Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

The CISSP CBK Domains: Info and Updates


According to the (ISC) Global Information Security Workforce Survey (GISWS), the global workforce shortage will reach 1.5 million by 2020. In other words, there is a lack of qualified InfoSec professionals on the job market that is causing hiring and staffing difficulties for many organizations. As a result, there is now greater emphasis on forming professionals in the fields and on the certifications that can give IT practitioners a way to measure and prove their skills.

One of the most in-demand IT certification is CISSP, for Certified Information Systems Security Professionals. An (ISC) examination validates the candidates’ knowledge, can give them opportunities to advance their career and can provide them a path that would open up new possibilities for more demanding roles in a workplace that recognizes the specialized talents a CISSP credential holder has demonstrated. “CISSPs are information assurance professionals who define the architecture, design, management and controls that assure the security of business environments.” Employers of CISSP-certified professionals shall be confident in the knowledge that their skills are genuine and current.

(ISC)2 and CISSP “Formed in 1989 [:], (ISC)2 is the largest not-for-profit membership body of certified information and software security professionals worldwide, with nearly 100,000 members in more than 135 countries.”

The (ISC), or the International Information Systems Security Certication Consortium, is the global, non-prot organization that acts as the accreditation body of the CISSP exam; (ISC) issues the CISSP credentials to qualified candidates via a certification process and administration of an exam that is geared towards verifying the knowledge and skills of IT security professionals across all industries. (ISC) provides CISSP preparation material and insight, in addition to continued education in learning all there is in the field of information security.

(ISC)’s CISSP was also the first credential in the field of information security to meet the ISO/IEC Standard 17024 (the accreditation was awarded in 2006). The ISO/IEC standard Conformity assessment General requirements for bodies operating certification of persons “provides a global benchmark for personnel certification programs to ensure that they operate in a consistent, comparable and reliable manner worldwide, thereby allowing individuals to have skills that translate across national lines.”

The exam is often updated to keep up with this ever-changing field and to ensure professionals are tested on the latest thematic and can demonstrate skills that are relevant to the current Information Assurance scenery. Many organizations, in fact, rely on this test to ensure the readiness of their IT security teams; for example, the CISSP cert is approved by the DoD for workforce conducting Information Assurance (IA) functions.

When you earn an (ISC) certification, you also become a member. The benefits of (ISC) Membership include access to a full spectrum of global resources, educational tools, and peer networking opportunities to meet and collaborate with other security professionals through a local (ISC) Chapter, as well as participate online to free programs, briefings and webinars―e.g., the (ISC) e-Symposium Seminar Series, the (ISC) ThinkTANK webinars―and industry events like the (ISC) one-day local events and the (ISC) Security Congress.

Like with other IT certifications, the CISSP cert requires the holder to obtain continuing professional education credits or CPEs to keep the accreditations current after certification. Principally, the CPEs ensure the professional is continually exposed to current InfoSec-related material. CPE credits can also be awarded through participation to (ISC) Security Congress and other associated events, such as the 7th Annual (ISC) Security Congress on September 25-27, 2017 to be held JW Marriott in Austin, TX.

There are many reasons to acquire this certification. To become a CISSP shows one’s commitment as an information security professional; second, a CISSP certification fulfills government and organization requirements; third, a great percent of cyber-jobs in the contracting industry require this certification, as noted Ryan Fahey, InfoSec Institute, and; lastly because CISSP is globally recognized. Many SMEs in this profession agree that the (ISC) Certified Information Systems Security Professional (CISSP) is one of the ‘ Top Security Certifications You Should Have .’


CISSP candidates are tested on their practical skills associated with the theoretical knowledge related to CBK (Critical/Complete Body of Knowledge) domains that focus on theory for designing and maintaining the security infrastructure within an organization to include the “understanding of new threats, technologies, regulations, standards, and practices,” as reported on the (ISC) website .

The (ISC) CISSP Common Body of Knowledge (CBK), aka the Critical/Complete Body of Knowledge, is an established common framework of information on security terms and principles, a compendium of cyber security topics. The CBK was finalized in 1992, but it was in 1988 that a coalition of several organizations met to establish a much needed Common Body of Knowledge (CBK) that was officially established in 1989. The first CISSPs were certified back in 1994.

CISSPs are SMEs with work involvement in two or more of the eight domains of the CISSP CBK and possess thorough knowledge, skills, and experience through training and learning. Those that hold the CISSP certification have demonstrated the necessary talents to perform the operational duties at enterprises while abiding by the high ethical standards set forth by the (ISC)’s Code of Ethics that provides a clear measure of competence for the entire profession; this, assures uniformity across the industry so that everyone in the field is on the same page.

As mentioned,CISSP history is made of several updates and curriculum refreshes that ensure its correspondence with the skills necessary in the ever-evolving IT world. One of the latestupdates was a thorough streamlining that brought thedomains from 10 to 8 in 2015. Currently, (ISC)’s CISSP Exam coversthe following eight domains:

Security and Risk Management A domain about different aspects of risk. Weight in the exam: 16%.

This is a domain that covers general, basic concepts in information security, especially focusing on confidentiality, integrity, and availability (CIA). Testers, then, are evaluated on skills related to the implementation of security policies and procedure as well as on the perfecting of business continuity planning and recovery points as well as implementing solid user awareness programs. Great emphasis is placed onrisk management especially in relation to the safe acquisition of new software, hardware, and services. Topics tested include:

CIA understanding the concept of confidentiality, integrity, and availability

Viewing all articles
Browse latest Browse all 12749

Latest Images

Trending Articles

Latest Images