Some basic technical points of CISSP certification

What is CISSP?

CISSP is the contraction for Certified Information Systems Security Professional. It is considered to be a standard quality in the information security sector. This Cyber certification would be offered by (ISC)2 which is a worldwide non-profit organization. The CISSP Certification exam would be available in 8 languages at 882 locations in about 114 countries. Again to obtain this certification, isn’t that much easy, unless you have a good and reliable training provider on your side, like that of the SPOTO Club.

 

Some Technical Points to be remembered for the CISSP Certification:

Here are 8 CISSP Domains: • Domain 1. Security and Risk Management • Domain 2. Asset Security • Domain 3. Security Architecture and Engineering • Domain 4. Communication and Network Security • Domain 5. Identity and Access Management (IAM) • Domain 6. Security Assessment and Testing • Domain 7. Security Operations • Domain 8. Software Development Security Let’s discuss all the domains in detail:

Domain 1 - Security and Risk Management

It comprises about 15% of the CISSP exam. This is considered to be the largest domain in CISSP, providing a comprehensive overview of the things you would be needed to know about information systems management. It would be covering: • Compliance requirements; • IT policies and procedures; and • Legal and regulatory issues relating to information security; • Risk-based management concepts. • Security governance principles; • The confidentiality, integrity, and availability of information;

Domain 2 - Asset Security

It would be comprised of about 10% of the CISSP exam. This domain would address the physical requirements of information security. It would be covering: • Data security controls; • Handling requirements. • Privacy; • Retention periods; • Classification and ownership of information and assets;

Domain 3 - Security Architecture and Engineering

It would be comprised of about 13% of the CISSP exam. This domain would be covering numerous important information security concepts, which would include: • Assessing and mitigating vulnerabilities in systems; • Cryptography; • Designing and implementing physical security. • Engineering processes using secure design principles; • Fundamental concepts of security models; • Security capabilities of information systems;

Domain 4 - Communications and Network Security

It would comprise about 14% of the CISSP exam. This domain would be covering the design and protection of an organization’s networks. This would be including: • Secure communication channels. • Secure design principles for network architecture; • Secure network components;

Domain 5 - Identity and Access Management

It would be comprised of about 13% of the CISSP exam. This domain would be helping information security professionals to understand how to control the way users could be accessing data. It would be covering: • Authorisation mechanisms; • Identification and authentication; • Amalgamating identity as a service and third-party identity services; • Physical and logical access to assets; • The identity and access provisioning lifecycle.

Domain 6 - Security Assessment and Testing

It would be comprised of about 12% of the CISSP exam. This domain would be focusing on the design, performance as well as analysis of security testing. It would be including: • Collecting security process data; • Designing and validating assessment and test strategies; • Internal and third-party security audits. • Security control testing; • Test outputs;

Domain 7 - Security Operations

It would be comprised of about 13% of the CISSP exam. This domain would be addressing the way plans are put into action. It would be covering: • Applying resource protection techniques; • Business continuity. • Disaster recovery; • Foundational security operations concepts; • Incident management; • Logging and monitoring activities; • Managing physical security; • Requirements for investigation types; • Securing the provision of resources; • Understanding and supporting investigations;

Domain 8 - Software Development Security

It would be comprised of about 10% of the CISSP exam. This domain would be helping the professionals for understanding, applying, and enforcing software security. It would be covering: • Secure coding guidelines and standards. • Security controls in development environments; • Security in the software development life cycle; • The effectiveness of software security; For more such information, you should check out the training courses which are being offered at the SPOTO Club.