April 23rd 2018

When a comparison is done between the two exam outlines the overall result, in this case, would also be Extremely Limited.

The topics have just been moved here and there which hardly signifies any change.

2015 Exam Outline	2018 Exam Outline
Implement and manage engineering processes using secure design principles	Implement and manage engineering processes using secure design principles
Understand the fundamental concepts of Security models (confidentiality, integrity )	Understand the fundamental concepts of security models
Select controls and countermeasures based upon systems security evaluation models	Select controls based upon systems security requirements
Understand security capabilities of information systems (e.g., memory protection, trusted platform module, interfaces, fault tolerance)	Understand security capabilities of information systems (e.g., memory protection, Trusted Platform Module (TPM), encryption/decryption) *# No Change in all of the above.*
Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements Client-based (applets, local caches) Server-based (data flow control) Database security (inference, aggregation) Large Scale Parallel Data Systems Distributed systems Cryptographic systems Industrial Control Systems	Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements Client-based systems Server-based systems Database systems Cryptographic Systems Industrial Control Systems (ICS) Cloud-based systems Distributed systems Internet of Things (IoT) #Removed Large-Scale Parallel Data Systems. Added Cloud-based systems & Internet of Things. (Most books cover these topics, hence the limited change. IoT was covered under embedded devices topic in 2015 outline)
Assess and Mitigate Vulnerabilities in web-based systems	Assess and mitigate vulnerabilities in web-based systems *# No Change*
Assess and mitigate vulnerabilities in mobile systems	Assess and mitigate vulnerabilities in mobile systems *# No Change*
Assess and mitigate vulnerabilities in embedded devices and cyber-physical systems (e.g., network-enabled devices, internet of things (IoT)	Assess and mitigate vulnerabilities in embedded devices *# No change. However, CISSP CBK may throw a surprise here.*
Apply cryptography Cryptographic life cycle (e.g., cryptographic limitations, algorithm/protocol governance) Cryptographic Types (e.g., symmetric, asymmetric, elliptic curves) Public Key Infrastructure (PKI) Key management practices Digital signatures Digital Rights Management (DRM) Non-repudiation Integrity (hashing and salting) Methods of Cryptanalytic attacks (e.g., brute force, ciphertext only, known plaintext)	Apply cryptography Cryptographic life cycle (e.g., key management, algorithm selection) Cryptographic methods (e.g., symmetric, asymmetric, elliptic curves) Public Key Infrastructure (PKI) Key management practices Digital signatures Non-repudiation Integrity (e.g., hashing) Understand methods of cryptanalytic attacks Digital Rights Management (DRM) *# No Change*
Apply secure principles to the site and facility design	Apply security principles to the site and facility design *# No Change*
Design and Implement physical security Wiring closets Server rooms Media storage facilities Evidence storage Restricted and work area security Data center security Utilities and HVAC considerations Water issues (e.g. leakage, flooding) Fire prevention, detection, and suppression	Implement site and facility security controls Wiring closets/intermediate distribution facilities Server rooms/data centers Media storage facilities Evidence storage Restricted and work area security Utilities and Heating, Ventilation, and Air Conditioning (HVAC) Environmental issues Fire prevention, detection, and suppression *# No Change*

Unveiling the Secrets of Seamless Clo…
Top Reasons to Switch to an Electric …
Revive Your Morning: NAC Hangover Cur…
The Advantages Of Playing Online Casi…
How Long Does the Tapo C100 Store Vid…

This post first appeared on Learning Security With Mayur, please read the originial post: here