The Common Body of Knowledge (CBK)
In This Chapter
Getting up close and personal with the CBK
Reviewing the ten domains of information security
Understanding knowledge objectives and study topics
The Common Body of Knowledge (CBK) defines a basic and common knowledge base for all security professionals, collectively referred to as the ten domains of information security. The CBK also provides minimum knowledge requirements for the Certified Information Systems Security Professional (CISSP) exam. Although these knowledge requirements are similar to test objectives, they have some distinct differences. For one thing, test objectives require a candidate to perform specific tasks or demonstrate skill with a specific technology, but the CBK is relatively abstract and changes little over time.
The CBK is periodically updated by the CBK Committee, which the International Information Systems Security Certification Consortium [(ISC)2] Board of Directors appoints.
In this chapter, we describe the ten domains of information security, as defined in the CBK, introducing each with its official (ISC)2 definition in italics. You can also find descriptions of each domain online at