CISSP 2015: What’s New (Part 3 of 5)

September 30, 2015 at 3:51 pm | Posted in CISSP, Study hints, study tips, Vendor news | Leave a comment
Tags:

In my first post, I gave you a quick overview of the changes to the new CISSP exam.  In my second post, I covered Domains 1 and 2 of the new CISSP exam.

Today I will cover the next two domains, Security Engineering and Communications and Network Security. First I’ll give you the entire overview of each domain with its Key Areas of Knowledge, tell you where each topic fell in the old Candidate Information Bulletin (CIB), and put new topics in red italics. Next, I’ll call out the completely new content from each sub-domain and give you a brief rundown of what it entails. (If you’d like, you can skip straight to the new stuff by clicking here.)

Domain 3: Security Engineering – Framework and Key Areas of Knowledge

The majority of the new Domain 3 merges topics from the old Domain 5 (Cryptography), Domain 6 (Security Architecture and Design), and Domain 10 (Physical Security).

Domain 3 Key Areas of Knowledge:

    1. Implement and manage engineering processes using secure design principles. – New
    2. Understand the fundamental concepts of security models (e.g., confidentiality, integrity, multi-level models) – From Domain 6, subheading a in the old version.
    3. Select controls and countermeasures based upon systems security evaluation models – From Domain 6, subheading b and f in the old version.
    4. Understand security capabilities of information systems (e.g. memory protection, virtualization, trusted platform module, interfaces, fault tolerance) – From Domain 6, subheading c in the old version.
    5. Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements
      1. Client-based (e.g., applets, local caches) – From Domain 6, subheading e in the old version.
      2. Server-based (e.g., data flow control) – From Domain 6, subheading 3 in he told version.
      3. Database security (e.g., inference, aggregation, data mining, data analytics, warehousing) – From Domain 6, subheading e in the old version.
      4. Large-scale parallel data systems – New
      5. Distributed system (e.g., cloud computing, grid computing, peer to peer) – From Domain 6, subheading e in the old version.
      6. Cryptographic systems – New
      7. Industrial control system (e.g., SCADA) – New
    6. Assess and mitigate  vulnerabilities in web-based systems (e.g., XML, OWASP) – From Domain 6, subheading 3 in old version.
    7. Assess and mitigate vulnerabilities in mobile systems – New
    8. Assess and mitigate vulnerabilities in embedded devices and cyber-physical systems (e.g., network-enabled devices, Internet of things (IoT)) – New
    9. Apply crytography
      1. Cryptographic life cycle (e.g., cryptographic limitations, algorithm/protocol governance) – From Domain 5, subheading b a in the old version.
      2. Cryptographic types (e.g., symmetric, asymmetric, elliptic curves) – From Domain 5, subheading c in the old version.
      3. Public Key Infrastructure (PKI) – From Domain 5, subheading j in the old version.
      4. Key management practices – From Domain 5, subheading d in the old version.
      5. Digital signatures – From Domain 5, subheading e in the old version.
      6. Digital rights management – New
      7. Non-repudiation – From Domain 5, subheading f in the old version.
      8. Integrity (hashing and salting) – From Domain 5, subheading c in the old version.
      9. Methods of cryptoanalytic attacks (e.g., brute force, cipher-text only, known plaintext) – From Domain 5, subheading g in the old version.
    10. Apply secure principles to site and facility design – From Domain 10, subheading a in the old version.
    11. Design and implement physical security.
      1. Wiring closets – New
      2. Server rooms – From Domain 10, subheading d in the old version.
      3. Media storage facilities – New
      4. Evidence storage – New
      5. Restricted and work area security (e.g., operations centers) – From Domain 10, subheading d in old version.
      6. Data center security – From Domain 10, subheading d in old version.
      7. Utilities and HVAC considerations – From Domain 10, subheading d in old version.
      8. Water issues (e.g., leakage, flooding) – From Domain 10, subheading d in old version.
      9. Fire prevention, detection, and supression – From Domain 10, subheading d in the old version.
Domain 3 – Just the New Topics, Ma’am

Next, here’s a shortlist of the entirely new topics in Domain 3.

Knowledge Area A, Implement and manage engineering processes using secure design principles, is a new knowledge area. It covers the secure design principles that need to be understood to pass the exam, including ISO/IEC and NIST standards.

From Knowledge Area E. Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements:

  • Large-scale parallel data systems – This is a new topic. This topic will focus on the vulnerabilities of large-scale parallel data systems.
  • Cryptographic systems – This is a new topic. This topic will focus on the vulnerabilities of crytographic systems.
  • Industrial control system (e.g., SCADA) – This is a new topic. This topic will focus on the vulnerabilities of industrial control systems.

Knowledge Area G, Assess and mitigate vulnerabilities in mobile systems, is also a new knowledge area. It covers the vulnerabilities of mobile systems. 

Knowledge Area H, Assess and mitigate vulnerabilities in embedded devices and cyber-physical systems (e.g., network-enabled devices, Internet of things (IoT)), is also a new knowledge area. This covers the vulnerabilities of embedded devices and cyber-physical systems.

From Knowledge Area I. Apply crytography:

  • Digital rights management – This is a new topic. It focuses on using cryptography to provide digital rights management (DRM), including digital watermarking and other access control methods.

From Knowledge Area K. Design and implement physical security:

  • Wiring closets – This is a new topic. It discusses the physical security of wiring closets.
  • Media storage facilities – This is a new topic. It discusses the physical security of media storage facilities.
  • Evidence storage – This is a new topic. It discusses how to properly store evidence.
Domain 4: Communication and Network Security – Framework and Key Areas of Knowledge

The majority of Domain 4 consists of content formerly included in the old Domain 2 (Telecommunications and Network Security).

As before, I’ll start by introducing the new content in the context of its domain, then give you a granular breakdown (which you can skip to by clicking here).

  1. Apply secure design principles to network architecture (e.g., IP & non-IP protocols, segmentation)
    1. OSI and TCP/IP models – From Domain 2, subheading a in the old version.
    2. IP networking – From Domain 2, subheading a in the old version.
    3. Implications of multilayer protocols (e.g., DNP3) – From Domain 2, subheading a in the old version.
    4. Converged protocols (e.g., FCoE, MPLS, VoIP, iSCSI) – New
    5. Software-defined networks – New
    6. Wireless networks – New
    7. Cryptography used to maintain communication security – From Domain 5, subheading h in the old version.
  2. Secure network components.
    1. Operation of hardware (e.g., modems, switches, routers, wireless access points, mobile devices) – From Domain 2, subheading b in the old version.
    2. Tranmission media (e.g., wired, wireless, fiber) – From Domain 2, subheading b in the old version.
    3. Network access control devices (e.g., firewall, proxies) – From Domain 2, subheading b in the old version.
    4. Endpoint security – From Domain 2, subheading b in the old version.
    5. Content-distribution networks – New
    6. Physical devices – New
  3. Design and establish secure communication channels.
    1. Voice – From Domain 2, subheading c in the old version.
    2. Multimedia collaboration (e.g., remote meeting technology, instant messaging) – From Domain 2, subheading c in the old version.
    3. Remote access (e.g., VPN, screen scraper, virtual application/desktop, telecommuting) – From Domain 2, subheading c in the old version.
    4. Data communications (e.g., VLAN, TLS/SSL) – From Domain 2, subheading c in the old version.
    5. Virtualized networks (e.g., SDN, virtual SAN, guest operating systems, port isolation) – New
  4. Prevent or mitigate network attacks – From Domain 2, subheading d in the old version.
Domain 4 – Just the New Topics already

Here’s a closer look at the new topics in Domain 4.

From Knowledge Area A, Apply secure design principles to network architecture (e.g., IP & non-IP protocols, segmentation):

  • Converged protocols (e.g., FCoE, MPLS, VoIP, iSCSI) This is a new topic. It discusses secure design principles for converged protocols.
  • Software-defined networksThis is a new topic. It covers secure design principles for software-defined networks at the infrastructure, control, and application layers.
  • Wireless networks – This is a new topic. It covers secure design principles for wireless networks. 

From Knowledge Area B, Secure network components 

  • Content-distribution networks – This is a new topic. It discusses secure network components for content-distribution networks.
  • Physical devices – This is a new topic. It discusses issues of security for the physical devices used for content-distribution networks.

From Knowledge Area C, Design and establish secure communication channels

  • Virtualized networks (e.g., SDN, virtual SAN, guest operating systems, port isolation) – This is a new topic. It covers the secure communication channels for virtualized networks.
Recap

In the coming weeks, I will be posting the other 2 parts of this series. (Hyperlinks will be added as the posts are written.)

      • Part 1 covered general information about the new CISSP.
      • Part 2 covered new domain 1 and 2.
      • Part 3 (this post) covers new domain 3 and 4.
      • Part 4 will cover new domain 5 and 6.
      • Part 5 will cover new domain 7 and 8.

The next two posts will come over the next few weeks.

It is our hope that this information will help you prepare for this exam! Remember, our practice test covers all the topics and also the different item types that you will see on the live exam.

Wishing you certification success!

-Robin

Leave a Comment »

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: