CISSP Domains

CISSP Domains

Domain 1: Access Control
1. Concepts/methodologies/techniques
2. Effectiveness
3. Attacks
Domain 2: Telecommunications and Network Security
1. Network architecture and design
2. Communication channels
3. Network components
4. Network attacks
Domain 3: Information Security Governance and Risk Management
1. Security governance and policy
2. Information classification/ownership
3. Contractual agreements and procurement processes
4. Risk management concepts
5. Personnel security
6. Security education, training and awareness
7. Certification and accreditation
Domain 4: Software Development Security
1. Systems development life cycle (SDLC)
2. Application environment and security controls
3. Effectiveness of application security
Domain 5: Cryptography
1. Encryption concepts
2. Digital signatures
3. Cryptanalytic attacks
4. Public Key Infrastructure (PKI)
5. Information hiding alternatives
Domain 6: Security Architecture and Design
1. Fundamental concepts of security models
2. Capabilities of information systems (e.g. memory protection, virtualization)
3. Countermeasure principles
4. Vulnerabilities and threats (e.g. cloud computing, aggregation, data flow control)
Domain 7: Operations Security
1. Resource protection
2. Incident response
3. Attack prevention and response
4. Patch and vulnerability management
Domain 8: Business Continuity and Disaster Recovery Planning
1. Business impact analysis
2. Recovery strategy
3. Disaster recovery process
4. Provide training
Domain 9: Legal, Regulations, Investigations and Compliance
1. Legal issues
2. Investigations
3. Forensic procedures
4. Compliance requirements/procedures
Domain 10: Physical (Environmental) Security
1. Site/facility design considerations
2. Perimeter security
3. Internal security
4. Facilities security

Next up

Description

Resource summary

Similar

	Created by pikeje almost 10 years ago

	Copied by Sara Talbott over 7 years ago