The 8 CISSP Domains Explained

Are you into IT security? Do you want to get qualified? If so you might want to investigate CISSP.

The Certified Information Systems Security Professional or CISSP qualification is a highly respected certification in the information security sector. It clearly demonstrates a person's advanced knowledge of cyber security. The qualification has been developed by (ISC)2, which maintains it, and it's neatly split into eight detailed, logical 'domains' of knowledge.

About the CISSP qualification

When you take the CISSP Common Body of Knowledge exam, you'll be tested on all of the CISSP 8 domains. The exam lasts three hours and is made up of anything from 100 to 150 multiple choice questions. To pass you need to get 70% correct. There's an excellent official CISSP study guide to take advantage of, and there's even a five day fast-track CISSP Accelerated Training Programme to join if you like.

If you want to acquire really good, solid, in-depth knowledge and expertise in cyber security, it's ideal. If you want to boost your employability or improve your business' cyber security, here's what you need to know about the 8 domains of CISSP.

What are the 8 CISSP domains?

1. Security and Risk Management

2. Asset Security

3. Security Architecture and Engineering

4. Communications and Network Security

5. Identity and Access Management

6. Security Assessment and Testing

7. Security Operations

8. Software Development Security

What do the CISSP 8 domains cover?

1. Security and Risk Management – Around 15% of the exam

This CISSP domain gives you a thorough, in-depth overview of what you need to know about information systems management, covering a broad-based set of essentials:

  • Information confidentiality, integrity and availability

  • The principles behind security governance

  • Compliance requirements

  • The legal and regulatory landscape

  • IT policies and procedures

  • All about risk-based management

2. Asset Security – Approx 10% of the exam

This domain of CISSP explores the physical side of information security, covering:

  • Classification and ownership of information and information assets

  • Privacy

  • The amount of time you can legally retain data

  • Data security controls

  • Data handling

3. Security Engineering – About 13% of the exam

This CISSP domain introduces a series of vital information security concepts:

  • How to engineering processes with secure design principles

  • The fundamental concepts behind various security models

  • Information systems' security capabilities

  • Pinning down and managing vulnerabilities in IT systems

  • Cryptography

  • How to design and put in place physical IT security

4. Communications and Network Security – Approx. 14% of the exam

This domain deals with designing and protecting networks and covers:

  • Secure design principles for network architecture

  • Secure network components

  • Secure comms channels

5. ID and Access Management – Around 13% of the exam

This section teaches IT security professionals how to control user access, covering:

  • People's physical and logical access to assets

  • Identifying and authenticating

  • Making sure identity as a service and third-party identity are integrated

  • All about authorisation mechanisms

  • Exploring the identity and access provision cycle

6. Security Assessment and Testing – About 12% of the exam

This one looks at the design, performance and analysis of security testing, including:

  • How to design and validate effective IT security assessment and test strategies

  • About security control testing

  • How to collect data about security processes

  • Test outputs

  • Security audits for internal and third-party customers

7. Security Operations – Approx. 13% of the exam

This domain explores how plans are put into action. It covers:

  • How to understand and support investigations

  • What the different investigation types require

  • Logging and monitoring

  • Securing resources

  • The concepts behind foundational security operations

  • How to apply resource protection

  • Managing incidents

  • Disaster recovery

  • How to manage physical security

  • Business continuity

8. Software Development Security – Around 10% of the CISSP exam

This final domain aids professionals in the understanding, application and enforcement of software security, covering:

  • Software development life cycle security

  • Security controls for the development environment

  • The effectiveness of software security

  • Secure coding guidelines and standards

Together the 8 domains of CISSP provide cyber security professionals with comprehensive, detailed and in-depth knowledge about every aspect of software security. If you're considering a career in the sector, it'll give you an enormous advantage over less-qualified professionals. And it'll help you keep your organisation's data safe and sound, vital when fines for data breaches and theft are potentially so high.



St Bride Foundation

14 Bride Lane




Free Tools

©2019 by Forensic Control  All Rights Reserved.      

This site uses cookies to enable certain functions. By using this site, you consent to the use of cookies.