CISSP Domain 4 Changes - 2018 vs 2015

By
Here too, the changes are extremely limited. The only major change is the removal of the topic "Prevent and Mitigate network attacks" from the new outline.

Overall Change: Limited Change

2015 Exam Outline
2018 Exam Outline
Apply secure design principle to network architecture
  • Open System Interconnection (OSI) and Transmission Control Protocol/Internet Protocol (TCP/IP) models
  • Internet Protocol (IP) networking
  • Implications of multilayer protocols
  • Converged protocols
  • Software-defined networks
  • Wireless networks
  • Cryptography used to maintain communication security
Implement secure design principles in network architectures
  • Open System Interconnection (OSI) and Transmission Control Protocol/Internet Protocol (TCP/IP) models
  • Internet Protocol (IP) networking
  • Implications of multilayer protocols
  • Converged protocols
  • Software-defined networks
  • Wireless networks


# Limited Change. Removal of Cryptography.
Secure network components
  • Operation of hardware
  • Transmission media
  • Network Access Control (NAC) devices
  • Endpoint security
  • Content-distribution networks
  • Physical Devices
Secure network components
  • Operation of hardware
  • Transmission media
  • Network Access Control (NAC) devices
  • Endpoint security
  • Content-distribution networks


# Limited Change. Removal of Physical Devices.
Design and establish secure communication channels

  • Voice
  • Multimedia collaboration
  • Remote access
  • Data communications
  • Virtualized networks
Implement secure communication channels according to design
  • Voice
  • Multimedia collaboration
  • Remote access
  • Data communications
  • Virtualized networks

#No Change
Prevent and Mitigate network attacks
#Removed

Comments

Post a Comment

You may also like to read...

Access Control Models - DAC, MAC, RBAC , Rule Based & ABAC

By
Image
Identity and Access Management is an extremely vital part of information security. An access control model is a framework which helps to manage the identity and the access management in the organization. There are 5 main types of access control models: discretionary, rule-based, role-based, attribute-based and mandatory access control model. Every model uses different methods to control how subjects access objects. While one may focus on rules, the other focus on roles of the subject. As a security professional, we must know all about these different access control models. While one company may choose to implement one of these models depending on their culture, there is no rule book which says that you cannot implement multiple models in your organization. These models are built into the core or the kernel of the different operating systems and possibly their supporting applications. Every operating system has a security kernel that enforces a reference monitor concept, whi
Continue Reading...

Identification, Authentication, Authorization, and Accountability

By
Image
The 4 steps to complete access management are identification, authentication, authorization, and accountability. Many confuse or consider that identification and authentication are the same, while some forget or give the least importance to auditing. These are four distinct concepts and must be understood as such. Identification Whenever you log in to most of the websites, you submit a username. In case you create an account, you are asked to choose a username which identifies you. This username which you provide during login is “Identification”. It is simply a way of claiming your identity. From an information security point of view, identification describes a method where you claim whom you are. If you notice, you share your username with anyone. Your email id is a form of identification and you share this identification with everyone to receive emails. This means that identification is a public form of information. Authentication So now you have entered you
Continue Reading...

Understanding Security Modes - Dedicated , System high, Compartmented , Multilevel

By
Image
Imagine a system that processes information. This information is classified in nature. When we say, its classified, it means that the information has been labeled according to the data classification scheme finalized by the organization. This scheme can be company specific, such as public, internal and confidential or military/government specific such as Confidential, Top Secret, Secret, Public. As a general user or a security professional, you would want that proper controls to be implemented and the system to be secure that processes such information. Imagine a scenario where such a malicious user tries to access this information. What clearance must this person have? Will he/she have access to all classified levels? Hey!!, stop imagining. Let’s discuss something else now. Hold on, I know, I had asked you to imagine the scenario above. But answers to all your questions would follow, so keep on reading further. We need to learn and understand a few terms before we are ready
Continue Reading...

How to Pass SSCP Exam in the First Attempt

By
Image
Systems Security Certified Practitioner (SSCP) exam is offered by (ISC)2 . When I prepared for this exam, there was hardly any material for preparation or blog posts to help me understand the experience of this exam. In this blog post, I will try to explain to you how to study for this exam and the experience of this exam.  Before I begin, let me congratulate on your journey to becoming an SSCP. Although this certification may not be highly recognized as the CISSP certification, still it shows your employer and the world that you are really interested to pursue your career in this field. You become a practitioner in this field. What is SSCP? You would like to read CISSP vs SSCP in case you want to have a comparison between the exams. SSCP is a 3-hour long examination having 125 questions. You are required to score a minimum of 700 out of 1000. 25 questions are not graded as they are research oriented questions. It is important to note that since these questions are
Continue Reading...

The Endorsement Process - CISSP, SSCP & other (ISC)2 certifications

By
Image
Heartiest congratulations to you, if you have provisionally passed the CISSP, SSCP or any other (ISC)2 certification. After spending weeks or even months preparing for one of the most difficult exams, you have that very sheet of paper in your hand which says: Dear XXX,  Congratulations! We are pleased to inform you that you have provisionally passed the Certified Information Systems Security Professional (CISSP®) examination. By passing this examination, you have completed the first of two steps toward earning your CISSP credential! Notice that it is mentioned that you have provisionally passed the exam. Although the most challenging task is over, there is one more hurdle before you get the CISSP certificate in your hand. What is it? Well, this post is all about that. The next step as is mentioned in the emailer/letter is that you need to get yourself endorsed and submit the requisite details. I have tried to create a step by step guide here to help you out. I
Continue Reading...