What’s new in the new CISSP Official Study Guide 8th Edition

Chapter 4 – Laws, regulations, and Compliance
“FISMA” and its role in information security operations at federal agencies;
“Privacy Shield” and its role as a framework allowing US companies to certify compliance with EU privacy requirements
“GDPR” and its role as the comprehensive EU law governing data privacy for EU nationals, the date passed and date effective
Chapter 5 – Protecting Security of Assets
“Pseudonymization” and its use to establish compliance with GDPR, in large databases
Chapter 6 – Cryptography and Symmetric Key Algorithms
“64” data block size for 3DES
Chapter 9 – Security Vulnerabilities, Threats, and Countermeasures
“Community Cloud” and its description
“Embedded system” and its description
“Input validation”, “Defensive coding”, and “Escaping metacharacters” as defense mechanisms for XSS
“Buffer overflow” new wording for question
Chapter 11 – Secure Network Architecture and Securing Network Components
“RFID” its use without requiring direct physical contact
Chapter 12 – Secure Communications and Network Attacks
“VoIP” as a technology to allow phone conversation over an existing TCP/IP network
Chapter 13 – Managing Identity and Authentication
“False rejection” description based on a scenario
Chapter 14 – Controlling and Monitoring Access
“Salt and Pepper” addition of Pepper (similar to initialization vector) as a means to address rainbow table attacks
Chapter 18 – Disaster Recovery Planning
“RAID” which can provide fault tolerance for storage devices
“Cloud computing” as a storage location option for disaster recovery operations
Chapter 19 – Investigations and Ethics
“Criminal Investigation” as requiring the highest standard of evidence
“Root-cause analysis” to be undertaken to prevent similar incidents
“Preservation” as the step in EDRM to ensures that information that may be subject to discovery in not altered
“Review” as the step in EDRM which examines information to remove information subject to attorney-client privilege
“Documentary evidence” using server logs as an example when presented by a person who can attest to their authenticity
Chapter 21 – Malicious Code and Application Attacks
“Zero-day exploit” and its association with APT
“Salting” as a technique to reduce the effectiveness of rainbow table attacks