Learning Security with Mayur

As you will see below, there is almost no change in content for this domain. Subjects such as Industry Standards, Asset management, and Duress have been added. 2015 Exam Outline 2018 Exam Outline Understand and support investigations Evidence collection and handling Reporting and documenting Investigative techniques Digital forensics Understand and support investigations Evidence collection and handling Reporting and documentation Investigative techniques Digital forensics tools, tactics, and procedures #No Change Understand requirements for investigation types Operational Criminal Civil Regulatory Electronic Discovery Understand requirements for investigation types Administrative Criminal Civil Regulatory Industry standards #No Change. Removal of e-discovery. Conduct logging and monitoring activities Intrusion detection and prevention Security Information and Event Manage

Overall Result: Extremely Minor Changes 2015 Exam Outline 2018 Exam Outline Design and validate assessment and test strategies Design and validate assessment, test, and audit strategies Internal External Third-party   #Minor Change Conduct security control testing Vulnerability assessment Penetration testing Log reviews Synthetic transactions Code review and testing Misuse case testing Test coverage analysis Interface testing Conduct security control testing Vulnerability assessment Penetration testing Log reviews Synthetic transactions Code review and testing Misuse case testing Test coverage analysis Interface testing   #No Change Collect security process data (e.g., management and operational) Account management Management review Key performance and risk indicators Backup verification data Training and awareness Disaster Recovery (DR) and Business

Domain 5 also sees a very limited change in terms of the new exam outline. 2015 Exam Outline 2018 Exam Outline Control physical and logical access to assets   Information Systems Devices Facilities Control physical and logical access to assets   Information Systems Devices Facilities # No Change Manage identification and authentication of people and services Identity management implementation Single/multi-factor authentication Accountability Session management Registration and proofing of identity Federated Identity Management (FIM) Credential management systems Manage identification and authentication of people, devices , and services Identity management implementation Single/multi-factor authentication Accountability Session management Registration and proofing of identity Federated Identity Management (FIM) Credential management systems   # No

Here too, the changes are extremely limited. The only major change is the removal of the topic "Prevent and Mitigate network attacks" from the new outline. Overall Change: Limited Change 2015 Exam Outline 2018 Exam Outline Apply secure design principle to network architecture Open System Interconnection (OSI) and Transmission Control Protocol/Internet Protocol (TCP/IP) models Internet Protocol (IP) networking Implications of multilayer protocols Converged protocols Software-defined networks Wireless networks Cryptography used to maintain communication security Implement secure design principles in network architectures Open System Interconnection (OSI) and Transmission Control Protocol/Internet Protocol (TCP/IP) models Internet Protocol (IP) networking Implications of multilayer protocols Converged protocols Software-defined networks Wireless networks # Limited Change. Removal of Cryptography .

When a comparison is done between the two exam outlines the overall result, in this case, would also be  Extremely Limited. The topics have just been moved here and there which hardly signifies any change. 2015 Exam Outline 2018 Exam Outline Implement and manage engineering processes using secure design principles Implement and manage engineering processes using secure design principles Understand the fundamental concepts of security models (confidentiality, integrity ) Understand the fundamental concepts of security models Select controls and countermeasures based upon systems security evaluation models Select controls based upon systems security requirements Understand security capabilities of information systems (e.g., memory protection, trusted platform module, interfaces, fault tolerance) Understand security capabilities of information systems (e.g., memory protection, Trusted Platform Module (TPM), encryption