The CISSP Common Body of Knowledge (CBK) is organized into eight distinct domains. Mastery of these areas is essential for professional certification and robust enterprise security architecture.
Focuses on confidentiality, integrity, availability, compliance, legal issues, and professional ethics.
Covers data classification, ownership, retention, and security controls for information assets.
Covers security models, cryptography, physical security, and site/facility design.
Details secure network architecture, communication protocols, and secure network components.
Focuses on access control models, identity management, and lifecycle provisioning.
Covers vulnerability assessment, penetration testing, and security audit strategies.
Includes incident response, disaster recovery, investigations, and physical security.
Covers SDLC phases, security within the development lifecycle, and database security.