CISSP 1

Security and Risk Management

The domain addresses the framework and policies, concepts, principles, structures, and standards used to establish criteria for the protection of information assets and to assess the effectiveness of that protection.

Asset Security

The domain contains the concepts, priciples, structures and standards used to monitor and secure assets and those controls used to enforce various levels of confidentiality, integrity, and availability.

Security Engineering

Concepts, priciples, structures and standards to design, implement, monitor, and secure operating systems, equipment, networks, applications, and those controls used to enforce various levels of confidentiality, integrity and availability.

Communication and Network Security

The domain encompasses the structures, transmission methods, transport formats, and security measures used to provide confidentiality, integrity, and availability for transmissions over private and public communications networks and media.

Identity and Access Management

A single domain withing the CISSP Common Body of Knowledge, it is the most pervasive and omnipresent aspect of information security.

Security Assessment and Testing

A point-of-time based testing methods used to determine vulnerabilities and associated risks. Mature system development lifecycles include security testing and assessment as part of the development, operations and disposition phases of a system's life.

Security Operations

Identifying critical information and execution of selected measures that eliminate or reduce adversary exploitations of critical information. Also definition of the controls over hardware, media, and operators with access privileges to any resources.

Software Development Security

Security professional is prepared to: understand and apply security in the software development lifecycle, enforce security controls in the development environment, assess the effectiveness of software security, and assess software acquisition security.