ISC2 published the 3rd edition of their CISSP CBK in late 2012. I ordered my copy in December 2012 and said, “So what’s new in Physical?”
All quoted material in this article is from the “Official (ISC)2 Guide to the CISSP® CBK Third Edition.”
Generally, with respect to all the domains, ISC2 and the authors of the 3rd Edition have placed emphasis (by bolding, bullet-pointing, or indenting) on some of the material that was in the 2nd Edition. You can take that for what it is worth.
Here are the things that I found different in Physical (Environmental) Security.
- New Pictures (almost all have been updated).
The American Institute of Architects list of key security concerns has been expanded from 9 to 19, and now includes:
- Facility security control during and after hours of operation
- Personnel and contract security policies and procedures
- Personnel screening
- Site and building access control
- Video surveillance, assessment, and archiving
- Natural surveillance opportunities
- Protocols for responding to internal and external security incidents
- Degree of integration of security and other building systems
- Shipping and receiving security
- Property identification and tracking
- Proprietary information security
- Computer network security
- Workplace violence prevention
- Mail screening operations, procedures, and recommendations
- Parking lot and site security
- Data center security
- Communications security
- Executive protection
- Business continuity planning and evacuation procedures
A new section on “Personnel Privacy and Safety” has been added and includes subsections on:
- You Should Know
- Before You Travel
- Prepare Your Device
- While You’re Away
- When You Return
As always, InfoSec is updating the courseware to reflect this new material and re-sequencing of the Physical (Environmental) Security domain.