(ISC)² is considered to be the World’s Leading Cybersecurity and IT Security Professional Organization. You are going to face immense pressure to stay ahead of attacks and keep yourself up-to-date in their ever-changing security profession. But you are not only the one.
CISSPs are SMEs with work involved in two or more than two of the eight domains of the CISSP CBK and possess a thorough knowledge, skills, and experience through training and learning. Those that hold the CISSP certification would have demonstrated the necessary talents to perform the operational duties at enterprises while abiding by the high ethical standards that are needed to set forth to the Code of Ethics of the (ISC) ² which would provide a clear measure of competence for the entire profession; this, would also assure the uniformity across the industry so that each and everyone in the field is on the same page.
Let’s take a brief:
• Security and Risk Management
This is a domain that would be going to cover the general as will be based on basic concepts in information security, especially focusing on confidentiality, integrity, and availability (CIA). Testers, then, are needed to be evaluated on skills related to the implementation of security policies and procedure as well as on the perfecting of business continuity planning as well as recovery points and implementing solid user awareness programs. Great emphasis is placed on risk management especially in relation to the acquisition of safety for new software, hardware, and services.
• Asset Security
It is an important domain as it deals with the issues that are related to the management of data and the concept of ownership of information. This might include knowledge of the different roles regarding data processing such as owner, processor, etc. as well as the privacy concerns and limitations of use.
• Security Engineering
This is a domain with a wide scope and coverage of several important concepts in information security. Candidates are tested on security engineering models, processes, and design principles.
• Communications and Network Security
Another important domain, this section of the exam is going to deal with network security and the ability to create a secure communication channel. Testers would have to answer questions on different aspects of network architecture, segmentation, communication protocols, routing, and wireless transmissions.
• Identity and Access Management or (IAM)
This part of the exam would be dealing with attacks that exploit the human component to gain access to data and certain ways to identify those who have rights to access to servers and information. It is going to cover various concepts of sessions, multi-factor.
• Security Assessment and Testing
This crucial domain would be covering all the tools and techniques that are being used so as to assess the security of systems and find vulnerabilities, errors in design or coding, weaknesses and certain possible areas of concerns that are found to be uncorrected by policies and procedures. Vulnerability assessment and penetration testing might fall under this domain. Also, the disaster recovery and business continuity plans, and awareness training for users are also covered.
• Security Operations
It is considered to be one more broad and very practical domain, it ranges from discussing digital forensic and investigations to the prevention of intrusion and detection tools, firewalls as well as sandboxing.
• Software Development Security
The last but not the least domain deals with implementing security controls on software within the environment for which the security information system expert is responsible. Auditing, risk analysis and the identification of vulnerabilities in source codes would be all covered in this section.
So, here you are having the knowledge about the ISC official Guide to the CBK of CISSP. If you are willing to pursue this certification, I would strongly recommend you to join the CISSP CLUB Services, for better results.