CISSP Domains

Nobody would argue that The Internet is a detached world with its own rules, places to visit and a lot of people surfing up and down the stream of information. So like in our real world, there are good and evil in the World Wide Web. And we – ordinary computer users, programmers and security professionals – have a common aim to win this eternal struggle. At the present days the number of virtual threats is constantly growing. While anti-virus companies create new security methods, hackers do not waste time and invent new ways to intrude a computer or a network with a mercenary goal or just for fun.

As you see, nowadays it is essential for numerous companies to have security professionals who are able to cope with such kind of problems. But who may be considered a professional? As a rule, it is a qualified person who has taken specialized courses or exams. Precisely for this purpose CISSP that stands for Certified Information Systems Security Professional was created.

CISSP is a certification acquired by information security professionals after passing an exam. The certification is governed by ISC, known as the International Information Systems Security Certification Consortium. The headquarter of the organization is situated in Florida, the city of Palm Harbor. ISC offers a number of diverse certifications which are all placed within the information security sphere. Among the most popular ones there are Information Systems Security Architecture Professional, Systems Security Management Professional, Systems Security Engineering Professional, Systems Security Certified Practitioner and so on and so forth.

If you are going to become a security professional, keep in mind the following requirements.

  • First of all, you will need at least five year of experience in information security sphere. If you do not have five years of work, you may pass a CISSP exam thus gaining Associate of ISC. The Associate goes that you have already passed the exam and within six years from that time on you are obliged to obtain a five year experience.
  • Secondly, assure your assertions and get the CISSP Code of Ethics
  • The shortest part is responding four questions concerning criminal history and all the background of the sort.
  • The main part of the process is taking an exam. The thing is to get 700 or more points. There are 250 questions with a multiple choice with four possible variants of an answer.
  • However, after passing the exam another member of the organization should approve your results. The point is to detect whether a candidate is really qualified in the subject area.

The CISSP exam is based on the Common Body of Knowledge, commonly known as CBK. CBK means the topics with relevant information for all security professionals all over the world. Thanks to this a single subject area has been created where professionals may discuss and share information and opinions about their common matter.

The CISSP CBK has as a basis ten so called domains or, in other words, areas of interest. Below there is a list of the domains with their brief descriptions:

  • Access Control Systems & Methodology. This is a part of the exam dedicated to protection of such system components as authentication, biometrics and others.
  • Applications & Systems Development. Here you will find questions concerning software architecture, data interface, programming concepts and so on and so forth. It has three subcategories: Software Development Models, Database Models and Relational Database Components.
  • Business Continuity & Disaster Recovery Planning. This part is dedicated to disaster recovering and business continuity. Planning, Business Impact Analysis, Liability and Due Care Issues, Roles and Responsibility are part and parcel of the domain.
  • Cryptography. It includes encryption and diverse types of secure messaging. So cryptography can be divided into Block and Stream Chipers, Explanation and Uses of Asymmetric Key Algorithms as well as Explanation and Uses of Symmetric Key Algorithms.
  • Law, Investigation & Ethics. This part is dedicated to regulatory compliance, digital forensics, etc. It includes Complications of Computer Crime Investigation, Types of Evidence and How to Collect It and finally Privacy Laws and Concerns.
  • Operations Security. It covers risk assessment and other security management topics. Here you will find Operations Department Responsibilities, Media Library and Resource Protection & Personnel and Roles.
  • Physical Security. It includes facility management and perimeter security.
  • Security Architecture & Models within the framework of which you will find security models, operating systems, etc.
  • Security Management Practices, which covers risk management and data classification. It features Security Policies, Standards, Procedures, and Guidelines.
  • Telecommunications & Network Security. It features network components, extension services and core technologies.