015

5. Identity & Access Management

The Identity and Access Management domain

The Identity and Access Management domain

provides the basis for the understanding how

provides the basis for the understanding how

access management works, why it is a key security

access management works, why it is a key security

discipline, and how each individual component to

discipline, and how each individual component to

be discussed in this chapter relates to the overall

be discussed in this chapter relates to the overall

access management universe. The most

access management universe. The most

fundamental and significant concept to master is a

fundamental and significant concept to master is a

precise definition of the term “access control”.

precise definition of the term “access control”.

New CISSP 8 Domains

precise definition of the term “access control”. New CISSP 8 Domains Effective Date of Change: April

Effective Date of Change: April 15 th

2015

5. Identity & Access Management

• •

• •

• •

• •

• •

• •

• •

Control physical and logical access to assets

Control physical and logical access to assets

Manage identification and authentication of people and devices

Manage identification and authentication of people and devices

Integrate identity as a service

Integrate identity as a service

Integrate third-party identity services

Integrate third-party identity services

Implement and manage authorization mechanisms

Implement and manage authorization mechanisms

Prevent or mitigate access control attacks

Prevent or mitigate access control attacks

Manage the identity and access provisioning lifecycle

Manage the identity and access provisioning lifecycle

Manage the identity and access provisioning lifecycle New CISSP 8 Domains Effective Date of Change: April
Manage the identity and access provisioning lifecycle New CISSP 8 Domains Effective Date of Change: April

New CISSP 8 Domains

Effective Date of Change: April 15 th

2015

6. Security Assessment & Testing

The Security Assessment and Testing domain

The Security Assessment and Testing domain

provides you with the knowledge to assist in

provides you with the knowledge to assist in

managing the risks involved in developing,

managing the risks involved in developing,

producing, operating, and sustaining systems and

producing, operating, and sustaining systems and

capabilities.

capabilities.

New CISSP 8 Domains

and sustaining systems and capabilities. capabilities. New CISSP 8 Domains Effective Date of Change: April 15

Effective Date of Change: April 15 th

2015

• •

• •

• •

• •

• •

• • • • • • • • • • 6. Security Assessment & Testing Design
• • • • • • • • • • 6. Security Assessment & Testing Design

6. Security Assessment & Testing

Design and validate assessment and test strategies

Design and validate assessment and test strategies

Conduct security control testing

Conduct security control testing

Collect security process data

Collect security process data

Analyse and report test outputs

Analyse and report test outputs

Understand the vulnerabilities of security architectures

Understand the vulnerabilities of security architectures

Understand the vulnerabilities of security architectures New CISSP 8 Domains Effective Date of Change: April 15

New CISSP 8 Domains

Effective Date of Change: April 15 th

2015

7. Security Operations

The Security Operations domain covers operations

The Security Operations domain covers operations

security and security operations. Operations security

security and security operations. Operations security

is primarily concerned with the protection and control

is primarily concerned with the protection and control

of information processing assets in centralized and

of information processing assets in centralized and

distributed environments. Security operations is

distributed environments. Security operations is

primarily concerned with the daily tasks required to

primarily concerned with the daily tasks required to

keep security services operating reliably and

keep security services operating reliably and

efficiently.

efficiently.

New CISSP 8 Domains

operating reliably and efficiently. efficiently. New CISSP 8 Domains Effective Date of Change: April 15 t

Effective Date of Change: April 15 th

2015

• •

• •

• •

• •

• •

• •

• •

• •

7. Security Operations

Understand and support investigations

Understand and support investigations

Understand requirements for investigation types

Understand requirements for investigation types

Conduct logging and monitoring activities

Conduct logging and monitoring activities

Secure the provisioning of resources

Secure the provisioning of resources

of resources Secure the provisioning of resources Understand and apply foundational security operations

Understand and apply foundational security operations concepts

Understand and apply foundational security operations concepts

Employ resource protection techniques

Employ resource protection techniques

Conduct incident management

Conduct incident management

Operate and maintain preventative measures

Operate and maintain preventative measures

New CISSP 8 Domains

measures Operate and maintain preventative measures New CISSP 8 Domains Effective Date of Change: April 15

Effective Date of Change: April 15 th

2015

7. Security Operations

• •

• •

• •

• •

• •

• •

• •

• •

Implement and support patch and vulnerability management

Implement and support patch and vulnerability management

Participate in and understand change management processes

Participate in and understand change management processes

Implement recovery strategies

Implement recovery strategies

Implement disaster recovery processes

Implement disaster recovery processes

Test disaster recover plans

Test disaster recover plans

Participate in business continuity planning and exercises

Participate in business continuity planning and exercises

Implement and manage physical security

Implement and manage physical security

Participate in addressing personnel safety concerns

Participate in addressing personnel safety concerns

New CISSP 8 Domains

Participate in addressing personnel safety concerns New CISSP 8 Domains Effective Date of Change: April 15

Effective Date of Change: April 15 th

2015

8. Software Security Development

The Software Security Development domain

The Software Security Development domain

provides you with the abilities required to ensure

provides you with the abilities required to ensure

that the focus of the enterprise security

that the focus of the enterprise security

architecture includes application development,

architecture includes application development,

since many information security incidents involve

since many information security incidents involve

software vulnerabilities in one form or another.

software vulnerabilities in one form or another.

New CISSP 8 Domains

software vulnerabilities in one form or another. New CISSP 8 Domains Effective Date of Change: April

Effective Date of Change: April 15 th

2015

8. Software Security Development

• •

• •

• •

• •

Understand and apply security in the software development lifecycle

Understand and apply security in the software development lifecycle

and apply security in the software development lifecycle Enforce security controls in development environments

Enforce security controls in development environments

Enforce security controls in development environments

Assess the effectiveness of software security

Assess the effectiveness of software security

Assess security impact of acquired software

Assess security impact of acquired software

software Assess security impact of acquired software New CISSP 8 Domains Effective Date of Change: April

New CISSP 8 Domains

Effective Date of Change: April 15 th

2015

Exam Outline

• •

• •

• •

• •

Provides a comprehensive overview of the domains and key areas of

Provides a comprehensive overview of the domains and key areas of

knowledge

knowledge

Examination qualification requirements

Examination qualification requirements

Includes a suggested reference list

Includes a suggested reference list

Download >> www.isc2.org/exam-outline New CISSP 8 Domains Effective Date of Change: April 15 t h
Download >> www.isc2.org/exam-outline New CISSP 8 Domains Effective Date of Change: April 15 t h

New CISSP 8 Domains

Effective Date of Change: April 15 th

2015

Official Text Book

Official Text Book Aligns with the refreshed 8 domains Aligns with the refreshed 8 domains •

Aligns with the refreshed 8 domains

Aligns with the refreshed 8 domains

• •

• •

• •

• •

• •

• •

Real work examples

Real work examples

Glossary with over 400 terms

Glossary with over 400 terms

Glossary with over 400 terms Glossary with over 400 terms End of domain review questions End

End of domain review questions

End of domain review questions

Only textbook endorsed by (ISC)²

Only textbook endorsed by (ISC)²

Available in hard cover, iTunes, and Kindle

Available in hard cover, iTunes, and Kindle

Official Text Book Provided to QA CISSP Course Students*

Official Text Book Provided to QA CISSP Course Students*

>> www.isc2.org/official-isc2-textbooks *During 8 Domain Course Refresh Period

*During 8 Domain Course Refresh Period

CISSP Domain Changes qa.com/cybersecurity Effective Date of Change: April 15 t h 2015
CISSP Domain Changes qa.com/cybersecurity Effective Date of Change: April 15 t h 2015
CISSP Domain Changes qa.com/cybersecurity Effective Date of Change: April 15 t h 2015
CISSP Domain Changes qa.com/cybersecurity Effective Date of Change: April 15 t h 2015
CISSP Domain Changes qa.com/cybersecurity Effective Date of Change: April 15 t h 2015
CISSP Domain Changes qa.com/cybersecurity Effective Date of Change: April 15 t h 2015
CISSP Domain Changes qa.com/cybersecurity Effective Date of Change: April 15 t h 2015
CISSP Domain Changes qa.com/cybersecurity Effective Date of Change: April 15 t h 2015
CISSP Domain Changes qa.com/cybersecurity Effective Date of Change: April 15 t h 2015
CISSP Domain Changes qa.com/cybersecurity Effective Date of Change: April 15 t h 2015
CISSP Domain Changes qa.com/cybersecurity Effective Date of Change: April 15 t h 2015
CISSP Domain Changes qa.com/cybersecurity Effective Date of Change: April 15 t h 2015
CISSP Domain Changes qa.com/cybersecurity Effective Date of Change: April 15 t h 2015

CISSP Domain Changes

CISSP Domain Changes qa.com/cybersecurity Effective Date of Change: April 15 t h 2015
CISSP Domain Changes qa.com/cybersecurity Effective Date of Change: April 15 t h 2015
CISSP Domain Changes qa.com/cybersecurity Effective Date of Change: April 15 t h 2015
CISSP Domain Changes qa.com/cybersecurity Effective Date of Change: April 15 t h 2015
CISSP Domain Changes qa.com/cybersecurity Effective Date of Change: April 15 t h 2015
CISSP Domain Changes qa.com/cybersecurity Effective Date of Change: April 15 t h 2015
CISSP Domain Changes qa.com/cybersecurity Effective Date of Change: April 15 t h 2015

qa.com/cybersecurity

Effective Date of Change: April 15 th 2015

CISSP Domain Changes qa.com/cybersecurity Effective Date of Change: April 15 t h 2015