CertStud Logo
Back to CISSP Certification

CISSP Study Notes

Comprehensive study notes covering all eight domains of the CISSP exam.

Domain 1: Security and Risk Management
  • Professional ethics
  • Security concepts
  • Security governance principles
  • Compliance requirements
  • Legal and regulatory issues
  • Security policy development
  • Business continuity planning
  • Personnel security
  • Risk management concepts
  • Threat modeling
  • Supply chain risk management
  • Security awareness and training
View Domain 1 Notes
Domain 2: Asset Security
  • Information and asset classification
  • Ownership (e.g., data, system, assets)
  • Protect privacy
  • Appropriate retention
  • Data security controls
  • Handling requirements (e.g., markings, labels, storage)
View Domain 2 Notes
Domain 3: Security Architecture and Engineering
  • Engineering processes using secure design principles
  • Security models fundamental concepts
  • Security evaluation models
  • Security capabilities of information systems
  • Security architectures, designs, and solution elements vulnerabilities
  • Web-based systems vulnerabilities
  • Mobile systems vulnerabilities
  • Embedded devices and IoT vulnerabilities
  • Cryptography
  • Site and facility design secure principles
  • Physical security
View Domain 3 Notes
Domain 4: Communication and Network Security
  • Secure network architecture design
  • Secure network components
  • Secure communication channels
  • Network attacks
View Domain 4 Notes
Domain 5: Identity and Access Management (IAM)
  • Physical and logical access to assets
  • Identification and authentication of people, devices, and services
  • Identity as a Service (IDaaS)
  • Third-party identity services
  • Authorization mechanisms
  • Access control attacks
  • Identity and access provisioning lifecycle
View Domain 5 Notes
Domain 6: Security Assessment and Testing
  • Assessment and testing strategies
  • Security controls testing
  • Security processes data
  • Test outputs
  • Security architectures vulnerabilities
View Domain 6 Notes
Domain 7: Security Operations
  • Investigations support and requirements
  • Evidence collection and handling
  • Incident management
  • Disaster Recovery
  • Business Continuity
  • Physical security
  • Personnel safety
  • Security training and awareness
View Domain 7 Notes
Domain 8: Software Development Security
  • Security in the software development lifecycle
  • Development environment security controls
  • Secure coding and testing
  • Effectiveness of software security
  • Security of acquired software
View Domain 8 Notes
CISSP Study Tips

The CISSP exam tests your knowledge across 8 domains of cybersecurity. Here are some key tips for exam success:

  • Think like a manager, not a technician. The CISSP exam focuses on management-level security concepts.
  • Understand the core security concepts and how they apply across different domains.
  • Focus on the domains with higher weightage: Security and Risk Management (15%), Security Assessment (13%), etc.
  • Study regulatory frameworks and compliance requirements relevant to multiple industries.
  • Practice with scenario-based questions that require application of concepts rather than memorization.
  • Know the ISC² Code of Ethics thoroughly as it forms the foundation of the CISSP certification.