One of the best ways to accelerate one’s career in cybersecurity is getting the CISSP certification (Certified Information System Security Practitioner). The CISSP certification training will help you as a candidate to differentiate yourself from the others in the cybersecurity sector jobs in the eyes of your employer or clients. CISSP certification courses will enable you to demonstrate your skills, knowledge, and understanding of the cybersecurity so that you can advance your career and join the elite group of like-minded cybersecurity leaders. The CISSP certification classes ensure that you will have the knowledge on how to design, engineer, implement and have the ability to run a security program successfully in an informed manner.
The CISSP certification exam is a way for you to demonstrate and receive the acknowledgment from the association that you have the technical and managerial knowledge that is required to develop an effective design, engineer and manage an organization’s overall security posture. Since CISSP training and certification is one of the most sought after cybersecurity certification in the field the domains topics are updated significantly so that it keeps up with the market. In 2018 there was an update in the eight domain topics with minor changes in the topic names. In 2019 there has been a considerable change in the content listed in each domain while adding new topics, reorganizing them and rewording them.
Here is the list of changes in each of the eight domains that CISSP certification exam would evaluate a candidate in along with the subsections that were added, changed or renamed in the CISSP certification courses
- Domain 1: Security and Risk Management
1.2 Evaluate and apply security governance principles
1.2.3 Organizational roles and responsibilities
1.3 Determine compliance requirements
1.3.1 Contractual, legal, industry standards, and regulatory requirements
1.4.1 Cybercrimes and data breaches
1.5 Understand, adhere to and promote professional ethics
1.7 Identify, analyze, and prioritize Business Continuity (BC) requirements
1.8.3 Onboarding and termination process
1.9.3 Risk Response
1.10.1 Threat modeling methodologies
1.10.2 Threat modeling concepts
1.11 Apply risk-based management concepts to the supply chain
1.11.1 Risks associated with hardware, software, and services
1.12 Establish and maintain a security awareness, education, and training program
1.12.1 Methods and techniques to present awareness and training
1.12.3 Program effectiveness evaluation
- Domain 2: Asset Security
2.1 Identify and classify information and assets
2.1.1 Data classification
2.1.2 Asset Classification
2.2 Determine and maintain information and asset ownership
2.5.1 Understand data states
2.5.4 Data protection methods
2.6 Establish information and asset handling requirements
- Domain 3: Security Architecture and Engineering
3.3 Select controls based upon systems security requirements
3.4 Understand security capabilities of information systems (e.g., memory protection, Trusted Platform Module (TPM), encryption. decryption)
3.9.2 Cryptographic methods (e.g., symmetric, asymmetric, elliptic curves)
3.5.6 Cloud-based systems
3.5.8 Internet of Things (IoT)
3.11 Implement site and facility security controls
3.11.7 Environmental issues
- Domain 4: Communication and Network Security
4.1 Implement secure design principles in network architectures
4.3 Implement secure communication channels according to design
- Domain 5: Identity and Access Management (IAM)
5.3 Integrate identity as a third-party service
5.4.5 Attribute Based Access Control (ABAC)
5.5.1 User access review
5.5.2 System account access review
5.5.3 Provisioning and deprovisioning
- Domain 6: Security Assessment and Testing
6.1 Design and validate assessment, test, and audit strategies
6.4 Analyze test output and generate report
6.5 Conduct or facilitate security audits
- Domain 7: Security Operations
7.1.4 Digital forensics tools, tactics, and procedures
7.2.5 Industry standards
7.4.2 Asset management
7.5.3 Privileged account management
7.8 Operate and maintain detective and preventive measures
7.10 Understand and participate in change management processes
7.16 Address personnel safety and security concerns
7.16.2 Security training and awareness
7.16.3 Emergency management
- Domain 8: Software Development Security
8.1 Understand and integrate security in the Software Development Life Cycle (SDLC)
8.2 Identify and apply security controls in development environments
8.5 Define and apply secure coding guidelines and standards
8.5.1 Security weakness and vulnerabilities at the source-code level
8.5.2 Security of application programming interferences
8.5.3 Secure coding practices
To appear for the CISSP certification exam you must have a minimum of five years of experience in total. Also, paid work experience of in minimum of the two or more domains among the eight domains of CISSP Common Body of Knowledge (CBK).
All You Need To Know About The Test Process
There have been quite a few changes in the new CISSP examination so when you are taking the CISSP certification classes to be aware of it and prepare accordingly. Here is the list of few things you need to keep in mind while preparing for the CISSP certification.
- Paper to Computer: Initially the CISSP certification exam was paper-based that consisted of 250 questions that were required to be completed within six hours. The 2015 revised version is computer-based testing that has the same number of questions and same time frame though it is done through Pearson Vue.
In 2018 revision for CISSP Examinations for 2019 it has been changed to an adaptive test, which is being called the CISSP Computer Adaptive test or CISSP-CAT. It is only applicable for candidates taking the test in English. For non-English candidates, it is computer-based that still consists of 250 questions that need to be completed within six hours
- Number of Questions: 2018 English version has a minimum of 100 questions and a maximum of 150.
- Grading: Only the 75 of the first 100 questions are graded the rest are unmarked. The unmarked questions are used for future test evaluations. The system evaluated the student at the 100th question and if the system evaluates the student’s potential to be 95% or higher the student is credited with the pass. In case the potential is less than 95% the student receives a fail certification. In case pass/fail cannot be determined by 100th question them the system evaluates it after each question till it reaches 150th question.
- Correcting Your Answers: With this system, you cannot revisit your previous question. So you get only one chance to answer a question and if you skip it then it is marked as incorrect.
Note: It is hence always better to answer a question in the CISSP exam than skipping it.
CISSP Exam Tips
In the revised version of the CISSP examination, the same amount of consideration is given in evaluating the depth and knowledge of a candidate with the same complexity that it was initially. One of the significant changes that the new version has which can be daunting for students is the CISSP-CAT testing method in receiving the CISSP certification.
Previously many training and exam preparation guidance recommended the students to focus on six of the eight domains that they are comfortable in while ignoring the two. In this new format that strategy can be quite dangerous hence it is recommended that a student spends extra time in understanding and studying the domains that he/she finds challenging. It is immensely important that they are well-versed in all the domains when appearing for the CISSP certification exam.
There are few aspects that you would need to take into consideration about the recertification of CISSP, they are:
- (ISC)2 Code of Ethics needs to be abided by.
- CISSP certification cycle is for three years and over this period you need to earn and post a minimum of 120 Continuing Professional Education (CPE) credits.
- Do not fail to pay the Annual Maintenance Fee (AMF) for the certification.
CISSP certification gives you the credibility that you have all the knowledge and skills that one requires for effective designing, implementing and managing the best cybersecurity program for an organization.