Official (ISC)2 Guide to the CISSP CBK, 4/e (Hardcover)

As a result of a rigorous, methodical process that (ISC)² follows to routinely update its credential exams, it has announced that enhancements will be made to both the Certified Information Systems Security Professional (CISSP) credential, beginning April 15, 2015. (ISC)² conducts this process on a regular basis to ensure that the examinations and subsequent training and continuing professional education requirements encompass the topic areas relevant to the roles and responsibilities of today’s practicing information security professionals.

Refreshed technical content has been added to the official (ISC)² CISSP CBK to reflect the most current topics in the information security industry today. Some topics have been expanded (e.g., asset security, security assessment and testing), while other topics have been realigned under different domains. The result is an exam that most accurately reflects the technical and managerial competence required from an experienced information security professional to effectively design, engineer, implement and manage an organization’s information security program within an ever-changing security landscape.

The domain names have been updated as follows:

CISSP Domains, Effective April 15, 2015

1. Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity)
2. Asset Security (Protecting Security of Assets)
3. Security Engineering (Engineering and Management of Security)
4. Communications and Network Security (Designing and Protecting Network Security)
5. Identity and Access Management (Controlling Access and Managing Identity)
6. Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
7. Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery)
8. Software Development Security (Understanding, Applying, and Enforcing Software Security)

Some candidates may be wondering how these updates affect training materials for the CISSP credential. As part of the organization’s comprehensive education strategy and certifying body best practices, (ISC)² training materials do not teach directly to its credential examinations. Rather, (ISC)² Education is focused on teaching the core competencies relevant to the roles and responsibilities of today’s practicing information security professional. It is designed to refresh and enhance the knowledge of experienced industry professionals.

由於(ISC)²定期更新其認證考試的嚴謹、有系統的流程，該組織宣布將於2015年4月15日開始對Certified Information Systems Security Professional (CISSP)認證進行改進。(ISC)²定期進行這一流程，以確保考試、相關培訓和持續專業教育要求涵蓋當今實踐信息安全專業人員的角色和責任相關的主題領域。

官方的(ISC)² CISSP CBK已經更新了技術內容，以反映當今信息安全行業中最新的主題。一些主題已經擴展（例如，資產安全、安全評估和測試），而其他主題則在不同的領域下重新調整。結果是一個考試，最準確地反映了一位經驗豐富的信息安全專業人員所需的技術和管理能力，以在不斷變化的安全環境中有效地設計、工程、實施和管理組織的信息安全計劃。

以下是更新後的領域名稱：

CISSP領域，自2015年4月15日起生效：

1. 安全與風險管理（安全、風險、合規性、法律、法規、業務連續性）
2. 資產安全（保護資產的安全）
3. 安全工程（安全的工程和管理）
4. 通信和網絡安全（設計和保護網絡安全）
5. 身份和訪問管理（控制訪問和管理身份）
6. 安全評估和測試（設計、執行和分析安全測試）
7. 安全運營（基礎概念、調查、事件管理、災難恢復）
8. 軟件開發安全（理解、應用和執行軟件安全）

一些考生可能想知道這些更新對CISSP認證的培訓材料有何影響。作為組織全面教育策略和認證機構最佳實踐的一部分，(ISC)²的培訓材料並不直接教授其認證考試的內容。相反，(ISC)²的教育重點是教授與當今實踐信息安全專業人員的角色和責任相關的核心能力。它旨在更新和增強經驗豐富的行業專業人士的知識。