(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide. Mike Chapple
for the Certified Information Systems Security Professional (CISSP) certification exam, but we provide additional tools to help you prepare. The online TestBank will help you understand the types of questions that will appear on the certification exam.
The sample tests in the TestBank include all the questions in each chapter as well as the questions from the Assessment test in this Introduction section. In addition, there are four bonus practice exams that you can use to evaluate your understanding and identify areas that may require additional study. These four additional practice exams include 125 questions each and cover the breadth of domain topics in a similar percentage ratio as the real exam. They can be used as real exam simulations to evaluate your preparedness.
The flashcards in the TestBank will push the limits of what you should know for the certification exam. The questions are provided in digital format. Each flashcard has one question and one correct answer.
The online glossary is a searchable list of key terms introduced in this exam guide that you should know for the CISSP certification exam.
New for the 9th edition: Audio Review. Author Mike Chapple reads the Exam Essentials for each chapter providing you with 2 hours and 50 minutes of new audio review for yet another way to reinforce your knowledge as you prepare. We suggest using these audio reviews after you have read each chapter. You can listen to them on your commute, at the gym, or anywhere you read audio books!
To start using these to study for the exam, go to www.wiley.com/go/sybextestprep
, register your book to receive your unique PIN, and then once you have the PIN, return to www.wiley.com/go/sybextestprep
, and register a new account or add this book to an existing account.
Study Guide Exam Objectives
This table provides the extent, by percentage, to which each section is represented on the actual examination.
Domain | % of exam |
Domain 1: Security and Risk Management | 15% |
Domain 2: Asset Security | 10% |
Domain 3: Security Architecture and Engineering | 13% |
Domain 4: Communication and Network Security | 13% |
Domain 5: Identity and Access Management (IAM) | 13% |
Domain 6: Security Assessment and Testing | 12% |
Domain 7: Security Operations | 13% |
Domain 8: Software Development Security | 11% |
Total | 100% |
The most recent revision of the topical domains will be reflected in exams starting May 1, 2021. For a complete view of the breadth of topics covered on the CISSP exam from the eight domain groupings, visit the (ISC)2 website at
isc2.org
to download a copy of the Certification Exam Outline. This document includes a complete exam outline as well as other relevant facts about the certification.
Objective Map
This book is designed to cover each of the eight CISSP Common Body of Knowledge domains in sufficient depth to provide you with a clear understanding of the material. The main body of this book consists of 21 chapters. Here is a complete CISSP Exam Outline mapping each objective item to its location in this book's chapters.
We added additional numbering to the bullet-level topic items (i.e., the sub-sub-objectives or sub-objective examples) from the Exam Outline.Domain # | Objective | Chapter |
Domain 1 | Security and Risk Management | |
1.1 | Understand, adhere to, and promote professional ethics | 19 |
1.1.1 | (ISC)² Code of Professional Ethics | 19 |
1.1.2 | Organizational code of ethics | 19 |
1.2 | Understand and apply security concepts | 1 |
1.2.1 | Confidentiality, integrity, and availability, authenticity and nonrepudiation | 1 |
1.3 | Evaluate and apply security governance principles | 1 |
1.3.1 | Alignment of security function to business strategy, goals, mission, and objectives | 1 |
1.3.2 | Organizational processes (e.g., acquisitions, divestitures, governance committees) | 1 |
1.3.3 | Organizational roles and responsibilities | 1 |
1.3.4 | Security control frameworks | 1 |
1.3.5 | Due care/due diligence | 1 |
1.4 | Determine compliance and other requirements | 4 |
1.4.1 |