The Eight Domains You Need to Know About and Master So You Can Pass Your CISSP Certification Exam
The Certified Information Systems Security Professional (CISSP) is the most exclusive certification and an established benchmark for professionals to prove their proficiency in the field of Cybersecurity.
It validates professionals to build, manage and resolve matters pertaining to the security architecture of their organization within the standards of (ISC)².
(ISC)² or International Information System Security Certification Consortium is a non-profit international organization that develops and maintains the CISSP domains and conducts examinations around the globe for this certification.
It validates professionals to build, manage and resolve matters pertaining to the security architecture of their organization within the standards of (ISC)².
(ISC)² or International Information System Security Certification Consortium is a non-profit international organization that develops and maintains the CISSP domains and conducts examinations around the globe for this certification.
What Is (ISC)² CBK?
There are eight domains that are included in the CISSP certification exam. Candidates must have expertise in each domain to get certified by (ISC)². The domains encompass a variety of topics that help in determining the expertise of the candidate in the most essential areas of information security.
These domains are drawn from (ISC)² CBK, commonly known as Body of Knowledge. It provides a compilation of core subjects and contents that are essential for every professional in the field of Cybersecurity.
One of the most important reasons that led to the founding of (ISC)² was to standardize and maintain (ISC)² CBK for experts around the globe—establishing a common framework of information security fundamentals and allowing professionals around the globe to discuss, debate, and resolve matters in the field with shared knowledge and understanding.
Moreover, CBK also established the requirements that a competent professional should possess such as skills, procedures, and frequently used practices. In this regard, the (ISC)² CBK Committee also updates the CBK to include the latest and pertinent content necessary for practice in information security.
These domains are drawn from (ISC)² CBK, commonly known as Body of Knowledge. It provides a compilation of core subjects and contents that are essential for every professional in the field of Cybersecurity.
One of the most important reasons that led to the founding of (ISC)² was to standardize and maintain (ISC)² CBK for experts around the globe—establishing a common framework of information security fundamentals and allowing professionals around the globe to discuss, debate, and resolve matters in the field with shared knowledge and understanding.
Moreover, CBK also established the requirements that a competent professional should possess such as skills, procedures, and frequently used practices. In this regard, the (ISC)² CBK Committee also updates the CBK to include the latest and pertinent content necessary for practice in information security.
What Are the Eight CISSP Domains?
Below is a list of the eight CISSP domains that you will need to study in order to get the certification:
To be able to attempt the CISSP exam you need to have a minimum of five years of experience in at least two or more of the CISSP domains mentioned above. The required work experience can either be achieved through full-time or part-time work.
Internship experience can also be taken into account as work experience upon presenting relevant documents for proof.
Here is a more detailed description of each CISSP domain you need to study for the certification.
- Security and Risk Management
- Asset Security
- Security Architecture and Engineering
- Communications and Network Security
- Identity and Access Management
- Security Assessment and Testing
- Security Operations
- Software Development Security
To be able to attempt the CISSP exam you need to have a minimum of five years of experience in at least two or more of the CISSP domains mentioned above. The required work experience can either be achieved through full-time or part-time work.
Internship experience can also be taken into account as work experience upon presenting relevant documents for proof.
Here is a more detailed description of each CISSP domain you need to study for the certification.
1. Security and Risk Management
The Security and Risk Management domains constitute a major proportion of the content for the CISSP exam. It gives you an in-depth overview of information systems management and includes the following:
- Knowledge of integrity, confidentiality, and availability
- Application of security governance principles
- Compliance Requirements and Evaluation
- Professional Ethics Integration
- Issues concerning legalities and regulations in the information security field around the globe
- Commence planning for business continuity requirements
- Formation of personal security policies and procedures
- In-depth understanding and implementation of risk management fundamentals
- Knowledge/Content of threat modeling and technologies
- Establishing risk-based management concepts in the supply chain
- Implement training and educational programs for security awareness
2. Asset Security
The asset security domain emphasizes resource protection in an enterprise or organization. The two core concepts in this domain are information management and information ownership.
Other topics in this domain are:
Other topics in this domain are:
- Identification, classification, and ownership of information and assets
- Preventing privacy breaches
- Formation of data security controls
- Assets retention
- Handling
3. Security Architecture and Engineering
Revolving around organizational security architecture, this domain includes various aspects such as design principles, models, and secure capabilities assessment.
The main topics that you will cover in this domain are:
The main topics that you will cover in this domain are:
- Using secure design principles for engineering implementations
- Fundamental concepts of security models
- Concepts for security capabilities of information systems
- Assessing and mitigating vulnerabilities in systems
- Application of security principles and controls on site
- Cryptography/ Encryption
4. Communications and Network Security
This CISSP domain discusses the capacity to build reliable communication channels and network security. As a candidate, you should expect questions regarding diverse network design characteristics, communication norms, separation, transmitting, and wireless communications.
Other topics include:
Other topics include:
- Establishing and securing design principles in network architecture
- Building secure network components
- Securing communication channels as per established principles
5. Identity and Access Management
The identity and access management domain has content related to User Accessibility features within an organization. It allows professionals in information security to limit the access of certain data to users in a certain environment.
The main topics of this course are:
The main topics of this course are:
- Regulation of physical and logical access to assets
- Controlling and managing authentication and identification of devices, people, and services
- Implementing identity as a third-party service and its understanding
- Establishing an Authorization mechanism
- Access and Identification lifecycle
6. Security Assessment and Testing
Security Assessment and Testing deal with tools and techniques used to assess the security features and identify any shortcomings such as mistakes in codes or layouts, vulnerabilities, and areas where issues can arise in the future while making sure that they lie within the policies and systems of existing frameworks.
The main topics that come under this domain are:
The main topics that come under this domain are:
- Establishing audit strategies for internals, externals, and third parties
- Assessing security control testing
- Acquiring secure data
- Analyzing test outputs and generating a report
- Facilitation of security audits
7. Security Operations
The domain focuses on operations with investigations, monitoring, and protection techniques for security. The main topics of security operations are:
- Developing an understanding of investigations (techniques, collection, handling, and digital forensic tools)
- Protocols for investigation types
- Implementing logging and monitoring activities
- Assets inventory, configurations, and management
- Concepts for fundamental security operations
- Resource protection techniques
- Incident management
- Establishing and examining disaster recovery plans
- Disaster Recovery
- Physical security assessment
- Business Continuity planning and exercises
- Managing physical security
- Personnel security and safety
8. Software Development Security
Software Development Security focuses on the implementation and application of software security protocols on a system.
The main topics of this domain are:
The main topics of this domain are:
- Establishing security protocols throughout Software Development Life Cycle
- Implementing security controls in development environments
- Effectiveness of software security (auditing, logging, risk analysis, and mitigation)
- Assessing security
- Implementing secure coding standards and guidelines.
What Is the CISSP Linear Examination Marking Scheme?
Candidates for the CISSP Common Body of Knowledge (CBK) certification exam will be tested on the above 8 domains.
The CISSP exam has two types of tests - computerized adaptive testing (CAT) and linear, fixed-form test. The former is a 3-hour English exam consisting of 100 to 150 multiple-choice questions while the latter is a six-hour long exam in other languages consisting of 250 multiple-choice questions.
The candidate must score at least 70% on the test to succeed. CISSP pass rate remains a matter of debate among candidates because of how challenging the exam is.
The CISSP certification exam is revised to include recommended practices for mitigating flaws, to emphasize the most essential challenges that cybersecurity professionals are experiencing right now. Therefore, each domain has been allotted a respective weightage in the CISSP certification examination.
The CISSP exam has two types of tests - computerized adaptive testing (CAT) and linear, fixed-form test. The former is a 3-hour English exam consisting of 100 to 150 multiple-choice questions while the latter is a six-hour long exam in other languages consisting of 250 multiple-choice questions.
The candidate must score at least 70% on the test to succeed. CISSP pass rate remains a matter of debate among candidates because of how challenging the exam is.
The CISSP certification exam is revised to include recommended practices for mitigating flaws, to emphasize the most essential challenges that cybersecurity professionals are experiencing right now. Therefore, each domain has been allotted a respective weightage in the CISSP certification examination.
Getting CISSP Certified
CISSP certification can improve your future prospects if you are pursuing a career in the information systems security field, however, you must have five years of experience in at least two different domains in order to take this exam.
However, you can also fulfill the requirement of 5 years of work experience and may be eligible for a one-year remission if you have any one of the following:
It is important to remember that these two categories cannot be combined, which means that a person with four years of a college degree and an (ISC)² approved certification will only get one year off the five-year professional experience requirement.
However, you can also fulfill the requirement of 5 years of work experience and may be eligible for a one-year remission if you have any one of the following:
- If you have a four-year college degree
- If you have graduated with honors from the National Center of Academic Excellence in Information Security in the United States (CAE IAE)
- If you have a certification from an organization that is approved by (ISC)² these include the titles of Certified Information Systems Auditor (CISA), Microsoft Certified Systems Engineer (MCSE), and CompTIA Security+
It is important to remember that these two categories cannot be combined, which means that a person with four years of a college degree and an (ISC)² approved certification will only get one year off the five-year professional experience requirement.
How To Master the 8 Domains of the CISSP Certification Exam
CISSP is a very demanding exam if you are not prepared. But worry not because if you get the right guidance and help you can succeed in it.
However, before you can begin your preparation for the exams you should try to understand and learn about your examinations training.
However, before you can begin your preparation for the exams you should try to understand and learn about your examinations training.
Understanding CISSP Training
You can train for CISSP by choosing between two options, either you can opt for (ISC)² official training program or look for a third-party alternative.
The (ISC)² official training costs a mammoth $2,795 which is very expensive if we compare it to the other option. Therefore, third-party training providers will be the best option for you if you have a limited budget.
But it is recommended that you should do your due diligence before you opt for a training program. Some programs that are being offered are not beneficial, especially cheaper ones because they do not provide expert guidance and lack any substance.
Moving forward, another thing you will need to consider is whether you want to opt for online or classroom learning. In the end, it will draw down your preference. Each of these learning methods has its own pros and cons.
Lastly, you should do some research regarding the training program’s reputation with previous students and candidates. Certain training providers are endorsed by (ISC)², however, it is not necessary to opt for them because unofficial trainers also provide well-rounded programs at affordable prices.
Even though choosing to simply employ a self-study approach could seem daring, it might not be the wisest course of action. It's critical to realize that, even for entry-level credentials, passing exams necessitates in-depth knowledge of multiple different topics.
Remember that your first step towards achieving this feat is to understand the challenge ahead.
The (ISC)² official training costs a mammoth $2,795 which is very expensive if we compare it to the other option. Therefore, third-party training providers will be the best option for you if you have a limited budget.
But it is recommended that you should do your due diligence before you opt for a training program. Some programs that are being offered are not beneficial, especially cheaper ones because they do not provide expert guidance and lack any substance.
Moving forward, another thing you will need to consider is whether you want to opt for online or classroom learning. In the end, it will draw down your preference. Each of these learning methods has its own pros and cons.
Lastly, you should do some research regarding the training program’s reputation with previous students and candidates. Certain training providers are endorsed by (ISC)², however, it is not necessary to opt for them because unofficial trainers also provide well-rounded programs at affordable prices.
Even though choosing to simply employ a self-study approach could seem daring, it might not be the wisest course of action. It's critical to realize that, even for entry-level credentials, passing exams necessitates in-depth knowledge of multiple different topics.
Remember that your first step towards achieving this feat is to understand the challenge ahead.
Making A Study Schedule
Since the eight domains of CISSP contain a wide range of topics, it is very important to formulate a study schedule to cover them effectively. The CISSP exam’s material is revised to reflect the latest problems and best practices cybersecurity professionals must deal with.
Make sure that you plan accordingly and have enough time to completely cover the CBK at least once. This should also include practice tests, participating in online forums, and paying extra attention to areas where you are weak. Always remember, there is no substitute for preparation, and you may find the guidance you need by downloading the free CISSP Now! Ebook.
Make sure that you plan accordingly and have enough time to completely cover the CBK at least once. This should also include practice tests, participating in online forums, and paying extra attention to areas where you are weak. Always remember, there is no substitute for preparation, and you may find the guidance you need by downloading the free CISSP Now! Ebook.
Attempting Mock Tests
The most surefire way to master the CISSP exam questions and the intricacies of the exam is to attempt mock tests. No CISSP candidate should attempt the test without practice questions.
Mock tests are an important part of your journey toward CISSP exam day because they will help you determine your strengths and weaknesses. This way you can focus your efforts on domains and content that you have not prepared well.
These tests will also help you to increase your speed of answering a question so you can improve your time management and complete your actual exam within the given time.
However, when you choose any mock test source make sure that it is an official (ISC)² CISSP guide. You can also take into account other additional sources that provide reliable training test data to help you master the exam.
Mock tests are an important part of your journey toward CISSP exam day because they will help you determine your strengths and weaknesses. This way you can focus your efforts on domains and content that you have not prepared well.
These tests will also help you to increase your speed of answering a question so you can improve your time management and complete your actual exam within the given time.
However, when you choose any mock test source make sure that it is an official (ISC)² CISSP guide. You can also take into account other additional sources that provide reliable training test data to help you master the exam.
Frequently Asked Questions (FAQs)
What changes are taking place in CISSP 2022?
The Computerized Adaptive Testing (CAT) CISSP examinations have started adding pretest items and time from June 1, 2022. The previous CISSP exam had 25 pretest items. By adding 25 more items, the total number of pretest items in the exam reached 50. As a result, the CISSP exam has increased from 100 to 150 points to 125 to 175 points.
Do you need to pass all domains in CISSP?
Yes. You need to have proficiency in each domain to pass the CISSP exam.
What is the cost of the CISSP certification exam?
The cost of the CISSP exam is $699, but this cost can vary depending on where you will be giving your exam.
You will have to pay $50 if you decide to reschedule the exam. This is why it is recommended to book the exam if you are fully sure about appearing in it. Plus, if you decide to cancel your exam you will have to pay $100.
Another important aspect to keep in mind is that when you are planning to get CISSP certified, keep in mind the cost of training as well. Most training programs cost more than the exam registration fee.
And it would be best if you also weighed the possibility of not passing the exam on the first attempt, too. Only 20 percent of CISSP candidates pass the exam on their first attempt. This will help you think rationally and to be ready for the worst-case scenario.
You will have to pay $50 if you decide to reschedule the exam. This is why it is recommended to book the exam if you are fully sure about appearing in it. Plus, if you decide to cancel your exam you will have to pay $100.
Another important aspect to keep in mind is that when you are planning to get CISSP certified, keep in mind the cost of training as well. Most training programs cost more than the exam registration fee.
And it would be best if you also weighed the possibility of not passing the exam on the first attempt, too. Only 20 percent of CISSP candidates pass the exam on their first attempt. This will help you think rationally and to be ready for the worst-case scenario.
What is the CISSP certification renewal policy?
If you can get CISSP certification successfully, you should keep in mind that the CISSP certificate must be renewed once every 3 years for $85/year.
However, it’s not just about the fees; you need to earn 40 PCEs (Continuing Professional Education) every year over a 3-year period to become eligible for recertification.
Some of the activities will cost you money, but since you would have become a member of (ISC)² after passing the exam and being an endorsed holder, you will be able to earn PCEs through discounted or even free training programs or seminars.
However, it’s not just about the fees; you need to earn 40 PCEs (Continuing Professional Education) every year over a 3-year period to become eligible for recertification.
Some of the activities will cost you money, but since you would have become a member of (ISC)² after passing the exam and being an endorsed holder, you will be able to earn PCEs through discounted or even free training programs or seminars.
Final Thoughts
If you plan on attempting the CISSP certification exam in near future, you should start planning for it. This exam is very comprehensive and requires the candidate to have in-depth knowledge of multiple domains.
Most people who have not attempted this exam are unaware of the amount of information that they are expected to learn/retain, others are unprepared for what lies ahead. The test is specifically designed to cover such vast knowledge and this is why it is the most sought-after certification in the world.
Regardless of how hard the CISSP exam is, you can still pass the exam with flying colors if you prepare well and have a study strategy in place. The above-mentioned information will help you understand this examination and help you to master its eight key domains.
Most people who have not attempted this exam are unaware of the amount of information that they are expected to learn/retain, others are unprepared for what lies ahead. The test is specifically designed to cover such vast knowledge and this is why it is the most sought-after certification in the world.
Regardless of how hard the CISSP exam is, you can still pass the exam with flying colors if you prepare well and have a study strategy in place. The above-mentioned information will help you understand this examination and help you to master its eight key domains.
Thinking about CISSP certification? Take the next step and sign-up for your free CISSP NOW! ebook study guide!