Posts

Showing posts from April, 2018

CISSP Domain 7 Changes - 2018 vs 2015

Image
As you will see below, there is almost no change in content for this domain. Subjects such as Industry Standards, Asset management, and Duress have been added.

2015 Exam Outline 2018 Exam Outline Understand and support investigations Evidence collection and handlingReporting and documentingInvestigative techniquesDigital forensics
Understand and support investigations Evidence collection and handlingReporting and documentationInvestigative techniquesDigital forensics tools, tactics, and procedures#No Change
Understand requirements for investigation types OperationalCriminalCivilRegulatoryElectronic Discovery
Understand requirements for investigation types AdministrativeCriminalCivilRegulatoryIndustry standards#No Change. Removal of e-discovery.
Conduct logging and monitoring activities Intrusion detection and preventionSecurity Information and Event Management (SIEM)Continuous monitoringEgress monitoring
Conduct logging and monitoring activities Intrusion detection and preventionSecurity Informati…

CISSP Domain 6 Changes - 2018 vs 2015

Image
Overall Result: Extremely Minor Changes

2015 Exam Outline 2018 Exam Outline Design and validate assessment and test strategies
Design and validate assessment, test,and auditstrategies InternalExternalThird-party
#Minor Change Conduct security control testing Vulnerability assessmentPenetration testingLog reviewsSynthetic transactionsCode review and testingMisuse case testingTest coverage analysisInterface testing
Conduct security control testing Vulnerability assessmentPenetration testingLog reviewsSynthetic transactionsCode review and testingMisuse case testingTest coverage analysisInterface testing
#No Change Collect security process data (e.g., management and operational) Account managementManagement reviewKey performance and risk indicatorsBackup verification dataTraining and awarenessDisaster Recovery (DR) and Business Continuity (BC)
Collect security process data (e.g., technical and administrative) Account managementManagement review and approvalKey performance and risk indicatorsBackup verif…

CISSP Domain 5 Changes - 2018 vs 2015

Image
Domain 5 also sees a very limited change in terms of the new exam outline.

2015 Exam Outline 2018 Exam Outline Control physical and logical access to assets InformationSystemsDevicesFacilities
Control physical and logical access to assets InformationSystemsDevicesFacilities
# No Change Manage identification and authentication of people and services Identity management implementationSingle/multi-factor authenticationAccountabilitySession managementRegistration and proofing of identityFederated Identity Management (FIM)Credential management systems
Manage identification and authentication of people, devices, and services Identity management implementationSingle/multi-factor authenticationAccountabilitySession managementRegistration and proofing of identityFederated Identity Management (FIM)Credential management systems
# No Change Integrate Identity as a service (e.g., cloud identity) & Integrate third-party identity services(e.g., on premised) Integrate identity as a third-party …

CISSP Domain 4 Changes - 2018 vs 2015

Image
Here too, the changes are extremely limited. The only major change is the removal of the topic "Prevent and Mitigate network attacks" from the new outline.

Overall Change: Limited Change

2015 Exam Outline 2018 Exam Outline Apply secure design principle to network architecture Open System Interconnection (OSI) and Transmission Control Protocol/Internet Protocol (TCP/IP) modelsInternet Protocol (IP) networkingImplications of multilayer protocolsConverged protocolsSoftware-defined networksWireless networksCryptography used to maintain communication security
Implement secure design principles in network architectures Open System Interconnection (OSI) and Transmission Control Protocol/Internet Protocol (TCP/IP) modelsInternet Protocol (IP) networkingImplications of multilayer protocolsConverged protocolsSoftware-defined networksWireless networks

# Limited Change. Removal of Cryptography. Secure network components Operation of hardwareTransmission mediaNetwork Access Control (NAC) devices…

CISSP Domain 3 Changes - 2018 vs 2015

Image
When a comparison is done between the two exam outlines the overall result, in this case, would also be  Extremely Limited.

The topics have just been moved here and there which hardly signifies any change.

2015 Exam Outline 2018 Exam Outline Implement and manage engineering processes using secure design principles Implement and manage engineering processes using secure design principles Understand the fundamental concepts of security models (confidentiality, integrity ) Understand the fundamental concepts of security models Select controls and countermeasures based upon systems security evaluation models Select controls based upon systems security requirements Understand security capabilities of information systems (e.g., memory protection, trusted platform module, interfaces, fault tolerance) Understand security capabilities of information systems (e.g., memory protection, Trusted Platform Module (TPM), encryption/decryption)
# No Change in all of the above. Assess and mitigate the vulnerabilit…