- A CBK – sometimes simply called a Body of Knowledge – refers to a peer-developed compendium of what a competent professional in their respective field must know, including the skills, techniques and practices that are routinely employed.1
- The (ISC)² CBK is a collection of topics relevant to cybersecurity professionals around the world. It establishes a common framework of information security terms and principles which enables cybersecurity and IT/ICT professionals worldwide to discuss, debate and resolve matters pertaining to the profession with a common understanding, taxonomy and lexicon.
- (ISC)² was established, in part, to aggregate, standardize and maintain the (ISC)² CBK for security professionals worldwide. Domains from the (ISC)² credentials are drawn from various topics within the (ISC)² CBK, which are used to assess a candidate’s level of mastery of the most critical aspects of information security.
- The (ISC)² CBK is updated annually by the (ISC)² CBK Committee to reflect the most current and relevant topics required to practice the profession.
From 15 April 2018, the CISSP curriculum is updated as follows:[10]
- Security and Risk Management
- Fundamentals
- Clear defined goals
- Know what to protect: at rest, in transit and while processing
- Everything must be balanced: business needs vs CIA, accountability, and Assurance
- Accountability: who did it, non-repudiation and legal consequences
- Assurance: how do we know if our systems are secure and functioning as intended
- The CIA Triad
- Confidentiality
- Availability
- Integrity
- Control Types
- Physical
- Technical
- Administrative
- Delaying, Preventing, and Detecting
- Due Care and Due Diligence
- Due Care: knowing what the right thing is, then doing what is right
- Due Diligence:
- Fundamentals
- Asset Security
- Security Architecture and Engineering
- Communication and Network Security
- Identity and Access Management (IAM)
- Security Assessment and Testing
- Security Operations
- Software Development Security
From 2015 to early 2018, the CISSP curriculum is divided into eight domains similar to the latest curriculum above.
Before 2015, it covered ten similar domains.