Top CISSP Domains [ In-Demand ]

Last updated on 16th Aug 2020, Blog, General

According to the (ISC)² Global Information Security Workforce Survey (GISWS), the global workforce shortage will reach 1.5 million by 2020. In other words, there is a lack of qualified InfoSec professionals on the job market that is causing hiring and staffing difficulties for many organizations. As a result, there is now greater emphasis on forming professionals in the fields and on the certifications that can give IT practitioners a way to measure and prove their skills.

One of the most in-demand IT certification is CISSP®, for Certified Information Systems Security Professionals. An (ISC)² examination validates the candidates’ knowledge, can give them opportunities to advance their career and can provide them a path that would open up new possibilities for more demanding roles in a workplace that recognizes the specialized talents a CISSP credential holder has demonstrated. “CISSPs are information assurance professionals who define the architecture, design, management and controls that assure the security of business environments.” Employers of CISSP-certified professionals shall be confident in the knowledge that their skills are genuine and current.

CISSP Domine Over view

Over the course of the next 10 weeks or so, I’ll take a look at each one of the domains; give you some insight into what (ISC)² is looking for in that area; give you some supplemental reading material; and by the time we’re done, you should have a good grasp of the information you need to pass the CISSP exam as well as to succeed in your security professional career.

I will say this, one of the ways that you can ensure your preparation for the CISSP exam is by taking the Infosec’s award-winning CISSP course. Fill out the short form above for pricing information and details regarding our various training options (self paced, online mentored & instructor lead). As far as reading material is concerned, everyone should have their own personal copy of the CISSP CBK 2nd Edition from (ISC)²and Skillset.com for CISSP training.

Preparing for the Test

The Certified Information Systems Security Professional certification is an exam that focuses on the tester’s familiarity of every domain in the CBK- Critical/Complete Body of Knowledge in information security. To make sure all aspects of the test are covered, candidates can use learning material, which is widely available online. The official website list textbooks and provides practice exams. In addition, the community rated resources for CISSP CBK and Skillset.com CISSP practice questions are a good place to start.

Here are a few study books, an app, and webinar for the new CISSP CBK 2015:

• “The Official (ISC)² Guide to the CISSP CBK, Fourth Edition provides a comprehensive study of the refreshed 8 domains.” (ISC)² refers to it as the encyclopedia of topics.
• “(ISC)² Certified Information Systems Security Professional Official Study Guide, 7th Edition covers 100% of the CISSP Common Body of Knowledge (CBK):”
• “CISSP Official (ISC)² Practice Tests provides you with 1300 unique practice questions, covering all CISSP exam domains.”
• “CISSP for Dummies, 5th Edition provides you with a friendly and accessible framework for studying for this highly sought-after certification.” This is (ISC)² Approved.
• Aside from these, “Shon Harris’ CISSP All-in-One Exam Guide [7th Edition] is definitely worth checking out,” reports SSI Logic on its CISSPExamPractice.com website. This book is completely revised and updated for the 2015 CISSP body of knowledge.

Be sure also to check out what other online resources are available too. Other ways to study for the exam include:

• The Official (ISC)² CISSP App. “It includes flashcards, study questions and practice tests covering 100% of all exam objectives.” The app is based on the new Sybex CISSP (ISC)2 Certified Information Systems Security Professional OFFICIAL study guide.
• (ISC)²’s CBK Domain Preview – A webinar with a detailed overview of each domain of an (ISC)² credential.

Testers can contact (ISC)2 Official Training Providers and also the InfoSec Institute that offers training on Common Body of Knowledge (CBK). The Institute can ensure your preparation for the CISSP exam is complete through resources like CISSP Boot Camp course. This 7 Day CISSP Boot Camp Prep Course, is available in many locations in the US and Live Online. Students will have access to self-assessment exercises to know which of the CISSP domains they will need to spend more time reviewing, as well as take the CISSP practice exam to sharpen their knowledge and review the 8 CISSP Skillsets covering all domains.

What are the 8 CISSP domains?

• Security and Risk Management
• Asset Security
• Security Architecture and Engineering
• Communications and Network Security
• Identity and Access Management
• Security Assessment and Testing
• Security Operations
• Software Development Security

Security and Risk Management :

Security and Risk Management comprises about 15% of the CISSP exam. This is the largest domain in CISSP, providing a comprehensive overview of the things you need to know about information systems management.

It covers:

• The confidentiality, integrity and availability of information;
• Security governance principles;
• Compliance requirements;
• Legal and regulatory issues relating to information security;
• IT policies and procedures; and
• Risk-based management concepts.

Asset Security :

Asset Security comprises about 10% of the CISSP exam.This domain addresses the physical requirements of information security.

It covers:

• The classification and ownership of information and assets
• Privacy
• Retention periods
• Data security controls
• Handling requirements.

This is an important domain as it deals with the issues related to the management of data and the concept of ownership of information. This includes knowledge of the different roles regarding data processing (owner, processor, etc.:) as well as privacy concerns and limitations of use. Topics tested include:

• Information and Asset Classification
• Data and System Ownership (e.g. data owners, system owners)
• Protecting Privacy
• Data Retention
• Data Security Controls : how to protect data at rest or in transit, cryptography, etc.
• Data Handling Requirements (e.g. markings, labels, storage) – also includes destruction
• Public Key Infrastructure (PKI)

Security Architecture and Engineering :

Security Engineering comprises about 13% of the CISSP exam.This domain covers several important information security concepts.

Including:

This is a domain with a wide scope and covering several important concepts in information security. Candidates are tested on security engineering processes, models, and design principles. Vulnerabilities, database security, crypto systems, and clouds are also covered in this domain.

Topics tested include:

• Engineering processes using secure design principles
• Security models fundamental concepts
• Security evaluation models
• Certification and Accreditation
• Security capabilities of information systems
• Security architectures, designs, and solution elements vulnerabilities
• Web-based systems vulnerabilities
• Mobile systems vulnerabilities
• Embedded devices and cyber-physical systems vulnerabilities – includes IoT and devices in networks
• Database Architectures and Security
• Cryptography : PKI, digital signatures, keys, digital rights and cryptanalytic
• Site and facility design secure principles
• Physical security : concerns with water flooding, fires, storage security and more strictly “physical” issues

Communications and Network Security :

Communications and Network Security comprises about 14% of the CISSP exam.This domain covers the design and protection of an organisation’s networks.

This includes:

• Secure design principles for network architecture;
• Secure network components; and
• Secure communication channels.

Identity and Access Management :

Identity and Access Management comprises about 13% of the CISSP exam.This domain helps information security professionals understand how to control the way users can access data.

It covers:

• Physical and logical access to assets;
• Identification and authentication;
• Integrating identity as a service and third-party identity services;
• Authorisation mechanisms; and
• The identity and access provisioning lifecycle.

Security Assessment and Testing :

Security Assessment and Testing comprises about 12% of the CISSP exam.This domain focuses on the design, performance and analysis of security testing.

It includes:

• Designing and validating assessment and test strategies;
• Security control testing;
• Collecting security process data;
• Test outputs; and
• Internal and third-party security audits.

Security Operations :

Security Operations comprises about 13% of the CISSP exam. This domain addresses the way plans are put into action.

It covers:

• Understanding and supporting investigations;
• Requirements for investigation types;
• Logging and monitoring activities;
• Securing the provision of resources;
• Foundational security operations concepts;
• Applying resource protection techniques;
• Incident management;
• Disaster recovery;
• Managing physical security; and
• Business continuity.

Software Development Security :

Software Development Security comprises about 10% of the CISSP exam.This domain helps professionals to understand, apply and enforce software security.

It covers:

• Security in the software development life cycle;
• Security controls in development environments;
• The effectiveness of software security; and
• Secure coding guidelines and standards.