The word is out on SSCP and CISSP changes. New objectives will be testable April 15th.
SSCP and CISSP Changes Effective April 15th
This was a little surprising. On April 14th, only the 2012 version is available. Everyone that takes the test on April 14th will take the 2012 version. On April 15th, only the 2015 version is available. Everyone that takes the test on April 15th will take the 2015 version.
While this is how (ISC)2 typically does it, they normally give much more lead time to test takers. It’s common for CISSP test takers to study for the exam for as long as six months. Assuming they started in December, they may not be ready four months later and will either have to take the test unprepared or begin again when materials for the new versions are available.
When will the new SSCP All-In-One be study guide be available?
This is controlled by the publisher and it is tentatively scheduled for a release data of November 1, 2015.
SSCP and CISSP Changes and Related Materials
It looks like (ISC)2 has been creating their materials to help people prepare before they released the objectives to the rest of the world. However, they won’t have materials available for the SSCP and CISSP changes in time for test takers to use them to study.
(ISC)2 announced the following information:
- March 16, 2015: Official (ISC) Training Seminars (See Note 1)
- Quarter 1, 2015 (sometime in Jan, Feb, or Mar) – Release of (ISC)2’s Guide to the CISSP CBK Textbook (See Note 2)
- Quarter 2, 2015 (sometime in Apr, May, or Mar) – Release of (ISC)2’s Guide to the SSCP CBK Textbook (See Note 3)
- Mid-2015 (Around June or July) – Release of (ISC)2 practice tests (See Note 4)
Other publishers will be scrambling to update their books as quickly as possible, but clearly this process favors (ISC)2 at this time and isn’t very beneficial for test takers.
- Note 1. Many other organizations provide outstanding training for SSCP and CISSP. They will likely be announcing when they’ll be doing their new seminars sometime soon.
- Note 2. The official (ISC)2 CISSP study guide has been periodically advertised on Amazon but the date keeps changing. As I write this, it shows a release date of March 3rd, 2015.
Update: Amazon shows a release date of January 15, 2016 for this book (as of Feb 18, 2015).
- Note 3. I don’t see this third edition advertised very many places, but in one place I saw it listing a release date of Jan 14th, 2016.
Update: Two online sites show this with a release date of January 15, 2016 (as of Feb 18, 2015).
- Note 4. Odd that they are choosing to rush out the exams before having practice tests available. I’m wondering if the lack of materials will drive test takers to other certifications such as the CompTIA CASP certification.
Major CISSP Changes
The 2012 version of the CISSP includes 10 domains and the 2015 version includes only eight domains. The following table shows the domains and it’s clear that the domains don’t match up.
|2015 Version||2012 Version|
|1) Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity)||1) Access Control|
|2) Asset Security (Protecting Security of Assets)||2) Telecommunications and Network Security|
|3) Security Engineering (Engineering and Management of Security)||3) Information Security Governance & Risk Management|
|4) Communications and Network Security (Designing and Protecting Network Security)||4) Software Development Security|
|5) Identity and Access Management (Controlling Access and Managing Identity)||5) Cryptography|
|6) Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)||6) Security Architecture & Design|
|7) Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery)||7) Operations Security|
|8) Software Development Security (Understanding, Applying, and Enforcing Software Security)||8) Business Continuity & Disaster Recovery Planning|
|9) Legal, Regulations, Investigations, and Compliance|
|10) Physical (Environmental) Security|
Even though the number of domains has been reduced from ten to eight, (ISC)2 says that content is not being removed from the exam. Instead, the objectives have been refreshed and reorganized.
For example the 2015 version doesn’t include a cryptography domain. However cryptography topics are mentioned in Domains 2, 3, and 4.
Major SSCP Changes
The 2012 version of the SSCP includes seven domains and the 2015 version includes seven domains. The following table shows the domain names have changed slightly.
|2015 Version||2012 Version|
|1) Access Controls||1) Access Controls|
|2) Security Operations and Administration||2) Security Operations & Administration|
|3) Risk Identification, Monitoring, and Analysis||3) Monitoring and Analysis|
|4) Incident Response and Recovery||4) Risk, Response, and Recovery|
|5) Cryptography||5) Cryptography|
|6) Networks and Communications Security||6) Networks and Communications|
|7) Systems and Application Security||7) Malicious Code & Activity|