The Certified Information Systems Security Professional (CISSP) certification is widely recognized as a benchmark for information security professionals. To achieve success in this rigorous exam, it’s crucial to have a well-structured study plan.
In this article, we will provide a comprehensive guide to help you create a CISSP certification study planner by ThorTeaches.
- Domain 1 (Security and Risk Management 16%)
- Domain 2 (Asset Security 10%)
- Domain 3 (Security Engineering 12%)
- Domain 4 (Communication and Network Security 12%)
- Domain 5 (Identity and Access Management 13%)
- Domain 6 (Security Assessment and Testing 11%)
- Domain 7 (Security Operations 16%)
- Domain 8 (Software Development Security 10%)
| S.No. | Domain | Checklist | ||||||
|---|---|---|---|---|---|---|---|---|
| Domain 1 (Security and Risk Management 16%) | ||||||||
| 1 | Confidentiality, integrity, and availability concepts (CIA) | |||||||
| 2 | Identification, Authentication, Authorization, and Auditing (IAAA) | |||||||
| 3 | Compliance | |||||||
| 4 | Legal and regulatory issues | |||||||
| 5 | Professional ethics | |||||||
| 6 | Security policies, standards, procedures, and guidelines | |||||||
| 7 | Risk analysis | |||||||
| 8 | Types of attackers | |||||||
| Domain 2 (Asset Security 10%) | ||||||||
| 9 | Information and asset classification | |||||||
| 10 | Ownership (e.g., data owners, system owners) | |||||||
| 11 | Protect privacy | |||||||
| 12 | Appropriate retention | |||||||
| 13 | Data security controls | |||||||
| 14 | Handling requirements (e.g., markings, labels, storage) | |||||||
| Domain 3 (Security Engineering 12%) | ||||||||
| 15 | Fundamental concepts of security models | |||||||
| 16 | Engineering processes using secure design principles | |||||||
| 17 | Security architectures, designs, and solution elements vulnerabilities | |||||||
| 18 | Virtual and distributed systems vulnerabilities | |||||||
| 19 | Cryptography (Asymmetric/Symmetric) | |||||||
| 20 | Cryptography (PKI and crypyo applications) | |||||||
| 21 | Site and facility design secure principles | |||||||
| 22 | Physical security | |||||||
| Domain 4 (Communication and Network Security 12%) | ||||||||
| 23 | Secure network architecture design | |||||||
| 24 | Networking models (OSI) | |||||||
| 25 | Networking models (TCP/IP) | |||||||
| 26 | WAN and LAN technologies and protocols | |||||||
| 27 | Secure network components | |||||||
| 28 | Secure communication channels | |||||||
| 29 | Network attacks | |||||||
| Domain 5 (Identity and Access Management 13%) | ||||||||
| 30 | Physical and logical assets control | |||||||
| 31 | Identification and authentication of people and devices | |||||||
| 32 | Identity as a service (e.g., cloud identity) | |||||||
| 33 | Third-party identity services (e.g., on-premise) | |||||||
| 34 | Access control attacks | |||||||
| 35 | Identity and access provisioning lifecycle (e.g., provisioning review) | |||||||
| Domain 6 (Security Assessment and Testing 11%) | ||||||||
| 36 | Assessment and test strategies | |||||||
| 37 | Security process data (management and operational controls) | |||||||
| 38 | Security control testing | |||||||
| 39 | Test outputs (e.g., automated, manual) | |||||||
| 40 | Security architecture vulnerabilities | |||||||
| 41 | Audits (internal and external) | |||||||
| Domain 7 (Security Operations 16%) | ||||||||
| 42 | Investigations support and requirements | |||||||
| 43 | Logging and monitoring activities | |||||||
| 44 | Provisioning of resources | |||||||
| 45 | Foundational security operations concepts | |||||||
| 46 | Resource protection techniques | |||||||
| 47 | Incident management | |||||||
| 48 | Preventative measures | |||||||
| 49 | Patch and vulnerability management | |||||||
| 50 | Change management processes | |||||||
| 51 | Recovery strategies | |||||||
| 52 | Disaster recovery processes and plans | |||||||
| 53 | Business continuity planning and exercises | |||||||
| 54 | Physical security | |||||||
| 55 | Personnel safety concerns | |||||||
| Domain 8 (Software Development Security 10%) | ||||||||
| 56 | Security in the software development lifecycle | |||||||
| 57 | Development environment security controls | |||||||
| 58 | Software security effectiveness | |||||||
| 59 | Acquired software security impact | |||||||
Remember to maintain a healthy balance between study and self-care. Take breaks, get sufficient rest, and manage stress effectively to stay motivated and focused throughout your CISSP certification journey.
In conclusion, creating a well-structured study plan is crucial for CISSP exam success. Follow this comprehensive guide, adapt it to your specific needs, and stay disciplined and consistent in your study efforts. Good luck with your CISSP certification journey!
