Home > CISSP Domains

CISSP Domains

Comprehensive guide to all eight domains in the CISSP Common Body of Knowledge (CBK)

The CISSP certification exam covers eight domains that form the Common Body of Knowledge (CBK). Each domain represents a critical area of cybersecurity knowledge and practice. Understanding these domains is essential for passing the CISSP exam and developing a comprehensive security mindset.

Explore each domain below to understand its core concepts, key topics, and importance in the overall security landscape.

1

Security and Risk Management

Defines security goals and objectives, risk mitigation, compliance, business continuity, and the law.

Key Topics:

  • Security Governance Principles
  • Risk Management Concepts
  • Security Policies and Procedures
  • Business Continuity Planning
  • Legal and Regulatory Issues
  • Professional Ethics
Read Detailed Guide Practice Questions
2

Asset Security

Focuses on securing digital and physical assets, determining and maintaining ownership, privacy, and protecting data.

Key Topics:

  • Information and Asset Classification
  • Data Security Controls
  • Privacy Protection Requirements
  • Asset Retention
  • Data Security and Lifecycle
  • Handling Requirements
Read Detailed Guide Practice Questions
3

Security Architecture and Engineering

Covers optimizing data security by ensuring effective tools, systems, and processes are in place.

Key Topics:

  • Engineering Processes Using Security Models
  • Security Evaluation Models
  • Security Capabilities of Information Systems
  • Cryptography
  • Site and Facility Design
  • Physical Security
Read Detailed Guide Practice Questions
4

Communication and Network Security

Concentrates on managing and securing physical networks and wireless communications.

Key Topics:

  • Network Architecture
  • Network Components
  • Secure Network Protocols
  • Network-based Vulnerabilities
  • Secure Communication Channels
  • Network Attacks
Read Detailed Guide Practice Questions
5

Identity and Access Management

Addresses controlling and managing identities and access mechanisms in an enterprise environment.

Key Topics:

  • Access Control Concepts
  • Identity Management Implementation
  • Access Management
  • Identity and Access Provisioning Lifecycle
  • Authentication Systems
  • Authorization Mechanisms
Guide Coming Soon Practice Questions
6

Security Assessment and Testing

Covers designing, performing, and analyzing security testing to identify vulnerabilities and verify security controls.

Key Topics:

  • Assessment and Test Strategies
  • Security Process Data
  • Security Control Testing
  • Test Outputs
  • Security Architectures and Vulnerabilities
  • Internal and Third-party Security Services
Guide Coming Soon Practice Questions
7

Security Operations

Focuses on implementing security controls, conducting investigations, and implementing preventative measures.

Key Topics:

  • Investigations and Support
  • Logging and Monitoring
  • Provisioning of Resources
  • Incident Management
  • Disaster Recovery
  • Physical Security
Guide Coming Soon Practice Questions
8

Software Development Security

Addresses understanding, applying, and enforcing software security throughout the development lifecycle.

Key Topics:

  • Security in the Software Development Lifecycle
  • Development Environment Security Controls
  • Software Security Effectiveness
  • Acquired Software Security Impact
  • Secure Coding Guidelines and Standards
  • Security of Application Programming Interfaces
Guide Coming Soon Practice Questions

Master All CISSP Domains with Pocket Coach

Our app provides comprehensive coverage of all eight domains with 2000+ questions, detailed explanations, and performance analytics.

Download on the App Store Learn More