This action might not be possible to undo. Are you sure you want to continue?
Click to edit Master title style
© Copyright 1989 – 2010, (ISC)2 All Rights Reserved
(ISC)2 All Rights Reserved .What is Changing? There are three (ISC)2 certifications that have had changes posted in Candidate Information Bulletins (CIBs) for 2012 CISSP • One domain name change • Domain order re-arranged for educational material • Rewording of some domain subheadings plus new material SSCP • NO changes to domain names • Rewording of some domain subheadings plus new material Click to edit ISSEP Master title style • Two domain name changes • Rewording of some domain subheadings plus new material © Copyright 1989 – 2010.
1 ACCESS CONTROL 2 APPLICATION DEVELOPMENT SECURITY 3 BUSINESS CONTINUITY & DISASTER RECOVERY PLANNING 4 CRYPTOGRAPHY 5 6 7 8 9 10 INFORMATION SECURITY GOVERNANCE & RISK MANAGEMENT LEGAL. REGULATIONS. INVESTIGATIONS AND COMPLIANCE PHYSICAL (ENVIRONMENTAL) SECURITY New Click to edit Master title style © Copyright 1989 – 2010.CISSP – Domain Changes The “Application Development Security” domain has now become the “Software Development Security” domain. REGULATIONS. INVESTIGATIONS AND COMPLIANCE OPERATIONS SECURITY PHYSICAL AND ENVIROMENTAL SECURITY SECURITY ARCHITECTURE & DESIGN TELECOMMUNICATIONS & NETWORK SECURITY Old 1 ACCESS CONTROL 2 TELECOMMUNICATIONS & NETWORK SECURITY 3 INFORMATION SECURITY GOVERNANCE & RISK MANAGEMENT 4 SOFTWARE DEVELOPMENT SECURITY 5 6 7 8 9 10 CRYPTOGRAPHY SECURITY ARCHITECTURE & DESIGN OPERATIONS SECURITY BUSINESS CONTINUITY & DISASTER RECOVERY PLANNING LEGAL. (ISC)2 All Rights Reserved .
3 2. POTS.g. 2.session highjack) Click to edit Master title style © Copyright 1989 – 2010. virtual application/desktop.C.C.C. fiber) Network access control devices (e..D TELECOMMUNICATIONS & NETWORK SECURITY Understand secure network architecture and design (e. PBX. IP & non-IP protocols. firewalls.1 2.g. review..A. VoIP) Remote access (e. modems..A 2.1 1..B. switches.C 2. (ISC)2 All Rights Reserved .. provisioning. VPN.C.B.CISSP – Domain Updates NOTES new new new new new new new reworded new new new reworded reworded reworded reworded reworded reworded reworded reworded NEW CODE TOPIC DESCRIPTION 1. wireless.C.4 1.3 2.g.2 1. spoofing.1 2. segmentation) OSI and TCP/IP models IP networking Implications of multi-layer protocols Hardware (e.A.g.g. wired.1 2.B. revocation) 2.B.B. TLS/SSL.B.4 2. routers. DDoS.1 1. VLAN) Voice (e..D ACCESS CONTROLS Threat modeling Asset valuation Vulnerability analysis Access aggregation User entitlement Access review & audit Identity and access provisioning lifecycle (e.g.2 2. screen scraper. wireless access points) Transmission media (e.A. proxies) Establish secure communication channels (e. telecommuting) Data communications Understand network attacks (e.2 2.g..B.g..2 1.g..3 2.3 1. 1.
J. document exchange and review. backdoor) reworded 4.B 4.G. education verification.J.1 3..3 4.1 3. on-site assessment.. governance committees) Security roles and responsibilities Manage the information life cycle (e.G. and ownership) Manage third-party governance (e.2 3.H. hybrid) Tangible and intangible asset valuation Manage personnel security Employment candidate screening (e.A 4.g.g. acquisitions.C 4. classification.1 Understand and apply security in the software development life cycle Development Life Cycle Understand the environment and security controls Security of the software environment Assess the effectiveness of software security Certification and accreditation (i.1 4. escalation of privilege.g.2 3.F 3.1 3. SOFTWARE DEVELOPMENT SECURITY © Copyright 1989 – 2010.J 3.A..e.CISSP – Domain Updates (continued) NOTES reworded reworded reworded new reworded new reworded reworded reworded new new NEW CODE TOPIC DESCRIPTION 3.2 INFORMATION SECURITY GOVERNANCE & RISK MANAGEMENT Organizational processes (e.B.g... quantitative. (ISC)2 All Rights Reserved . buffer overflow.5 3. categorization.B.1 4.. process/policy review) Risk assessment/analysis (qualitative.H 3. reference checks.B.g.B. 3. background checks) Manage the Security Function Budget Metrics Click to edit Master title style reworded reworded reworded reworded reworded reworded reworded 4. divestitures. system authorization) Security issues in source code (e.E 3.C.
.3 5.A 7.5 SECURITY ARCHITECTURE & DESIGN Web-based (e.. inference. grid computing. assess and maintain the plan (e.5 7.D 7. travel.. CUDA) Use cryptography to maintain network security Use cryptography to maintain application security 6.. 5.g. root cause analysis) Preventitive measures against attacks (e.CISSP – Domain Updates (continued) NOTES new reworded reworded reworded reworded reworded new reworded reworded reworded reworded reworded reworded reworded reworded NEW CODE TOPIC DESCRIPTION 5.B 5. software licensing) Remediation and review (e.I CRYPTOGRAPHY Understand the cryptographic life cycle (e. (ISC)2 All Rights Reserved .E. data mining.C. rainbow tables. baselining) Understand system resilience and fault tolerance requirements Click to edit Master title style 8..B. distribution) Personnel privacy and safety (e. duress.. 6.g.. equipment life cycle.G OPERATIONS SECURITY Understand security operations concepts Asset management (e.g. SAML. denial of service) Understand change and configuration management (e.1 6.E. zero-day exploit.. XML.E 10. specialized/scalable architecture.g.F BUSINESS CONTINUITY & DISASTER RECOVERY PLANNING Exercise.E. peer to peer) 7.2 7. 7. 8... monitoring) © Copyright 1989 – 2010. GPUs. aggregation.g. warehousing) Distributed systems (e.g. cloud computing.g.g.g.g.G. version control. OWASP) Database security (e. algorithm/protocol governance) Brute Force (e.F 7.H 5..4 6. malicious code. cryptographic limitations.g. versioning.
4 9.B 9. physical. scope) Hardware/embedded device analysis Ensure security in contractual agreements and procurement processes (e.F LEGAL. authorization. reworded reworded reworded 10.g. 9. monitoring) Click to edit Master title style © Copyright 1989 – 2010. duress. technology. REGULATIONS. outsourcing. vendor governance) 10.F PHYSICAL (ENVIRONMENTAL) SECURITY Understand site and facility design considerations Support the implementation and operation of facilities security (e.g. roles and responsibilities (e.CISSP – Domain Updates (continued) NOTES new new new reworded new reworded NEW CODE TOPIC DESCRIPTION 9. travel..D 10. INVESTIGATIONS AND COMPLIANCE Understand professional ethics (ISC)2 Code of Professional Ethics Support organization's code of ethics Policy. rules of engagement. and network convergence) Personnel privacy and safety (e. cloud computing.g.2 9.B. (ISC)2 All Rights Reserved .1 9.B...1 9.A 10..C.D.g.
D.C. hardware. least privilege.1.g.D.g. operating system.D.F.C. data) Develop and maintain systems and security control documentation Perform Change Management Duties Assist with implementation of Configuration Management Plan Understand the impact of changes to the environment Test patches.1 2. third party connections.. SDLC) Support certification and accreditation (i. compliance) 2.SSCP – Domain Updates NOTES Reworded New New Reworded New New New New New New New New New New New Reworded Reworded Reworded New New Reworded NEW CODE TOPIC DESCRIPTION 1. handling.2 1.C 2..1 1.3 1.3 2. storage.2.1 1..1 2.B 2. fixes.g.1 2. and updates (e.e. control..D 1. and separation of duties) Discretionary Access Control (DAC) Non-discretionary Access Control Manage Internetwork Trust Architectures (e. and procedures Validate security controls Data classification (e.E 1. (ISC)2 All Rights Reserved . data control.C.2 2.F. categorization) Asset management (e.. privacy. baselines.g.4 2.2 2. software.B. applications. standards.2 1.E SECURITY OPERATIONS & ADMINISTRATION Perform Security Administrative Duties Maintain adherence to security policies. security authorization) Participate in Security Awareness Education Click to edit Master title style © Copyright 1989 – 2010.F 1.B.B.5 2.g.G ACCESS CONTROLS Apply Access Control Concepts (e.B. extranet...g.B.F. virtualization.3 2. federated access) Implement identity management Provisioning Maintenance Entitlement Understand basic security concepts related to cloud computing (e.
g.2 5.. thick clients.5 MONITORING AND ANALYSIS Maintain Effective Monitoring Systems (e. destruction.B 4..4 4.C 5.g.C. safeguards.g.g.1 2. USB devices. social network usage. confidentiality.A. unauthorized connections) Install and configure agents and management systems 4.D. retention requirements.. privacy) New New Reworded Reworded New Reworded Reworded Reworded New Reworded Reworded Reworded Reworded Reworded Reworded New Reworded New Reworded Reworded 2.g. file integrity checkers.A.C.A. information rights management (IRM)) Understand security concepts (e. differences in implementation. RESPONSE.A.H 2. countermeasures) Address audit findings Perform Security Assessment Activities Interpret results of scanning and testing Understand the concepts of forensic investigations (e.1 5. first responder.4 4..F. mobile devices) Comply with data management policies (e.. honeypots.D.G SECURITY OPERATIONS & ADMINISTRATION (Continued) Understand impact of security testing Understand concepts of endpoint device security (e.g.1 4..I 3.B. thin clients. integrity. chain of custody.1 4.D CRYPTOGRAPHY Install and maintain cryptographic systems Support Certificate and Key Management Understand basic key management concepts (e.A 3. availability. archiving. appropriate use) © Copyright 1989 – 2010. AND RECOVERY Understand Risk Management Process Understand risk management concepts (e. exchange.A. data loss prevention..5..4.1 5.2 RISK.SSCP – Domain Updates (continued) NOTES New Reworded NEW CODE TOPIC DESCRIPTION 2. vulnerabilities) Support mitigation activity (e.3 3.g. evidence handling.2 5. revocation.A 4. transmission.A.3 4. (ISC)2 All Rights Reserved . public key infrastructure) Administration and validation (e. virtualization..2.C.. key creation. escrow) Understand the use of Secure Protocols (e.g.g.g. preservation of scene) Understand and support Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) Understand the Components of a Business Continuity Plan (BCP) Understand and support Disaster Recovery Plan (DRP) Click to edit Master title style 4. deduplication.g.D 4. impacts. storage media (paper or electronic). threats. continuous monitoring) Review systems for unauthorized changes (e.3..
D.. cross site request forgery.g.A.1 6.4 7.1 7. host based. server side input validation) Identify Malicious Activity (e..B.D. packet filtering..11. DDoS.2 7.g.4 7. stateful/stateless inspection) Types (e.5 6.A. scareware. logic bombs) Understand concepts of rootkits Understand types of malware (e.A. social engineering. WiMax.A 7. 802. RFID.A. application filtering..2 MALICIOUS CODE & ACTIVITY Identify Malicious Code (e.2 6.2 6.g. ethernet) Commonly used ports and protocols Network security concepts (e. phishing. spam) Understand malicious web activity (e.C 7.1 7.2 6. insider threat.E 6.5 7.6.. Bluetooth.A. pharming. network based) Common Vulnerabilities Understand Wireless and Cellular Technologies Technology (e.g. (ISC)2 All Rights Reserved .3 7. defense in depth..2 6..g.g.2 6.C. cross site scripting.g. star.A 6. social networking attacks) Understand the concept of zero day exploits Click to edit Master title style © Copyright 1989 – 2010. IP addressing) Common Vulnerabilities Common Vulnerabilities Methods (e.g.3 6.E.E.3 TOPIC DESCRIPTION NETWORKS AND COMMUNICATIONS Understand security issues related to Networks Network topographies and relationships (e. spyware. bus..C. NFC) Common Vulnerabilities 7. trojan horses.B. virus.B.D.3 6.A. token ring..g. data theft.2 7.A. worms. application review.7.SSCP – Domain Updates (continued) NOTES Reworded New Reworded Reworded Reworded Reworded Reworded Reworded Reworded Reworded Reworded Reworded Reworded Reworded Reworded Reworded Reworded Reworded Reworded Reworded Reworded New New NEW CODE 6. 3G. address translation. spoofing. ransomware) Understand concepts of Trapdoors & Backdoors Understand concepts of Botnets Understand concepts of Mobile Code Deploy and manage anti-malware Software Security (e.g.A. GSM. injection.C.. code signing.
The “Certification and Accreditation (C&A)” domain has now become the “Certification and Accreditation (C&A)/Risk Management Framework (RMF)” domain. Government Information Assurance Related Policies and Issuances” domain.ISSEP – Domain Changes A.S. guidelines. Government Information Assurance Related Policies and Issuances © Copyright 1989 – 2010. (ISC)2 All Rights Reserved . B.S. laws.. Government Information Assurance (IA) Domain Domain Governance (e. OLD ISSEP Domains (Effective: March 13. policies. Government Information Assurance (IA) Governance (e. standards) U. 2011 Domain 1 Domain 2 Domain 3 Systems Security Engineering Certification and Accreditation (C&A) / Risk Management Framework (RMF) Technical Management Click to edit Master title style U. The “U.. 2010) Domain 1 Domain 2 Domain 3 System Security Engineering Certification and Accreditation (C&A) Technical Management NEW ISSEP Domains (Effective: March 2012 – Notice: July 1. policies.S. standards)” domain has now become the “U.g.S.g. laws regulations. regulations. 4 4 guidelines.
.1 Understand security and systems engineering methodologies (e.g.A. (IEEE) 1220. International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 15288) Identify data types and determine additional legal / regulatory requirements Develop system security context (e. National Institute of Standards and Technology Special Publication(NIST SP) 800-37 rev 1) Understand the purpose of C&A/RMF Identify and understand criteria used to determine applicability of U.1 2. 1.2 2.ISSEP – Domain Updates NOTES Reworded NEW CODE TOPIC DESCRIPTION 1.A.g.C.C. lifecycle models. support system. National Information Assurance Certification and Accreditation Process (NIACAP). Government C&A/RMF processes Understand the roles and responsibilities of stakeholders identified within the C&A/RMF process Click to edit Master title style Reworded Reworded Reworded 2.B © Copyright 1989 – 2010. 2. (ISC)2 All Rights Reserved .1 Reworded Reworded 2. Systems Security Engineering Capability Maturity Model (ISO/IEC 21827).F.. application) Review design constraints Assess information protection effectiveness Support security implementation.g..4 1.S.1 1.2 Reworded Reworded Reworded Reworded Reworded 1.A Certification and Accreditation (C&A) / Risk Management Framework (RMF) Understand the U. integration and test Systems Security Engineering Reworded 1. DoD Information Assurance Certification and Accreditation Process (DIACAP).S. Government C&A/RMF process to be applied (e.C.g.A.B.. Institute of Electrical and Electronics Engineers .3 1.5 1.A. INCOSE Systems Engineering Handbook) Understand process models (e.
C 2. submit reports to centralized database ) 3. Government Information Assurance Related Policies and Issuances No changes in Domain 3 from the previous version Click to edit Master title style Reworded Reworded Reworded Reworded 4.ISSEP – Domain Updates (continued) NOTES Reworded Note Reworded Reworded Reworded Reworded NEW CODE TOPIC DESCRIPTION 2.C 4. communicate results of risk analysis to certifier and accreditor. prepare and present C&A/RMF documentation to accreditor.. Certification and Accreditation (C&A) / Risk Management Framework (RMF) (continued ) Section C ( Understand Risk Management )from the previous version has been removed and the old Section D is now Section C in the 2012 CIB 2.B 4.g.D Understand national laws and policies Understand civil agency policies and guidelines Understand DoD policies and guidelines Understand applicable international standards Reworded 4.C. © Copyright 1989 – 2010. Note - Technical Management U.S.A 4.g. (ISC)2 All Rights Reserved .7 2..1 2. administrative security policies/procedures and its relationship to C&A/RMF) Identify and correlate C&A/RMF phases and tasks with systems engineering phases and tasks Support C&A/RMF activities as appropriate based on C&A/RMF tailoring (e.9 Integrate the C&A/RMF processes with systems security engineering Understand the attributes and significance of well-defined. integrated processes (e.C. register system with the appropriate information assurance program.C.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.