CISSP domain changes incoming

By Sarah Morgan

As the modern information security landscape changes, the CISSP exam has to change with it. Effective April 15 2015, the CISSP will be based on a new exam blueprint and feature updated domains.

Refreshed content has been added to the Official CISSP CBK to reflect the most current topics in the information security industry. As a result, the updated CISSP exam will continue to accurately reflect the technical and managerial competence required by information security professionals.

Those familiar with (ISC)2 will not be surprised by their latest domain refresh. As (ISC)2 themselves state – “We conduct this process on a regular basis to ensure that the examinations and subsequent training and continuing professional education requirements encompass the topic areas relevant to the roles and responsibilities of today’s practicing information security professionals.”

What’s changing?

Effective 15 April, 2015 the CISSP domains will look like this (find the current domains here):

1. Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity) 
2. Asset Security (Protecting Security of Assets)
3. Security Engineering (Engineering and Management of Security) 
4. Communications and Network Security (Designing and Protecting Network Security) 
5. Identity and Access Management (Controlling Access and Managing Identity) 
6. Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing) 
7. Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery) 
8. Software Development Security (Understanding, Applying, and Enforcing Software Security) 

The keen eyed will notice that the domain refresh reduces the number of domains from ten to eight. However, (ISC)2 stress that the CBK remains as comprehensive as ever. Content has been ‘refreshed and reorganised to include the most current information and best practices relevant to the global security industry.’

FAQ

Q. How does the refresh affect the CISSP prerequisites?

A. The prerequisites will not change. You will still be required to possess a minimum of five years of cumulative paid full-time work experience in two out of the eight domains.

Q. I already hold the CISSP – how will these changes affect my CPE submissions?

A. Starting April 15, 2015 all CISSPs will be required to submit their continuing professional education credits in accordance with the refreshed CISSP domains.

Q. Will the new domains affect the number of exam questions, or duration of the exam?

A. No – your CISSP exam will still have the same number of questions and the time you are allotted will not be affected.

Q. Will there be new training materials for the CISSP?

The content within (ISC)2 training materials will be updated to align with the new CISSP domains. See the below table to find the launch dates for these new training products.

Q. Where can I find more information?

A. Refer to (ISC)2’s official FAQ or blog post for more information regarding the CISSP domain refresh.


Related articles:

• (ISC)2 CISSP – Official vs. Unofficial
• How to become a CISSP
• Best IT certifications for 2015

About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.