Intro; CISSP The Official (ISC)2® CISSP® CBK® Reference; Lead Author and Lead Technical Reviewer; Contributing Authors; Technical Reviewers; Contents at a Glance; Contents; Foreword; Introduction; Security and Risk Management; Asset Security; Security Architecture and Engineering; Communication and Network Security; Identity and Access Management (IAM); Security Assessment and Testing; Security Operations; Software Development Security; Domain 1: Security and Risk Management; Understand and Apply Concepts of Confidentiality, Integrity, and Availability; Information Security

Evaluate and Apply Security Governance PrinciplesAlignment of Security Functions to Business Strategy, Goals, Mission, and Objectives; Vision, Mission, and Strategy; Governance; Due Care; Determine Compliance Requirements; Legal Compliance; Jurisdiction; Legal Tradition; Legal Compliance Expectations; Understand Legal and Regulatory Issues That Pertain to Information Security in a Global Context; Cyber Crimes and Data Breaches; Privacy; Understand, Adhere to, and Promote Professional Ethics; Ethical Decision-Making; Established Standards of Ethical Conduct; (ISC)² Ethical Practices

Develop, Document, and Implement Security Policy, Standards, Procedures, and GuidelinesOrganizational Documents; Policy Development; Policy Review Process; Identify, Analyze, and Prioritize Business Continuity Requirements; Develop and Document Scope and Plan; Risk Assessment; Business Impact Analysis; Develop the Business Continuity Plan; Contribute to and Enforce Personnel Security Policies and Procedures; Key Control Principles; Candidate Screening and Hiring; Onboarding and Termination Processes; Vendor, Consultant, and Contractor Agreements and Controls; Privacy in the Workplace

Understand and Apply Risk Management ConceptsRisk; Risk Management Frameworks; Risk Assessment Methodologies; Understand and Apply Threat Modeling Concepts and Methodologies; Threat Modeling Concepts; Threat Modeling Methodologies; Apply Risk-Based Management Concepts to the Supply Chain; Supply Chain Risks; Supply Chain Risk Management; Establish and Maintain a Security Awareness, Education, and Training Program; Security Awareness Overview; Developing an Awareness Program; Training; Summary; Domain 2: Asset Security; Asset Security Concepts; Data Policy; Data Governance; Data Quality

Data DocumentationData Organization; Identify and Classify Information and Assets; Asset Classification; Determine and Maintain Information and Asset Ownership; Asset Management Lifecycle; Software Asset Management; Protect Privacy; Cross-Border Privacy and Data Flow Protection; Data Owners; Data Controllers; Data Processors; Data Stewards; Data Custodians; Data Remanence; Data Sovereignty; Data Localization or Residency; Government and Law Enforcement Access to Data; Collection Limitation; Understanding Data States; Data Issues with Emerging Technologies; Ensure Appropriate Asset Retention