What is CISSP?
CISSP is the contraction for Certified Information Systems Security Professional. It is considered to be a standard quality in the information security sector.
This Cyber certification would be offered by (ISC)2 which is a worldwide non-profit organization. The CISSP Certification exam would be available in 8 languages at 882 locations in about 114 countries. Again to obtain this certification, isn’t that much easy, unless you have a good and reliable training provider on your side, like that of the SPOTO Club.
Some Technical Points to be remembered for the CISSP Certification:
Here are 8 CISSP Domains: • Domain 1. Security and Risk Management
• Domain 2. Asset Security
• Domain 3. Security Architecture and Engineering
• Domain 4. Communication and Network Security
• Domain 5. Identity and Access Management (IAM)
• Domain 6. Security Assessment and Testing
• Domain 7. Security Operations
• Domain 8. Software Development Security
Let’s discuss all the domains in detail:
Domain 1 - Security and Risk Management
It comprises about 15% of the CISSP exam. This is considered to be the largest domain in CISSP, providing a comprehensive overview of the things you would be needed to know about information systems management.
It would be covering: • Compliance requirements;
• IT policies and procedures; and
• Legal and regulatory issues relating to information security;
• Risk-based management concepts.
• Security governance principles;
• The confidentiality, integrity, and availability of information;
Domain 2 - Asset Security
It would be comprised of about 10% of the CISSP exam. This domain would address the physical requirements of information security.
It would be covering: • Data security controls;
• Handling requirements.
• Privacy;
• Retention periods;
• Classification and ownership of information and assets;
Domain 3 - Security Architecture and Engineering
It would be comprised of about 13% of the CISSP exam. This domain would be covering numerous important information security concepts, which would include:
• Assessing and mitigating vulnerabilities in systems;
• Cryptography;
• Designing and implementing physical security.
• Engineering processes using secure design principles;
• Fundamental concepts of security models;
• Security capabilities of information systems;
Domain 4 - Communications and Network Security
It would comprise about 14% of the CISSP exam. This domain would be covering the design and protection of an organization’s networks.
This would be including: • Secure communication channels.
• Secure design principles for network architecture;
• Secure network components;
Domain 5 - Identity and Access Management
It would be comprised of about 13% of the CISSP exam. This domain would be helping information security professionals to understand how to control the way users could be accessing data.
It would be covering: • Authorisation mechanisms;
• Identification and authentication;
• Amalgamating identity as a service and third-party identity services;
• Physical and logical access to assets;
• The identity and access provisioning lifecycle.
Domain 6 - Security Assessment and Testing
It would be comprised of about 12% of the CISSP exam. This domain would be focusing on the design, performance as well as analysis of security testing.
It would be including: • Collecting security process data;
• Designing and validating assessment and test strategies;
• Internal and third-party security audits.
• Security control testing;
• Test outputs;
Domain 7 - Security Operations
It would be comprised of about 13% of the CISSP exam. This domain would be addressing the way plans are put into action.
It would be covering: • Applying resource protection techniques;
• Business continuity.
• Disaster recovery;
• Foundational security operations concepts;
• Incident management;
• Logging and monitoring activities;
• Managing physical security;
• Requirements for investigation types;
• Securing the provision of resources;
• Understanding and supporting investigations;
Domain 8 - Software Development Security
It would be comprised of about 10% of the CISSP exam. This domain would be helping the professionals for understanding, applying, and enforcing software security.
It would be covering: • Secure coding guidelines and standards.
• Security controls in development environments;
• Security in the software development life cycle;
• The effectiveness of software security;
For more such information, you should check out the training courses which are being offered at the SPOTO Club.