Monday, 27 January 2014

What is covered in the CISSP certification?

CISSP is an advanced level certification governed by (ISC)2. It is designed for information security professionals. As a CISSP, you’ll be an expert in developing, guiding, and managing security standards, policies, and procedures within your organisation.

CISSP is divided into 10 areas, also referred to as domains, known collectively as the Common Body of Knowledge (CBK). 

Here’s what you’ll be covering in those domains, during your CISSP Bootcamp training:

Access Control

You’ll learn about concepts, methodologies and techniques to protect the assets of your systems against attacks.

Telecommunications & Network Security

This domain focuses on network structures, its components and methods to keep them safe. It also covers transport methods, communication channels and network security measures.

Information Security Governance & Risk Management

In this domain, you’ll learn how identify your organisation’s information assets. In addition, you’ll gain understanding of the development, documentation and implementation of policies, procedures and standards regarding:
  • Security governance and policy
  • Information classification and ownership
  • Contractual agreements and procurement processes
  • Risk management concepts
  • Personnel security
  • Security education, training and awareness
  • Certification and accreditation

Software Development Security

It teaches you about the controls that are included within systems and applications software, and the steps used in their development.


The Cryptography domain teaches you about encryption concepts, cryptanalytic attacks, as well as other principles, means and methods of disguising information.

Security Architecture & Design

This domain contains the concepts, structures, principles and standards used to design, implement, monitor, and secure, operating systems, equipment, applications and networks.

Security Operations

You’ll learn about controls over hardware, media and the operators with access privileges to:
  • Resource protection
  • Incident response
  • Attack prevention and response
  • Patch and vulnerability management

Business Continuity & Disaster Recovery Planning

If the worst happens to your organisation, you’ll need to react quickly, in order to recover as quickly as possible. In this domain, you’ll learn about recovery strategies, business impact analysis and disaster recovery processes.

Legal, Regulations, Investigations and Compliance

This domain addresses computer crime laws and regulations; the investigative measures and techniques which can be used to determine if a crime has been committed and methods to gather evidence.

Physical (Environmental) Security

The last domain covers threats and vulnerabilities, and provides preventive measures, that can be used to physically protect an enterprise’s sensitive information. You’ll learn about:
  • Site/facility design considerations
  • Perimeter security
  • Internal security
  • Facilities security