Geek-Guy.com

CISSP Domains and Guidance

The ISC2 (International Information System Security Certification Consortium) has several certifications, each with its own domains of knowledge. To give you the most relevant information, I need to know which certification you’re interested in.

However, since the CISSP (Certified Information Systems Security Professional) is one of their most popular certifications, we provide those domains as a starting point.

CISSP Domains of Knowledge:

Official CISSP Domains & Weighting (2026)

DomainWeightKey Focus Areas
1. Security and Risk Management16%Ethics, Governance, Compliance, Legal/Regulatory, Risk Analysis, Threat Modeling.
2. Asset Security10%Data Lifecycle, Classification, Privacy, Retention, and Secure Disposal.
3. Security Architecture & Engineering13%Secure Design, Security Models, Cryptography, IoT, Cloud, and Vulnerability Assessment.
4. Communication & Network Security13%Network Architecture, Secure Channels, OSI Model, SDN, and Wireless Security.
5. Identity & Access Management (IAM)13%Identification/Authentication (MFA), Authorization Mechanisms, and Identity Lifecycles.
6. Security Assessment and Testing12%Audit Strategies, Vulnerability Testing (Pen Testing), and Control Analysis.
7. Security Operations13%Incident Response, Disaster Recovery, Logging/Monitoring, and Investigative Techniques.
8. Software Development Security10%SDLC Security, Secure Coding, and Software Assurance Maturity Models.
  • Domain 1: Security and Risk Management
    • Confidentiality, Integrity, and Availability (CIA Triad)
    • Risk assessment and management
    • Security governance frameworks (e.g., NIST, ISO 27001)
    • Legal, regulations, and compliance
    • Business continuity and disaster recovery planning (BCDR)
    • Personnel security
  • Domain 2: Asset Security
    • Data security and classification
    • Data retention policies
    • Data lifecycle management
  • Domain 3: Security Architecture and Engineering
    • Secure design principles
    • Security models (e.g., Bell-LaPadula, Biba)
    • Cryptography
    • Physical security
  • Domain 4: Communication and Network Security
    • Network topologies and protocols
    • Secure network design
    • Wireless security
    • Firewalls and intrusion detection/prevention systems (IDS/IPS)
  • Domain 5: Identity and Access Management (IAM)
    • Access control models
    • Authentication and authorization mechanisms
    • Account management
  • Domain 6: Security Assessment and Testing
    • Security audits and assessments
    • Vulnerability scanning and penetration testing
    • Code review
  • Domain 7: Security Operations
    • Incident response
    • Forensics
    • Monitoring and logging
    • Physical security operations
  • Domain 8: Software Development Security
    • Secure coding practices
    • Software development lifecycle (SDLC)
    • Security testing in development

Guidance:

  • Official ISC2 Study Guide: This is your primary resource for exam preparation.
  • Training Courses: ISC2 offers official training courses, and many other providers offer CISSP prep courses.
  • Practice Exams: Practice exams are crucial for assessing your knowledge and identifying weak areas.
  • Hands-on Experience: Real-world experience is invaluable. Try to apply the concepts you learn in your work or personal projects.
  • Community and Forums: Engage with other security professionals and learn from their experiences.

If you have a different ISC2 certification in mind, please let me know, and I’ll provide the relevant domains and guidance.