The International Information Systems Security Certification Consortium, or (ISC)2 for short, was set up in 1989 as a non-profit pursuant to a felt need for a standardized, vendor-neutral information security program that demonstrated competence and global acceptance.
The most notable certification offered by (ISC)2 is the CISSP (Certified Information Systems Security Professional) certification. CISSP is recognized the world over as the gold standard for information systems security, cutting across industries and geographies. Don’t take my word for it: Go to job portals in any part of the world and type CISSP in the search box – and see for yourself how many matches you get!
Remember, when a security position is advertised, the first cut is made by an algorithm on the basis of a key-word search. When the CISSP certification is in your CV, you are much likely to be picked up by the algorithm.
The CISSP CBK (Common Body of Knowledge) is divided into 8 domains, which between them cover all areas of IT. The domains carry varying weight. The domain domains and exam weight are as follows:
| Domain # | Domain Name | Exam Weight |
|---|---|---|
|
1 |
Security & Risk Management |
15% |
|
2 |
Asset Security |
10% |
Each domain includes several topics and sub-topics. Here is an overview of the eight domains.
1. Security & Risk Management
It is not a coincidence that this domain has the largest weight in the exam. In a sense, it sets the tone for the entire course: View everything from the perspective of risk. As a security professional or an aspiring security professional, it is necessary to consider the risk involved in all our activities, the vulnerabilities in our environment and the threats. Remember, the bad guys are not sitting on their hands; new threats are being created every day.