Friday, May 4, 2018

CISSP Domain 8 Changes - 2018 vs 2015


Domain 8 also sees very little change in terms of course content.

2015 Exam Outline
2018 Exam Outline
Understand and apply security in the Software Development Life Cycle (SDLC)
  • Development methodologies
  • Maturity models
  • Operation and maintenance
  • Change management
  • Integrated product team

Understand and integrate security in the Software Development Life Cycle (SDLC)
  • Development methodologies
  • Maturity models
  • Operation and maintenance
  • Change management
  • Integrated product team

#No Change
Enforce security controls in development environments
  • Security of the software environments
  • Security weaknesses and vulnerabilities at the source-code level
  • Configuration management as an aspect of secure coding
  • Security of code repositories
  • Security of application programming interfaces

Identify and apply security controls in development environments
  • Security of the software environments
  • Configuration management as an aspect of secure coding
  • Security of code repositories




#No Change
Assess the effectiveness of software security
  • Auditing and logging of changes
  • Risk analysis and mitigation
  • Acceptance Testing

Assess the effectiveness of software security
  • Auditing and logging of changes
  • Risk analysis and mitigation

#No Change. Just removed acceptance testing.
Assess security impact of acquired software
Assess security impact of acquired software
#No Change

Define and apply secure coding guidelines and standards
  • Security weaknesses and vulnerabilities at the source-code level
  • Security of application programming interfaces
  • Secure coding practices

#No Change. Added secure coding practices.

In Summary ,

DOMAIN  
 %Weightage in 2015 
% Weightage in 2018
Security and Risk Management
16% 
15% 
Asset Security
10% 
10% 
Security Architecture and Engineering
12% 
13% 
Communications and Network Security
12% 
14% 
Identity and Access Management (IAM)
13% 
13% 
Security Assessment and Testing
11% 
12% 
Security Operations
16% 
13% 
Software Development Security
10% 
10% 

No comments: