Post Mon Jun 08, 2009 9:09 am

Changes to the CISSP

The CISSP is changing!  The CISSP is changing!  From a Shon Harris blog ( ... management) some of the changes include changing the names of the 10 domains:

  • Access Control
    Application Security
    Business Continuity and Disaster Recovery Planning
    Information Security and Risk Management
    Legal, Regulations, Compliance and Investigations
    Operations Security
    Physical (Environmental) Security
    Security Architecture and Design
    Telecommunications and Network Security

Here is the additional material covered in the CISSP certification.

  • Information Security Risk Management
    New – Security program and blueprints
    New – Risk Models
    Access Control
    New – Identity Management
    New – more block cipher modes and integrity controls
    New – more attack types
    Physical Security - Environmental
    New – Light types, CCTV, lock picking, lock type
    New – More focus on methodology and process
    Application Security
    New – more focus on methodology and process
    New – web site and application security
    New – more malware types and attack types
    Business Continuity and Disaster Recovery Planning
    New – more focus on methodology and process
    Telecommunications and Network
    New – 802.11 types and security
    New – instant messaging
    Operations Security
    New - Vulnerability and Penetration Testing
    New - Attack Types
    New – Malware Control Types
    Security Architecture and Design
    New – enterprise architecture, building, maintaining, holistic security, security trust zones, Zackman Framework
    New – less Orange Book and more Common Criteria
    Legal, Regulations, Compliance and Investigation
    New - types of Laws
    New – focus on forensics and methodology

Of course Shon's blog has all the updated links to the training material, other blogs specifically regarding individual changes, and schtuff.