flash sale banner

HomeBlogSecurityCISSP Common Body of Knowledge - (ISC)² CBK An Overview

CISSP Common Body of Knowledge - (ISC)² CBK An Overview

05th Sep, 2023
view count loader
Read it in
11 Mins
CISSP Common Body of Knowledge - (ISC)² CBK An Overview

As the world becomes reliant on technology, the need for security has become just as high. It only makes sense to get the knowledge of security and pursue a career in that direction. By familiarizing yourself with the material in the CISSP CBK, you can make sure that you have a strong foundation on which to build your career in security and join the league of cybersecurity professionals.

The ISC2 CBK is essential for anyone working or planning to work in the information security field. It helps you stay up to date on the latest developments in the field and benefit your career potential. In this blog, we’ll be providing you with an overview of the CISSP Common body of knowledge and explaining what makes the latest edition better than its previous edition. Let’s begin. 

Know more about CISSP Domains

The Official (ISC)² CISSP CBK Reference

The official book on CISSP is a comprehensive framework of all the knowledge, skills, and abilities required to perform effectively in the field of information security. It has been designed by (ISC)² - a leading global provider of information security certification - and is used by organizations around the world to ensure that their employees have the necessary skills and knowledge to protect their systems and data.

It is an essential resource for security enthusiasts enrolling in the CISSP prep course. The official ISC2 guide to the CISSP CBK can be used as a study aid for the CISSP exam, and it can also be used as a reference for day-to-day work. Many professionals consider it to stay up-to-date on the latest trends and technologies. 

Whether you are just starting out in your security career or you are a seasoned professional, this book is an essential part of your library. 

Get to know more about CEH vs CISSP. 

How Has the Material Changed from the Previous Edition?

The changes made to the (ISC)2 CISSP CBK Reference guide were based on community feedback and expert input received during the development process. The goal of the update was to provide individuals with more comprehensive coverage of the topics included in the CBK.

The updated reference guide provides individuals with more information related to the eight domains of the Common Body of Knowledge. 

1. Security & Risk Management

The Security and Risk Management domain is the foundation of the CISSP CBK. It covers the essential concepts of security management, including risk assessment and management, security controls, and security policies.

The goal of this domain is to ensure that organizations have the ability to identify, assess, and mitigate risks to their information assets. By understanding and applying the principles of this domain, organizations can protect themselves from a variety of threats, including cyber-attacks, natural disasters, and malicious insiders.

In addition, this domain also covers compliance with laws and regulations related to security. By ensuring that their security posture aligns with relevant laws and regulations, organizations can reduce their exposure to liability in the event of a security incident. 

2. Asset Security

The Asset Security domain focuses on the protection of an organization's assets, which can include everything from information and databases to buildings and equipment. This domain covers topics such as security risks, classification schemes, and data handling procedures.

The CBK CISSP also includes guidelines for physical security, as well as asset disposal and recovery. In order to effectively protect an organization's assets, it is essential to have a clear understanding of the value of those assets and the potential risks they face. With that knowledge in hand, effective security measures can be put in place to safeguard against loss or damage. 

3. Security Engineering

The security engineering domain of the (ISC)² CBK addresses the engineering processes required to develop, select, implement and maintain security measures that protect information systems. The security engineering domain focuses on technology-related solutions and how they can be used to mitigate security risks.

The domain includes information on security models, design strategies and methodologies, as well as technical controls such as access control mechanisms, cryptographic solutions and intrusion detection systems. In addition, the security engineering domain covers topics related to supply chain risk management, software development security and system lifecycle management.

By understanding the principles of security engineering and earning cybersecurity training certification, you can effectively select and implement security solutions that meet the ever-changing needs of organizations. 

4. Communications & Network Security

The Communications and Network Security domain of the CISSP CBK addresses the security controls and architectures used to protect communications systems, including the components of those systems, from interception, tampering, and denial of service attacks. 

It includes topics such as cryptography, secure communications protocols, vulnerability management, and incident response. This domain is important for CISSP candidates to understand because it forms the foundation for many of the other security domains, such as Application Security and Industrial Control Systems Security.

Furthermore, attacks on communications systems are becoming more sophisticated and widespread, making it critical for organizations to have strong defenses in this area. Given the importance of this domain, CISSP candidates should ensure that they have a solid understanding of the concepts covered before taking the exam. 

5. Identity & Access Management

Identity and access management is a critical part of security for any organization. Properly managing user access helps to ensure that only authorized users have access to sensitive data and systems. It can also help to prevent data breaches by unauthorized users.

The CISSP CBK covers all the essential concepts and technologies involved in identity and access management. When studying for the CISSP exam, you must be prepared to manage user access in any organization. 

6. Security Assessment and Testing

The security Assessment and Testing domain of the CBK CISSP is concerned with the tools and techniques used to assess an organization's security posture. This includes both active and passive testing methods, as well as physical and logical security assessments.

Active testing methods are those in which the tester actively interacts with the system under test, in order to gather information about its security posture. Passive testing methods, on the other hand, involve simply observing the system under test without interacting with it.

Physical security assessments focus on the physical components of a system, such as its hardware and facilities, while logical security assessments focus on the system's software and data. Both types of assessment are important in order to get a complete picture of an organization's security posture. 

7. Security Operations

CISSP Security Operations domain covers the management and maintenance of security controls to protect organizational assets, such as system boundary defenses, patch management, device hardening, media and device controls, HR security awareness and training program.

The aim is to ensure that the systems are available when needed and resistant to attack. All changes to the organization's systems need to be carefully evaluated for potential impact on security before they are implemented.

Building and maintaining secure systems require continuous monitoring and improvement of security controls. To be effective, these processes must be automated where possible and supported by detailed policies and procedures.

8. Software Development Security

The Final domain: Software Development Security of the CISSP CBK covers the processes and tools used to secure software applications throughout the software development life cycle.

In order to effectively secure software applications, it is important to understand the threat landscape and common vulnerabilities. The Software Development Security domain helps practitioners to identify these threats and vulnerabilities, as well as mitigation strategies.

In addition, this domain covers secure coding practices, application security testing, and incident response. By understanding the concepts in this domain, practitioners can build more secure software applications and better defend against attacks. 

Each of these domains covers a different area of expertise, and each domain is further divided into smaller sub-topics. The ISC2 CBK is the authoritative guide to all the topics covered. It is an essential resource for anyone preparing for the CISSP exam or seeking to develop their knowledge and understanding of information security.

What makes this book a good choice?

The Official (ISC)2 CISSP CBK Reference) 11 November 2021 is a great choice for individuals who want to get certified in information security. The book is extremely comprehensive, covering all of the topics that are tested on the CISSP exam.

In addition, the book is updated to reflect the latest changes in the information security field. As a result, it is an ideal resource for both new and experienced CISSP candidates. It also includes a practice exam, which can be extremely helpful in preparing for the actual test. Overall, the book is an excellent choice for anyone who wants to become certified in information security. 

How to study for the CISSP certification?

The CISSP is a highly respected and recognized security certification, and as such, it is not an easy exam to pass. In order to increase your chances of success, it is important to prepare thoroughly for the exam.

The best way to study for the exam is to first purchase a reputable study guide and review the material carefully. In addition, there are a number of practice exams available online which can help you gauge your understanding of the material.

Finally, find a study partner or rely on the Knowledgehut CISSP prep course to stay on track and motivated. By following these simple steps, you can give yourself the best possible chance of passing the CISSP exam. 


CISSP is a difficult certification to obtain, but the knowledge and skills you gain are invaluable. The exam covers a vast array of cybersecurity topics, so it's important to have a good understanding of the CBK before attempting to take the test.

One of the CISSP CBK's key objectives is to create a global body of knowledge around which practitioners can build skills and careers in cybersecurity. However, don’t be intimidated by its size or scope – we’ve provided an overview that will help you get started. In the meantime, good luck studying for your CISSP exam!

Frequently Asked Questions (FAQs)

1What does CISSP CBK stand for?

It is an abbreviation for the Certified Information Systems Security Professional Common Body of Knowledge. It is a globally recognized standard for information security knowledge and comprises eight domains. 

2What are the 8 domains of the CISSP CBK?

It covers eight major domains of information security:

  1. Security & Risk Management 
  2. Asset Security 
  3. Security Engineering 
  4. Communications & Network Security 
  5. Identity and Access Management 
  6. Security Assessment and Testing 
  7. Security Operations, 
  8. Software Development Security 

Each of these domains contains a set of important concepts that every CISSP should know.

3Can you pass CISSP without experience?

Although work experience is not required for the CISSP exam, it is still recommended. Earning the CISSP designation demonstrates that an individual not only has the theoretical knowledge to be a competent security professional but also the practical experience to apply that knowledge in the real world. However, those who do not have several years of experience in the field may still be able to pass the exam by studying diligently and making use of available resources. 

4Is CISSP open book?

The CISSP exam is not open book. Candidates are not allowed to bring in any materials other than what is provided by (ISC)². The only exception to this rule is if you require an accommodation due to a documented disability, you may be allowed to bring in specific aids that have been approved by (ISC)². Other than that, you will need to rely on your memory and knowledge of the CISSP CBK when taking the exam. 


Abhresh Sugandhi


Abhresh is specialized as a corporate trainer, He has a decade of experience in technical training blended with virtual webinars and instructor-led session created courses, tutorials, and articles for organizations. He is also the founder of Nikasio.com, which offers multiple services in technical training, project consulting, content development, etc.

Share This Article
Ready to Master the Skills that Drive Your Career?

Avail your free 1:1 mentorship session.

Your Message (Optional)

Upcoming Cyber Security Batches & Dates

NameDateFeeKnow more
Course advisor icon
Course Advisor