CISSP Domains: Who’s on first?

March 19, 2010 · Posted in Don's eBook Report, InfoSec Docs, Information Security, Information Systems 

I just realized something today that I found a tad bit annoying. The numbering of the domains of the CISSP Common Body of Knowledge (CBK) is actually trivial (can’t think of a better word at the moment). I am reviewing some items on my CISSP notes today and was looking at Domain 2: Telecommunications and Network Security. I wanted to compare some of my notes (written in 2006) to whatever else I can find in the web.

So I Googled, “CISSP Domain 2”.  The result was TechTarget’s SearchSecurity.com listed at number 1. And it says “CISSP Domain 2 quiz: Access Control.” Access Control? What do you mean Access Control? I thought “Telecommunications and Network Security” is the CBK”s Domain 2?

At first I thought it was a mistake by TechTarget, but as I go down the Google search result they all say Access Control. Was I smoking something when I was typing my notes 4 years ago? You are probably saying, “well Don, what is the big deal?” It sort of kinda a big deal, since if you have been following my entries in this blog, I have Access Control listed as Domain 1 and Telecommunications and Network Security is Domain 2. Don’t want to end up losing street cred here ;-) . Plus really it bugs me not being able to figure out how I could have done such a mistake.

So I visited the original source, I went to ISC2.org and looked up how they listed the domains. And this is what I found:

  • Access Control
  • Application Development Security
  • Business Continuity and Disaster Recovery Planning
  • Cryptography
  • Information Security Governance and Risk Management
  • Legal, Regulations, Investigations and Compliance
  • Operations Security
  • Physical (Environmental) Security
  • Security Architecture and Design
  • Telecommunications and Network Security

Planning to take the CISSP Exam?

Get a copy of my personal notes (300plus pages worth) that I used to pass the exam for only $25.00.

Click the Add To Cart Button to Purchase

Click the Add To Cart Button to Purchase

Plus you will also get copies of notes from other CISSPs.

Learn more about this package by visiting this blog entry: CISSP REVIEW NOTES I USED TO PASS THE EXAM.

CLICK BELOW TO MAKE YOUR PURCHASE NOW.

All Purchases are securely processed through Paypal. Once you click the button please check your shopping cart at the upper right hand side of the page to complete your order.

IMPORTANT NOTICE:

I MANUALLY REVIEW ALL ORDERS. SO ONCE YOU PURCHASE THE PRODUCT, THERE WILL BE SOME DELAY ON YOU RECEIVING AN E-MAIL FROM ME WITH THE LINK TO THE DOWNLOAD AREA OF THE PRODUCT. YOU WILL GET A RESPONSE FROM ME WITHIN 24-48 HOURS.

You may also want to consider these CISSP resources from Amazon.com

If you notice the list is in alphabetical order. There is no direct number designation for each domain. I also used the Shon Harris All-in-One book () primarily to do my review. Since I don’t have the book handy (it is stuck somewhere in storage), I went to Amazon and looked up the book and see if I can view the table of contents inside. The book is now on its fifth edition (CISSP All-in-One Exam Guide, Fifth Edition) and I know I have an older version. The oldest version I can find that has the Amazon Look Inside feature is the Third Edition. And voila! There it is the first domain discussed is Access Control and therefore making it Domain 1, right?

But wait, it also lists Telecommunications & Network Security fourth in the list, which means I am still up in smoke ;-) . I looked up the publication date of the third edition and it shows as September 15, 2005. I bought my book in 2003 and this means I have the older edition, which may have a different way of listing the domains. I can’t prove that since I don’t have the book and I don’t feel like diving into the abyss otherwise known as my storage, I just continued Googling for answers.

I looked up the Official CISSP book () that I have (Official (ISC)2 Guide to the CISSP CBK ((ISC)2 Press)) and it lists “Information Security Governance and Risk Management” as Domain 1, while “Access Control” is Domain 2. I really could care less, I already passed the exam, I already have 120 CPEs and I am on time on my membership payments to ISC2, so I am set to get my CISSP cert to be renewed by September this year. But this difference in numbering does bug me. Now I think about it, I did notice the numbering difference when I bought the Official CISSP book in 2006, I didn’t pay much attention to it for some reason since I was already deep into my studying of the Shon Harris book. What was I smoking? What was Ms. Harris smoking? Well to be quite sure, nothing.

As I did further Googling I landed into another SearchSecurity.com site. The site that started this little hubbub. And guess what I found?

Domain 1 is “Telecommunications & Network Security”, Domain 2 “Physical Security”…

Whut!?!

Yep, the site contradicted itself.

So a quick conclusion after all this little exercise in WTF, I concluded that OFFICIALLY there are 10 Domains in the CISSP Common Body of Knowledge. Which domain comes first, next and last, is NOT AN OFFICIAL RANKING OR NUMBERING. Don’t get too hung up on this while you are studying, you will not encounter a question in the exam that says, “In Domain 2 of the CBK…”, it will instead more than likely say, “In the Access Control Domain of the CBK…”

All that said, I wish you goodluck on the exam. If you are not taking the exam, thank you for reading ;-) . Happy weekend.

Bookmark and Share

Thought you should know, etc... Update

Sony Turning to Medical-Imaging Chips

Equipment that exploits an edge in disease-detecting technologies could revive Sony, says incoming Chief Executive Officer Kazuo Hirai

Google Testing New Gadget

Google is working on a new entertainment device that will rely on wireless networking, according to a FCC filing

Intel Antitrust Suit to Be Dropped in N.Y.

New York has ended its more than two-year-old antitrust suit against Intel without imposing any fines or restrictions

U.S. Air Force May Buy 18,000 Apple IPad2s for Flight Crews

The U.S. Air Force may buy as many as 18,000 iPad2s in what would be one of the military’s biggest orders of computer tablets, accelerating Apple Inc.’s inroads into the federal government.

TomTom Rises After Rabo Raises Recommendation: Amsterdam Mover

TomTom NV, Europe’s biggest maker of portable navigation devices, rose to the highest in seven months after Rabo Securities raised its recommendation, citing strong automotive sales and a potential Apple Inc. mapping deal.

Tags: , , , , , , , , , , , , , , , , ,

Comments

Leave a Reply




  • Your Shopping Cart

    Your cart is empty

  • Calendar

    March 2010
    M T W T F S S
    « Feb   Apr »
    1234567
    891011121314
    15161718192021
    22232425262728
    293031  

  • RSS From the National Vulnerability Database

    • CVE-2011-3958 (chrome) February 7, 2012
      Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. […]
      nvd@nist.gov
    • CVE-2012-1033 (bind) February 7, 2012
      The resolver in ISC BIND 9 through 9.8.1-P1 does not properly implement a cache update policy, which allows remote attackers to trigger continued resolvability of domain names that are no longer registered via an unspecified "Ghost Names exploit." […]
      nvd@nist.gov
    • CVE-2011-3971 (chrome) February 7, 2012
      Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to mousemove events. […]
      nvd@nist.gov
    • CVE-2011-3954 (chrome) February 7, 2012
      Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via vectors that trigger a large amount of database usage. […]
      nvd@nist.gov
    • CVE-2011-3970 (chrome, libxslt) February 7, 2012
      libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. […]
      nvd@nist.gov
    • CVE-2012-0926 (realplayer, realplayer_sp) February 7, 2012
      The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code via a crafted RV10 RealVideo video stream. […]
      nvd@nist.gov
    • CVE-2011-3969 (chrome) February 7, 2012
      Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents. […]
      nvd@nist.gov
    • CVE-2011-3956 (chrome) February 7, 2012
      The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension. […]
      nvd@nist.gov
    • CVE-2011-3968 (chrome) February 7, 2012
      Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token sequences. […]
      nvd@nist.gov
    • CVE-2012-1035 (ada_web_services) February 7, 2012
      AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. […]
      nvd@nist.gov
Get Adobe Flash playerPlugin by wpburn.com wordpress themes