Just a quick question:
Will ISC2 have a transition period where both the current CBK exam and the new CBK exam will be available?
The last update to the CBK was brutal, overnight the old CBK exam was retired and the new one introduced. That did not give any time to people who have been studying for months the old CBK to take the exam they have studied for.
All other certification bodies have a transition period of 3 to 6 months where you can take either exam.
Uhhh...I don't want to talk out of turn, and I have nothing to do with ISC2 policy/decisions...but I am working on the new version of the CBK (Domains 1 and 7), and I think I can alleviate some of your concern a bit: the new CBK is not a totally new set of information, wholly different from the current CBK, so studying either means a lot of coverage for the other.
Basically, the new version strips out a lot of the redundant garbage from the current version, streamlines it, organizes it in a manner that may be easier to teach/learn (all of the authors are also ISC2 instructors-- we know the pain of awkward material that may be either/both overly broad and/or overly detailed).
BOTH versions are based on the Detailed Content Outline published by the testing team...which is utterly distinct and isolated from the training team (they write the exams, and we prep you to take the exams, and we are not even allowed to TALK to them, much less meet them and query them about test content/format). That DCO has not changed dramatically (compare it to earlier versions of the Candidate Information Bulletin -also published by the testing team- and you'll see what I mean).
As far as I know, the test is not changing at all (I mean, other than the changes that already happened, going to the CAT format, which had nothing to do with content); there is no "Old Version" or "New Version" of the exam-- the exam is just the exam. The stuff that's changing is how the training team tries to communicate the material listed in the DCO. And you can get your own copy of the DCO for free, too: https://cert.isc2.org/cissp-exam-outline-form/
Lemme know if you have any other questions, too.
Good day Ben,
Thanks for the quick reply.
I enjoyed the update you did on the CCSP book. So far it is the best book for the CCSP coming out of ISC2 that I have seen.
This is certainly good news for the CISSP update.
Cool-- that's very flattering, thanks for saying so! And I think most folks will be pleased with the new CISSP CBK; the team putting it together have really gone through a lot of effort to make it great.
Well, except for John. Because he's Canadian.
Sorry for the delayed response! The new exam outline for CISSP is available on our website. All CISSP candidates will take the CISSP exam based on the new exam outline starting April 15, 2018.
Keep in mind that our courses are designed to serve as refreshers for candidates preparing for the CISSP exam. Passing the exam and earning your CISSP certification relies on your mastery of the domains, your years of experience and your ability to apply your expertise in the real world. Candidate preparation should not change as a result of exam outline revisions.
The Official (ISC)² CISSP Training Course (both classroom-based and online-instructor led) will be available in April 2018. The Sybex CISSP Study Guide will be available in May 2018. The Official (ISC)² CISSP CBK, Practice Test Book and CISSP for Dummies will be available in Summer 2018.
I hope this helps!
Just to morph this topic a little, but I think it fits with what has been said in this thread, why don't the domains across the different (ISC)2 certs align? For example, if you were to stack the CISSP alongside the SSCP - we see an overlap on Communication and Network Security (although the SSCP calls it Network and Communication Security - just to be different apparently), but that is about it. Parts of of the CISSP domain "Asset Security" shows up under "Security Operations and Administration" in the SSCP, etc. In other words shouldn't there be some master taxonomy that says here are all the possible security domains, and under each lives these subdomains, etc.? While different certs might aggregate different domains and subdomains and cover them in different depths, I'd think what we call them and how they relate to other areas of security/certs should be consistent.