https://community.isc2.org/t5/CISSP-Study-Group/Security-Governance/m-p/77279#M1853 <P>I think that our friends in Exam Admin are best suited to answer this question but from my recollection, the exam can be fluid.</P><P>&nbsp;</P><P>What I mean by that is the Common Body of Knowledge, outlines the areas that may be covered at a very high level and does not necessarily go down to the individual technology.</P><P>&nbsp;</P><P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/1533099493">@CBMExamTeam</a>&nbsp;would you be kind enough to provide a more accurate description????</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>d</P><P>&nbsp;</P> Fri, 21 Feb 2025 14:41:37 GMT dcontesti 2025-02-21T14:41:37Z https://community.isc2.org/t5/CISSP-Study-Group/Security-Governance/m-p/77259#M1851 <P>Hello</P><P>&nbsp; I have a question regarding Security Governance?</P><P>Is the list below what's covered on the 2025 CISSP exam or some were removed or more needs to be added?</P><TABLE width="165"><TBODY><TR><TD width="165">BS 7799</TD></TR><TR><TD>ISO-17799</TD></TR><TR><TD>ISO-2700 Series</TD></TR><TR><TD>COBIT and COSO</TD></TR><TR><TD>OCTAVE</TD></TR><TR><TD>ITIL</TD></TR></TBODY></TABLE> Thu, 20 Feb 2025 23:34:27 GMT https://community.isc2.org/t5/CISSP-Study-Group/Security-Governance/m-p/77259#M1851 SMURF 2025-02-20T23:34:27Z https://community.isc2.org/t5/CISSP-Study-Group/Security-Governance/m-p/77279#M1853 <P>I think that our friends in Exam Admin are best suited to answer this question but from my recollection, the exam can be fluid.</P><P>&nbsp;</P><P>What I mean by that is the Common Body of Knowledge, outlines the areas that may be covered at a very high level and does not necessarily go down to the individual technology.</P><P>&nbsp;</P><P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/1533099493">@CBMExamTeam</a>&nbsp;would you be kind enough to provide a more accurate description????</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>d</P><P>&nbsp;</P> Fri, 21 Feb 2025 14:41:37 GMT https://community.isc2.org/t5/CISSP-Study-Group/Security-Governance/m-p/77279#M1853 dcontesti 2025-02-21T14:41:37Z https://community.isc2.org/t5/CISSP-Study-Group/Security-Governance/m-p/77280#M1854 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/1224160221">@SMURF</a>&nbsp;<a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/715155969">@dcontesti</a>&nbsp;<BR />Hi,</P><P>&nbsp;</P><P>My best advice would be to refer to the CISSP Exam Outline (<A href="https://edge.sitecorecloud.io/internationf173-xmc4e73-prodbc0f-9660/media/Project/ISC2/Main/Media/documents/exam-outlines/CISSP-Exam-Outline-April-2024-English.pdf" target="_blank" rel="noopener">CISSP&nbsp;-&nbsp;English</A>&nbsp;) and the current training material.&nbsp;<BR /><BR />Although it will involve purchase if you don't already have it, you might also try one of our Official Study Guides&nbsp;<A href="https://www.isc2.org/certifications/cissp/cissp-self-study-resources#Textbooks" target="_blank">https://www.isc2.org/certifications/cissp/cissp-self-study-resources#Textbooks</A></P><P>&nbsp;</P><P>Wishing you the best with your exam!</P><P>&nbsp;</P> Fri, 21 Feb 2025 14:59:36 GMT https://community.isc2.org/t5/CISSP-Study-Group/Security-Governance/m-p/77280#M1854 CBMExamTeam 2025-02-21T14:59:36Z https://community.isc2.org/t5/CISSP-Study-Group/Security-Governance/m-p/77289#M1857 <P>I agree with the others that the exam objectives are the best to reference for what need to know.&nbsp; It will not be granular on any framework but definitely should add NIST and COBIT when talking about frameworks.&nbsp;&nbsp;</P> Fri, 21 Feb 2025 18:51:02 GMT https://community.isc2.org/t5/CISSP-Study-Group/Security-Governance/m-p/77289#M1857 nkeaton 2025-02-21T18:51:02Z https://community.isc2.org/t5/CISSP-Study-Group/Security-Governance/m-p/77341#M1862 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/1224160221">@SMURF</a>&nbsp;ISO/IEC 27001 &amp; 2 supersedes both BS 7799 and ISO 17799.<BR /><BR />I would include NIST CSF and the RMF.<BR /><BR />Octave is more an IT Risk Management methodology then a security governance one.<BR /><BR />I don't think I've ever had to deal with COSO in my work in security &amp; governance.&nbsp; Anything in it I had to deal with as more incorporated into COBIT or SOC reports.<BR /><BR /><BR /></P> Mon, 24 Feb 2025 16:03:22 GMT https://community.isc2.org/t5/CISSP-Study-Group/Security-Governance/m-p/77341#M1862 emb021 2025-02-24T16:03:22Z https://community.isc2.org/t5/CISSP-Study-Group/Security-Governance/m-p/77838#M1887 <P>Thank you !</P> Wed, 12 Mar 2025 18:09:54 GMT https://community.isc2.org/t5/CISSP-Study-Group/Security-Governance/m-p/77838#M1887 SMURF 2025-03-12T18:09:54Z