Course Cybersecurity

CISSP 2021: What’s New?

In this course, ‘CISSP 2021: What’s New?’, we look at the significant changes that have been made to the CISSP Official Exam Outline (the course syllabus).

What you’ll learn

  • Learn what’s new in the CISSP Curriculum, from May 1st, 2021 (next update in 2024)
  • There are still Eight Domains – D1, D3 & D7 are still broader in content than others.
  • Very small changes (+/-1%) to the weighting of two domains.
  • Notable changes to all domains, except D1.
  • As of late 2019, some of the changes were Already in Official Course (AOC), i.e. the Student (course) Guide; Study Guide; and Official Practice Tests.
  • D2: Resource types and data activities listed (AOC);
  • D3: Fourteen designs/solutions listed (50% AOC); and thirteen cryptanalytic attacks listed (some AOC);
  • D4: Several new network architectures listed;
  • D5: Additions to all existing sub-domains & new 5.6 on authentications systems;
  • D6: More detail on security test output and reporting;
  • D7: Minor changes to 6/15 sub-domains; and
  • D8: More detail added to all sub-domains.

Are there any course requirements or prerequisites?

  • This course is designed to help students who were preparing for the previous version of the CISSP Exam

Who this course is for

  • Students wishing to become Certified Information Systems Security Professionals, after May 1st, 2021
This is the Introduction & Foreword to the full three-hour course.

CISSP 2021: What’s New?

I’ve just passed the new version of the CISSP Exam, and I created this Course to help you pass as well!

This course describes the changes to the Certified Information Systems Security Professional Exam Outline. Now, CISSP has been around for quite some time and the previous version of the course syllabus was established in April 2018.  That was the version that I was taught, but only recently, as of the 1st of May this year, the Exam Outline changed significantly.  In this course, I’m going to go through all of that material for you and show you what has changed, in detail, to help you with your revision.

I’m going to give you an overview of what’s changed and how this material has been developed for you.

In the course, we’re going to cover all eight domains from ‘Security and Risk Management’ all the way through to ‘Software Development Security.  The CISSP is a very broad course and it covers all sorts of things like physical security and fire prevention right through to some more detailed technical stuff on the workings of the Internet, software development, and security testing as well.

There have been significant changes to all of those domains except one. (There’s a small change to number one, as we will see, but it’s not huge.) However, Domains 2 to 8 have all gone undergone significant changes.  (Some of those changes were already in the official course material, in the study guide and some were already in the official practice tests; we will cover that too.)

Looking at Domains 2 to 8, we see that in the main to the major changes, the resource types are now listed that we the resources that we need to protect, and the different data activities in the data lifecycle are now listed.

Course Creation

Also, I wanted to let you know what I’ve done to create this course.

I went on the official five-day course, which cost about $2,500 (US), where we went through hundreds of slides per day.  You get a course guide with it, which is 800-pages long.  There is a lot of good material in there, an awful lot to learn.  In addition, I’ve also been through the official study guide, which is 1,000 pages and contains quite a lot of material that wasn’t in the official course. 

Then there is the CISSP glossary, which is about 50 pages and that’s got over 400 definitions in.  (The glossary is not so much use. It seems to be quite out of date to me. There are a lot of definitions that you don’t need and quite a few that you do need that are missing.)  There is also a list of over 50 references that you are recommended to read. 

You’re not going to read 50+ books and standards!

Just the first two are 1,800 pages long.  So it’s an enormous hill to climb without some guidance to help you where to look.  I’ve included page numbers for the Official Study Guide – where it covers the material we’re going to talk about.  However, even the Study Guide doesn’t cover everything – as you will see.  So I’ve had to go online and look up information to show you where to get started on these new topics.

Links to CISSP 2021: What’s New?

Learn about my CISSP 2021 Exam Journey here.

Course Work Health and Safety

Australian WHS Course

In this Australian WHS Course, we show you how to practically and pragmatically implement the essential elements of Australian Work Health and Safety Legislation. In particular, we look at the so-called ‘upstream’ WHS duties. These are the elements you need to safely introduce systems and services into the Australian market.

Lessons in This Course

Guide to the Australian WHS Act

Image by Wendy Van Zyl, from Pexels

This Guide to the WHS Act covers many topics of interest to system safety and design safety specialists, this full-length video covers key sections (§) of the Act:

  • § 3, Object [of the Act];
  • § 4-8, Definitions;
  • § 12A, Exclusions;
  • § 18, Reasonably Practicable;
  • § 19, Primary Duty of Care;
  • § 22-26, Duties of Designers, Manufacturers, Importers, Suppliers & those who Install/Construct/Commission;
  • § 27, Officers & Due Diligence;
  • § 46-49, Consult, Cooperate & Coordinate;
  • § 152, Function of the Regulator; and
  • § 274-276, WHS Regulations and CoP.

The Consultation, Cooperation & Coordination Code of Practice

Photo by August de Richelieu from

In this 30-minute session, we look at the Consultation, Cooperation & Coordination Code of Practice (CC&C CoP). We cover the Commonwealth and Model versions of the CoP, appendices & a summary of detailed requirements; and further commentary. This CoP is one of the two that are generally applicable.


  • CC&C in the Federal or Commonwealth CoP;
  • Extra CC&C in the Model CoP;
  • (Watch out for Jurisdiction);
  • Further commentary; and
  • Where to get more information.

The Risk Management CoP

Photo by Marta Branco from Pexels

In this 40-minute session, we look at the Risk Management Code of Practice (CoP). We cover: who has WHS duties; the four-step process; keeping records, appendices & a summary of detailed requirements; and further commentary. This CoP is the other one of the two that are generally applicable.


  • Who has WHS duties;
  • The four-step process;
  • Keeping records, appendices & summary of detailed requirements;
  • Further commentary; and
  • Where to get more information.

Safe Design

Karolina Grabowska STAFFAGE from Pexels

Want some good guidance on Safe Design? In this 52-minute video from the Safety Artisan, you will find it. We take the official guidance from Safe Work Australia and provide a value-added commentary on it. The guidance integrates seamlessly with Australian law and regulations, but it is genuinely useful in any jurisdiction.


  • A safe design approach;
  • Five principles of safe design;
  • Ergonomics and good work design;
  • Responsibility for safe design;
  • Product lifecycle;
  • Benefits of safe design;
  • Legal obligations; and
  • Our national approach.

How to Demonstrate SFARP

Photo by Sondre Dahl from

So our learning objectives for this session at the end of this session, you should understand the SFARP concept: what it’s all about. You should understand the variety of techniques that are available to you. Most importantly, you will be able to apply these techniques in the correct order, because that’s important in the real world.


  • Introduction – Reasonably Practicable;
  • How to SFARP with:
    • Codes, Standards & Regulations; and
    • Controls, or groups of controls.
  • Some practical hints on good practice;
  • Examples; and
  • Source information.

These lessons sell for $45 USD each, but you can get a 20% discount here. (You can get a bigger discount by subscribing to our mailing list!)

Course System Safety

The Safety Artisan is on Thinkific

I’m pleased to tell you that The Safety Artisan is on Thinkific!

Thinkific is a powerful and beautifully-presented online Learning Management System.  This will complement the existing Safety Artisan website.  

My first course will be ‘System Safety Assessment‘ with ten hours of instructional videos. The new course is here.

(Please note that this is the same course as my ‘Complete System Safety Analysis Bundle’ of 12 videos available here.  So, if you’ve already bought that – thanks very much – please don’t buy it again, as you already have all the material.)

What will the System Safety Assessment Course do for you?

Transcript of the Video

Read the Transcript Here:

Welcome to the System Safety Assessment course

In this course, you will gain knowledge, skills, and confidence.  You will gain knowledge of what is involved in system safety assessment.  The individual tasks and techniques you need to carry out.

But more importantly, how to put them together into a successful program and how to tailor all these different tasks keeping some, but leaving out others so that you get an efficient and effective safety program, no matter what application or what system you are working with.

So that’s the knowledge and the skills

You’ll also get the confidence to be able to get you started.  Now, there is no substitute for live face-to-face training and coaching.  But this format is much more accessible to you and much more reasonably priced.  So wherever you are in the world, whatever time and day you want to do your learning, you can access this course and you can gain confidence to get you started.

So if you’re worried about a job interview, what you’re going to say or you’re worried about how to do a job and there’s nobody around to help you.  Then this course will give you the confidence to get started and to be aware of the pitfalls before you begin.

So what makes me confident that I can help you?

Well, first of all, I’ve got 25 years of experience applying system safety.

And I’ve done that in the UK, in the United States, in Australia, and in the European Union.  I’ve seen a wide variety of legal jurisdictions that I’ve worked in.  Also, I’ve worked on a wide variety of systems.  I’ve worked on planes, trains, ships and submarines, software, and I.T. systems all kinds of stuff.

I’ve worked on some gigantic multibillion-dollar projects and some much smaller ones.  So I know how to pragmatically apply this stuff, at a reasonable scale without spending stupid amounts of money.

And in fact, as part of my job as a consultant, I spent half the time telling clients to do less and spend less and still get an effective result.  So that’s where I’m coming from.

I’ve also got experience teaching system safety in the classroom.  I’ve taught hundreds of students, from various different projects.  And now I have hundreds of online students, and I’m very pleased to be able to help all of those as well.

So that’s why I think that I can help you

And I hope that you will enjoy this course and get a lot out of it.  Thanks very much for considering The Safety Artisan.

What do you think of the new page?