CISSP Domain 6 Changes - 2018 vs 2015



Overall Result: Extremely Minor Changes

2015 Exam Outline
2018 Exam Outline
Design and validate assessment and test strategies

Design and validate assessment, test, and audit strategies
  • Internal
  • External
  • Third-party

 #Minor Change
Conduct security control testing
  • Vulnerability assessment
  • Penetration testing
  • Log reviews
  • Synthetic transactions
  • Code review and testing
  • Misuse case testing
  • Test coverage analysis
  • Interface testing

Conduct security control testing
  • Vulnerability assessment
  • Penetration testing
  • Log reviews
  • Synthetic transactions
  • Code review and testing
  • Misuse case testing
  • Test coverage analysis
  • Interface testing

 #No Change
Collect security process data (e.g., management and operational)
  • Account management
  • Management review
  • Key performance and risk indicators
  • Backup verification data
  • Training and awareness
  • Disaster Recovery (DR) and Business Continuity (BC)

Collect security process data (e.g., technical and administrative)
  • Account management
  • Management review and approval
  • Key performance and risk indicators
  • Backup verification data
  • Training and awareness
  • Disaster Recovery (DR) and Business Continuity (BC)
 #No Change
Analyze test output and generate report
Analyze test output and generate report

#No Change
Conduct or facilitate security audits

Conduct or facilitate security audits
  • Internal
  • External
  • Third-party
#Minor Change

Comments

You may also like to read...

How to Pass the CISSP Exam in First Attempt

The CISSP CAT Exam Experience

How to Pass SSCP Exam in the First Attempt