CISSP | SECURITY GOVERNANCE | CHANGE CONTROL MANAGEMENT

CISSP stands for Certified Information Systems Security Professional. It is a globally recognized certification in the field of information security. The CISSP certification is administered by the International Information System Security Certification Consortium, also known as (ISC)².

To obtain the CISSP certification, candidates must meet specific experience requirements and pass the CISSP exam. The exam covers eight domains of information security, including:

Security and Risk Management: This domain covers topics such as security policies, risk management, asset management, and legal and regulatory issues.

Asset Security: It focuses on protecting information assets through asset classification, ownership, and handling, as well as data privacy and secure disposal of assets.

Security Architecture and Engineering: This domain includes topics like security models, secure design principles, security capabilities of information systems, and security architecture requirements.

Communication and Network Security: It covers network protocols, secure network design, network components, and secure communication channels.

Identity and Access Management: This domain includes topics such as access control systems, identity management, and physical and logical access control methods.

Security Assessment and Testing: It covers security control testing, vulnerability assessments, penetration testing, and the use of assessment tools.

Security Operations: This domain focuses on topics such as incident management, disaster recovery planning, security operations procedures, and logging and monitoring.

Software Development Security: It covers security controls in the software development lifecycle, software security effectiveness, and security issues related to the use of third-party software and libraries.