• The essential goal of these recognized areas is to assist experts in building up sound information and comprehension of the data security needs of a business venture.
• With the combination of human, administrative, and specialized angles, the exam of CISSP endeavours to construct better cooperation among information and system security.
• Identify the key terms and processes of security operations and how to protect and control information processing assets in a centralized or distributed environment in this CISSP training.
• Define and apply information security governance and Risk Management Framework including the policies, concepts, principles, structures and standards that are established for the protection of information assets and how to assess the effectiveness of that protection

Domain 1: Security and Risk Management

• Legal and regulatory issues
• Confidentiality, integrity, and availability concepts
• Security governance principles
• Compliance
• Professional ethics
• Business continuity requirements
• Personnel security policies
• Threat modeling
• Risk considerations
• Security education, training, and awareness
• Security policies, standards, procedures and guidelines

Domain 2: Asset Security

• Protect privacy
• Information and asset classification
• Ownership (e.g. data owners, system owners)
• Data security controls
• Appropriate retention
• Handling requirements

Domain 3: Security Architecture and Engineering

• Security evaluation models
• Security models fundamental concepts
• Security architectures, designs, and solution elements vulnerabilities
• Security capabilities of information systems
• Engineering processes using secure design principles
• Web-based systems vulnerabilities
• Mobile systems vulnerabilities
• Cryptography
• Embedded devices and cyber-physical systems vulnerabilities
• Site and facility design secure principles
• Physical security

Domain 4: Communication and Network Security

• Secure network architecture design
• Secure communication channels
• Secure network components
• Network attacks

Domain 5: Identity and Access Management (IAM)

• Management of physical/logical access to assets
• Management of identification and authentication
• Integrate identity as a third party service
• Authorization mechanism
• Identity and access of provisioning life cycle

Domain 6: Security Assessment and Testing

• Test outputs (e.g. automated, manual)
• Security process data (e.g. management and operational controls)
• Security architectures vulnerabilities
• Security control testing
• Assessment and test strategies

Domain 7: Security Operations

• Logging and monitoring activities
• Investigations support and requirements
• Incident management
• Provisioning of resources
• Foundational security operations concepts
• Recovery strategies
• Resource protection techniques
• Physical security
• Preventative measures
• Patch and vulnerability management
• Change management processes
• Business continuity planning and exercises
• Personnel safety concerns
• Disaster recovery processes and plans

Domain 8: Software Development Security

• Development environment security controls
• Security in the software development lifecycle
• Acquired software security impact
• Software security effectiveness