Wednesday, April 25, 2018

CISSP Domain 6 Changes - 2018 vs 2015



Overall Result: Extremely Minor Changes

2015 Exam Outline
2018 Exam Outline
Design and validate assessment and test strategies

Design and validate assessment, test, and audit strategies
  • Internal
  • External
  • Third-party

 #Minor Change
Conduct security control testing
  • Vulnerability assessment
  • Penetration testing
  • Log reviews
  • Synthetic transactions
  • Code review and testing
  • Misuse case testing
  • Test coverage analysis
  • Interface testing

Conduct security control testing
  • Vulnerability assessment
  • Penetration testing
  • Log reviews
  • Synthetic transactions
  • Code review and testing
  • Misuse case testing
  • Test coverage analysis
  • Interface testing

 #No Change
Collect security process data (e.g., management and operational)
  • Account management
  • Management review
  • Key performance and risk indicators
  • Backup verification data
  • Training and awareness
  • Disaster Recovery (DR) and Business Continuity (BC)

Collect security process data (e.g., technical and administrative)
  • Account management
  • Management review and approval
  • Key performance and risk indicators
  • Backup verification data
  • Training and awareness
  • Disaster Recovery (DR) and Business Continuity (BC)
 #No Change
Analyze test output and generate report
Analyze test output and generate report

#No Change
Conduct or facilitate security audits

Conduct or facilitate security audits
  • Internal
  • External
  • Third-party
#Minor Change

No comments: