CISSP Training & Examination Information

Source: (ISC)²

Introduction

Global Recognition for Top Information Security Professionals

As the first credential accredited by ANSI to ISO Standard 17024:2003 in the field of information security, the Certified Information Systems Security Professional (CISSP®) certification provides information security professionals with not only an objective measure of competence but a globally recognized standard of achievement. The CISSP credential demonstrates competence in the 10 domains of the (ISC)² CISSP® CBK®.

 

CISSP Common Body of Knowledge (CBK) Domains

Domain 1 – Access Control

Access controls are a collection of mechanisms that work together to create a security architecture to protect the assets of the information system.

Domain 2 - Application Security

This domain addresses the important security concepts that apply to application software development. It outlines the environment where software is designed and developed and explains the critical role software plays in providing information system security.

Domain 3 - Business Continuity and Disaster Recovery Planning

This domain addresses the preservation and recovery of business operations in the event of outages.

Domain 4 - Cryptography

The Cryptography domain addresses the principles, means, and methods of disguising information to ensure its integrity, confidentiality and authenticity.

Domain 5 - Information Security & Risk Management

Security Management entails the identification of an organization's information assets and the development, documentation, and implementation of policies, standards, procedures, and guidelines. Management tools such as data classification and risk assessment/analysis are used to identify threats, classify assets, and to rate system vulnerabilities so that effective controls can be implemented.

Domain 6 - Legal, Regulations, Compliance and Investigations

This domain addresses:
• Computer crime laws and regulations
• The measures and technologies used to investigate computer crime incidents

Domain 7 - Operations Security

Operations Security is used to identify the controls over hardware, media, and the operators and administrators with access privileges to any of these resources. Audit and monitoring are the mechanisms, tools, and facilities that permit the identification of security events and subsequent actions to identify the key elements and report the pertinent information to the appropriate individual, group, or process.

Domain 8 - Physical (Environmental) Security

The Physical (Environmental) Security domain provides protection techniques for the entire facility, from the outside perimeter to the inside office space, including all of the information system resources.

Domain 9 - Security Architecture & Design

The Security Architecture and Design domain contains the concepts, principles, structures, and standards used to design, monitor, and secure operating systems, equipment, networks, applications and those controls used to enforce various levels of availability, integrity, and confidentiality.

Domain 10 - Telecommunications & Network Security

The Telecommunications and Network Security domain discusses the:
• Network structures
• Transmission methods
• Transport formats
• Security measures used to provide availability, integrity, and confidentiality
• Authentication for transmissions over private and public communications networks and media

ISC² CISSP Self Assessment