According to the (ISC)² GISWS (Global Information Security Workforce Survey), the global workforce shortage would be reaching 1.5 million by 2020. In other words, there is a lack of qualified InfoSec professionals on the job market that is causing staffing and hiring difficulties for many organizations. As a result, there is now greater emphasis tempted on forming professionals in the fields and on the certifications that can give IT practitioners a way to measure and prove their skills.
A domain about different aspects of risk, which will have 16% Weight in the exam:
This is a domain that is going to be covering general, basic concepts in information security, especially focusing on confidentiality, integrity, and availability (CIA). Testers, then, are evaluated on skills related to the implementation of security policies and procedures as well as on the perfecting of business continuity planning and recovery points as well as implementing solid user awareness programs. Great emphasis is going to be placed on risk management especially in relation to the safe acquisition of new services, software, and hardware.
A domain about securing assets, which will have 10% Weight in the exam:
This is an important domain as it deals with the issues related to the management of data and the concept of ownership of information. This includes knowledge of the different roles regarding data processing (owner, processor, etc.:) as well as privacy concerns and limitations of use.
A domain on applying principles in IS architecture design, which will have 12% Weight in the exam:
This is a domain that would be having a wide scope and covering several important concepts in information security. Candidates are tested on security engineering processes, models, and design principles. Vulnerabilities, database security, cryptosystems, and clouds are also covered in this domain.
A domain that focuses on Designing and Protecting Network Security, which will have 12% Weight in the exam:
Considering it as an important domain, this section of the exam would be dealing with network security and the ability to create secure communication channels. Testers will have to answer questions on different aspects of network architecture, communication protocols, segmentation, routing, and wireless transmissions.
A domain to understand the different styles of controlling the way that users gain access to data, which will have 13% Weight in the exam:
This part of the test deals with attacks that exploit the human component to gain access to data and ways to identify those who have the right to access servers and information. It covers the concept of sessions, multi-factor authentication, proofing, credentials, role-based or rule-based access control, MAC, and DAC.
There are three more modules, and you have to learn it all. I would recommend you to join the courses offered by SPOTO to gain success in the CISSP, in the very first attempt.