ISC2 published this yesterday. It maps out exactly how AI security concepts show up across the CISSP exam. This is NOT a new exam outline. The current outline (April 2024) already has AI baked in. But this document spells out the specifics so you know what to expect. The big picture: AI isn't a separate topic. It's woven into everything from risk management (Domain 1) to software development security (Domain 8). A few things that stood out to me: - You need to know about protecting training data and model weights (Domain 2) - Prompt injection and adversarial attacks are fair game (Domain 3) - AI red teaming is now part of security testing (Domain 6) - Managing identities for AI agents and service accounts - least privilege still applies (Domain 5) - Model drift and AI in the SOC are covered in operations (Domain 7) If you're studying right now, don't panic. Most of this maps to concepts you already know -- just applied to AI systems. But you should absolutely be familiar with terms like data poisoning, adversarial attacks, algorithmic bias, model drift, and prompt injection. On our end we're going to keep weaving more AI-focused questions into the https://cissp.app and bringing more of this into our study group discussions. I attached the PDF if you want to read the full thing.

Your organization completes a data classification initiative and discovers that 40% of data labeled "confidential" has not been accessed in over three years. Storage costs are significant. Data owners across business units cannot confirm whether retention requirements still apply. What should you recommend FIRST? A. Archive the dormant data to lower-cost storage with existing classification labels B. Conduct a retention review with data owners and legal to validate regulatory obligations C. Declassify the unused data to reduce protection overhead and storage costs D. Implement automated data lifecycle policies to purge data exceeding retention thresholds Come back for the answer tomorrow, or study more now!

4th Time

When implementing a multi-factor authentication system for a high-security environment, which combination provides the MOST effective balance between security strength and user convenience? a. Password and security questions b. Smart card and PIN c. One-time password (OTP) and voice recognition d. Hardware token and fingerprint scan

I passed the CISSP today 03/23. I studied for roughly 3 months using various resources. I wanted to thank this study group for the practice questions. Here is a jumbled list of the resources I used and probably forgot a few. Exam Questions: Learnzapp and CISSP app The Destination Certification App also comes with over a thousand free questions and flash cards that are somewhat like the exam LinkedIn Learning Practice Exams (pretty good) Books ISC2 CISSP Certified Information Systems Security Professional Official Study Guide, 10th Edition by Mike Chapple (I read this whole book and used the companion site for questions) CISSP Exam Cram: https://www.youtube.com/playlist?list=PL7XJSuT7Dq_XPK_qmYMqfiBjbtHJRWigD Why you will pass the CISSP: https://www.youtube.com/watch?v=v2Y6Zog8h2A 50 CISSP Practice Questions. Master the CISSP Mindset: https://www.youtube.com/watch?v=qbVY0Cg8Ntw Destination Certification Mindmaps and the practice questions on their channel: https://www.youtube.com/watch?v=hf5NwUSEkwA&list=PLZKdGEfEyJhLd-pJhAD7dNbJyUgpqI4pu Luke Ahmed's Video : https://www.youtube.com/watch?v=MHbdNMRLafA Prabh's coffee shots: https://www.youtube.com/watch?v=3doR2wA2nJM