The CISSP Exam covers 10 separate sections which is considered as the Common Body of Knowledge:
- Access Control
Understanding the concepts revolving around authentication. Covers role-based access controls and discretionary access.
- Application Security
The security around applications. Covers the whole systems development life cycle, development process, application securiy and controls, change management, interfaces, and over application integrity.
- Business Continuity and Disaster Recovery Planning
Planning in preparation of a disaster. To ensure continuity of critical business operations should an unexpected disaster occurs. Covers the use of hot sites, backups, and the overall planning and preparation.
The art of encryption and securing the transmission of data. Understand the how cryptography has evolved and where it is today. Understand the requirements and the criticality of cryptography in the business environment.
- Information Security and Risk Management
Development of an organization wide security management policy. Securing the company’s information assets, implementation of these standards and guidelines to maintain availability, integrity, and confidentiality.
- Legal, Regulations, Compliance and Investigations
Laws and regulations governing cyberspace. Understand the impacts regulation has and the difference in laws between countries. Investigations must follow strict guidelines as implied under the law. Covers the ethics and code of conduct for a security professional in the technology world.
- Operations Security
The day-to-day operations the keep the organization running. Understand how IT operations continue under general computing controls and working with IT resources.
- Physical (Environmental) Security
The threats and vulnerabilities that must be mitigated through proper physical security measures to protect the organizations information assets.
- Security Architecture and Design
The concepts and principles behind implementing an effect security architecture within the organizations. From networks to routers to data centers and applications. Enforce different levels of security measures.
- Telecommunications and Network Security
The backbone of an organization to transmit information across servers, applications, and individuals. Security information assets providing proper availability, integrity, and confidentiality.