CISSP & SSCP Updates Announced

ISC2 announced updates to its CISSP and SSCP certifications. There are no information about CISSP Concentrations: ISSAP, ISSEP, ISSMP updates. An official email stated:

“What does this mean for (ISC)2 members?  Beginning April 15, 2015, all CISSPs and SSCPs will be required to submit their continuing professional education (CPE) credits in accordance with the refreshed eight domains of the CISSP and seven domains of the SSCP.  This process ensures that the examinations and continuing professional education requirements encompass the topic areas relevant to the roles and responsibilities of today?s information security professionals.

Refreshed technical content has been added to the official (ISC)? CISSP Common Book of Knowledge (CBK) to reflect the most current topics in the information security industry today. The content of the SSCP has also been refreshed to reflect the most pertinent issues that security practitioners currently face, along with the best practices for mitigating those issues.  For both the CISSP and the SSCP, some topics have been expanded, while others have been realigned under different domains. Both credentials reflect knowledge of information security best practices, but from different facets. “

CISSP Domains, Effective April 15, 2015

  • NEW Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity)
  • NEW Asset Security (Protecting Security of Assets)
  • NEW Security Engineering (Engineering and Management of Security)
  • NEW Communications and Network Security (Designing and Protecting Network Security)
  • NEW Identity and Access Management (Controlling Access and Managing Identity)
  • NEW Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
  • NEW Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery)
  • NEW Software Development Security (Understanding, Applying, and Enforcing Software Security)

SSCP Domains, Effective April 15, 2015

  • Access Controls
  • Security Operations and Administration
  • Risk Identification, Monitoring, and Analysis
  • Incident Response and Recovery
  • Cryptography
  • Networks and Communications Security
  • Systems and Application Security


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.