The CISSP Domains under ISC2 CBK

The (ISC)2 Common Body of Knowledge (CBK) is composed of 10 so-called domains. The content of the domains include the knowledge categories of access control, application security, business continuity-disaster recovery strategy, cryptography, and risk management-information security, legal scope of information security, operations security, environmental security, security architectural design and telecommunication-network security.

The access control domain refers to the authentication aspect (which assumes identity is primarily vetted), authorization aspect (where the subject is determined with regards to system function), and accountability aspect of information (where audit records and logs are employed to trace subject performance). The access control has two categories: namely the mandatory (which determines multiple entities between subjects and objects) and the discretionary (where an owner-policy is used to permit access to the objects).

The second domain is application security which averts the vulnerabilities of a system as seen through errors in the application structure, development, or operation. Furthermore, application control may only determine the functions of the resources through application security.

Thirdly, is business continuity planning, which refers to an interrelated node tutorial attitude towards construction and corroboration of a standard rational plan. It specifies the strategic recovery of an entity for a particular time subsequent to extended disruption.

The domain of cryptography refers to the encryption of hidden information. The next domain includes management of the protection of information and its system from illicit access or illicit alteration. However, the operations security (or OPSEC) refers to the identification of grave information and its effect to the system by controlling unknown information which may be dissimilar from the security programs which seek to protect the classified information.

Environmental security deters hackers from accessing resources or information stored in a physical media. Security architectural design refers to the computer security model that specifies and employs security policies (such as access rights, or computing scheme). Meanwhile, Telecom-Network Security refers to the whole concept of information security prerequisites based upon the network scheme, and adopted network policies.