CISSP Exam Changing Scope, Topic Coverage on April 15, 2015February 11, 2015 at 11:17 am | Posted in CISSP | Leave a comment
Tags: CISSP, exam retirement, exam updates
ETA 1/12/2016: Check out Robin’s five-part breakdown of the new CISSP exam topics, starting here: CISSP 2015: What’s New (Part 1 of 5)
(ISC)2 announced a new CISSP exam blueprint that will go into effect on April 15, 2015, so that the exam may “stay relevant amidst the changes occurring in the information security field.” As a result of this update, the 10 domains currently tested in the CISSP exam will be restructured as the following 8 domains:
- Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity)
- Asset Security (Protecting Security of Assets)
- Security Engineering (Engineering and Management of Security)
- Communications and Network Security (Designing and Protecting Network Security)
- Identity and Access Management (Controlling Access and Managing Identity)
- Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
- Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery)
- Software Development Security (Understanding, Applying, and Enforcing Software Security)
However, this change does not necessarily mean fewer topics are covered. According to the FAQs , “Some topics have been expanded (e.g., asset security, security assessment and testing), while other topics have been realigned under different domains.” The number of questions and the amount of time allowed for the exam have not changed.
To download a free copy of the new Client Information Bulletin (CIB), which contains the exam blueprint, you can go to https://www.isc2.org/exam-outline/default.aspx. To find out more information, you should access the FAQ about this new version at https://www.isc2.org/cissp-sscp-domains-faq/default.aspx.
If you are currently preparing for this exam, I suggest you make plans to take the exam BEFORE April 15, 2015. If you plan to take the exam after that date, you will need to make sure that the study materials that you use cover all the new domains and topics. Also, keep in mind that this exam now includes performance-based questions. Because this exam is typically not denoted with a version number (eg. there is no CISSP-002 exam, only the CISSP), you may not be able to tell which version of the exam you are signing up for unless you schedule it well before the cut-off of April 15.
We at Transcender will be updating our practice test later this year. Our current practice test already includes performance-based questions intended to help you prepare for this testing format, and we will definitely include updated performance-based questions in the new version.
Watch for more posts later on the CISSP changes!