ISC2 CISSP

CISSP domains overview (2024): Your complete preparation guide

Dan Virgillito
June 12, 2024 by
Dan Virgillito

The Certified Information Systems Security Professional (CISSP) certification plays a significant role in the cybersecurity industry as one of the most prestigious and difficult certifications. Offered by ISC2 (International Information System Security Certification Consortium), this rigorous exam was launched in 1994 but has remained one of the most well-known and valuable certifications over the last three decades. 

The four-hour, rigorous 100- to 150-question exam remains popular as it leads to the most requested certification by hiring managers in the U.S. 

Earn your CISSP, guaranteed!

Earn your CISSP, guaranteed!

Get live, expert CISSP training from anywhere. Enroll now to claim your Exam Pass Guarantee!

The CISSP domains: An overview 

The CISSP comprises eight domains to assess your competence and knowledge of advanced information security knowledge. Thanks to its robust exam content, the certification is crucial for career progression and is one of the most in-demand certifications from cybersecurity employers. 

Security trends and threat vectors are always becoming more sophisticated, and exam content can quickly become outdated. The CISSP is extremely thorough and detailed, and it’s also updated roughly every three years to ensure professionals are tested on the latest knowledge in this fast-changing landscape. Check out the CISSP exam overview for an in-depth look at the exam, prerequisites, scoring, duration, study tips and more. 

Detailed exploration of CISSP domains 

The CISSP is an extensive test of everything in information security, including designing, implementing and managing security programs in uniquely complex environments. Now, let’s dive into the individual domains in detail. 

Domain 1: Security and Risk Management (16% of scored content) 

Focusing on general concepts in information security, candidates are assessed on standard security and risk management procedures. A thorough understanding of this section’s concepts lays the groundwork for advanced cybersecurity knowledge and practices. 

It covers topics like professional ethics, security governance principles, different investigation types, business continuity requirements and threat modeling concepts and methodologies. In the April 2024 exam update, this domain weight grew from 15% to 16%. 

Domain 2: Asset Security (10% of scored content) 

Assets are one of an organization’s most valuable items, and this domain covers issues related to the collection, storage, maintenance, retention and destruction of data. 

It covers classifying information, asset handling requirements, managing the data lifecycle and ensuring appropriate end-of-life and end-of-support. 

Domain 3: Security Architecture and Engineering (13% of scored content) 

The third domain covers important security engineering topics that use plans, designs and principles. Candidates are thoroughly assessed on their ability to create, test and deploy secure architecture design. This section includes newer concepts like threat modeling, least privilege, failing securely, separation of duties, trust and verification and more secure design principles. 

Domain 4: Communication and Network Security (13% of scored content) 

Secure communication and network infrastructure are mission-critical for modern organizations. This section covers the importance of secure and converged protocols, wireless networks, cellular networks, hardware operation and third-party connectivity. 

Domain 5: Identity and Access Management (IAM) (13% of scored content) 

Covering basic identity and access management (IAM) principles, candidates are thoroughly tested on controlling physical and logical assets to assets, user authentication through single sign-on and just-in-time and managing the identity and access provisioning lifecycle. 

Domain 6: Security Assessment and Testing (12% of scored content) 

The six domain tests candidates on their knowledge of maintaining and enhancing security posture through validation strategies, security control testing, security audits and different data collection processes. 

Domain 7: Security Operations (13% of scored content) 

In another practical but broad section, candidates must demonstrate a thorough knowledge of operational security and the importance of incident management, disaster recovery and business continuity. This includes logging and monitoring activities, configuration management, resource protection, detective and preventative measures, vulnerability management and disaster recovery plans. 

Domain 8: Software Development Security (10% of scored content) 

The final domain of the CISSP exam focuses on the importance of integrating security practices into the software development life cycle (SDLC). CISSP candidates need extensive knowledge of security controls like programming languages, runtime, continuous delivery automation and response, application security testing and more. 

This domain weight was lowered in the April 2024 update from 11% to 10%. 

Earn your CISSP, guaranteed!

Earn your CISSP, guaranteed!

Get live, expert CISSP training from anywhere. Enroll now to claim your Exam Pass Guarantee!

Preparing for the CISSP exam 

The CISSP is a challenging and rigorous exam that requires five years of experience. It’s recommended to prepare thoroughly for the CISSP to maximize your chances of passing. 

Start your studying with the domain most aligned with your background and experience. Create a custom study plan for yourself that involves a mix of practice questions, self-study and certification preparation courses. 

Plus, depending on your unique learning style, explore CISSP resources like books, practice exams, exam guides, online study materials, on-demand training and more. If you want live training, Infosec’s CISSP Certification Boot Camp is a six-day immersive training experience in the format of your choice — live online, in-person or team onsite.  

The CISSP certification hub also lists specific study guides and books if you’re interested in materials from different subject matter experts. 

CISSP’s impact on cybersecurity careers in 2024 and beyond 

With the demand for CISSP certifications at an all-time high, it’s a highly valuable resume builder for senior career movement. Not only is it helpful in demonstrating a commitment to ongoing learning and education, but many advanced cybersecurity positions and senior leadership roles now require the CISSP certification. 

The talent shortage of cybersecurity workers hit 4 million in 2023 and will continue to grow, highlighting the need for CISSP-skilled workers. Especially as organizations and infrastructure become more sophisticated, a next-level advanced certification like the CISSP becomes even more critical to defend against complex data breaches. 

CISSP and other cybersecurity certifications 

Many professionals have a mix of cybersecurity manager certifications that build upon their professional experience and knowledge. The CISSP is ideal for more advanced professionals with at least five years of paid work experience in two or more of the eight domains, and it’s often taken after a more entry-level certification like CompTIA Security+ 

Since the CISSP is broad, it’s often paired with more specialized certifications depending on your career goals: 

Also, some security professionals choose to specialize in specific, popular vendors like Amazon Web Services (AWS), Microsoft Azure and Cisco. These show in-depth knowledge of the most in-demand platforms and technologies and offer even more room for specialization, such as the AWS Certified Solutions Architect – Professional certification or the Azure Fundamentals Microsoft certification. 

Other certification bodies like the Information Systems Audit and Control Association (ISACA) and the International Association of Privacy Professionals (IAPP) offer more opportunities for furthering your networking and professional skills. 

Take the 2024 CISSP 

While a challenging exam with comprehensive subject matter, the eight CISSP domains are foundational knowledge for aspiring and current cybersecurity professionals. The CISSP exam is one of the most widely recognized and prestigious certifications, demonstrating mastery of broad, technical and emerging exam content and technology. 

For 2024 and beyond, continuous learning and growth in cybersecurity are key to maintaining cutting-edge skills, commanding higher salaries and obtaining valuable promotions and advancements. It’s one of the best certifications to add to your professional resume and well worth the time and energy investment. 

Earn your CISSP, guaranteed!

Earn your CISSP, guaranteed!

Get live, expert CISSP training from anywhere. Enroll now to claim your Exam Pass Guarantee!

CISSP FAQs 

Take a look at a few frequently asked questions about the CISSP certification. 

What is the best strategy for studying the CISSP domains? 

First, give yourself adequate time to thoroughly prep for the CISSP exam, which often means several months. Start by assessing your strengths and weaknesses within the eight CISSP domains and create a custom plan to focus on your less knowledgeable areas. Break down larger domains into smaller chunks, and utilize a mix of self-study, on-demand and live training materials. 

How does CISSP certification impact salary and job prospects in cybersecurity? 

The average salary for a mid-level CISSP certification holder is $151,860 in 2024, and pay continues to increase with experience. Career advancement is a crucial requirement for the highest levels of leadership, such as a Chief Information Security Officer (CISO). 

Can CISSP certification help in transitioning to a cybersecurity career from another field? 

Yes, absolutely. No matter your background, a CISSP certification shows a mastery of advanced security topics. Coming from a complementary field helps establish credibility and knowledge and shows you’ve thoroughly bridged any potential knowledge gaps. 

Dan Virgillito
Dan Virgillito

Dan Virgillito is a blogger and content strategist with experience in cyber security, social media and tech news.