ABSTRACT
Over the past years, we have probably received more comments about the applications domain of the
CISSP then about any other domain. Many people question the inclusion of applications in the common
body of knowledge (CBK)
for the CISSP
certification. This is understandable because the field of
information systems analysis, design, and development-which is the real home of applications
development-is a close relative to the information security field outlined by the CISSP CBK and, as
we all know, sometimes close relatives do not get along with each other.