CISSP 8 Domains Flashcards
Certified Information Systems Security Professional
security and risk management
Security and risk management focuses on defining security goals and objectives, risk mitigation, compliance, business continuity, and the law.
EX: update company policies related to private health information if a change is made to a federal compliance regulation I.E. HIPPA
asset security
securing digital and physical assets. It’s also related to the storage, maintenance, retention, and destruction of data.
EX: making sure that old equipment is properly disposed of and destroyed, including any type of confidential information.
security architecture and engineering
optimizing data security by ensuring effective tools, systems, and processes are in place.
EX: may be tasked with configuring a firewall
communication and network security
managing and securing physical networks and wireless communications.
EX: analyze user behavior within your organization. Imagine discovering that users are connecting to unsecured wireless hotspots.
identity and access management
keeping data secure, by ensuring users follow established policies to control and manage physical assets, like office spaces, and logical assets, such as networks and applications.
EX: Validating the identities of employees and documenting access roles are essential to maintaining the organization’s physical and digital security.
security assessment and testing
conducting security control testing, collecting and analyzing data, and conducting security audits to monitor for risks, threats, and vulnerabilities.
EX: conduct regular audits of user permissions, to make sure that users have the correct level of access.
security operations
conducting investigations and implementing preventative measures.
EX: receive an alert that an unknown device has been connected to your internal network. You would need to follow the organization’s policies and procedures to quickly stop the potential threat.
software development security
secure coding practices, which are a set of recommended guidelines that are used to create secure applications and services.
EX: may work with software development teams to ensure security practices are incorporated into the software development life-cycle.