Professional Documents
Culture Documents
Cissp-Exam-Outline Guidelines
Cissp-Exam-Outline Guidelines
About CISSP
e Certifie In ormation S tem Securit Pro e ional CISSP i t e mo t lo all reco ni e certification
in t e in ormation ecurit mar et CISSP ali ate an in ormation ecurit ro e ional ee tec nical
an mana erial no le e an ex erience to e ecti el e i n en ineer an mana e t e o erall ecurit
o ture o an or ani ation
Experience Requirements
Can i ate mu t a e a minimum o ear cumulati e ai ull time or ex erience in or more o t e
omain o t e ISC C Can i ate ma recei e a ear ex erience ai er it a ear colle e e ree
or re ional e ui alent or a itional cre ential rom t e ISC a ro e li t t u re uirin ear o irect
ull time ro e ional ecurit or ex erience in or more o t e omain o t e CISSP C
Accreditation
CISSP a t e fir t cre ential in t e fiel o in ormation ecurit to meet t e trin ent re uirement o SI
ISO IEC Stan ar
et Securit
Securit En ineerin
Communication an et or Securit
Securit O eration
Total: 100%
1.3 Compliance
1.4 Understand legal and regulatory issues that pertain to information security in a global
context
» Com uter crime » ran or er ata o
» icen in an intellectual ro ert e » Pri ac
co ri t tra emar i ital ri t mana ement » ata reac e
» Im ort ex ort control
1.6 Develop and implement documented security policy, standards, procedures, and
guidelines
1.11 Integrate security risk considerations into acquisition strategy and practice
1.12 Establish and manage information security education, training, and awareness
2.2 Determine and maintain ownership (e.g., data owners, system owners, business/mission
owners)
2.5 Determine data security controls (e.g., data at rest, data in transit)
» a eline » Stan ar election
» Sco in an tailorin » Cr to ra
3.3 Select controls and countermeasures based upon systems security evaluation models
3.5 Assess and mitigate the vulnerabilities of security architectures, designs, and solution
elements
» Client a e e a let local cac e » i tri ute tem e clou com utin ri
com utin eer to eer
» Ser er a e e ata o control
» Cr to ra ic tem
» ata a e ecurit e in erence a re ation
ata minin ata anal tic are ou in » In u trial control tem e SC
» ar e cale arallel ata tem
3.6 Assess and mitigate vulnerabilities in web-based systems (e.g., XML, OWASP)
3.8 Assess and mitigate vulnerabilities in embedded devices and cyber-physical systems (e.g.,
network-enabled devices, Internet of things (loT))
5.7 Manage the identity and access provisioning lifecycle (e.g., provisioning, review)
6.3 Collect security process data (e.g., management and operational controls)
» ccount mana ement e e calation » ac u erification ata
re ocation » rainin an a arene
» ana ement re ie » i a ter reco er an u ine continuit
» e er ormance an ri in icator
7.10 Participate in and understand change management processes (e.g., versioning, baselining,
security impact analysis)
7.16 Participate in addressing personnel safety concerns (e.g., duress, travel, monitoring)
» u itin an lo in o c an e
» i anal i an miti ation
» cce tance te tin
Legal Info
or an ue tion relate to ISC le al olicie lea e contact t e ISC e al
e artment at le al i c or
Any Questions?
ISC Can i ate Ser ice
Par Place l Suite
Clear ater
ISC merica
el
Email in o i c or
ISC ia Pacific
el
Email i c a ia i c or
ISC E E
el
Email in o emea i c or