ISSMP Exam Outline Effective May 2018
ISSMP Exam Outline Effective May 2018
ISSMP Exam Outline Effective May 2018
The broad spectrum of topics included in the ISSMP Common Body of Knowledge (CBK) ensure its relevancy
across all disciplines in the field of information security management. Successful candidates are competent in
the following 6 domains:
Experience Requirements
Candidates must be a CISSP in good standing and have 2 years cumulative paid work experience
in 1 or more of the 6 domains of the CISSP-ISSMP CBK. You can learn more about CISSP-ISSMP
experience requirements and how to account for part-time work and internships at
www.isc2.org/Certifications/CISSP-ISSMP/experience-requirements.
Accreditation
ISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard 17024.
Total: 100%
» Integrate information security gates (decision points) and milestones into lifecycle
» Implement security controls into system lifecycle
» Oversee configuration management processes
2.2 Integrate New Business Initiatives and Emerging Technologies into the Security
Architecture
» Communicate risk management objectives with » Determine the impact and likelihood of threats
risk owners and other stakeholders and vulnerabilities
» Understand principles for defining risk tolerance » Determine countermeasures, compensating and
mitigating controls
» Determine scope of organizational risk program
» Recommend risk treatment options and when to
» Obtain and verify organizational asset inventory
apply them
» Analyze organizational risk management
requirements
» Analyze challenges related to the Business » Define internal and external incident
Continuity (BC) process (e.g., time, resources, communications plans
verification) » Define incident roles and responsibilities
» Analyze challenges related to the Disaster » Determine organizational drivers and policies
Recovery (DR) process (e.g., time, resources,
verification) » Reference Business Impact Analysis (BIA)
» Analyze challenges related to the Continuity of » Manage third-party dependencies
Operations Plan (COOP) » Prepare security management succession plan
» Coordinate with key stakeholders
5.3 Maintain Business Continuity Plan (BCP), Continuity of Operations Plan (COOP), and
Disaster Recovery Plan (DRP)
6.3 Validate Compliance in Accordance with Applicable Laws, Regulations, and Industry Best
Practices
6.4 Coordinate with Auditors, and Assist with the Internal and External Audit Process
Legal Info
For any questions related to (ISC)²’s legal policies, please contact the (ISC)2 Legal
Department at legal@isc2.org.
Any Questions?
(ISC)² Candidate Services
311 Park Place Blvd, Suite 400
Clearwater, FL 33759
(ISC)² Americas
Tel: +1.866.331.ISC2 (4722)
Email: info@isc2.org
(ISC)² EMEA
Tel: +44 (0)203 300 1625
Email: info-emea@isc2.org
ISSMP Certification
v720 Exam Outline 11