CISSP Domain 4 Changes - 2018 vs 2015

By
Here too, the changes are extremely limited. The only major change is the removal of the topic "Prevent and Mitigate network attacks" from the new outline.

Overall Change: Limited Change

2015 Exam Outline
2018 Exam Outline
Apply secure design principle to network architecture
  • Open System Interconnection (OSI) and Transmission Control Protocol/Internet Protocol (TCP/IP) models
  • Internet Protocol (IP) networking
  • Implications of multilayer protocols
  • Converged protocols
  • Software-defined networks
  • Wireless networks
  • Cryptography used to maintain communication security
Implement secure design principles in network architectures
  • Open System Interconnection (OSI) and Transmission Control Protocol/Internet Protocol (TCP/IP) models
  • Internet Protocol (IP) networking
  • Implications of multilayer protocols
  • Converged protocols
  • Software-defined networks
  • Wireless networks


# Limited Change. Removal of Cryptography.
Secure network components
  • Operation of hardware
  • Transmission media
  • Network Access Control (NAC) devices
  • Endpoint security
  • Content-distribution networks
  • Physical Devices
Secure network components
  • Operation of hardware
  • Transmission media
  • Network Access Control (NAC) devices
  • Endpoint security
  • Content-distribution networks


# Limited Change. Removal of Physical Devices.
Design and establish secure communication channels

  • Voice
  • Multimedia collaboration
  • Remote access
  • Data communications
  • Virtualized networks
Implement secure communication channels according to design
  • Voice
  • Multimedia collaboration
  • Remote access
  • Data communications
  • Virtualized networks

#No Change
Prevent and Mitigate network attacks
#Removed
Reactions:

Comments

Post a Comment

You may also like to read...

How to Pass the CISSP Exam in First Attempt

By
Image
You may read multiple posts on the various blogs and websites where you are given tips as to how to pass the exam in the first go, refer which books and solve which questions. In this blog post I’m not going to bombard you with those details. Instead, I’m going to share my journey and experience from preparing till passing the CISSP exam in the first attempt.
What is CISSP?
CISSP stands for Certified Information Systems Security Professional. Congratulations and all the very best to you, if you have decided to opt for the Gold Standard Certification. The exam is offered by ISC2 and contains around 250 questions. You have to book an appointment for the CISSP exam through the ISC2 website where you then redirected to a Pearson Vue website when you register for the exam. The exam costs around 599USD.
Phase 1: Deciding
It is very important for you to finalize which certification you want to do. Try to research the pros and cons of a certification. Do not just start preparing for a particular…
Continue Reading...

The CISSP CAT Exam Experience

By
Image
I wrote a blog post in the month of December where I detailed about the new CISSP CAT format being launched by the (ISC)2. The post gave details about the new exam – what would it be all about, what does the new exam mean for you and important points to consider. Well, since I had passed the exam way back in July, there was no way, I would decide to sit for this difficult exam again. Luckily, few of my friends gave the CISSP CAT exam and passed it, so I spoke to them to understand their experience with this new exam format and decided to write about it. So here it goes…
The Study Material
The first question that comes to everyone’s mind is – Do I need to look for a new study material since the exam format has changed. The answer is NO. The CISSP study material remains the same. My friends referred to the following material, but this is not an exhaustive list in any way. My recommendation would be to stick to one particular book and get to know every word and line of it. It is extremel…
Continue Reading...

Access Control Models - DAC, MAC, RBAC , Rule Based & ABAC

By
Image
Identity and Access Management is an extremely vital part of information security. An access control model is a framework which helps to manage the identity and the access management in the organization. There are 5 main types of access control models: discretionary, rule-based, role-based, attribute-based and mandatory access control model. Every model uses different methods to control how subjects access objects. While one may focus on rules, the other focus on roles of the subject. As a security professional, we must know all about these different access control models. While one company may choose to implement one of these models depending on their culture, there is no rule book which says that you cannot implement multiple models in your organization.
These models are built into the core or the kernel of the different operating systems and possibly their supporting applications. Every operating system has a security kernel that enforces a reference monitor concept, which differs…
Continue Reading...