CISSP - Certified Information Systems Security Professional Cheat Sheet

The CISSP is ISC2's flagship credential and the most globally recognized certification in information security, validating both deep technical and managerial competence across eight domains. This sheet maps to the 2024 CISSP Exam Outline (effective April 15, 2024), a 100 to 150 item Computerized Adaptive Test scored 700 of 1000 to pass. The exam is criterion-referenced to ISC2's Common Body of Knowledge, so it rewards the manager's mindset over the technician's: when a question offers it, the CISSP reflex is to protect human life first, support business objectives, follow due care and due diligence, and choose the answer that addresses root cause and governance rather than a quick technical patch. AI-specific risks (data poisoning, adversarial attacks, model governance) are woven through all eight domains rather than siloed.

What This Cheat Sheet Covers

This topic spans 50 focused tables and 634 indexed concepts. Below is a complete table-by-table outline of this topic, spanning foundational concepts through advanced details.

Table 1: Professional EthicsTable 2: Core Security Concepts and the Five PillarsTable 3: Security Governance PrinciplesTable 4: Security Control and Risk FrameworksTable 5: Legal, Regulatory, and Privacy RequirementsTable 6: Investigation TypesTable 7: Security Policies, Standards, Procedures, and GuidelinesTable 8: Business Continuity Requirements and BIATable 9: Personnel Security Policies and ProceduresTable 10: Risk Management ConceptsTable 11: Threat Modeling Concepts and MethodologiesTable 12: Supply Chain Risk Management (SCRM)Table 13: Security Awareness, Education, and TrainingTable 14: Information and Asset ClassificationTable 15: Secure Asset Provisioning and InventoryTable 16: Data Lifecycle and Data RolesTable 17: Asset Retention and Data Security ControlsTable 18: Secure Design PrinciplesTable 19: Fundamental Security ModelsTable 20: Security Capabilities of Information SystemsTable 21: Vulnerabilities of Security Architectures and DesignsTable 22: Cryptographic Solutions and LifecycleTable 23: Cryptanalytic AttacksTable 24: Site and Facility Security DesignTable 25: Information System Lifecycle ManagementTable 26: Network Models, Protocols, and Converged ProtocolsTable 27: Network Segmentation, Wireless, and SDNTable 28: Secure Network ComponentsTable 29: Secure Communication ChannelsTable 30: Control of Physical and Logical Access to AssetsTable 31: Identification and Authentication StrategyTable 32: Federated Identity and Single Sign-OnTable 33: Authorization Mechanisms and Access Control ModelsTable 34: Identity and Access Provisioning LifecycleTable 35: Assessment, Test, and Audit StrategiesTable 36: Security Control TestingTable 37: Security Process Data, Analysis, and ReportingTable 38: Investigations and Digital ForensicsTable 39: Logging and Monitoring ActivitiesTable 40: Configuration and Change ManagementTable 41: Foundational Security Operations ConceptsTable 42: Incident ManagementTable 43: Detective and Preventive MeasuresTable 44: Recovery Strategies and High AvailabilityTable 45: Disaster Recovery Processes and TestingTable 46: Physical Security and Personnel SafetyTable 47: Security in the Software Development Life CycleTable 48: Security Controls in Development EcosystemsTable 49: Software Security Effectiveness and Acquired SoftwareTable 50: Secure Coding Guidelines and Standards

Table 1: Professional Ethics

CISSP Domain 1.1: Understand, adhere to, and promote professional ethics. Covers the ISC2 Code of Professional Ethics (its Preamble and four mandatory Canons, including their precedence order) and the role of an organizational code of ethics such as RFC 1087.

Concept	Example	Description
Code of Ethics Preamble	`Strict adherence to this Code is a condition of certification`	Sets the foundation: the safety of society, duty to principals, and duty to each other demand the highest ethical conduct. • Adhering to the Code is mandatory to earn and keep certification. • You must adhere AND be seen to adhere.
Canon Order and Precedence	`Society (I) outranks employer (III) when they conflict`	The single most tested ethics point: the four Canons are applied IN ORDER, and when two conflict the LOWER-numbered Canon wins. Protecting society always outranks duty to an employer.
Canon I: Protect Society	`Report a flaw that endangers the public over staying quiet for an employer`	"Protect society, the common good, necessary public trust and confidence, and the infrastructure." The first and highest Canon; the public good comes before any other duty.
Canon II: Act Honorably	`Tell the truth on an incident report even if it looks bad`	"Act honorably, honestly, justly, responsibly, and legally." Governs personal integrity and lawful conduct, ranked below society but above duty to principals.
Canon III: Diligent Service to Principals	`Principal = your employer or client (the one you serve)`	"Provide diligent and competent service to principals." A principal is an employer or client. This duty is real but yields to Canons I and II when they conflict.

Table 1: Professional Ethics

Concept	Example	Description
Code of Ethics Preamble	`Strict adherence to this Code is a condition of certification`	Sets the foundation: the safety of society, duty to principals, and duty to each other demand the highest ethical conduct. • Adhering to the Code is mandatory to earn and keep certification. • You must adhere AND be seen to adhere.
Canon Order and Precedence	`Society (I) outranks employer (III) when they conflict`	The single most tested ethics point: the four Canons are applied IN ORDER, and when two conflict the LOWER-numbered Canon wins. Protecting society always outranks duty to an employer.
Canon I: Protect Society	`Report a flaw that endangers the public over staying quiet for an employer`	"Protect society, the common good, necessary public trust and confidence, and the infrastructure." The first and highest Canon; the public good comes before any other duty.
Canon II: Act Honorably	`Tell the truth on an incident report even if it looks bad`	"Act honorably, honestly, justly, responsibly, and legally." Governs personal integrity and lawful conduct, ranked below society but above duty to principals.
Canon III: Diligent Service to Principals	`Principal = your employer or client (the one you serve)`	"Provide diligent and competent service to principals." A principal is an employer or client. This duty is real but yields to Canons I and II when they conflict.