Model:
Summary:
The Certified Information Systems Security Professional (CISSP) is a globally recognized certification in the field of information security granted by the International Information System Security Certification Consortium, also known as (ISC)². The CISSP certification is designed for security practitioners who have a deep technical and managerial knowledge and experience to effectively design, engineer, and manage the overall security posture of an organization.
The CISSP certification is structured around eight domains that cover critical topics in security today. Here's a summary of each:
- Security and Risk Management: This domain covers the policies, concepts, principles, structures, and standards used to establish criteria for developing, implementing, and managing an organization's information security. It includes topics such as compliance, law, regulations, business continuity, and risk management.
- Asset Security: This domain involves identifying and classifying information and assets. It includes the responsibilities of protecting the privacy and ensuring appropriate retention of data, determining data security controls, and establishing data handling requirements.
- Security Architecture and Engineering: This domain is concerned with the fundamental concepts of security models, design, and capabilities of systems. It involves understanding the architecture and design principles that protect the network and data of an organization, including cryptography and security systems design.
- Communication and Network Security: This domain focuses on protecting the security of data as it travels across the network. It involves designing and protecting network security, both on-premise and in the cloud, and encompasses network architecture, design, protocols, and components.
- Identity and Access Management (IAM): This domain addresses how users are identified and authenticated, and how their access is managed and controlled. It includes topics on identity and access provisioning life cycle, access control systems, and identity as a service (IDaaS).
- Security Assessment and Testing: This domain includes designing, performing, and analyzing security testing. It focuses on assessing the effectiveness of security measures within an organization and includes activities such as security process data collection, testing outputs, and security controls.
- Security Operations: This domain involves understanding and supporting the day-to-day operations of security systems. It covers topics such as operational roles, security operations, and incident management, including disaster recovery and business continuity.
- Software Development Security: The final domain addresses the critical importance of integrating security into the software development lifecycle. It includes understanding and applying security in the software development environment, and managing the environment and security of software development.
Each of these domains represents a specific area of knowledge that CISSP candidates must master to obtain the certification. The CISSP curriculum is designed to provide a comprehensive overview of the information security field and ensures that certified professionals have a deep and broad understanding of all aspects of organizational security.
