What is CISSP?

CISSP is the contraction for Certified Information Systems Security Professional. It is considered to be a standard quality in the information security sector.
This Cyber certification would be offered by (ISC)2 which is a worldwide non-profit organization. The CISSP Certification exam would be available in 8 languages at 882 locations in about 114 countries. Again to obtain this certification, isn’t that much easy, unless you have a good and reliable training provider on your side, like that of the SPOTO Club.

Some Technical Points to be remembered for the CISSP Certification:

Here are 8 CISSP Domains:
• Domain 1. Security and Risk Management
• Domain 2. Asset Security
• Domain 3. Security Architecture and Engineering
• Domain 4. Communication and Network Security
• Domain 5. Identity and Access Management (IAM)
• Domain 6. Security Assessment and Testing
• Domain 7. Security Operations
• Domain 8. Software Development Security

Let’s discuss all the domains in detail:

Domain 1 – Security and Risk Management

It comprises about 15% of the CISSP exam. This is considered to be the largest domain in CISSP, providing a comprehensive overview of the things you would be needed to know about information systems management.

It would be covering:
• Compliance requirements;
• IT policies and procedures; and
• Legal and regulatory issues relating to information security;
• Risk-based management concepts.
• Security governance principles;
• The confidentiality, integrity, and availability of information;

Domain 2 – Asset Security

It would be comprised of about 10% of the CISSP exam. This domain would address the physical requirements of information security.
It would be covering:
• Data security controls;
• Handling requirements.
• Privacy;
• Retention periods;
• Classification and ownership of information and assets;

Domain 3 – Security Architecture and Engineering

It would be comprised of about 13% of the CISSP exam. This domain would be covering numerous important information security concepts, which would include:
• Assessing and mitigating vulnerabilities in systems;
• Cryptography;
• Designing and implementing physical security.
• Engineering processes using secure design principles;
• Fundamental concepts of security models;
• Security capabilities of information systems;

Domain 4 – Communications and Network Security

It would comprise about 14% of the CISSP exam. This domain would be covering the design and protection of an organization’s networks.

This would be including:
• Secure communication channels.
• Secure design principles for network architecture;
• Secure network components;

Domain 5 – Identity and Access Management

It would be comprised of about 13% of the CISSP exam. This domain would be helping information security professionals to understand how to control the way users could be accessing data.

It would be covering:
• Authorisation mechanisms;
• Identification and authentication;
• Amalgamating identity as a service and third-party identity services;
• Physical and logical access to assets;
• The identity and access provisioning lifecycle.

Domain 6 – Security Assessment and Testing

It would be comprised of about 12% of the CISSP exam. This domain would be focusing on the design, performance as well as analysis of security testing. It would be including:
• Collecting security process data;
• Designing and validating assessment and test strategies;
• Internal and third-party security audits.
• Security control testing;
• Test outputs;

Domain 7 – Security Operations

It would be comprised of about 13% of the CISSP exam. This domain would be addressing the way plans are put into action. It would be covering:
• Applying resource protection techniques;
• Business continuity.
• Disaster recovery;
• Foundational security operations concepts;
• Incident management;
• Logging and monitoring activities;
• Managing physical security;
• Requirements for investigation types;
• Securing the provision of resources;
• Understanding and supporting investigations;

Domain 8 – Software Development Security

It would be comprised of about 10% of the CISSP exam. This domain would be helping the professionals for understanding, applying, and enforcing software security.

It would be covering:
• Secure coding guidelines and standards.
• Security controls in development environments;
• Security in the software development life cycle;
• The effectiveness of software security;

For more such information, you should check out the training courses which are being offered at the SPOTO Club.