Introduction to the eight CISSP security domains Flashcards

1
Q

CISSP

A

Certified information systems security professional

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

8 Security Domains

A
  1. Security and Risk Management
  2. Asset Security
  3. Security Architecture and Engineering
  4. Communications and Network Security
  5. Identify and Access Management
  6. Security Assessment and Testing
  7. Security Operations
  8. Software Development Security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Domain 1

Security and Risk Management

A

Security and risk management focuses on defining security goals and objectives, risk mitigation, compliance, business continuity, and the law.

e.g security analysts may need to update company policies related to private health information if a change is made to a federal compliance regulation such as the Health Insurance Portability and Accountability Act, also known as HIPAA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Domain 2

Asset Security

A

This domain focuses on securing digital and physical assets. It’s also related to the storage, maintenance, retention, and destruction of data.

When working with this domain, security analysts may be tasked with making sure that old equipment is properly disposed of and destroyed, including any type of confidential information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Domain 3

Security Architecture and Engineering

A

This domain focuses on optimising data security by ensuring effective tools, systems, and processes are in place.

As a security analyst, you may be tasked with configuring a firewall. A firewall is a device used to monitor and filter incoming and outgoing computer network traffic. Setting up a firewall correctly helps prevent attacks that could affect productivity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Domain 4

Communications and Network Security

A

This domain focuses on managing and securing physical networks and wireless communications.

As a security analyst, you may be asked to analyse user behaviour within your organisation.

Imagine discovering that users are connecting to unsecured wireless hotspots. This could leave the organization and its employees vulnerable to attacks. To ensure communications are secure, you would create a network policy to prevent and mitigate exposure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Domain 5

Identity and access management

A

Identity and access management focuses on keeping data secure, by ensuring users follow established policies to control and manage physical assets, like office spaces, and logical assets, such as networks and applications. Validating the identities of employees and documenting access roles are essential to maintaining the organization’s physical and digital security.

For example, as a security analyst, you may be tasked with setting up employees’ keycard access to buildings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Domain 6

Security Assessment and Testing

A

This domain focuses on conducting security control testing, collecting and analyzing data, and conducting security audits to monitor for risks, threats, and vulnerabilities. Security analysts may conduct regular audits of user permissions, to make sure that users have the correct level of access.

For example, access to payroll information is often limited to certain employees, so analysts may be asked to regularly audit permissions to ensure that no unauthorized person can view employee salaries.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Domain 7

Security Operations

A

This domain focuses on conducting investigations and implementing preventative measures. Imagine that you, as a security analyst, receive an alert that an unknown device has been connected to your internal network. You would need to follow the organization’s policies and procedures to quickly stop the potential threat.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Domain 8

Software Development Security

A

his domain focuses on using secure coding practices, which are a set of recommended guidelines that are used to create secure applications and services. A security analyst may work with software development teams to ensure security practices are incorporated into the software development life-cycle.

For example, one of your partner teams is creating a new mobile app, then you may be asked to advise on the password policies or ensure that any user data is properly secured and ma

How well did you know this?
1
Not at all
2
3
4
5
Perfectly