Domain General Review
CISSP course includes eight Domain:
- Security and Risk Management
- Asset Security
- Security Architecture and Engineering
- Communication and Network Security
- Identity and Access Management ( IAM)
- Security Assessment and Testing
- Security Operations
- Software Development Security

1- Security and Risk Management Domain represents 15 percent of the CISSP certification exam.
This Section has covers about the following:
- Ownership
- Security policies and procedures
- Business continuity planning
- Risk management
- Security education
- Training
- Awareness
2- Asset Security Domain represents 10 percent of the CISSP certification exam and also focuses on protecting information assets. Information is the most valuable asset for an organization. So we need to focus on Protection these information Assets. Important concepts within this domain include data, privacy, data ownership, data security controls and cryptography.
- Security models and concepts
- Information systems security models
- Security capabilities of information systems
- Vulnerabilities in system architectures
- Vulnerabilities and threats to software and systems
- Countermeasure principles
4- Communication and Network Security Domain represents 14 percent of the CISSP certification exam. This section requires a thorough understanding of network fundamentals, secure network design, networking technologies and network management techniques.
- Identity management
- Access management
6- Security Assessment and Testing represents 12 percent of the CISSP certification exam and also depends upon designing and assessment phases. Designing of security assessment and testing, ensures all security controls that enforced are functioning properly.