ISC2 published the 3rd edition of their CISSP CBK in late 2012. I ordered my copy in December 2012 and said, “So what’s new in Physical?”

All quoted material in this article is from the “Official (ISC)2 Guide to the CISSP® CBK Third Edition.”

Generally, with respect to all the domains, ISC2 and the authors of the 3rd Edition have placed emphasis (by bolding, bullet-pointing, or indenting) on some of the material that was in the 2nd Edition. You can take that for what it is worth.

Here are the things that I found different in Physical (Environmental) Security.

  • New Pictures (almost all have been updated).
  • The American Institute of Architects list of key security concerns has been expanded from 9 to 19, and now includes:
    • Facility security control during and after hours of operation
    • Personnel and contract security policies and procedures
    • Personnel screening
    • Site and building access control
    • Video surveillance, assessment, and archiving
    • Natural surveillance opportunities
    • Protocols for responding to internal and external security incidents
    • Degree of integration of security and other building systems
    • Shipping and receiving security
    • Property identification and tracking
    • Proprietary information security
    • Computer network security
    • Workplace violence prevention
    • Mail screening operations, procedures, and recommendations
    • Parking lot and site security
    • Data center security
    • Communications security
    • Executive protection
    • Business continuity planning and evacuation procedures
  • A new section on “Personnel Privacy and Safety” has been added and includes subsections on:
    • Privacy
    • Travel
      • You Should Know
      • Before You Travel
      • Prepare Your Device
      • While You’re Away
      • When You Return
    • Duress

As always, InfoSec is updating the courseware to reflect this new material and re-sequencing of the Physical (Environmental) Security domain.