Cyber Security

CISSP Exam Changes

April 26, 2018

Guest Author

Are you thinking about earning your CISSP in 2018? One thing you need to consider is there have been changes made to the exam. The new exam went live on April 15th, 2018 and this quick blog post will detail the CISSP exam changes and how they may affect you.

CISSP Certification Background

Learn More About (ISC)² CISSP Training

CISSP, Certified Information Systems Security Professional, is an industry-leading IS (information security) certification designed to validate a professionals understanding of IS topics and how to protect an organization against a variety of data breaches. CISSP certification ensures that professionals have consistent knowledge and skills of the current IS landscape. CISSP has developed into a highly desired certification for security professionals around the globe.

How CISSP Exam Changes Are Made

CISSP exam changes can sometimes take years of planning and development before they become official. (ISC)² performs a Job Task Analysis (JTA) to ensure that the domains and objectives of the CISSP certification remains relevant. The JTA is a methodical process that scrutinizes the job roles of CISSP professionals. The JTA process ensures that CISSP certified professionals will be well-versed in the most up-to-date practices, guaranteeing they will be able to meet the needs of their organization.

After the JTA has scrutinized every aspect of a CISSP role and determined what changes need to be made the CISSP Common Body of Knowledge (CBK) will be updated to reflect the new and changed information.

CISSP Exam Overview

As stated above, changes to the CISSP exam reflect the findings of the Job Task Analysis process. The 2018 CISSP exam changes are not major changes. In fact, due to the nature of the CISSP certification, candidates who have purchased materials to study for the previous CISSP exam will not necessarily need to purchase new materials as the CISSP is an experience-based exam. The format of the exam was unaffected by the CISSP exam changes. Certification seekers will still have up to 3 hours to complete the 100-150 multiple-choice questions and must score at least 700 out of 1000 points to receive a passing score.

Most of the exam changes can be seen in the weights of the domains on the exam, domain names, and in the CBK — either through the combination of topics, addition or removal of topics.

CISSP Domains

A major component of being an eligible candidate for the CISSP credential is that certification seekers must  have a minimum of 5 years full-time, paid experience in 2 or more of the domains. This means it is essential that CISSP candidates are familiar with the domains so that they may achieve certification.

Below is a side by side comparison of the domains and exam weights of the newest CISSP exam and the previous version of the exam.

2018 CBK CISSP Exam Domains

  1. Security and Risk Management – 15%
  2. Asset Security – 10%
  3. Security Architecture and Engineering – 13%
  4. Communication and Network Security – 14%
  5. Identity and Access Management (IAM) – 13%
  6. Security Assessment and Testing – 12%
  7. Security Operations – 13%
  8. Software Development Security – 10%

2015 CBK CISSP Exam Domains (Retired)

  1. Security and Risk Management – 16%
  2. Asset Security – 10%
  3. Security Engineering – 12%
  4. Communications and Network Security – 12%
  5. Identity and Access Management – 13%
  6. Security Assessment and Testing – 11%
  7. Security Operations – 16%
  8. Software Development Security – 10%

As you can see, the only domain name that was updated was the third domain. However, several weights of the domain in the exam have changed. The 3rd, 4th, and 5th domain weights increased while the 1st and 7th decreased, and the 2nd and 8th remained at the same weight. The domain weights represent the percentage of questions on the exam where exam takers will need to apply knowledge of that specific domain.

Maintaining CISSP Certification

To maintain your CISSP certification, you will need to:

  • Follow the (ISC)² Code of Ethics.
  • Earn 120 total Continuing Professional Education (CPE) units over a period of 3 years
    • 40 credits must be earned annually
    • You can do so through attending events, online seminars, and more
  • Pay the annual maintenance fee
subscribe by email

Stay Ahead