CISSP domain notes, architecture decisions, and real-world security controls mapped to all 8 CISSP domains.
Built by a practising CISSP for practitioners. This is not an exam dump. It is a working architect's reference connecting CISSP concepts to real-world implementation decisions in enterprise environments.
Most CISSP study resources teach concepts in isolation. They explain what a control is without explaining when to use it, why alternatives were rejected, or how it behaves in a cloud-first architecture.
This repository bridges that gap. Every concept is documented with:
- The real-world context where it matters most
- Architecture decisions that follow from it
Cloud-era implications (Azure, AWS, M365)
- Common misapplications and misconceptions
The CISSP CBK covers 8 domains. Passing the exam requires understanding concepts. Operating as a security architect requires something more:
- Knowing when to apply a control — not just what it is
- Making defensible trade-offs — security vs. usability, cost, and operational risk
- Translating theory to cloud-native controls — CISSP was written for on-premises; the world is now hybrid and cloud-first
Communicating to stakeholders — translating security requirements into business language
This knowledge base documents those connections.
cissp-knowledge-base/ ├── domain-1-security-and-risk-management/ │ ├── risk-management-framework.md # NIST RMF, ISO 31000 alignment │ ├── security-governance.md # Policies, standards, procedures │ └── legal-compliance.md # GDPR, HIPAA, PCI-DSS mapping ├── domain-2-asset-security/ │ ├── data-classification.md # Classification schemes and handling │ └── data-lifecycle.md # Retention, disposal, DLP ├── domain-3-security-architecture/ │ ├── security-models.md # Bell-LaPadula, Biba, Clark-Wilson │ ├── zero-trust-architecture.md # ZTA principles and implementation │ └── cloud-security-architecture.md # CSP shared responsibility ├── domain-4-communication-network/ │ ├── network-security-controls.md # Firewalls, IDS/IPS, segmentation │ └── secure-protocols.md # TLS, IPsec, DNSSEC ├── domain-5-identity-access-management/ │ ├── iam-fundamentals.md # AuthN, AuthZ, accountability │ ├── privileged-access-management.md # PAM, PIM, JIT access │ └── federation-and-sso.md # SAML, OAuth 2.0, OIDC ├── domain-6-security-assessment/ │ ├── vulnerability-management.md # VA lifecycle, CVSS scoring │ └── penetration-testing.md # Methodology, scoping, reporting ├── domain-7-security-operations/ │ ├── incident-response.md # IR lifecycle, PICERL │ ├── digital-forensics.md # Chain of custody, evidence handling │ └── soc-operations.md # SOC tiers, SIEM, alert triage ├── domain-8-software-security/ │ ├── secure-sdlc.md # Security in development lifecycle │ └── common-vulnerabilities.md # OWASP Top 10, injection, misconfigs └── README.md
Domain # Core Concepts Real-World Mapping Status Security and Risk Management 1 Risk frameworks, governance, compliance NIST RMF, ISO 27001, GRC platforms 🗓️ In Progress Asset Security 2 Data classification, ownership, DLP Microsoft Purview, Azure Information Protection 🗓️ In Progress Security Architecture & Engineering 3 Security models, Zero Trust, cryptography Azure landing zones, Entra ID 🗓️ In Progress Communication & Network Security 4 Network controls, secure protocols Azure Firewall, NSG, Private Endpoints 🗓️ In Progress Identity & Access Management 5 IAM, PAM, federation Entra ID, PIM, Conditional Access ✅ Content Added Security Assessment & Testing 6 Vulnerability management, pen testing Defender for Cloud, vulnerability scanning 🗓️ In Progress Security Operations 7 Incident response, SOC, forensics Microsoft Sentinel, Defender XDR 🗓️ In Progress Software Development Security 8 Secure SDLC, OWASP, DevSecOps GitHub Advanced Security, Defender for DevOps 🗓️ In Progress
Each domain folder contains markdown files covering specific sub-topics. Every file follows the same structure:
- Concept — what it is (concise, not a textbook)
- Why It Matters — the security problem it solves
- Real-World Implementation — how this looks in an enterprise environment
- Cloud Mapping — the Azure/M365 control that implements this concept
- Common Mistakes — where organizations get this wrong
CISSP Exam Notes — key distinctions the exam tests
This is not a wiki of definitions. A CISSP practitioner does not need to look up what AES is. They need to know:
- When to choose AES-256-GCM vs. AES-256-CBC and why
- What the operational implications of key rotation frequency are
How to explain encryption key management risk to a board-level audience
Every entry is written from that operational perspective.
- This repository contains no proprietary exam material, no ISC² copyright content, and no braindumps
All content is original analysis and architecture notes based on public documentation and practical experience
- CISSP concepts are referenced by name and mapped to their practical application — not reproduced from the CBK
Surya | Cybersecurity Architect | CISSP
Active CISSP practitioner. The notes in this repository reflect real decisions made in real enterprise security programs, not theoretical exam preparation.
86sunbot/cissp-knowledge-base
Folders and files
| Name | Name | Last commit date | ||
|---|---|---|---|---|
