Changes to the CISSP

unsupportedunsupported Member Posts: 192
The CISSP is changing! The CISSP is changing! From a Shon Harris blog (identity management) some of the changes include changing the names of the 10 domains:

Access Control
Application Security
Business Continuity and Disaster Recovery Planning
Information Security and Risk Management
Legal, Regulations, Compliance and Investigations
Operations Security
Physical (Environmental) Security
Security Architecture and Design
Telecommunications and Network Security

Here is the additional material covered in the CISSP certification.
Information Security Risk Management
New – Security program and blueprints
New – Risk Models
Access Control
New – Identity Management
New – more block cipher modes and integrity controls
New – more attack types
Physical Security - Environmental
New – Light types, CCTV, lock picking, lock type
New – More focus on methodology and process
Application Security
New – more focus on methodology and process
New – web site and application security
New – more malware types and attack types
Business Continuity and Disaster Recovery Planning
New – more focus on methodology and process
Telecommunications and Network
New – 802.11 types and security
New – instant messaging
Operations Security
New - Vulnerability and Penetration Testing
New - Attack Types
New – Malware Control Types
Security Architecture and Design
New – enterprise architecture, building, maintaining, holistic security, security trust zones, Zackman Framework
New – less Orange Book and more Common Criteria
Legal, Regulations, Compliance and Investigation
New - types of Laws
New – focus on forensics and methodology

Of course Shon's blog has all the updated links to the training material, other blogs specifically regarding individual changes, and schtuff.

“We build our computer (systems) the way we build our cities: over time, without a plan, on top of ruins” - Ellen Ullman


Sign In or Register to comment.