Sunday, April 22, 2018

CISSP Domain 2 Changes - 2018 vs 2015


There are hardly any changes which have been done in this domain. Cryptography has been explicitly removed and will be added to Data Protection Methods.

Overall Result - No Change.

2015 Exam Outline
2018 Exam Outline
Classify Information and Supporting assets ( e.g. sensitivity, criticality )
Identify and classify information and assets
  • Data classification
  • Asset Classification

#No Change
Determine and maintain ownership ( e.g. data owners, system owners, business/mission owners)
Determine and maintain information and asset ownership
#No Change
Protect privacy
  • Data owners
  • Data processors
  • Data remanence
  • Collection limitation

Protect privacy
  • Data owners
  • Data processors
  • Data remanence
  • Collection limitation

#No Change
Ensure appropriate retention ( e.g. media, hardware, personnel)

Ensure appropriate asset retention

#No Change
Determine data security controls (e.g. data at rest, data in transit)
  • Baselines
  • Scoping and Tailoring
  • Standards selection
  • Cryptography

Determine data security controls

  • Understand data states
  • Scoping and tailoring
  • Standards selection
  • Data protection methods

#No Change overall. Just change in words. Cryptography will be moved to data protection methods.
Establish handling requirements (markings, labels, storage, destruction of sensitive information)
Establish information and asset handling requirements

#No Change

No comments: