What’s New in the CISSP Certification Exam in 2024?
In an era where data breaches, cyberattacks, and digital threats are becoming increasingly sophisticated and prevalent, the need for highly skilled and certified information security professionals has never been more critical. The Certified Information Systems Security Professional (CISSP) certification is a globally recognized and highly esteemed credential that plays a pivotal role in cybersecurity.
Introduction to CISSP
CISSP is a prestigious certification provided by the (ISC)2 or International Information System Security Certification Consortium. The CISSP certification ensures the extensive technical and managerial expertise of an information security professional, enabling them to proficiently oversee, design, and maintain an organization’s comprehensive security framework.
The CISSP exam undergoes an update every three years to align with the ever-evolving trends and advancements in the cybersecurity field. ISC2 is scheduled to introduce the next update to the CISSP certification exam on April 15, 2024.
Old vs. New CISSP Domains
Changes in CISSP Domains
As mentioned above, the new updated CISSP certification exam changes the weightage for Domain 1, Security and Risk Management, has been slightly raised from 15% to 16%, whereas the weightage for Domain 8, Software Development Security, has seen a minor reduction from 11% to 10%.
Overview of New CISSP Exam Domains
Domain 1: Security and Risk Management (16%)
Domain 1 in the CISSP exam carries a substantial 16% weightage, making it a crucial area of focus. It covers topics such as professional ethics, security concepts, governance principles, legal and regulatory issues, and risk management. This domain emphasizes the importance of technical knowledge and ethical and governance considerations, reflecting the comprehensive nature of the CISSP certification exam.
Domain 2: Asset Security (10%)
Domain 2 of the CISSP exam holds a weightage of 10% and is centered around information and asset management. It encompasses the identification and classification of data and assets, the establishment of secure handling requirements, and the provision of resources securely. Additionally, candidates must manage the entire data lifecycle, from collection to destruction, ensuring appropriate asset retention. Understanding data security controls, compliance requirements, and data protection methods like Digital Rights Management (DRM) and Data Loss Prevention (DLP) is crucial within this domain.
Domain 3: Security Architecture and Engineering (13%)
Domain 3, Security Architecture and Engineering, holds a 13% weightage on the CISSP exam and is dedicated to fortifying security practices within systems and infrastructures. It includes implementing secure design principles, understanding security models, selecting controls, and assessing vulnerabilities in various systems, from client-based to cloud-based. The domain also covers cryptographic solutions, cryptanalysis methods, and site/facility security design principles, encompassing everything from server rooms to environmental considerations.
Domain 4: Communication and Network Security (13%)
Domain 4, Communication and Network Security, holds a 13% weightage in the CISSP exam and is pivotal for establishing secure network designs and communication channels. It encompasses secure design principles, hardware operations, and transmission media. This domain also secures voice, data, and multimedia communication channels, including virtualized networks and third-party connections.
Domain 5: Identity and Access Management (IAM) (13%)
Domain 5, Identity and Access Management (IAM) holds a 13% weightage on the CISSP exam, focusing on controlling access and managing identities. It addresses regulating physical and logical access to assets, identity management, authentication methods, and authorization mechanisms. IAM also covers the identity and access provisioning lifecycle, extending to federated identity management with third-party services in various environments. It emphasizes implementing authentication systems like OpenID Connect, SAML, Kerberos, and RADIUS/TACACS+.
Domain 6: Security Assessment and Testing (12%)
Domain 6, Security Assessment and Testing, with a 12% weightage on the CISSP exam, is crucial for evaluating and testing security. It involves designing internal, external, and third-party evaluation assessment and audit strategies. The domain includes security control testing, data collection, test output analysis, and report generation for remediation. Security audits are a significant part, covering internal, external, and third-party assessments.
Domain 7: Security Operations (13%)
Domain 7, Security Operations, accounting for 13% of the CISSP exam, encompasses many critical security operations. This includes understanding investigations, conducting logging and monitoring, configuration management, resource protection, incident management, and operating preventive measures like firewalls and anti-malware. The domain also addresses patch and vulnerability management, change processes, recovery strategies, and disaster recovery planning. Furthermore, it covers business continuity, physical security controls, and personnel safety considerations.
Domain 8: Software Development Security (10%)
Domain 8, Software Development Security, contributes 10% to the CISSP exam, emphasizing the incorporation of security measures into the Software Development Life Cycle. It encompasses development methodologies, security controls in software ecosystems, assessing software security, and evaluating the security impact of acquired software. Additionally, it emphasizes secure coding guidelines, including identifying vulnerabilities and secure coding practices.
CISSP Exam Information
| Old | New | |
| Certification | Certified Information Systems Security Professional (CISSP) | |
| Launch Date | Effective May 1, 2021 | Effective April 15, 2024 |
| Exam Duration | 4 Hours | 3 Hours |
| Number of Questions | 125 – 175 | 100 – 150 |
| Exam Format | Multiple-choice and advanced innovative questions | |
| Passing Score | 700 out of 1000 points | |
| Exam Language | English | |
| Exam Center | (ISC)² Authorized PPC and PVTC Select Pearson VUE Testing Centers | |
Feel free to check out the blogs:
CISSP 2021 vs. New CISSP 2024
How To Prepare For CISSP Exam in 2024
Changes in CISSP Exam Format
Starting from April 15, 2024, candidates sitting for the CISSP exam will have a maximum of three (3) hours to complete it. In this version of the exam, candidates can expect to encounter a minimum of 100 and a maximum of 150 questions.
CISSP with InfosecTain
InfosecTrain provides a comprehensive instructor-led training program encompassing all the CISSP profession’s essential domains. To pursue this training course and achieve certification, you can explore and register for the Certified Information Systems Security Professional (CISSP) training, which will prepare you to pass the certification exam successfully.
TRAINING CALENDAR of Upcoming Batches For CISSP
| Start Date | End Date | Start - End Time | Batch Type | Training Mode | Batch Status | |
|---|---|---|---|---|---|---|
| 04-May-2024 | 16-Jun-2024 | 19:00 - 23:00 IST | Weekend | Online | [ Open ] | |
| 25-May-2024 | 30-Jun-2024 | 09:00 - 13:00 IST | Weekend | Online | [ Open ] | |
| 01-Jun-2024 | 07-Jul-2024 | 19:00 - 23:00 IST | Weekend | Online | [ Open ] | |
| 17-Jun-2024 | 28-Jun-2024 | 07:00 - 12:00 IST | Weekday | Online | [ Close ] | |
| 01-Jul-2024 | 01-Aug-2024 | 08:00 - 10:00 IST | Weekday | Online | [ Open ] | |
| 06-Jul-2024 | 11-Aug-2024 | 09:00 - 13:00 IST | Weekend | Online | [ Open ] |
Contact Us
1800-843-7890 (India) 
