what are the 8 cissp domains

It takes more than just passing the CISSP exam to become a CISSP. Candidates must have five years of hands-on experience working in at least two of the eight CISSP areas on a full-time basis.

CISSP 8 Domains

1. Security And Risk Management :

It makes up around 15% of the CISSP exam. This is the CISSP domain with the most content, giving you a thorough overview of all you should know about information systems management. It includes -

The confidentiality, integrity, and availability of information;
Security governance principles
Compliance requirements
Difficulties with information security law and regulation
IT policies and procedures
Risk-based management concepts

2. Asset Security :

The CISSP domain focuses on resource protection. It addresses roughly 10% of the CISSP exam. Information management and the concept of information ownership are two subjects covered by asset security. It includes the abilities of many jobs about data management, ownership, and processing, privacy concerns, and usage limitations. It covers -

Managing requirements
Data security restrictions
Safeguarding privacy
Asset's retention
Categorization and possession of data

3. Security Architecture And Engineering

13% of the CISSP exam is made up of security engineering. Several significant information security principles are covered in this sector, including -

Engineering processes using secure design principles.
Fundamental concepts of security models
Security capabilities of information systems
Assessing and mitigating vulnerabilities in systems
Cryptography
Designing and implementing physical security

4. Communications and Network Security

The CISSP domain is concerned with establishing and maintaining network security. It comprises roughly 13% of the CISSP exam. It talks about the capacity to build dependable communication channels and network security. Questions on diverse network design characteristics, communication norms, separation, transmitting, and wireless communications will be presented to applicants. Network security and communications features include -

Protecting network parts
Protecting communication channels
The use of layout values in network design and their protection

5. Identity and Access Management

This CISSP domain includes the tools and techniques used to assess the security of procedures and identify flaws, mistakes in coding or layout, vulnerabilities, and potentially problematic areas that policies and systems are unable to address. It comprises roughly 12% of the CISSP exam. Security testing and assessment include:

Physical and logical access to assets
Identification and authentication
integrating third-party identification services with identity as a service
Authorization mechanisms
The identity and access provisioning lifecycle

6. Security Assessment and Testing

Vulnerability assessment and penetration testing
Disaster recovery
Business continuity plans
Awareness training for clients

7. Security Operations

13% of the CISSP exam is devoted to security operations. The execution of plans is the topic of this domain. It includes:

Understanding and supporting investigations
Requirements for investigation types
Logging and monitoring activities
Securing the provision of resources
Foundational security operations concepts
Applying resource protection techniques
Incident management
Disaster recovery
Managing physical security
Business continuity

8. Software Development Security

This CISSP topic involves how the security data system professional works to enforce security laws on software systems surrounded by an environment. Security for Software Development includes -

Examining hazard evaluation
Detecting weaknesses in source codes

Thank you , for going through the content hope it has helped you .

What are the 8 CISSP Domains?