CISSP 2015: What’s New (Part 5 of 5)

December 10, 2015 at 9:47 am | Posted in CISSP, Study hints, study tips | Leave a comment
Tags: ,

In my first post, I gave you a quick overview of the changes to the new CISSP exam.  In my second post, I covered Domains 1 and 2 of the new CISSP exam. In my third post, I covered Domain 3 and 4 of the new CISSP exam. In my fourth post, I covered Domain 5 and 6 of the new CISSP exam. In this, my FINAL post, I will conclude with Domains 7 and 8, Security Operations and Software Development Security.

Broadly speaking, Domain 7 reflects how security should be included as part of day-to-day organizational operations. Domain 8 covers aspects of designing, implementing, and analyzing security for applications.

For my assessment, I’ll start by giving you the entire overview of each domain with its Key Areas of Knowledge. I’ll tell you where each topic fell in the old Candidate Information Bulletin (CIB), and put new topics in red italics. Next, I’ll call out the completely new content from each sub-domain and give you a brief rundown of what it entails. (If you’d like, you can skip straight to the new stuff by clicking here.)

Domain 7: Security Operations – Framework and Key Areas of Knowledge

CISSP 2012 also covered security operations as its own  domain. The majority of the old Domain 7 (Security Operations) has been retained, with the addition of new topics that cover investigations, monitoring, resource protection, incident response, recovery strategies, and physical security. Because day-to-day security operations are fundamental to security, this domain contains the most topics of any area in the exam.

This domain also includes a few topics that were moved from the old Domain 8 (Business Continuity and Disaster Recovery Planning), Domain 9 (Legal, Regulations, Investigations, and Compliance), and Domain 10 (Physical (Environmental) Security).

Domain 7 Key Areas of Knowledge:

    1. Understand and support investigations – From Domain 9, subheading c in the old version.
      1. Evidence collection and handling (e.g., chain of custody, interviewing) – From Domain 9, subheading c in the old version.
      2. Reporting and documenting – From Domain 9, subheading c in the old version.
      3. Investigation techniques (e.g., root-cause analysis, incident handling) – From Domain 9, subheading c in the old version.
      4. Digital forensics (e.g., media, network, software, and embedded devices) – From Domain 9, subheading d in the old version.
    2. Understand requirements for investigation types – New
      1. Operational – New
      2. Criminal – New
      3. Civil – New
      4. Regulatory – New
      5. Electronic discovery (eDiscovery) – New
    3. Conduct logging and monitoring activities – From Domain 1, subheading a in the old version.
      1. Intrusion detection and prevention – New
      2. Security information and event management – New
      3. Continuous monitoring – New
      4. Egress monitoring (e.g., data loss prevention, steganography, watermarking) – Mostly New. Steganography and watermarking are from Domain 5, subheading 1 in the old version.
    4. Secure the provisioning of resources – From Domain 9, subheading f in the old version.
      1. Asset inventory (e.g., hardware, software) – New
      2. Configuration management – New
      3. Physical assets – New
      4. Virtual assets (e.g., software-defined network, virtual SAN, guest operating systems) – New
      5. Cloud assets (e.g., services, VMs, storage, networks) – From Domain 9, subheading f in the old version.
      6. Applications (e.g., workloads or private clouds, web services, software as a service) – From Domain 9, subheading f in the old version.
    5. Understand and apply foundational security operations concepts – From Domain 7, subheading a in the old version.
      1. Need to know/least privilege (e.g., entitlement, aggregation, transitive trust) – From Domain 1, subheading c and Domain 7, subheading a in the old version.
      2. Separation of duties and responsibilities – From Domain 7, subheading a in the told version.
      3. Monitor special privileges (e.g., operators, administrators) – From Domain 7, subheading a in the old version.
      4. Job rotation – From Domain 7, subheading a in the old version.
      5. Information lifecycle – From Domain 3, subheading e in the old version.
      6. Service-level agreements – New
    6. Employ resource protection techniques – From Domain 7, subheading b in old version.
      1. Media management – From Domain 7, subheading b in old version.
      2. Hardware and software asset management – From Domain 7, subheading b in old version.
    7. Conduct incident management – From Domain 7, subheading c in the old version.
      1. Detection – From Domain 7, subheading c in the old version.
      2. Response – From Domain 7, subheading c in the old version.
      3. Mitigation – New
      4. Reporting – From Domain 7, subheading c in the old version.
      5. Recovery – From Domain 7, subheading c in the old version.
      6. Remediation – From Domain 7, subheading c in the old version.
      7. Lessons learned – New
    8. Operate and maintain preventative measures – From Domain 7, subheading d in the old version.
      1. Firewalls – New
      2. Intrusion detection and prevention systems – New
      3. Whitelisting/Blacklisting – New
      4. Third-party security services – New
      5. Sandboxing – New
      6. Honeypots/Honeynets – New
      7. Anti-malware – New
    9. Implement and support patch and vulnerability management – From Domain 7, subheading e in the old version.
    10. Participate in and understand change management processes (e.g., versioning baselining, security impact analysis) – From Domain 7, subheading f in the old version.
    11. Implement recovery strategies – From Domain 8, subheading c in the old version.
      1. Backup storage strategies (e.g., offsite storage, electronic vaulting, tape rotation) – From Domain 8, subheading c in the old version.
      2. Recovery site strategies – From Domain 8, subheadin c in the old version.
      3. Multiple processing sites (e.g., operationally redundant systems) – New
      4. System resilience, high availability, quality of service, and fault tolerance – From Domain 7, subheading g in the old version.
    12. Implement disaster recovery processes – From Domain 8, subheading d in the old version.
      1. Response – From Domain 8, subheading d in the old version.
      2. Personnel – From Domain 8, subheading d in the old version.
      3. Communications – From Domain 8, subheading d in the old version.
      4. Assessment – From Domain 8, subheading d in the old version.
      5. Restoration – From Domain 8, subheading d in the old version.
      6. Training and awareness – From Domain 8, subheading d in the old version.
    13. Test disaster recovery plans – From Domain 8, subheading e in the old version.
      1. Read-through – From Domain 8, subheading e in the old version.
      2. Walkthrough – From Domain 8, subheading e in the old version.
      3. Simulation – From Domain 8, subheading e in the old version.
      4. Parallel – From Domain 8, subheading e in the old version.
      5. Full interruption – From Domain 8, subheading e in the old version.
    14. Participate in business continuity planning and exercises – New
    15. Implement and manage physical security – From Domain 10, subheading b and c in the old version.
      1. Perimeter (e.g., access control and monitoring) – From Domain 10, subheading b in the old version.
      2. Internal security (e.g., escort requirements/visitor control, keys, and locks) – From Domain 10, subheading c in the old version.
    16. Participate in addressing personnel safety concerns (e.g., duress, travel, monitoring) – From Domain 10, subheading f in the old version.
Domain 7 – Just the New Topics, Ma’am

Here’s a shortlist of the entirely new topics in Domain 7.

Knowledge Area B, Understand requirements for investigation types, contains both new and old topics. The definition of “investigation types” is now a little more granular. The candidate will have to understand correct procedures and what constitutes evidence for each type of investigation:

  • Operational – This is a new topic. This topic will focus on the requirements for operational investigations.
  • Criminal – This is a new topic. This topic will focus on the requirements for criminal investigation.
  • Civil – This is a new topic. This topic will focus on the requirements for civil investigations.
  • Regulatory – This is a new topic. This topic will focus on the requirements for regulatory investigations.
  • Electronic Discovery (eDiscovery) – This is a new topic. This topic will focus on the requirements for eDiscovery investigations.

Knowledge Area C, Conduct logging and monitoring activities, contains both new and old topics. As with Knowledge Area B, the topics have become more granular and specific than in the previous exam. These topics within this Domain are new:

  • Intrusion detection and prevention – This is a new topic. This topic will focus on intrusion detection and prevention as part of operational logging and monitoring.
  • Security information and event management – This is a new topic. This topic will focus on security information and event management (SEIM) as part of operational logging and monitoring.
  • Continuous monitoring – This is a new topic. This topic will focus on  continuous monitoring as part of operational logging and monitoring.

Knowledge Area D, Secure the provisioning of resources, contains both new and old topics. The following topics within this Domain are new, and deal with provisioning practices for physical, virtual, and logical assets. Other types of security for these assets are amply covered in Domains 3 and 4. Here the focus is more on sanitation, license management, versioning and baselining, patch management, and inventory control.

  • Asset inventory (e.g., hardware, software) – This is a new topic. This topic will focus on hardware, software, and other asset inventory as a part of resource provisioning.
  • Configuration management – This is a new topic. This topic will focus on configuration management as part of resource provisioning.
  • Physical assets – This is a new topic. This topic will focus on the resource provisioning of physical assets.
  • Virtual assets (e.g., software-defined network, virtual SAN, guest operating systems) – This is a new topic. This topic will focus on the resource provisioning of virtual assets.

Knowledge Area E, Understand and apply foundational security operations concepts, contains mostly old topics, but does contain one new topic. The following topic withing this Domain is new:

  • Service-level agreements – This is a new topic, and like most new topics for 2015, is driven by the move toward cloud provisioning. This topic will cover service-level agreements and their effect on security operations.

Knowledge Area G, Conduct incident management, contains both new and old topics. The following topics within this Domain are new:

  • Mitigation – This is a new topic. This topic will test on best practice concepts for incident mitigation.
  • Lessons learned – This is a new topic. This topic will focus on documenting and integrating lessons learned from incidents.

Knowledge Area H, Operate and maintain preventative measures, contains mostly new topics, although the Knowledge Area itself is not new. Most of the topics were implied by the old Domain 7 Knowledge Area D, “Prevent or respond to attacks (e.g., malicious code, zero-day exploit, denial of service),” but again, CISSP 2015 is far more granular. These specific topics within this Domain are new:

  • Firewalls – This is a new topic. This topic will focus on using firewalls for intrusion prevention. The previous exam mentioned firewalls in the context of securing the firewall itself; here, the focus is deployment.
  • Intrusion detection and prevention systems – This is a new topic. This topic will focus on deploying types of intrusion detection and prevention systems (HIDS, NIDS, IPS, and so on).
  • Whitelisting/Blacklisting – This is a new topic. This topic will focus on using whitelisting/blacklisting as a prevention strategy, including its advantages and disadvantages.
  • Third-party security services – This is a new topic. This topic will focus on using third-party security services as part of prevention.
  • Sandboxing – This is a new topic. This topic will focus on using sandboxing as part of prevention.
  • Honeypots/Honeynets – This is a new topic. This topic will focus on using honeypots/honeynets as part of prevention.
  • Anti-malware – This is a new topic. This topic will focus on using anti-malware as part of prevention.

Knowledge Area K, Implement recovery strategies, contains mostly old and one new topic. This following topic within this Domain is new:

  • Multiple processing sites (e.g., operationally redundant systems) – This is a new topic. This topic will focus on using hot sites, cold sites, service bureaus, and other alternate processing sites for disaster recovery. While the topic may be new, the concept is classic CISSP.

Knowledge Area N, Participate in business continuity planning and exercises, is a new Knowledge Area. It covers designing, maintaining, and implementing business continuity plans and exercises. Again, this is a classic component of risk management and disaster recovery planning; what’s new is the granularity of assigning a complete knowledge area to the concept.

Domain 8: Software Development Security – Framework and Key Areas of Knowledge

Domain 8 consists of content formerly included in the old Domain 4 (Software Development Security). The majority of this Domain was included in CISSP 2012; only a few new topics were introduced for this round. It is primarily concerned with understanding security as part of the software development lifecycle.

As before, I’ll start by introducing the new content in the context of its domain, then give you a granular breakdown (which you can skip to by clicking here).

  1. Understand and apply security in the software development lifecycle – From Domain 4, subheading a in the old version.
    1. Development methodologies (e.g., Agile, Waterfall) – From Domain 4, subheading a in the old version.
    2. Maturity models – From Domain 4, subheading a in the old version.
    3. Operation and maintenance – From Domain 4, subheading a in the old version.
    4. Change management – From Domain 4, subheading a in the old version.
    5. Integrated product team (e.g., DevOps) – New
  2. Enforce security controls in development environments – From Domain 4, subheading b in the old version.
    1. Security of the software environments – From Domain 4, subheading b in the old version.
    2. Security weaknesses and vulnerabilities at the source-code level (e.g., buffer overflow, escalation of privilege, input/output validation) – From Domain 4, subheading b in the old version.
    3. Configuration management as an aspect of secure coding – From Domain 4, subheading b in the old version.
    4. Security of code repositories – New
    5. Security of application programming interfaces – From Domain 4, subheading b in the old version.
  3. Assess the effectiveness of software security – From Domain 4, subheading c in the old version.
    1. Auditing and logging of changes – From Domain 4, subheading c in the old version.
    2. Risk analysis and mitigation – From Domain 4, subheading c in the old version.
    3. Acceptance testing – New
  4. Assess security impact of acquired software – New
Domain 8 – Just the New Topics already

Here’s a closer look at the new topics in Domain 8.

Knowledge Area A, Understand and apply security in the software development lifecycle, contains mostly old and one new topic. The following topic within this Domain is new:

  • Integrated product team (e.g., DevOps) – This is a new topic. It covers integrated software development concepts, such as Agile, DevOps, and software assurance.

From Knowledge Area B, Enforce security controls in development environments, contains mostly old and one new topic. The following topic within this Domain is new:

  • Security of code repositories – This is a new topic. It discusses securing code repositories in collaborative development environments.

From Knowledge Area C, Assess the effectiveness of software security, contains mostly old and one new topic. This following topics within this Domain is new:

  • Acceptance testing – This is a new topic. It covers using acceptance testing as part of assessing software security effectiveness.

Knowledge Area D, Assess security impact of acquired software, is a new topic. It covers the procedures for assessing the security impact of acquired software, including commercial software.

Recap

I cannot believe I have finally reached the end of my latest magnum opus. Here’s the complete listing of all parts:

      • Part 1 covered general information about the new CISSP.
      • Part 2 covered new domains 1 and 2.
      • Part 3 covered new domains 3 and 4.
      • Part 4 covered new domains 5 and 6.
      • Part 5 (this post) covers new domains 7 and 8.

It is our sincere hope that this information will help you prepare for this exam! Remember, our practice test covers all the topics and also the different item types that you will see on the live exam.

Wishing you certification success!

-Robin A.

Leave a Comment »

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: