Certified Information Systems Security Professional (CISSP)
Certified Information Systems Security Professional (CISSP) is an independent information security certification governed by the International Information Systems Security Certification Consortium (commonly known as (ISC)²).
The CISSP curriculum covers subject matter in a variety of Information Security topics. The CISSP examination is based what (ISC)² terms the Common Body of Knowledge (or CBK). According to (ISC)², "the CISSP CBK is a taxonomy -- a collection of topics relevant to information security professionals around the world. The CISSP CBK establishes a common framework of information security terms and principles that allow information security professionals worldwide to discuss, debate and resolve matters pertaining to the profession with a common understanding."
The CISSP CBK is fundamentally based on the CIA triad, the core information security and assurance tenets: confidentiality, integrity and availability , and attempts to balance the three across ten areas of interest, which are also called domains. The ten CBK domains are:
1. Access Control
2. Application Security
3. Business Continuity and Disaster Recovery Planning
5. Information Security and Risk Management
6. Legal, Regulations, Compliance and Investigations
7. Operations Security
8. Physical (Environmental) Security
9. Security Architecture and Design
10. Telecommunications and Network Security