Certified Information Systems Security Professional (CISSP)

• Anyone whose position requires CISSP certification
• Individuals who want to advance within their current computer security careers or migrate to a related career

Professionals with at least five years of experience and who demonstrate a globally recognized level of competence, as defined in the CISSP Common Body of Knowledge (CBK) in two or more of the eight security domains.

• Security and Risk Management (e.g., Security, Risk, Compliance, Law, Regulations, Business Continuity)
• Understand and Apply Concepts of Confidentiality, Integrity, and Availability
• Apply Security Governance Principles
• Compliance
• Understand Legal and Regulatory Issues that Pertain to Information Security in a Global Context
• Develop and Implement Documented Security Policy, Standards, Procedures, and Guidelines
• Understand Business Continuity Requirements
• Contribute to Personnel Security Policies
• Understand and Apply Risk Management Concepts
• Understand and Apply Threat Modeling
• Integrate Security Risk Considerations into Acquisitions Strategy and Practice
• Establish and Manage Security Education, Training, and Awareness

• Asset Security (Protecting Security of Assets)Classify Information and Supporting Assets
  • Determine and Maintain Ownership
  • Protect Privacy
  • Ensure Appropriate Retention
  • Determine Data Security Controls
  • Establish Handling Requirements
• Security Engineering (Engineering and Management of Security)
  • Implement and Manage an Engineering Life Cycle Using Security Design Principles
  • Understand Fundamental Concepts of Security Models
  • Select Controls and Countermeasures Based Upon Information Systems Security Standards
  • Understand the Security Capabilities of Information SystemsAssess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements
  • Assess and Mitigate Vulnerabilities in Web-based Systems
  • Assess and Mitigate Vulnerabilities in Mobile Systems
  • Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical Systems
  • Apply Cryptography
  • Apply Secure Principles to Site and Facility Design
  • Design and Implement Facility Security
• Communications and Network Security (Designing and Protecting Network Security)
  • Apply Secure Design Principles to Network Architecture
  • Securing Network Components
  • Design and Establish Secure Communication Channels
  • Prevent or Mitigate Network Attacks
• Identity and Access Management (Controlling Access and Managing Identity)
  • Control Physical and Logical Access to Assets
  • Manage Identification and Authentication of People and Devices
  • Integrate Identity as a Service (IDaaS)
  • Integrate Third-Party Identity Services
  • Implement and Manage Authorization Mechanisms
  • Prevent or Mitigate Access Control Attacks
  • Manage the Identity and Access Provisioning Life Cycle
  • Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
  • Design and Validate Assessment and Test Strategies
  • Conduct Security Control Testing
  • Collect Security Process DataConduct or Facilitate Internal and Third-Party Audits
• Security Operations (e.g., Foundational Concepts, Investigations, Incident Management, Disaster Recovery)
  • Understand and Support Investigations
  • Understand Requirements for Investigation Types
  • Conduct Logging and Monitoring Activities
  • Secure the Provisioning of Resources through Configuration Management
  • Understand and Apply Foundational Security Operations Concepts
  • Employ Resource Protection Techniques
  • Conduct Incident Response
  • Operate and Maintain Preventative Measures
  • Implement and Support Patch and Vulnerability Management
  • Participate in and Understand Change Management Processes
  • Implement Recovery Strategies
  • Implement Disaster Recovery ProcessesTest Disaster Recovery Plan
  • Participate in Business Continuity Plannng
  • Implement and Manage Physical Security
  • Participate in Personnel Safety
• Software Development Security (Understanding, Applying, and Enforcing Software Security)
  • Understand and Apply Security in the Software Development Life Cycle
  • Enforce Security Controls in the Development Environment
  • Assess the Effectiveness of Software Security
    Assess Software Acquisition Security