Certified Information Systems Security Professional (CISSP)®

The largest domain and has the highest percentage (15%) of marks in the certification. 

Key aspects: 

• Concepts of integrity, confidentiality, and availability
• Applying security governance principles
• Evaluation of compliance requirements
• Integration of professional ethics
• Legal and regulatory issues relevant to information security on a global perspective
• Develop scope, plan, and impact for business continuity requirements
• Establishing personnel security policies and procedures
• Understand and applying fundamentals of risk managements
• Concepts of threat modeling and methodologies
• Building risk-based management concepts in the supply chain 
• Conduct security awareness, training, and educational programs 

This domain covers the security information and requirements for assets within an organization. The main topic in Asset Security are:

• Identification, classification, and ownership of information and assets
• Protecting privacy
• Assets retention
• Establishing data security controls
• Handling

This domain includes various aspects of design principles, models, and secure capabilities assessment in organizational security architecture. The main topic focussed on this domain are:

• Engineering implementations using secure design principles
• Fundamental concepts used in security models
• Concepts for security capabilities of information systems
• Cryptography
• Asset and mitigate vulnerabilities in security architects, designs, mobile systems, web-based systems, and embedded system
• Applying and implementing security principles and controls to site

This domain learning consists of secure network components, principles, and implementing communications. Main topics covered under this domain are:

• Implementing and securing design principles in network architecture
• Establishing secure network components
• Securing communication channels as per design

This domain section covers user accessibility features within an organization. Main topics in this section are:

• Controlling physical and logical access to the assets
• Controlling and manage authentication and identification of devices, people, and services
• Understanding and integrating identity as a third-party service
• Implementing Authorization mechanism
• Identity and access lifecycle 

This section deals with the design, performance, testing, and Information System auditing. The main topics that come under this domain are:

• Building internal, external and third-party audit strategies
• Assessing security control testing
• Collecting secure data
• Analyzing test outputs and generating a report
• Facilitating security audits

This domain offers insight into the plan of operations with investigations, monitoring, and protection techniques for security. Main topics that follow in this domain are:

• Understanding Investigations (Techniques, collection, handling, and digital forensic tools)
• International requirements for investigation types
• Establishing logging and monitoring activities
• Assets inventory, configurations, and management
• Concepts for foundational security operations
• Understanding resource protection techniques
• Incident management
• Implementing and Testing disaster recovery plans
• Process and testing for Disaster Recovery (DR)
• Evaluating physical security
• Business Continuity planning and exercises
• Managing physical security
• Managing personnel security and safety

This domain provides concepts, applications, and implementations for software security. Here are the main topics under this section:

• Understand and implement security throughout the Software Development Life Cycle (SDLC)
• Executing security controls in development environments
• Effectiveness of software security (Auditing, logging, risk analysis, and mitigation)
• Evaluation of security impact
• Setting and applying secure coding standards and guidelines