CISSP Exam Changes, 2018 | CISSP 2018 Syllabus & Study Guide

As part of Cyber Management Alliance’s commitment to be continuous in being updated with the CISSP Syllabus changes, which went live on 15 April 2018, we have summarised below the latest changes to the CISSP examination.

At a high level, nothing concrete has changed so CISSP aspirants preparing for the exam should have no worries and should continue with their existing study plans, including the use of any books/resources they may have.

Firstly, a few confirmations before you read further on the Syllabus changes:-

• There are no changes to the number of domains (CISSP will still have 8 domains).
• There are no changes to the exam format (the CISSP exam is based on a Computer Adaptive Testing approach, maximum 3 hours, 100-150 questions).
• There are no changes to the style and format of the questions (they are still multiple choice with 4 options, drag and drop questions and hot spot questions).
• There are no changes in the CISSP experience requirements to apply for your CISSP certificate once you clear your CISSP exam.

CISSP Domain Weight Changes

• The domain weightages have been slightly decreased (between 1-4%) for domain 1 Security and Risk Management and Domain 7 Securities Operations [meaning you can expect fewer questions from these 2 domains].
• The domain weightages have been slightly increased (between 1-4%) for domain 4 Communications and Network Security, Domain 6 Security Assessment and Testing, and Domain 3 Security Architecture and Engineering [meaning you can expect a few more questions from these 3 domains].

CISSP Domain Name Changes

• Domain 3 Security Engineering is now renamed to Security Architecture and Engineering

Details on changes to each of the domains:-

• Domain 1 - Security and Risk Management (new topic added - Security Control Assessment, Threat Modeling Methodologies) - CMA slides pack is updated.
• Domain 2 - Asset Security (no changes to the contents of the domain).
• Domain 3 - Security Architecture and Engineering (no changes to the contents of the domain).
• Domain 4 - Communications and Network Security (no changes to the contents of the domain - some restructuring of topics only).
• Domain 5 - Identity and Access Management (no changes to content except for one minor new topic. "Attribute-based access control" has been added - this was already covered in the CMA slide pack).
• Domain 6 - Security Assessment and Testing (no changes to the contents of the domain).
• Domain 7 - Securities Operations (no changes to content except one minor topic added - eDiscovery - Industry Standards) - CMA slides pack is updated.
• Domain 8 - Software Development Security (no changes to the contents of domain).

In reality, there has been little changed so there is little to adjust in your study plans or preparation for the examination. However, if you would like further information on the updates, please contact us and we will advise you accordingly. If you are unsure about where to start with CISSP, book your place to attend a demo session with us or contact us to arrange a quick 10 min slot with one of our CISSP mentors.