CISSP Domain 2 Changes - 2018 vs 2015


There are hardly any changes which have been done in this domain. Cryptography has been explicitly removed and will be added to Data Protection Methods.

Overall Result - No Change.

2015 Exam Outline
2018 Exam Outline
Classify Information and Supporting assets ( e.g. sensitivity, criticality )
Identify and classify information and assets
  • Data classification
  • Asset Classification

#No Change
Determine and maintain ownership ( e.g. data owners, system owners, business/mission owners)
Determine and maintain information and asset ownership
#No Change
Protect privacy
  • Data owners
  • Data processors
  • Data remanence
  • Collection limitation

Protect privacy
  • Data owners
  • Data processors
  • Data remanence
  • Collection limitation

#No Change
Ensure appropriate retention ( e.g. media, hardware, personnel)

Ensure appropriate asset retention

#No Change
Determine data security controls (e.g. data at rest, data in transit)
  • Baselines
  • Scoping and Tailoring
  • Standards selection
  • Cryptography

Determine data security controls

  • Understand data states
  • Scoping and tailoring
  • Standards selection
  • Data protection methods

#No Change overall. Just change in words. Cryptography will be moved to data protection methods.
Establish handling requirements (markings, labels, storage, destruction of sensitive information)
Establish information and asset handling requirements

#No Change

Comments

You may also like to read...

How to Pass the CISSP Exam in First Attempt

The CISSP CAT Exam Experience

How to Pass SSCP Exam in the First Attempt