My thoughts on the April 15th CISSP curriculum updates.

TL;DR; No need to buy new study materials, the changes are 1% or less, it is just reshuffling of knowledge areas.

With the updates to the CISSP curriculum I figured I would also give my 2 cents on the updates.

The updates are mostly on the organizational side of the curriculum, and not the actual content. It is mostly renaming, reorganizing and domain weight redistribution.

As a teacher I will buy the new books as soon as they are out (they are already pre-ordered).

If I was studying for the CISSP, I probably would not buy anything to replace my old materials, the changes being 1% actual updates or less.

That really goes for any study materials: Books, videos, practice tests, pod casts, anything.
If you have the 2015 versions, buying newer versions would not help you really.

I am going to update my practice tests in early May with questions from some of the actual updates (attribute-based access control, asset management, more IOT, more AI and some standards).

Previous domain name/weight:                   New domain name/weight:

Domain 1:
Security and Risk Management – 16%        Security and Risk Management – 15%
Mostly format and name changes of content. 0-1% update on actual curriculum.

Domain 2:
Asset Security – 10%                                      Asset Security – 10%
Cryptography moved to domain 3 where it should be and smaller format and name changes of content. 0-1% update on actual curriculum.

Domain 3:
Security Engineering – 12%                            Security Architecture and Engineering – 13%
Mostly format and name changes of content. 1-2% update on actual curriculum, mostly IOT and newer technologies, which are already on the exam and Cryptography being moved in from other domains.

Domain 4:
Communications and Network Security – 12%   Communication and Network Security – 14%
Cryptography moved to domain 3 where it should be and smaller format and name changes of content. 0-1% update on actual curriculum.

Domain 5:
Identity and Access Management – 13%         Identity and Access Management (IAM) – 13%
Mostly format and name changes of content. 0-1% update on actual curriculum.

Domain 6:
Security and Assessment Testing – 11%           Security Assessment and Testing – 12%
Mostly format and name changes of content. 0-1% update on actual curriculum.

Domain 7:
Security Operations – 16%                                 Security Operations – 13%
Mostly format and name changes of content. 0-1% update on actual curriculum.

Domain 8:
Software Development Security – 10%              Software Development Security – 10%
Mostly format and name changes of content. 0-1% update on actual curriculum.

If you have any questions about the upcoming changes feel free to post on this thread.

I hope I can help you get certified,

Thor

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading