Good day to all,

I have started to look in details at the new CBK® coming into effect on the 15th of April 2015.

The new CBK® list a bit more than 109 references used within the CBK.   This list is always a great indicator of what has changed, what was added, and what was deleted.

The CBK was last updated in January of 2012, prior to this it was updated about 4 years earlier.  So the current CBK still has a majority of content dating back as far as 7 years ago and in some case even more.

The changes introduced are mostly within 3 domains:  Asset Security,  Security Assessment and Testing, and Security Operations.    Very minor as far as content is concerned.  

What has changed within the references used:

1.   Thirteen of the reference were updated to the latest version of the book published.

2.  Thirteen new references were introduced as listed below:

Domain 1 - SECURITY AND RISK MANAGEMENT

  • PCI DSS Standard 2013

Domain 2 - ASSET SECURITY

  • Data Remance: Secure Detetion of datain Solid State Drive
  • Vulnerability Assessment of Physical Protection Systems
  • IT Asset management
  • Protection of Assets: Security Management

Domain 3 - SECURITY ENGINEERING

  • Nothing new

Domain 4 - COMMUNICATION AND NETWORK SECURITY

  • Nothing new

Domain 5 - IDENTITY AND ACCESS MANAGEMENT

  • Nothing new

Domain 6 - SECURITY ASSESSMENT AND TESTING

  • Backtrack 4: Assuring Security by Penetration Testing
  • Security Log Management:  Identifying Patterns in the chaos
  • Web Security Testing Cookbook
  • SOA Security
  • How to break Web Software

Domain 7 - SECURITY OPERATIONS

  • Digital Evidence and Computer Crime Forensic Science
  • Cloud Security Alliance Guidance for critical areas of focus
  • Practical Intrusion Analysis

Domain 8 - SOFTWARE DEVELOPMENT SECURITY

  • Nothing new

3.  Only 2 of the 2013 CBK®  references were retired and removed from the list.


THE BIG QUESTION: DO I NEED TO BUY TONS OF NEW REFERENCES AND BOOKS?

NO!

As mentioned above it is mostly the same content mixed with 8 domains instead of 10 domains like it used to be.   The new focus is better coverage of the cloud and it's security (or the lack of),  a huge focus on Web and Applications assessment and testing,  and a bit more about Forensics and Intrusion Detection.

Fortunately our courseware being holistic we already covered all of these new topics.

As I go through the new CBK in more detailsI will come out with other posts providing more details.  So far, there is no need to panic, it is the same OLD, same OLD with a few minor things added.

See below some interesting facts about HOW OLD the references being used and listed within the CBK are.  As you can see there is only a few of the references that were published within the past 5 years.  See the list below:

YEAR PUBLISHED             NUMBER OF REFERENCES

2015                                   NONE

2014                                   2

2013                                   7

2012                                   7

2011                                   9

2010                                   21

2009                                   14

2008                                   13

2007                                   10

2006                                    9

2005                                    6

2004                                    1

2003                                    3

2002                                    3

2001                                    4

1997                                    3

1996                                    2

1994                                    1

Best regards to all

Clement and Nathalie
Site Maintainers