MKKPRO

What is new in CISSP 2024?

Published On: 20/02/2024 Author: MKK

What is new in CISSP 2024 Refresh?

The CISSP exam, a top-tier gold standard security certification, is familiar with this melody. ISC2 usually update every three years to keep up with the changing market. We are now at the beginning of the latest CISSP upgrade. What outcomes might we anticipate from these changes?

We examine them in depth in this article so that you can comprehend what is new, what is not, and what this means for aspiring CISSP professionals.  In essence, this refresh to the examination itinerary is negligible in my opinion. Let’s see it in ground reality

When & what is refreshing?

An enhancement to the CISSP examination is scheduled for April 15, 2024. We are aware that ISC2 places significant emphasis on precision and pertinence. Through their steadfast commitment to these periodic exam updates, they demonstrate their unwavering determination to safeguard the CISSP certification’s esteemed standing within the information security sector.

Preserving the exam’s alignment with the practicalities and obstacles encountered by contemporary cybersecurity practitioners is more important than merely advocating for change.

Here is the overall domain weightage table: To be precise only two domains are changing as far as weightage is concerned which is domain1 – Security & Risk Management and domain8 – Software Development Security, rest are all unchanged.

Domains2021 Weightage2024 Weightage
1. Security and Risk Management15%16%
2. Asset Security10%10%
3. Security Architecture and Engineering13%13%
4. Communication and Network Security13%13%
5. Identity and Access Management (IAM)12%12%
6. Security Assessment and Testing12%12%
7. Security Operations13%13%
8. Software Development Security11%10%

Here is the section-wise, more detailed comparison chart, which I will highlight what is removed in red colour, what is added in blue colour and changed in Amber colour

Syllabus changed in May 1st 2021 Syllabus changing in April 15th 2024
1Domain 1 – Security and Risk Management1Domain 1 – Security and Risk Management
1.1Understand, adhere to, and promote professional ethics1.1Understand, adhere to, and promote professional ethics
1.1.1(ISC)² Code of Professional Ethics1.1.1(ISC)² Code of Professional Ethics
1.1.2Organizational code of ethics1.1.2Organizational code of ethics
1.2Understand and apply security concepts1.2Understand and apply security concepts
1.2.1Confidentiality, integrity, and availability, authenticity and nonrepudiation1.2.1Confidentiality, integrity, and availability, authenticity, and nonrepudiation (5 Pillars of Information Security)
1.3Evaluate and apply security governance principles1.3Evaluate, apply, and sustain security governance principles
1.3.1Alignment of the security function to business strategy, goals, mission, and objectives1.3.1Alignment of the security function to business strategy, goals, mission, and objectives
1.3.2Organizational processes (e.g., acquisitions, divestitures, governance committees)1.3.2Organizational processes (e.g., acquisitions, divestitures, governance committees)
1.3.3Organizational roles and responsibilities1.3.3Organizational roles and responsibilities
1.3.4Security control frameworks1.3.4Security control frameworks (e.g., International Organization for Standardization (ISO), National Institute of Standards and Technology (NIST), Control Objectives for Information and Related Technology (COBIT), Sherwood Applied Business Security Architecture (SABSA), Payment Card Industry (PCI), Federal Risk and Authorization Management Program (FedRAMP))
1.3.5Due care/due diligence1.3.5Due care/due diligence
1.5Understand legal and regulatory issues that pertain to information security in a holistic context1.4Understand legal, regulatory, and compliance issues that pertain to information security in a holistic context
1.5.1Cybercrimes and data breaches1.4.1Cybercrimes and data breaches
1.5.2Licensing and Intellectual Property (IP) requirements1.4.2Licensing and Intellectual Property requirements
1.5.3Import/export controls1.4.3Import/export controls
1.5.4Transborder data flow1.4.4Transborder data flow
1.5.5Privacy
1.4.5Issues related to privacy (e.g., General Data Protection Regulation (GDPR), California Consumer Privacy Act, Personal Information Protection Law, Protection of Personal Information Act)
1.4.6Contractual, legal, industry standards, and regulatory requirements
1.4Determine compliance and other requirements
1.4.1Contractual, legal, industry standards, and regulatory requirements
1.4.2Privacy requirements
1.6Understand requirements for investigation types (i.e., administrative, criminal, civil, regulatory, industry standards)1.5Understand requirements for investigation types (i.e., administrative, criminal, civil, regulatory, industry standards)
1.7Develop, document, and implement security policy, standards, procedures, and guidelines1.6Develop, document, and implement security policy, standards, procedures, and guidelines
1.8Identify, analyze, and prioritize Business Continuity (BC) requirements1.7Identify, analyze, assess, prioritize, and implement Business Continuity (BC) requirements
1.8.1Business Impact Analysis (BIA)1.7.1Business Impact Analysis (BIA)
1.8.2Develop and document the scope and the plan
1.7.2External dependencies
1.9Contribute to and enforce personnel security policies and procedures1.8Contribute to and enforce personnel security policies and procedures
1.9.1Candidate screening and hiring1.8.1Candidate screening and hiring
1.9.2Employment agreements and policies1.8.2Employment agreements and policy driven requirements
1.9.3Onboarding, transfers, and termination processes1.8.3Onboarding, transfers, and termination processes
1.9.4Vendor, consultant, and contractor agreements and controls1.8.4Vendor, consultant, and contractor agreements and controls
1.9.5Compliance policy requirements
1.9.6Privacy policy requirements
1.10Understand and apply risk management concepts1.9Understand and apply risk management concepts
1.10.1Identify threats and vulnerabilities1.9.1Threat and vulnerability identification
1.10.2Risk assessment/analysis1.9.2Risk analysis, assessment, and scope
1.10.3Risk response1.9.3Risk response and treatment (e.g., cybersecurity insurance)
1.10.4Countermeasure selection and implementation
1.10.5Applicable types of controls (e.g., preventive, detective, corrective)1.9.4Applicable types of controls (e.g., preventive, detection, corrective)
1.10.6Control assessments (security and privacy)1.9.5Control assessments (e.g., security and privacy)
1.10.7Monitoring and measurement1.9.6Continuous monitoring and measurement
1.10.8Reporting1.9.7Reporting (e.g., internal, external)
1.10.9Continuous improvement (e.g., Risk maturity modeling)1.9.8Continuous improvement (e.g., risk maturity modeling)
1.10.10Risk frameworks1.9.9Risk frameworks (e.g., International Organization for Standardization (ISO), National Institute of Standards and Technology (NIST), Control Objectives for Information and Related Technology (COBIT), Sherwood Applied Business Security Architecture (SABSA), Payment Card Industry (PCI))
1.11Understand and apply threat modeling concepts and methodologies1.10Understand and apply threat modeling concepts and methodologies
1.12Apply Supply Chain Risk Management (SCRM) concepts1.11Apply supply chain risk management (SCRM) concepts
1.12.1Risks associated with hardware, software, and services1.11.1Risks associated with the acquisition of products and services from suppliers and providers (e.g., product tampering, counterfeits, implants)
1.12.2Third-party assessment and monitoring1.11.2Risk mitigations (e.g., third-party assessment and monitoring, minimum security requirements, service level requirements, silicon root of trust, physically unclonable function, software bill of materials)
1.12.3Minimum security requirements
1.12.4Service-level requirements
1.13Establish and maintain a security awareness, education, and training program1.12Establish and maintain a security awareness, education, and training program
1.13.1Methods and techniques to present awareness and training (e.g., social engineering, phishing, security champions, gamification)1.12.1Methods and techniques to increase awareness and training (e.g., social engineering, phishing, security champions, gamification)
1.13.2Periodic content reviews1.12.2Periodic content reviews to include emerging technologies and trends (e.g., cryptocurrency, artificial intelligence (AI), blockchain)
1.13.3Program effectiveness evaluation1.12.3Program effectiveness evaluation
2Domain 2- Asset Security2Domain 2- Asset Security
2.1Identify and classify information and assets2.1Identify and classify information and assets
2.1.1Data classification2.1.1Data classification
2.1.2Asset Classification2.1.2Asset Classification
2.2Establish information and asset handling requirements2.2Establish information and asset handling requirements
2.3Provision resources securely2.2.3Provision information and assets securely
2.3.1Information and asset ownership2.3.1Information and asset ownership
2.3.2Asset inventory (e.g., tangible, intangible)2.3.2Asset inventory (e.g., tangible, intangible)
2.3.3Asset management2.3.3Asset management
2.4Manage data lifecycle2.4Manage data lifecycle
2.4.1Data roles (i.e., owners, controllers, custodians, processors, users/subjects)2.4.1Data roles (i.e., owners, controllers, custodians, processors, users/subjects)
2.4.2Data collection2.4.2Data collection
2.4.3Data location2.4.3Data location
2.4.4Data maintenance2.4.4Data maintenance
2.4.5Data retention2.4.5Data retention
2.4.6Data remanence2.4.6D2.4.5ata remanence
2.4.7Data destruction2.4.7Data destruction
2.5Ensure appropriate asset retention (e.g., End-of-Life (EOL), End-of-Support (EOS))2.5Ensure appropriate asset retention (e.g., End of Life (EOL), End of Support)
2.6Determine data security controls and compliance requirements2.6Determine data security controls and compliance requirements
2.6.1Data states (e.g., in use, in transit, at rest)2.6.1Data states (e.g., in use, in transit, at rest)
2.6.2Scoping and tailoring2.6.2Scoping and tailoring
2.6.3Standards selection2.6.3Standards selection
2.6.4Data protection methods (e.g., Digital Rights Management (DRM), Data Loss Prevention (DLP), Cloud Access Security Broker (CASB))2.6.4Data protection methods (e.g., Digital Rights Management (DRM), data loss prevention (DLP), cloud access security broker (CASB))
3Domain 3 – Security Architecture and Engineering3Domain 3 – Security Architecture and Engineering
3.1Research, implement and manage engineering processes using secure design principles3.1Research, implement, and manage engineering processes using secure design principles
3.1.1Threat modeling3.1.13.1.2
3.1.2Least privilege3.1.2Least privilege
3.1.3Defense in depth3.1.3Defense in depth
3.1.4Secure defaults3.1.4Secure defaults
3.1.5Fail securely3.1.5Fail securely
3.1.6Separation of Duties (SoD)3.1.6Separation of Duties (SoD)
3.1.7Keep it simple3.1.7Keep it simple and small
3.1.8Zero Trust3.1.8Zero trust or trust but verify
3.1.9Privacy by design3.1.9Privacy by design
3.1.10Trust but verify
3.1.11Shared responsibility3.1.10Shared responsibility
3.1.11Secure access service edge
3.2Understand the fundamental concepts of security models (e.g., Biba, Star Model, Bell-LaPadula)3.2Understand the fundamental concepts of security models (e.g., Biba, Star Model, Bell-LaPadula)
3.3Select controls based upon systems security requirements3.3Select controls based upon systems security requirements
3.4Understand security capabilities of Information Systems (IS) (e.g., memory protection, Trusted Platform Module (TPM), encryption/decryption)3.4Understand security capabilities of Information Systems (e.g., memory protection, Trusted Platform Module (TPM), encryption/decryption)
3.5Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements3.5Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements
3.5.1Client-based systems3.5.1Client-based systems
3.5.2Server-based systems3.5.2Server-based systems
3.5.3Database systems3.5.3Understand the fundamental concepts of security models
3.5.4Cryptographic systems3.5.4Cryptographic systems
3.5.5Industrial Control Systems (ICS)3.5.5Operational Technology/industrial control systems (ICS)
3.5.6Cloud-based systems (e.g., Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS))3.5.6Cloud-based systems (e.g., Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS))
3.5.7Distributed systems3.5.7Distributed systems
3.5.8Internet of Things (IoT)3.5.8Internet of Things (IoT)
3.5.9Microservices3.5.9Microservices (e.g., application programming interface (API))
3.5.10Containerization3.5.10Containerization
3.5.11Serverless3.5.11Serverless
3.5.12Embedded systems3.5.12Embedded systems
3.5.13High-Performance Computing (HPC) systems3.5.13High-Performance Computing systems
3.5.14Edge computing systems3.5.14Edge computing systems
3.5.15Virtualized systems3.5.15Virtualized systems
3.6Select and determine cryptographic solutions3.6Select and determine cryptographic solutions
3.6.1Cryptographic life cycle (e.g., keys, algorithm selection)3.6.1Cryptographic life cycle (e.g., key management, algorithm selection)
3.6.2Cryptographic methods (e.g., symmetric, asymmetric, elliptic curves, quantum)3.6.2Cryptographic methods (e.g., symmetric, asymmetric, elliptic curves)
3.6.3Public Key Infrastructure (PKI)3.6.3Public key infrastructure (PKI) (e.g., quantum key distribution)
3.6.4Key management practices3.6.4Key management practices (e.g., rotation)
3.6.5Digital signatures3.6.5Digital signatures and digital certificates (e.g., non-repudiation, integrity)
3.6.6Non-repudiation
3.6.7Integrity (e.g., hashing)
3.7Understand methods of cryptanalytic attacks3.7Understand methods of cryptanalytic attacks
3.7.1Brute force3.7.1Brute force
3.7.2Ciphertext only3.7.2Ciphertext only
3.7.3Known plaintext3.7.3Known plaintext
3.7.4Frequency analysis3.7.4Frequency analysis
3.7.5Chosen ciphertext3.7.5Chosen ciphertext
3.7.6Implementation attacks3.7.6Implementation attacks
3.7.7Side-channel3.7.7Side-channel
3.7.8Fault injection3.7.8Fault injection
3.7.9Timing3.7.9Timing
3.7.10Man-in-the-Middle (MITM)3.7.10Man-in-the-Middle (MITM)
3.7.11Pass the hash3.7.11Pass the hash
3.7.12Kerberos exploitation3.7.12Kerberos exploitation
3.7.13Ransomware3.7.13Ransomware
3.8Apply security principles to site and facility design3.8Apply security principles to site and facility design
3.9Design site and facility security controls3.9Design site and facility security controls
3.9.1Wiring closets/intermediate distribution facilities3.9.1Wiring closets/intermediate distribution frame
3.9.2Server rooms/data centers3.9.2Server rooms/data centers
3.9.3Media storage facilities3.9.3Media storage facilities
3.9.4Evidence storage3.9.4Evidence storage
3.9.5Restricted and work area security3.9.5Restricted and work area security
3.9.6Utilities and Heating, Ventilation, and Air Conditioning (HVAC)3.9.6Utilities and Heating, Ventilation, and Air Conditioning (HVAC)
3.9.7Environmental issues3.9.7Environmental issues (e.g., natural disasters, man-made)
3.9.8Fire prevention, detection, and suppression3.9.8Fire prevention, detection, and suppression
3.9.9Power (e.g., redundant, backup3.9.9Power (e.g., redundant, backup)
3.9.9Power (e.g., redundant, backup3.9.10Power (e.g., redundant, backup)
3.10Manage the information system lifecycle
3.10.1Stakeholders needs and requirements
3.10.2Requirements analysis
3.10.3Architectural design
3.10.4Development /implementation
3.10.5Integration
3.10.6Verification and validation
3.10.7Transition/deployment
3.10.8Operations and maintenance/sustainment
3.10.9Retirement/disposal
4Domain 4 – Communication and Network Security4Domain 4 – Communication and Network Security
4.1Assess and implement secure design principles in network architectures4.1Apply secure design principles in network architectures
4.1.1Open System Interconnection (OSI) and Transmission Control Protocol/Internet Protocol (TCP/IP) models4.1.1Open System Interconnection (OSI) and Transmission Control Protocol/Internet Protocol (TCP/IP) models
4.1.2Internet Protocol (IP) networking (e.g., Internet Protocol Security (IPSec), Internet Protocol (IP) v4/6)4.1.2Internet Protocol (IP) version 4 and 6 (IPv6) (e.g., unicast, broadcast, multicast, anycast)
4.1.3Secure protocols4.1.3Secure protocols (e.g., Internet Protocol Security (IPSec), Secure Shell (SSH), Secure Sockets Layer (SSL)/Transport Layer Security (TLS))
4.1.4Implications of multilayer protocols4.1.4Implications of multilayer protocols
4.1.5Converged protocols (e.g., Fiber Channel Over Ethernet (FCoE), Internet Small Computer Systems Interface (iSCSI), Voice over Internet Protocol (VoIP))4.1.5Converged protocols (e.g., Internet Small Computer Systems Interface (iSCSI), Voice over Internet Protocol (VoIP), InfiniBand over Ethernet, Compute Express Link)
4.1.6Micro-segmentation (e.g., Software Defined Networks (SDN), Virtual eXtensible Local Area Network (VXLAN), Encapsulation, Software-Defined Wide Area Network (SD-WAN))
4.1.6Transport architecture (e.g., topology, data/control/management plane, cut-through/store-and-forward)
4.1.7Performance metrics (e.g., bandwidth, latency, jitter, throughput, signal-to-noise ratio)
4.1.8Traffic flows (e.g., north-south, east-west)
4.1.9Physical segmentation (e.g., in-band, out-of-band, air-gapped)
4.1.10Logical segmentation (e.g., virtual local area networks (VLANs), virtual private networks (VPNs), virtual routing and forwarding, virtual domain)
4.1.11Micro-segmentation (e.g., network overlays/encapsulation; distributed firewalls, routers, intrusion detection system (IDS)/intrusion prevention system (IPS), zero trust)
4.1.12Edge networks (e.g., ingress/egress, peering)
4.1.7Wireless networks (e.g., Li-Fi, Wi-Fi, Zigbee, satellite)4.1.13Wireless networks (e.g., Bluetooth, Wi-Fi, Zigbee, satellite)
4.1.8Cellular networks (e.g., 4G, 5G)4.1.14Cellular/mobile networks (e.g., 4G, 5G)
4.1.9Content Distribution Networks (CDN)4.1.15Content distribution networks (CDN)
4.1.16Software defined networks (SDN), (e.g., application programming interface (API), Software-Defined Wide Area Network, network functions virtualization)
4.1.17Virtual Private Cloud (VPC)
4.1.18Monitoring and management (e.g., network observability, traffic flow/shaping, capacity management, fault detection and handling)
4.2Secure network components4.2Secure network components
4.2.1Operation of hardware (e.g., redundant power, warranty, support)4.2.1Operation of infrastructure (e.g., redundant power, warranty, support)
4.2.2Transmission media4.2.2Transmission media (e.g., physical security of media, signal propagation quality)
4.2.3Network Access Control (NAC) devices4.2.3Network Access Control (NAC) systems (e.g., physical, and virtual solutions)
4.2.4Endpoint security4.2.4Endpoint security (e.g., host-based)
4.3Implement secure communication channels according to design4.3Implement secure communication channels according to design
4.3.1Voice4.3.1Voice, video, and collaboration (e.g., conferencing, Zoom rooms)
4.3.2Multimedia collaboration
4.3.3Remote access4.3.2Remote access (e.g., network administrative functions)
4.3.4Data communications4.3.3Data communications (e.g., backhaul networks, satellite)
4.3.5Virtualized networks
4.3.6Third-party connectivity4.3.4Third-party connectivity (e.g., telecom providers, hardware support)
5Domain 5 – Identity and Access Management (IAM)5Domain 5 – Identity and Access Management (IAM)
5.1Control physical and logical access to assets5.1Control physical and logical access to assets
5.1.1Information5.1.1Information
5.1.2Systems5.1.2Systems
5.1.3Devices5.1.3Devices
5.1.4Facilities5.1.4Facilities
5.1.5Applications5.1.5Applications
5.1.6Services
5.2Manage identification and authentication of people, devices, and services5.2Manage identification and authentication of people, devices, and services
5.2.1Identity Management (IdM) implementation
5.2.1Groups and Roles
5.2.2Single/Multi-Factor Authentication (MFA)5.2.2Authentication, Authorization and Accounting (AAA) (e.g., multi-factor authentication (MFA), password-less authentication)
5.2.3Accountability
5.2.4Session management5.2.3Session management
5.2.5Registration, proofing, and establishment of identity5.2.4Registration, proofing, and establishment of identity
5.2.6Federated Identity Management (FIM)5.2.5Federated Identity Management (FIM)
5.2.7Credential management systems5.2.6Credential management systems (e.g., Password vault)
5.2.8Single Sign On (SSO)5.2.7Single sign-on (SSO)
5.2.9Just-In-Time (JIT)5.2.8Just-In-Time (JIT)
5.3Federated identity with a third-party service5.3Federated identity with a third-party service
5.3.1On-premise5.3.1On-premise
5.3.2Cloud5.3.2Cloud
5.3.3Hybrid5.3.3Hybrid
5.4Implement and manage authorization mechanisms5.4Implement and manage authorization mechanisms
5.4.1Role Based Access Control (RBAC)5.4.1Role Based Access Control (RBAC)
5.4.2Rule based access control5.4.2Rule based access control
5.4.3Mandatory Access Control (MAC)5.4.3Mandatory Access Control (MAC)
5.4.4Discretionary Access Control (DAC)5.4.4Discretionary Access Control (DAC)
5.4.5Attribute-based access control (ABAC)5.4.5Attribute-based access control (ABAC)
5.4.6Risk based access control5.4.6Risk based access control
5.4.7Access policy enforcement (e.g., policy decision point, policy enforcement point)
5.5Manage the identity and access provisioning lifecycle5.5Manage the identity and access provisioning lifecycle
5.5.1Account access review (e.g., user, system, service)5.5.1Account access review (e.g., user, system, service)
5.5.2Provisioning and deprovisioning (e.g., on /off boarding and transfers)5.5.2Provisioning and deprovisioning (e.g., on/off boarding and transfers)
5.5.3Role definition (e.g., people assigned to new roles)5.5.3Role definition and transition (e.g., people assigned to new roles)
5.5.4Privilege escalation (e.g., managed service accounts, use of sudo, minimizing its use)5.5.4Privilege escalation (e.g., use of sudo, auditing its use)
5.5.5Service accounts management
5.6Implement authentication systems5.6Implement authentication systems
5.6.1OpenID Connect (OIDC)/Open Authorization (Oauth)
5.6.2Security Assertion Markup Language (SAML)
5.6.3Kerberos
5.6.4Remote Authentication Dial-In User Service (RADIUS)/Terminal Access Controller Access Control System Plus (TACACS+)
6Domain 6 – Security Assessment and Testing6Domain 6 – Security Assessment and Testing
6.1Design and validate assessment, test, and audit strategies6.1Design and validate assessment, test, and audit strategies
6.1.1Internal6.1.1Internal (e.g., within organization control)
6.1.2External6.1.2External (e.g., outside organization control)
6.1.3Third-party6.1.3Third-party (e.g., outside of enterprise control)
6.1.4Location (e.g., on-premise, cloud, hybrid)
6.2Conduct security control testing6.2Conduct security control testing
6.2.1Vulnerability assessment6.2.1Vulnerability assessment
6.2.2Penetration testing6.2.2Penetration testing (e.g., red, blue, and/or purple team exercises)
6.2.3Log reviews6.2.3Log reviews
6.2.4Synthetic transactions6.2.4Synthetic transactions/benchmarks
6.2.5Code review and testing6.2.5Code review and testing
6.2.6Misuse case testing6.2.6Misuse case testing
6.2.7Test coverage analysis6.2.7Coverage analysis
6.2.8Interface testing6.2.8Interface testing (e.g., user interface, network interface, application programming interface (API))
6.2.9Breach attack simulations6.2.9Breach attack simulations
6.2.10Compliance checks6.2.10Compliance checks
6.3Collect security process data (e.g., technical and administrative)6.3Collect security process data (e.g., technical and administrative)
6.3.1Account management6.3.1Account management
6.3.2Management review and approval6.3.2Management review and approval
6.3.3Key performance and risk indicators6.3.3Key performance and risk indicators
6.3.4Backup verification data6.3.4Backup verification data
6.3.5Training and awareness6.3.5Training and awareness
6.3.6Disaster Recovery (DR) and Business Continuity (BC)6.3.6Disaster Recovery (DR) and Business Continuity (BC)
6.4Analyze test output and generate report6.4Analyze test output and generate report
6.4.1Remediation6.4.1Remediation
6.4.2Exception handling6.4.2Exception handling
6.4.3Ethical disclosure6.4.3Ethical disclosure
6.5Conduct or facilitate security audits6.5Conduct or facilitate security audits
6.5.1Internal6.5.1Internal (e.g., within organization control)
6.5.2External6.5.2External (e.g., outside organization control)
6.5.3Third-party6.5.3Third-party (e.g., outside of enterprise control)
6.5.4Location (e.g., on-premise, cloud, hybrid)
7Domain 7 – Security Operations7Domain 7 – Security Operations
7.1Understand and support investigations7.1Understand and support investigations
7.1.1Evidence collection and handling7.1.1Evidence collection and handling
7.1.2Reporting and documentation7.1.2Reporting and documentation
7.1.3Investigative techniques7.1.3Investigative techniques
7.1.4Digital forensics tools, tactics, and procedures7.1.4Digital forensics tools, tactics, and procedures
7.1.5Artifacts (e.g., computer, network, mobile device)7.1.5Artifacts (e.g., data, computer, network, mobile device)
7.2Conduct logging and monitoring activities7.2Conduct logging and monitoring activities
7.2.1Intrusion detection and prevention7.2.1Intrusion detection and prevention system (IDPS)
7.2.2Security Information and Event Management (SIEM)7.2.2Security Information and Event Management (SIEM)
7.2.3Security orchestration, automation and response (SOAR)
7.2.3Continuous monitoring7.2.4Continuous monitoring and tuning
7.2.4Egress monitoring7.2.5Egress monitoring
7.2.5Log management7.2.6Log management
7.2.6Threat intelligence (e.g., threat feeds, threat hunting)7.2.7Threat intelligence (e.g., threat feeds, threat hunting)
7.2.7User and Entity Behavior Analytics (UEBA)7.2.8User and Entity Behavior Analytics
7.3Perform Configuration Management (CM) (e.g., provisioning, baselining, automation)7.3Perform Configuration Management (CM) (e.g., provisioning, baselining, automation)
7.4Apply foundational security operations concepts7.4Apply foundational security operations concepts
7.4.1Need-to-know/least privilege7.4.1Need-to-know/least privileges
7.4.2Separation of Duties (SoD) and responsibilities7.4.2Segregation of Duties (SoD) and responsibilities
7.4.3Privileged account management7.4.3Privileged account management
7.4.4Job rotation7.4.4Job rotation
7.4.5Service Level Agreements (SLAs)7.4.5Service Level Agreements (SLA)
7.5Apply resource protection7.5Apply resource protection techniques
7.5.1Media management7.5.1Media management
7.5.2Media protection techniques7.5.2Hardware and software asset management
7.5.3Data at rest/data in transit
7.6Conduct incident management7.6Conduct incident management
7.6.1Detection7.6.1Detection
7.6.2Response7.6.2Response
7.6.3Mitigation7.6.3Mitigation
7.6.4Reporting7.6.4Reporting
7.6.5Recovery7.6.5Recovery
7.6.6Remediation7.6.6Remediation
7.6.7Lessons learned7.6.7Lessons learned
7.7Operate and maintain detective and preventative measures7.7Operate and maintain detection and preventative measures
7.7.1Firewalls (e.g., next generation, web application, network)7.7.1Firewalls (e.g., next generation, web application, network)
7.7.2Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)7.7.2Intrusion detection and prevention systems
7.7.3Whitelisting/blacklisting7.7.3Whitelisting/blacklisting
7.7.4Third-party provided security services7.7.4Third-party provided security services
7.7.5Sandboxing7.7.5Sandboxing
7.7.6Honeypots/honeynets7.7.6Honeypots/honeynets
7.7.7Anti-malware7.7.7Anti-malware
7.7.8Machine learning and Artificial Intelligence (AI) based tools7.7.8Machine learning and artificial intelligence (AI) based tools
7.8Implement and support patch and vulnerability management7.8Implement and support patch and vulnerability management
7.9Understand and participate in change management processes7.9Understand and participate in change management processes
7.10Implement recovery strategies7.10Implement recovery strategies
7.10.1Backup storage strategies7.10.1Backup storage strategies (e.g., cloud storage, onsite, offsite)
7.10.2Recovery site strategies7.10.2Recovery site strategies (e.g., cold vs. hot, resource capacity agreements)
7.10.3Multiple processing sites7.10.3Multiple processing sites
7.10.4System resilience, high availability, Quality of Service (QoS), and fault tolerance7.10.4System resilience, high availability (HA), Quality of Service (QoS), and fault tolerance
7.11Implement Disaster Recovery (DR) processes7.11Implement Disaster Recovery (DR) processes
7.11.1Response7.11.1Response
7.11.2Personnel7.11.2Personnel
7.11.3Communications7.11.3Communications (e.g., methods)
7.11,4Assessment7.11.4Assessment
7.11.5Restoration7.11.5Restoration
7.11.6Implement recovery strategies7.11.6Training and awareness
7.11.7Lessons learned7.11.7Lessons learned
7.12Test Disaster Recovery Plans (DRP)7.12Test Disaster Recovery Plans (DRP)
7.12.1Read-through/tabletop7.12.1Read-through/tabletop
7.12.2Walkthrough7.12.2Walkthrough
7.12.3Simulation7.12.3Simulation
7.12.4Parallel7.12.4Parallel
7.12.5Full interruption7.12.5Full interruption
7.12.6Communications (e.g., stakeholders, test status, regulators)
7.13Participate in Business Continuity (BC) planning and exercises7.13Participate in Business Continuity (BC) planning and exercises
7.14Implement and manage physical security7.14Implement and manage physical security
7.14.1Perimeter security controls7.14.1Perimeter security controls
7.14.2Internal security controls7.14.2Internal security controls
7.15Address personnel safety and security concerns7.15Address personnel safety and security concerns
7.15.1Travel7.15.1Travel
7.15.2Security training and awareness7.15.2Security training and awareness (e.g., insider threat, social media impacts, two-factor authentication (2FA) fatigue)
7.15.3Emergency management7.15.3Emergency management
7.15.4Duress7.15.4Duress
8Domain 8 – Software Development Security8Domain 8 – Software Development Security
8.1Understand and integrate security in the Software Development Life Cycle (SDLC)8.1Understand and integrate security in the Software Development Life Cycle (SDLC)
8.1.1Development methodologies (e.g., Agile, Waterfall, DevOps, DevSecOps)8.1.1Development methodologies (e.g., Agile, Waterfall, DevOps, DevSecOps, Scaled Agile Framework)
8.1.2Maturity models (e.g., Capability Maturity Model (CMM), Software Assurance Maturity Model (SAMM))8.1.2Maturity models (e.g., Capability Maturity Model (CMM), Software Assurance Maturity Model (SAMM))
8.1.3Operation and maintenance8.1.3Operation and maintenance
8.1.4Change management8.1.4Change management
8.1.5Integrated Product Team (IPT)8.1.5Integrated Product Team
8.2Identify and apply security controls in software development ecosystems8.2Identify and apply security controls in development environments
8.2.1Programming languages8.2.1Programming languages
8.2.2Libraries8.2.2Libraries
8.2.3Tool sets8.2.3Tool sets
8.2.4Integrated Development Environment (IDE)8.2.4Integrated Development Environment
8.2.5Runtime8.2.5Runtime
8.2.6Continuous Integration and Continuous Delivery (CI/CD)8.2.6Continuous Integration and Continuous Delivery (CI/CD) 
8.2.7Security Orchestration, Automation, and Response (SOAR)
8.2.8Software Configuration Management (SCM)8.2.7Software Configuration Management
8.2.9Code repositories8.2.8Code repositories
8.2.10Application security testing (e.g., Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST))8.2.9Application security testing (e.g., static application security testing (SAST), dynamic application security testing (DAST), software composition analysis, Interactive Application Security Test (IAST))
8.3Assess the effectiveness of software security8.3Assess the effectiveness of software security
8.3.1Auditing and logging of changes8.3.1Auditing and logging of changes
8.3.2Risk analysis and mitigation8.3.2Risk analysis and mitigation
8.4Assess security impact of acquired software8.4Assess security impact of acquired software
8.4.1Commercial-off-the-shelf (COTS)8.4.1Commercial off-the-shelf (COTS)
8.4.2Open source8.4.2Open source
8.4.3Third-party8.4.3Third-party
8.4.4Managed services (e.g., Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS))8.4.4Managed services (e.g., enterprise applications)
8.4.5Cloud services (e.g., Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS))
8.5Define and apply secure coding guidelines and standards8.5Define and apply secure coding guidelines and standards
8.5.1Security weaknesses and vulnerabilities at the source-code level8.5.1Security weaknesses and vulnerabilities at the source-code level
8.5.2Security of Application Programming Interfaces (APIs)8.5.2Security of application programming interfaces (API)
8.5.3Secure coding practices8.5.3Secure coding practices
8.5.4Software-defined security8.5.4Software-defined security

Download

To download this update in a Word document, you may click here, and download it from Template Shop which is a website that functions in a manner similar to that of a buy me a coffee website.

Leave A Comment

You cannot copy content of this page