Wondering what are the possible questions in the certification exam for Certified Information Systems Security Professional (CISSP)? It is a good thing that the Systems Security Certification Consortium, also identified as (ISC)2, has made known to the public what seems to be the scope of the 250 questions that will be given on the CISSP exam proper itself. These areas of concentration are the ten current domains of its Common Body of Knowledge (CBK). These are the following:
(1) Access Control Systems and Methodology
– a collection of mechanisms used to protect the assets of an information system.
(2) Applications and Systems Development – addresses the security concepts that needs to be applied for the development of application software.
(3) Business Continuity and Disaster Recovery Planning
– addresses the recovery and preservation of business operations in time of outages.
– addresses the means, methods and principles of covering up information to ensure its authenticity, confidentiality and integrity.
(5) Law, Investigations and Ethics
– handles issues for information security, investigation, evidences, computer crime and incident handling.
(6) Operations Security
– used to identify the controls being implemented for hardware and media, as well as the different administrators or operators with access rights to company resources.
(7) Physical (Environmental) Security
– provides protection for the entire facility.
(8) Security Architecture and Design
– contains the various concepts, standards and principles behind operating systems, networks and applications security and design.
(9) Security Management Practices
– entails the implementation of the different company security guidelines and policies.
(10) Telecommunications and Network Security
– deals with security controls over email, phone, network and other areas of communication that are vulnerable to the outside world.