cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
wentzwu
Newcomer III

The (ISC)² Common Body of Knowledge (CBK) Survey

I received the email notification of the (ISC)² Common Body of Knowledge (CBK) Survey.

 

It's a nice move for ISC2 to invite feedback about the CBK from members, but I was wondering how I can get access to the "(ISC)² Common Body of Knowledge (CBK)" itself. I've bought a couple of the so-called the official guide to the CBK, say, The Official ISC2 Guide to The CISSP, ISSMP, ISSEP, ISSMP, CSSLP, CCSP CBK.

I am expecting that the ISC2 can publish the InfoSec CBK as the PMI published the PMBOK for project management.

 

Last but not least, I come from Taiwan, but I can't submit my survey because Taiwan is not listed in the list as the last survey question required the responder to answer.

 

I'd love to see Taiwan enlisted so that I can complete and submit my responses to the survey.

 

Thanks for your attention!

 

ISC2_Survey_Taiwan.jpg


Best regards,
Wentz Wu, CISSP-ISSMP,ISSEP,ISSAP/CCSP/CSSLP
https://WentzWu.com
18 Replies
wimremes
Contributor III


Hey! Let's make it a push to the Board to return to the practice of releasing the CBK upon each revision! Grandpa Rob, Wim @wimremes , Diana @dcontesti , what do you think?

 


I don't see any proper justification for NOT making the CBK public. If we claim to certify professionals, it is elementary that we also make public on what those professionals are evaluated. It's not only a disservice to the membership but also to our principals and society at large.

 

Note that we as members can bring topics to BoD meetings using the same petition process as described for elections (500 signatures). Absent the committment of management of the board to address this topic and communicate back to the membership, I am more than happy to give that a try.



Sic semper tyrannis.
Kaity
Community Manager

Hello all! I hope to be able to shed some light on this issue regarding the CISSP CBK. The book that is out right now (available on Amazon, Wiley, Kindle, Google Play) is actually the CBK itself. The book title is the Official (ISC)² CISSP CBK Reference, but it is the CBK in its entirety.

 

I understand the confusion, since the book is not called simply “The Official (ISC)² CISSP CBK.” When working with our publisher, it was recommended that we add the word “reference” to the title as a way to make clear to those purchasing it that it was not intended to be a study tool, but instead a reference guide. In past editions the book has been called the “Official Guide to the CBK” – but even then, it was still the CBK. (ISC)² did not stop publishing the CBK, but I can see where the title of past editions would cause confusion. Honestly, it confused me at first and I work here!

wentzwu
Newcomer III

@Kaity , may I confirm the CBK you're referring to is the following book:

The Official (ISC)2 Guide to the CISSP CBK Reference 5th Edition

ISBN-13: 978-1119423348
ISBN-10: 1119423341

https://www.amazon.com/Official-ISC-Guide-CISSP-CBK/dp/1119423341


Best regards,
Wentz Wu, CISSP-ISSMP,ISSEP,ISSAP/CCSP/CSSLP
https://WentzWu.com
Kaity
Community Manager


@wentzwu wrote:

@Kaity , may I confirm the CBK you're referring to is the following book:

The Official (ISC)2 Guide to the CISSP CBK Reference 5th Edition

ISBN-13: 978-1119423348
ISBN-10: 1119423341

https://www.amazon.com/Official-ISC-Guide-CISSP-CBK/dp/1119423341


Yes, that is the one. I know the Amazon title is confusing - but the book itself has the correct title. I have one ... 

cissp cbk.jpg

emb021
Advocate I

Interesting that the ISC2 Store still lists the older 4th edition.

 

As I have the CISSP, I hadn't kept up on new CISSP related books, so didn't know that had come out.  I see it came out earlier this year and has the 8 domains while the 4th edition had the 10 domains.

 

 

---
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, CDPSE, GSLC, GSTRT, GLEG, GSNA, CIST, CIGE, ISSA Fellow
denbesten
Community Champion

@Kaity, thanks for the clarification.  

 

Removing "guide to the" from the title does indeed clear up much of the confusion. Those three words made it seem like it was not the real thing.  Unfortunately, I have come across a few areas were the original title remains: Amazon's page, Wiley's page, Google's page, Safari, and the Forward (pg xxv, xxvi) for the book itself.  Interestingly, all of them have a picture of the book itself with the correct title, yet the web page has the wrong title.  Presumably, these all came about due to a last-minute name change that was only partially flushed through the system.

 

One other area of confusion for me....  The only CBKs I have ever seen are specific to a cert, such as the CISSP CBK, the SSCP CBK, etc.  However, the original posting in this conversation refers to an (ISC)² CBK, as does this web this web page.  What exactly is the (ISC)² CBK?  Is it like the Star-Wars "trilogy", or the One-Ring to rule them all, or is it something boring, such as people being lazy when referring to the CISSP CBK?  Inquiring minds want to know, especially because rslade is probably already clearing space on his bookshelf.

 

wentzwu
Newcomer III

@Kaity , thanks for the clarification. It's much better now.

 

However, I agree with the argument from @denbesten that the terminology "CBK" is used inconsistently.

 

The (ISC)² CBK page states:

  1. "The (ISC)² CBK is a collection of topics relevant to cybersecurity professionals around the world."
  2. "Domains from the (ISC)² credentials are drawn from various topics within the (ISC)² CBK"

 

I would define ISC2 CBK as follows:

ISC2 CBK = {CISSP CBK, ISSMP CBK, ISSAP CBK, ISSEP CBK, CSSLP CBK, CCSP CBK, Other CBK}

That is, ISC2 CBK is a set of (ISC)² credential CBKs.

 

If my understanding is correct, it'd be a nice gesture for ISC2 to release or publish all the topics in the ISC2 CBK to members or the public.


Best regards,
Wentz Wu, CISSP-ISSMP,ISSEP,ISSAP/CCSP/CSSLP
https://WentzWu.com
Kaity
Community Manager

Appreciate the feedback, everyone!

 

We are open to changing how the CBK is accessed, which is part of the motivation behind the survey. Please, please fill out the survey if you received an invitation. This information will drive decisions! 

jimscard
Newcomer III

I also join the others calling for the CBK to be published to the members again. (ISC)2 is the only certifying body I know of that has a CBK or similiar document for the profession, but which does not publish it. In fact, I'm surprised that ANSI doesn't require it to be published publicly, as other ANSI/ISO accredited certifications do..

 

For example, ISACA calls what it has for a CBK  "Job Practice Areas" and they are public -- see https://www.isaca.org/Certification/CISM-Certified-Information-Security-Manager/Job-Practice-Areas/P... for the CISM. I'd expect a high level of overlap with the CISSP CBK.

 

The IAPP, which issues ANSi/ISO accredited certifications for Information Privacy Professionals like the CIPP/US, CIPP/E, CIPP/C and CIPT, putblishes its Body of Knowledge documents for ech certification on their web site. For example, here's the CIPP/US BOK: https://iapp.org/media/pdf/certification/CIPP_US_BoK_2.2.1.pdf

 

 

 

 

 

Jim Scardelis, M.S., CISSP, CISA, CEH, PCI Secure Software, Secure SLC, P2PE, P2PE Application & 3DS Assessor, PCIP, CIPP/US, CIPP/C, CIPP/E, CIPT, CTT+
Any views or opinions contained in this communication are solely those of the author.