CISSP Domains


The CISSP domains are drawn from various information security topics within the (ISC)² CBK. The CISSP CBK consists of the following ten domains:

  • Access Control –acollectionofmechanismsthatwork togethertocreatesecurityarchitecturetoprotecttheassetsof theinformationsystem.
    • Concepts/methodologies/techniques
    • Effectiveness
    • Attacks
  • Telecommunications and Network Security –discusses network structures,transmissionmethods,transportformatsandsecurity measuresused toprovideavailability, integrityandconfidentiality.
    • Network architecture and design
    • Communication channels
    • Network components
    • Network attacks
  • Information Security Governance and Risk Management –theidentificationofanorganization’sinformation assetsand thedevelopment, documentationandimplementationofpolicies, standards, proceduresand guidelines.
    • Security governance and policy
    • Information classification/ownership
    • Contractual agreements and procurement processes
    • Risk management concepts
    • Personnel security
    • Security education, training and awareness
    • Certification and accreditation
  • Software Development Security –refersto thecontrolsthat areincluded within systemsandapplications softwareand the steps used intheirdevelopment.
    • Systems development life cycle (SDLC)
    • Application environment and security controls
    • Effectiveness of application security
  • Cryptography –theprinciples,means and methods ofdisguising informationtoensureitsintegrity,confidentialityandauthenticity.
    • Encryption concepts
    • Digital signatures
    • Cryptanalytic attacks
    • Public Key Infrastructure (PKI)
    • Information hiding alternatives
  • Security Architecture and Design –containstheconcepts, principles, structuresandstandardsused to design,implement, monitor,andsecure, operating systems, equipment, networks, applications,and thosecontrolsused toenforce variouslevels ofconfidentiality, integrityandavailability.
    • Fundamental concepts of security models
    • Capabilities of information systems (e.g. memory protection, virtualization)
    • Countermeasure principles
    • Vulnerabilities and threats (e.g. cloud computing, aggregation, data flow control)
  •  Operations Security –used toidentifythecontrolsoverhardware,media and theoperatorswithaccess privilegesto any of these resources.
    • Resource protection
    • Incident response
    • Attack prevention and response
    • Patch and vulnerability management
  •  Business Continuity and Disaster Recovery Planning –addressesthepreservationof thebusinessin the face ofmajor disruptionstonormalbusinessoperations.
    • Business impact analysis
    • Recovery strategy
    • Disaster recovery process
    • Provide training
  • Legal, Regulations, Investigations and Compliance –addresses computer crimelaws andregulations;theinvestigative measuresandtechniqueswhich can be used todetermineif acrimehas beencommittedand methods togatherevidence.
  • Physical (Environmental) Security –addressesthethreats, vulnerabilitiesandcountermeasuresthat can beutilizedtophysically protectanenterprise’s resourcesandsensitiveinformation.
    • Site/facility design considerations
    • Perimeter security
    • Internal security
    • Facilities security

The CISSP candidate must have at least 5 years of experience in two or more of the above domains.



Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de

Estás comentando usando tu cuenta de Cerrar sesión /  Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión /  Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión /  Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión /  Cambiar )


Conectando a %s