1- Security and Risk Management Domain represents 15 percent of the CISSP certification exam.
This Section has covers about the following:
- Security policies and procedures
- Business continuity planning
- Risk management
- Security education
2- Asset Security Domain represents 10 percent of the CISSP certification exam and also focuses on protecting information assets. Information is the most valuable asset for an organization. So we need to focus on Protection these information Assets. Important concepts within this domain include data, privacy, data ownership, data security controls and cryptography.
3- Security Architecture and Engineering represents 13 percent of the CISSP certification exam.
In this section, the following items are examined:
- Security models and concepts
- Information systems security models
- Security capabilities of information systems
- Vulnerabilities in system architectures
- Vulnerabilities and threats to software and systems
- Countermeasure principles
4- Communication and Network Security Domain represents 14 percent of the CISSP certification exam. This section requires a thorough understanding of network fundamentals, secure network design, networking technologies and network management techniques.
5- Identity and Access Management domain represents 13 percent of the CISSP certification exam. Identity and access management is the basis for all security disciplines. The purpose of access management is to allow authorized users access to appropriate information and deny unauthorized users to access confidential information.
This domain can be further subdivided into two interrelated management activities:
- Identity management
- Access management
6- Security Assessment and Testing represents 12 percent of the CISSP certification exam and also depends upon designing and assessment phases. Designing of security assessment and testing, ensures all security controls that enforced are functioning properly.
7- Security Operations domain represents 13 percent of the CISSP certification exam.
The Main purpose of security operations practices is to safeguard information assets
that reside in a system. These practices aid to identify threats and vulnerabilities.
Security operations represents routine operations that occur across many of the CISSP domains.
8- Software Development Security Domain represents 10 percent of the CISSP certification exam.
This domain focuses on managing the risk and security of software development.
An understanding of the software development process is essential for the creation and maintenance of software that’s secure.
This section covers foundational concepts in various software development life cycle models and it discusses security requirements in software development processes.
You can read more about these domains here.