CISSP Domain 6 Changes - 2018 vs 2015

Overall Result: Extremely Minor Changes

2015 Exam Outline	2018 Exam Outline
Design and validate assessment and test strategies	Design and validate assessment, test, and audit strategies Internal External Third-party *#Minor Change*
Conduct security control testing Vulnerability assessment Penetration testing Log reviews Synthetic transactions Code review and testing Misuse case testing Test coverage analysis Interface testing	Conduct security control testing Vulnerability assessment Penetration testing Log reviews Synthetic transactions Code review and testing Misuse case testing Test coverage analysis Interface testing *#No Change*
Collect security process data (e.g., management and operational) Account management Management review Key performance and risk indicators Backup verification data Training and awareness Disaster Recovery (DR) and Business Continuity (BC)	Collect security process data (e.g., technical and administrative) Account management Management review and approval Key performance and risk indicators Backup verification data Training and awareness Disaster Recovery (DR) and Business Continuity (BC) *#No Change*
Analyze test output and generate report	Analyze test output and generate report *#No Change*
Conduct or facilitate security audits	Conduct or facilitate security audits Internal External Third-party *#Minor Change*

Learning Security with Mayur