CISSP Curriculum
CISSP Domains
Domain 1: Architectural Concepts and Design Requirements
- Understand cloud computing concepts
- Describe cloud reference architecture
- Understand security concepts relevant to cloud computing
- Understand design principles of secure cloud computing
- Identify trusted cloud services
Domain 2: Cloud Data Security
- Understand Cloud Data Life Cycle
- Design and Implement Cloud Data Storage Architectures
- Understand and implement Data Discovery and Classification Technologies
- Design and Implement Relevant Jurisdictional Data Protection for Personally Identifiable Information (PII)
- Design and implement Data Rights Management
- Plan and Implement Data Retention, Deletion, and Archival policies
- Design and Implement Auditability, Traceability, and Accountability of Data Events
Domain 3: Cloud Platform Infrastructure Security
- Comprehend Cloud Infrastructure Comp
- Analyze Risks Associated to Cloud Infrastructure
- Design and Plan Security Controls
- Plans Disaster Recovery & Business Continuity Management
Domain 4: Cloud Application Security
- Recognize Need for Training and Awareness in Application Security
- Understand Cloud Software Assurance and Validation
- Use Verified Secure Software
- Comprehend the Software Development Life Cycle (SDLC) Process
- Apply the Secure Software Development Life Cycle
- Comprehend the Specifics of Cloud Application Architecture
- Design Appropriate Identity and Access Management (IAM) Solutions
Domain 5: Operations
- Support the Planning Process for the Data Center Design
- Implement and Build Physical Infrastructure for Cloud Environment
- Run Physical Infrastructure for Cloud Environment
- Manage Physical Infrastructure for Cloud Environment
- Build Logical Infrastructure for Cloud Environment
- Run Logical Infrastructure for Cloud Environment
- Manage Logical Infrastructure for Cloud Environment
- Ensure Compliance with Regulations and Controls
- Conduct Risk Assessment to Logical and Physical Infrastructure
- Understand the Collection and Preservation of Digital Evidence
- Manage Communications with Relevant Parties Domain
Domain 6: Legal and Compliance
- Understand Legal Requirements and Unique Risks Within the Cloud Environment
- Understand Privacy Issues, Including Jurisdictional Variances
- Understand Audit Process, Methodologies, and Required Adaptions for a Cloud Environment
- Understand Implication of Cloud to Enterprise Risk Management
- Understand Outsourcing and Cloud Contract Design
- Execute Vendor Management