At the time of writing this article, the Certified Information Systems Security Professional (CISSP) certification, managed by (ISC)², does not specifically require knowledge of blockchain technology.
Blockchain is a decentralized and distributed ledger technology that securely records digital transactions across multiple computers. The technology is notable for its robust security features, which include cryptographic hashes, public-private key encryption, and consensus algorithms. However, the broad application and understanding of blockchain is relatively new and the technology is primarily associated with certain industries or applications, such as cryptocurrencies like Bitcoin or Ethereum, and more recently, supply chain management, voting systems, healthcare records, and other forms of decentralized finance (DeFi).
The Certified Information Systems Security Professional (CISSP) is a globally recognized certification in the field of cybersecurity. It covers eight broad domains:
1. Security and Risk Management
2. Asset Security
3. Security Architecture and Engineering
4. Communication and Network Security
5. Identity and Access Management (IAM)
6. Security Assessment and Testing
7. Security Operations
8. Software Development Security
As you can see, these are fairly high-level categories and are not tied to any one technology, including blockchain. The certification aims to ensure that a professional can design, implement and manage a best-in-class cybersecurity program, regardless of the specific technologies used in the organization.
Furthermore, the CISSP exam focuses on the principles and practices that underpin all of information security. While the underlying cryptographic principles of blockchain (like hash functions, public key infrastructure) are indeed a part of the CISSP’s third domain (Security Architecture and Engineering), blockchain as a whole, as an application of these principles, is not specifically included at the time of this writing.
This may be because blockchain is just one of many technologies that an information security professional might need to understand and it’s not necessarily a technology that all such professionals will encounter in their work. It may also be because the adoption and implementation of blockchain vary greatly between industries, whereas the CISSP aims to provide a standard body of knowledge for the entire field of information security.
It’s likely that future revisions of the CISSP exam will include more specific reference to blockchain technology, especially if it becomes more universally adopted in contexts where security professionals need to be involved. As of now, understanding the principles of cryptography, network security, and secure software development that underpin blockchain could be beneficial for professionals in this field.
Lastly, it’s important to note that even if specific knowledge of blockchain technology isn’t required for the CISSP, understanding related concepts such as cryptography, distributed systems, and data integrity could be very beneficial for someone working with blockchain technology.