THE DIFFERENT DOMAINS OF CISSP CBK
There are eight different domains in the CISSP exam which test the different abilities of a candidate appearing the exam. Having experience in working under at least two of these domains is a mandatory experience for getting a CISSP certification. This exam tests the advanced knowledge required for this field. The eight domains of CISSP are:
- Security Operations
- Security Assessment and Testing
- Identity and Access Management
- Communications and Network Security
- Asset Security
- Security and Risk Management
- Software Development Security
- Security Architecture and Engineering
The Security Operations domain covers around 13% of the syllabus. It is based on how one should implement the plans and turn them into effective actions. This domain focuses upon the understanding of certain investigations and supporting them. They are required to understand the type of investigation that has arisen, and they should try to solve and assist the team in the investigation. They are chiefly responsible for logging and monitoring activities. They are also bestowed with the responsibility of managing physical security. This domain covers the topic of resource protection, and one should learn how to apply these techniques in real-life situations. The domain also covers important topics like indigent management. The concepts of foundational security operations can be found here. This domain trains individuals to learn business continuity, which provides a big hand of help to business firms or agencies. The provisions of securing resources are enlisted here.
The Security Assessment and Testing cover is around 12% of the CISSP exam. The main purpose of this domain is to train professionals to design security testing and analyze their performance by running tests on them. This domain is highly data and statistics oriented as there is a high amount of tests that are run on several systems. These tests give results which are then analyzed by the individuals by comparing them to any standard or any past tests. Under the training of this domain, individuals learn how to maintain internal and third-party security audits.
The next domain is Identity and Access Management, which comprises around 13% of the total syllabus. This domain comprises learning and training regarding data accessing and understanding how to control it. There are a variety of authorization methodologies one has to go through to understand this domain perfectly. They are expected to understand the logical and physical access to assets. They should understand the lifecycle that revolves around identity and access provisioning. Next up, we have the Communications and Network Security. This covers approximately 14% of the CISSP exam. They mainly deal with providing security to an organization and designing techniques for the same. Here, the candidates learn to design principles that will guide the network architecture. After the training, one will understand how to secure network components and communication channels, the next domain we will look after is, Asset Security, as the name suggests this domain gives the necessary training to address the real-life provisions of information security. It teaches about data security controls, privacy, classifications of assets, and how to handle requirements. This domain covers around 10% of the CISSP exam. The next domain is Security and Risk Management. It is the enormous domain of CISSP, which provides an overview of information systems management. It comprises around 15% of the CISSP exam. The topics in this domain are mostly pertaining to security, policies, management concepts, and legal issues. After taking this training, one is expected to understand the intimacy, integrity, and availability of information. They need to comply with the requirements and must have a basic estimate of them. Next up, we have Software Development Security. This domain covers around 10% of the CISSP exam. Knowledge under this domain is mainly related to understanding, application, and enforcement of software security. One should be able to differentiate between software development and the development environment. This domain underlines the importance of software security by imparting knowledge about its effectiveness. Professionals will learn how to prepare coding guidelines and standards. The last domain we are going to discuss is Security Architecture and Engineering. This is a very special and unique domain among all the domains. It underlines all the security concepts, which include cryptography, designing of physical security, capabilities of information systems, and understanding processes to design the principles. They can understand the capabilities of information systems pertaining to security.
These domains help the professionals to understand the essentials to become an efficient individual in this IT sector.