ISC2 published the 3rd edition of their CISSP CBK in late 2012. I ordered my copy in December 2012 and said, “So what’s new in Operations?”

First, let me say that all quoted material in this article is from the “Official (ISC)2 Guide to the CISSP® CBK Third Edition.”

Generally, with respect to all the domains, ISC2 and the authors of the 3rd Edition have placed emphasis (by bolding, bullet-pointing, or indenting) on some of the material that was in the 2nd Edition. You can take that for what it is worth. For example, in the section on “Operators”, the 2nd Edition simply had the privileges and responsibilities assigned to operators listed as:

Implementing the initial program load

Where the 3rd Edition has them listed as:

  • Implementing the initial program load: –

As I said, you can take that for what it is worth; the information remains the same.

Big change, this domain has been renamed. It was changed from Operations Security to Security Operations.

Here are the things that I found different (new and added).

  • A full page was added which explains “Need to-Know/Least Privilege.”
  • Under privileged accounts, “Root or built-in administrator accounts”, “Power Users” and “Administrator accounts” have the following additional sentence at the end of the description. “These accounts should always be considered for multi-factor authentication methods such as one-time pads.”
  • Power Users also has several additional lines dealing with the management of power user accounts.
  • A half-page was added to the end of System Administrators and Operators outlining:
    • Least Privilege
    • Monitoring
    • Separation of Duties
    • Background Investigation
    • Job Rotation
  • In the section on Monitor Special Privileges, the concept of “whole person” was added while talking about background checks as well as a couple of extra bullet points on repeated patterns of high-risk behavior and illegal activity
  • A half-page was added to explain “Job Rotation”
  • The Marking paragraph got some extra language on how labels should be written.
  • A full page was added to explain “Record Retention”
  • In the Media Management section a full page was added for “Removable Media” and two pages on “Disposal/Reuse.”
  • “Asset Management” got its own section and two pages of information.
  • Response, Reporting, Recovery, Remediation and Review, including Root Cause Analysis got their own 4-page section
  • Configuration Management was updated to include software and software inventory concerns
  • In the section on Drives and Data Storage, SAN and NAS got an additional 10-lines of info.

As always, InfoSec is updating the courseware to reflect this new material and the re-sequencing of the Security Operations domain.