Framed for cyber security professionals, the Certified Information Systems Security Professional exam or CISSP is a globally recognised certification.
CISSP certification offered by ISSAP
First held in 1994 by the International Information Systems Security Certification Consortium, this certification examination has undergone many changes through the years to match the latest needs of cyber security. Especially the domains and core topics.
Currently, there are 8 domains of CISSP you need to master to pass the exam.
Let us look at the details of these domains, what changes you can expect in the upcoming exam and how to prepare for it!
What Are the Major 8 CISSP Domains?
Also known as CISSP CBK domains, CISSP has 8 major domains in total. These domains undergo frequent changes in terms of weighting. While the difference in weightage for CISSP domains in 2022 and 2023 wasn’t much, some of them are expected to change starting April 2024.
| CISSP Domains | Current Weightage (effective 1st May 2021) | Revised Weightage (effective 15th April 2024) |
|---|---|---|
| 1. Security & Risk Management | 15% | 16% |
| 2. Asset Security | 10% | 10% |
| 3. Security Architect & Engineering | 13% | 13% |
| 4. Communication & Network Security | 13% | 13% |
| 5. Identity & Access Management (IAM) | 13% | 13% |
| 6. Security Assessment & Testing | 12% | 12% |
| 7. Security Operations | 13% | 13% |
| 8. Software Development Security | 11% | 10% |
These are all the Top 8 CISSP domains list with their respective weightage and how they’ll change with the next update. If you’re also preparing for CEH v12 exam and wondering which one is better, check out CEH Vs. CISSP Certification, and assess which certification best aligns with your career trajectory.
CISSP 8 Domains Explained
Now that you know what are the 8 domains of CISSP, let’s dive deep into their syllabus and core concepts. We will explain all the CISSP domains and concepts individually for a clear understanding.
1. Security and Risk Management
With 16% weightage, this is the most important domain in the CISSP exam. This domain has core concepts of security, risk management, security architecture, and engineering. Further, it focuses on the identification, analysis, and mitigation of security risks.
Its core concepts include:
- IC2S code of professional ethics
- Application of security concepts
- Security governance principles
- Legal and regulatory aspects of cybersecurity
- Different investigation types
- Fundamentals of risk management, threat modelling, and supply chain risk management concepts.
2. Asset Security
This domain has a 10% weightage and covers the identification, classification, and protection of information assets. It focuses on safeguarding data, applications, hardware, and other IT resources.
The core concepts of this domain include:
- Asset and data classification
- Asset handling
- Data lifecycle management
- Asset retention like EOL & EOS
- Data security controls and compliance requirements
3. Security Architecture and Engineering
With a weightage of 13%, this domain covers the design, implementation, and maintenance of secure information systems. Its emphasis mostly inclines towards secure design principles, security models, and secure system development methodologies.
The core concepts you need to know include:
- Securing design principles through the engineering processes
- Fundamentals of security models like Biba, Star Model, etc.
- System security requirements
- Security capabilities of IS, like TPM, encryption/ decryption.
- Vulnerability assessment and mitigation
- Finding cryptographic solutions
- Method of cryptanalytic attacks
4. Communication and Network Security
As one of the most significant CISSP security domains, communication, and network security hold 13% weightage. This domain covers network security protocols, secure network design, and network attack mitigation techniques.
This domain includes core concepts like:
- Implementing secure design principles in network architecture
- Secure network components
- Implementing secure communication channels
5. Identity and Access Management
This domain holds a weightage of 13% and covers the identification, authentication, authorisation, and access control of users and systems. It focuses on user provisioning, access management, and identity federation.
Here are the key areas covered in this domain:
- Physical and logical access to assets
- Identifying and authenticating people, devices, and services
- Authorisation mechanism
- Identity and access provisioning lifecycle
- Implementing authentication systems
6. Security Assessment and Testing
With 12% weighting, this domain explores the identification and assessment of security vulnerabilities in systems and networks. It focuses on vulnerability scanning, penetration testing, and security audits.
Some of the core concepts include:
- Assessment test and audit strategies
- Security control testing
- Security process data collection
- Analysing test outputs and report generation
- Facilitating security audits
7. Security Operations
This domain covers the day-to-day operations of an information security program. It has a 13% weighting in CISSP exams and focuses on aspects like incident response, security monitoring, and log management.
The core concepts include:
- Fundamentals of the investigation process
- Conducting logging and monitoring activities like SIEM, UEBA, etc.
- Configuration Management (CM)
- Resource protection
- Conducting incident management
- Different detective and preventive measures
- Support patch and vulnerability management
- Recovery strategies
- Disaster Recovery (DR) process
- Test Disaster Recovery Plans (DRP)
- Business Continuity (BC) planning
8. Software Development Security
Among all the CISSP security domains, this one holds the least weighting, 10%. This domain covers the secure development of software applications. It focuses on secure coding practices, secure Software Development Lifecycles (SDLCs), and application security testing.
Here are the core concepts of this domain:
- Software Development Life Cycle DLC security
- Software development ecosystem security controls
- Software’s security effectiveness assessment
- Secure coding guidelines
Related Post : CISSP Requirements
How to prepare for the CISSP Examinations with Updated Study Materials?
Now that we have covered the core curriculum offered under each domain, it is time to kickstart your CISSP exam prep. Here are a few valuable tips you can use to start your CISSP journey:
- Create a study plan: Planning ahead for your CISSP examination can offer you enough time to assess the core concepts and revise them for full comprehension.
- Get a study guide: Getting study guides for the CISSP curriculum simplifies a lot of things. From complex topics to real-world scenarios exemplifying said topics.
- Access CISSP learning resources online: The web is full of valuable resources, so why not reap its benefits? Look for CISSP playlists on YouTube to find extensive details on each CISSP domain. You can also check out CISSP training programs on platforms like Edureka to get your hands on a well-rounded curriculum that is created by experts.
- Prepare personal notes: In the middle of going through guides and online learning resources, ensure that you are simultaneously working on creating personal notes.
- Take CISSP Practice tests: The most important step while preparing for CISSP examinations is to work with practice tests. Buy practice textbooks and take 2-3 tests each day. Practicing is the best way to understand how far you’ve come and which concepts need the most attention.
- Take breaks: After spending hours daily for preparation, make sure you give yourself enough breaks to feel refreshed. Small breaks between your study plan can help retain concepts better.
Did you know the CISSP salary after completing this certification can range anywhere between INR 800,000 to INR 30,00,000? Although actual salary figures can vary based on factors such as role, location, company, experience, etc., knowing that it is a lucrative and well-respected opportunity should be reason enough to help boost your preparations!
Related Post :How to pass CISSP
Conclusion
The CISSP exam includes several core security topics, ensuring that CISSP professionals get a well-rounded understanding of information security. While we have provided a detailed list of core topics covered, a structured path could really help you navigate this challenging exam with just the right steps.
Curious to know how?
Check out CISSP Certification Training Online offered by Edureka! This CISSP training program not only prepares you for the examination but also trains you on CISSP interview questions & answers to prepare you for the road ahead as well. So, enrol now to maximise your chances of success!
FAQS
1. How many CISSP domains are there, and what are they?
The number of domains in CISSP is 8. These domains include security and risk management, asset protection, security architecture and engineering, communication and network security, identity and access management, security evaluation and testing, security operations, and software development security.
2. What is the CISSP pass rate?
The pass rate of the CISSP exam is around 20%.
3. Is CISSP harder than PMP?
Most people consider the CISSP exam to be harder than the PMP certification as CISSP requires knowledge of more topics, even if it is not in-depth.
4. Is CISSP domain weightage changing in 2024?
Yes, the weightings of some domains are expected to change in 2024 for CISSP certification exam.
5. How many domains do you need to pass CISSP?
To qualify for the certification you need to pass all 8 domains of CISSP.
6. Can I pass the CISSP in 3 months?
Yes, with dedication and guidance, you can pass the CISSP in 3 months.
7. Is CISSP better than CEH?
Both certifications are highly valued in the field of cybersecurity. CISSP is more comprehensive, so some see it as a better course than CEH. However, if your focus is only on ethical hacking, then CEH would be a better option.