Re: Someone please clarify on syllabus for CISSP -...

stephennoel

Dear Community,

I am preparing for CISSP and planning to take it in 2026. I came across a post by ISC2 - ISC2 Publishes Guidance on the Inclusion of AI Security Concepts Across all its Certifications, which talks about AI security concepts inclusion across its certifications.

can someone clarify, if there would be update to the syllabus and if the study guides will be updated in accordance to this post.

also, if the study guides are not updated, then how to get the respective resource inline to the ISC2 requirements.

Please share your thoughts.

Thank you!

Best regards,

Stephen

nkeaton

@stephennoel Thank you. While I had heard that the inclusion was coming, I had not seen this article. I am studying for a different exam, but I felt that the guidance on the inclusion by domain was very precise on how the domains are impacted. It was included in the article as well. I did look at the CISSP and felt was precise as well. https://edge.sitecorecloud.io/internationf173-xmc4e73-prodbc0f-9660/media/Project/ISC2/Main/Media/ex...

Early_Adopter

Hi Stephen,

My take, hope it helps.

Unfortunately ISC2 and in some cases other certification bodies have become slower at updating text books(physical and virtual), the cruel amongst us might consider that as an eLearning can be updated, and then potentially sold for more there is perhaps less appetite to do so(we of course are not so cynical). ISCs instructor led review seminars have always been good however, and these can be in person or virtually delivered.

Good news, the CISSP has been stable at it's ~~ten~~, err eight domains for a while now.

I would suggest the following approach, begin with the 2024 Exam Outline:

https://edge.sitecorecloud.io/internationf173-xmc4e73-prodbc0f-9660/media/Project/ISC2/Main/Media/do...

Look for the last all in one, official study guide from ISC2, or Sybex books- they will still cover a lot - and if you go to the library it will be free(there's a horrible amount of cruft out there as well).

Research and Augment with your favorite LLM output on gaps.

Now for AI specifically - ISC2 got caught napping a bit however the IAPP have a certification out covering AI Governance and ISC2 does have a certificate: https://www.isc2.org/Insights/2025/07/ISC2-Launches-AI-Certificate that could contain some good stuff, it's 640 USD but there is a discount.

The NIST AI RMF is foundational.

https://www.nist.gov/itl/ai-risk-management-framework

And https://www.coursera.org/google-career-certificates or https://learn.microsoft.com/en-us/training/paths/ai-security-fundamentals/ both make sense.

Again have your fave AI chatbot help you with the gaps- ISC2 can only have it's exam writers create questions on what's out there- so the inspect and adapt model should work for you.

emb021

@Early_Adopter When speaking on AI related certs, in addition to IAPP's AIGP cert, ISACA has rolled out 3 AI related certs tied to auditing, risk, and security management (AAIA, AAIR, AAISM), and there is a whole org focused on AI certs called AI Certs.

And CompTIA has just rolled out SecAI+ recently.

---
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, CDPSE, GSLC, GSTRT, GLEG, GSNA, CIST, CIGE, ISSA Fellow

nkeaton

@Early_Adopter Very nice analysis and write-up. I self-study which tends to make me fight my way through it. One of my certifications has not had a CBK update since 2005 and never had a study guide. I thought that the .pdf in the poster’s article was more guidance than have gotten on some of their exams. I know that we all learn and study differently, but I am probably just used to this after all these years. I am glad that they pointed it out because it does impact our studies.

nkeaton

@emb021 Even PMI is offering an AI certification: pmi.org/certifications/ai-project-management-cpmai

Early_Adopter

Yeah, we're spoiled for choice.

ISACA I think is interesting, and will be nice and procedural.

Get your AI cert's on AIcerts.com.com - I did do a few linked in courses whilst kicking around - it's a bit of a pile on - there will be nearly as many as unofficial CISSP study guides on Amazon soon...

I do feel that ISC2 has been a little distracted for the last 4-5 years, and now CC is baked let's hope that a certification is in the woks, both on how to secure, but also how to use to secure strategically (Anthropic's recent success shows promise).

Early_Adopter

yeah, It's all becoming more and more self-directed - and the great and mighty Elemems and Esselems* are hoovering up all the bits and bytes we first banked in from the nineties onwards... then presenting them back to us, in token likelihood sequence.

I wonder if we'll even have Universities in the way they are now in 2-30 years?

*No offense intended, oh great algorithmic Masters/Mistresses...

nkeaton

@Early_Adopter It might make more sense for ISC2 to embed that knowledge in other exams like this is being done. ISC2 has had a lot going on between the CC, the physical move, and a very problematic system upgrade. With the CGRC being changed, and HCISPP (healthcare cybersecurity) and CCFP (cyber forensics) being cancelled, I think that they should specialize in what they are best at. From the article I am not sure that I remember answering a JTA (Job Task Analysis) for AI. I remember doing quite a few others. I have not done anything with ISC2 certificates, but that does maybe make more sense for AI as well.

Early_Adopter

All salient points.

I personally feel that the CC fitted a certificate, rather than a certification, simply due to it being a bare bones entry level thing, I get the economics of it however if someone stops at CC - is there much point in proceeding?. Given how the new methods to test skills and knowledge coming online, part of me also wonders how long is left for ISC2’s methods of testing? Especially to the point of JTAs and question authoring on a cycle . Maybe long term it’s just the candidate and the agent fronting the model and more simulation?

Someone please clarify on syllabus for CISSP - In 2026 - In context of inclusion of AI security