Official (ISC)2 Guide to the CISSP CBK: 4th Edition (Hardback) book cover

Official (ISC)2 Guide to the CISSP CBK

4th Edition

Edited by Adam Gordon

Auerbach Publications

1,304 pages | 206 B/W Illus.

Purchasing Options:$ = USD
Hardback: 9781482262759
pub: 2015-03-11
eBook (VitalSource) : 9780429067716
pub: 2015-04-08
from $44.48

FREE Standard Shipping!


As a result of a rigorous, methodical process that (ISC)² follows to routinely update its credential exams, it has announced that enhancements will be made to both the Certified Information Systems Security Professional (CISSP) credential, beginning April 15, 2015. (ISC)² conducts this process on a regular basis to ensure that the examinations and subsequent training and continuing professional education requirements encompass the topic areas relevant to the roles and responsibilities of today’s practicing information security professionals.

Refreshed technical content has been added to the official (ISC)² CISSP CBK to reflect the most current topics in the information security industry today. Some topics have been expanded (e.g., asset security, security assessment and testing), while other topics have been realigned under different domains. The result is an exam that most accurately reflects the technical and managerial competence required from an experienced information security professional to effectively design, engineer, implement and manage an organization’s information security program within an ever-changing security landscape.

The domain names have been updated as follows:

CISSP Domains, Effective April 15, 2015

  1. Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity)
  2. Asset Security (Protecting Security of Assets)
  3. Security Engineering (Engineering and Management of Security)
  4. Communications and Network Security (Designing and Protecting Network Security)
  5. Identity and Access Management (Controlling Access and Managing Identity)
  6. Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
  7. Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery)
  8. Software Development Security (Understanding, Applying, and Enforcing Software Security)

Some candidates may be wondering how these updates affect training materials for the CISSP credential. As part of the organization’s comprehensive education strategy and certifying body best practices, (ISC)² training materials do not teach directly to its credential examinations. Rather, (ISC)² Education is focused on teaching the core competencies relevant to the roles and responsibilities of today’s practicing information security professional. It is designed to refresh and enhance the knowledge of experienced industry professionals.

Table of Contents

Domain 1 — Security & Risk Management

Security & Risk Management

Confidentiality, Integrity, and Availability

Security Governance

The Complete and Effective Security Program


Global Legal and Regulatory Issues

Understand Professional Ethics

Develop and Implement Security Policy

Business Continuity (BC) & Disaster Recovery (DR) Requirements

Manage Personnel Security

Risk Management Concepts

Threat Modeling

Acquisitions Strategy and Practice

Security Education, Training, and Awareness

Domain 2 — Asset Security

Asset Security

Data Management: Determine and Maintain Ownership

Data Standards

Longevity and Use

Classify Information and Supporting Assets

Asset Management

Protect Privacy

Ensure Appropriate Retention

Determine Data Security Controls

Standards Selection

Domain 3 — Security Engineering

Security Engineering

The Engineering Lifecycle Using Security Design Principles

Fundamental Concepts of Security Models

Information Systems Security Evaluation Models

Security Capabilities of Information Systems

Vulnerabilities of Security Architectures

Database Security

Software and System Vulnerabilities and Threats

Vulnerabilities in Mobile Systems

Vulnerabilities in Embedded Devices and Cyber-Physical Systems

The Application and Use of Cryptography

Site and Facility Design Considerations

Site Planning

Implementation and Operation of Facilities Security

Domain 4 — Communications & Network Security

Communications & Network Security

Secure Network Architecture and Design

Implications of Multi-Layer Protocols

Converged Protocols

Securing Network Components

Secure Communication Channels

Network Attacks

Domain 5 — Identity & Access Management

Identity & Access Management

Physical and Logical Access to Assets

Identification and Authentication of People and Devices

Identity Management Implementation

Identity as a Service (IDaaS)

Integrate Third-Party Identity Services

Implement and Manage Authorization Mechanisms

Prevent or Mitigate Access Control Attacks

Identity and Access Provisioning Lifecycle

Domain 6 — Security Assessment & Testing

Security Assessment & Testing

Assessment and Test Strategies

Collect Security Process Data

Internal and Third-Party Audits

Domain 7 — Security Operations

Security Operations


Provisioning of Resources through Configuration Management

Resource Protection

Incident Response

Preventative Measures against Attacks

Patch and Vulnerability Management

Change and Configuration Management

The Disaster Recovery Process

Test Plan Review

Business Continuity and Other Risk Areas

Access Control

Personnel Safety

Domain 8 — Security in the Software Development Life Cycle

Security in the Software Development Life Cycle

Software Development Security Outline

Environment and Security Controls

Security of the Software Environment

Software Protection Mechanisms

Assess the Effectiveness of Software Security

Assess Software Acquisition Security

About the Series

(ISC)2 Press

Learn more…

Subject Categories

BISAC Subject Codes/Headings:
COMPUTERS / Information Technology
COMPUTERS / Security / General
COMPUTERS / Certification Guides / General