The globally prominent Certified Information Systems Security Professional or (CISSP) qualification is going to provide the information security professionals with an objective measure of competence and is going to be divided into eight domains:
1. Security and Risk Management
2. Asset Security
3. Security Engineering
4. Communications and Network Security
5. Identity and Access Management
6. Security Assessment and Testing
7. Security Operations
8. Software Development Security
If you want to have the
CISSP Certification, you would require having the knowledge of all the above-mentioned domains. The training which is provided by SPOTO would be your best bet of gaining this certification.
Let’s gain an overview of all these CISSP Domains:
1. Security and Risk Management
The Security and Risk Management is considered as the largest domain in CISSP and it is focused on a number of key business topics: such as the concepts of confidentiality, availability and integrity; compliance requirements; security governance principles; legal and regulatory issues relating to information security; IT procedures and policies; and risk-based management concepts. The Average weight of this exam is 15%
2. Asset Security
Asset Security is focused on ownership and classification of information and assets; retention periods; privacy; data security controls; and handling requirements. The Average weight of this exam is 10%
3. Security Engineering
Security Engineering domain will include several important information security concepts, which would include engineering processes utilizing secure design principles; security capabilities of information systems; fundamental concepts of security models; designing and implementing physical security; cryptography; and assessing and mitigating vulnerabilities in systems. The Average weight of this exam is 13%
4. Communications and Network Security
The Communications and Network Security domain is focused on protecting and designing network security. It is going to cover the topics which include secure design principles for network architecture; secure communication channels; secure network components; and preventing or mitigating network attacks. The Average weight of this exam is 14%
5. Identity and Access Management
Identity and Access Management helps the professionals to understand how to control the way that the users could access the data. It also covers topics like authorization mechanisms; physical and logical access to assets; identification and authentication; integrating identity as a service and third-party identity services; access control attacks; and the identity and access provisioning lifecycle. The Average weight of this exam is 13%
6. Security Assessment and Testing
The Security Assessment and Testing domain are going to be focused on designing, performing as well as analyzing security testing. Topics covered here include security control testing; designing and validating assessment and test strategies; collecting security process data; and internal and third-party security audits; test outputs. The Average weight of this exam is 12%
7. Security Operations
The Security Operations domain will include the key topics which include supporting and understanding investigations; logging and monitoring activities; securing the provision of resources; requirements for investigation types; foundational security operations concepts; applying resource protection techniques; incident management; managing physical security; and disaster recovery. The Average weight of this exam is 13%
8. Software Development Security
The final CISSP domain would be helping the professionals in order to understand, about the application, and enforcing software security. It is going to cover security in the Software Development Life Cycle (SDLC); the effectiveness of software security; secure coding guidelines and standards; and security controls in development environments. The Average weight of this exam is 10%
Candidates who are sitting at the CISSP Common Body of Knowledge (CBK) exam would be tested on each of the above mentioned eight domains. The exam would be consisting of about 100 to 150 multiple-choice questions and lasts about three hours. The passing score of this exam is 70%. Candidates could prepare for the exam with CISSP training and appropriate revision materials. But for that, you need to have good training and for that, you could have the proper training, which is offered by SPOTO.