Introduction to the eight CISSP security domains, Part 1 Flashcards
What are the eight CISSP security domains?
security and risk management, asset security, security architecture and engineering, communication and network security, identity and access management, security assessment and testing, security operations, and software development security.
What does security and risk management focus on?
security and risk management focuses on defining security goals and objectives, risk mitigation, compliance, business continuity, and the law.
Give an example of security and risk management
security analysts may need to update company policies related to private health information if a change is made to a federal compliance regulation such as the Health Insurance Portability and Accountability Act, also known as HIPAA.
What does asset security focus on?
This domain focuses on securing digital and physical assets. It’s also related to the storage, maintenance, retention, and destruction of data.
What does security architecture and engineering focus on?
This domain focuses on optimizing data security by ensuring effective tools, systems, and processes are in place.
What does communication and network security focus on?
This domain focuses on managing and securing physical networks and wireless communications.
What do the domains do?
The domains outline and organize how a team of security professionals work together.
What does identity and access management focus on?
Identity and access management focuses on keeping data secure, by ensuring users follow established policies to control and manage physical assets, like office spaces, and logical assets, such as networks and applications.
What might a security analyst be tasked with?
For example, as a security analyst, you may be tasked with setting up employees’ keycard access to buildings.
What does security assessment and testing focus on?
This domain focuses on conducting security control testing, collecting and analyzing data, and conducting security audits to monitor for risks, threats, and vulnerabilities.
What might security assessment and testing analysts be tasked with?
Security analysts may conduct regular audits of user permissions, to make sure that users have the correct level of access. For example, access to payroll information is often limited to certain employees, so analysts may be asked to regularly audit permissions to ensure that no unauthorized person can view employee salaries.
What do security operations focus on?
This domain focuses on conducting investigations and implementing preventative measures.
What does software development security focus on?
This domain focuses on using secure coding practices, which are a set of recommended guidelines that are used to create secure applications and services.
