WK 1 Security Domains Flashcards
Why are the CISSP security domains important?
Security teams use them to organize daily tasks and identify gaps in security that could cause negative consequences for an organization, and to establish their security posture.
Security Posture
Security posture refers to an organization’s ability to manage its defense of critical assets and data and react to change.
Domain 1: Security and Risk Management
5 focus areas
Focused on…
- Defining security goals and objectives
- Risk Mitigation
- Compliance
- Business continuity
- Legal Regulations
Domain 1: Security and Risk Management
Focus area 1: Defining security goals and objectives
What’s the importance of this focus area?
Organizations can reduce risks to critical assets and data like personally identifiable information (PII)
Domain 1: Security and Risk Management
Focus area 2: Risk Mitigation
What’s the importance of this focus area?
Risk mitigation means having the right procedures and rules in place to quickly reduce the impact of a risk like a breach
Domain 1: Security and Risk Management
Focus area 2: Compliance
What’s the importance of this focus area?
Compliance is the primary method used to develop an organization’s internal security policies, regulatory requirements, and independent standards.
Domain 1: Security and Risk Management
Focus area 2: Business Continuity
What’s the importance of this focus area?
Business continuity relates to an organization’s ability to maintain their everyday productivity by establishing risk disaster recovery plans.
Domain 1: Security and Risk Management
Focus area 2: Legal Regulations
What’s the importance of this focus area?
While laws related to security and risk management are different worldwide, the overall goals are similar. As a security professional, this means following rules and expectations for ethical behavior to minimize negligence, abuse, or fraud.
Domain 2: Asset Security
What is Asset Security?
The asset security domain is focused on securing digital and physical assets. It’s also related to the storage, maintenance, retention, and destruction of data.
Domain 2: Asset Security
Why is Asset Security important?
Knowing what data you have and who has access to it is necessary for having a strong security posture that mitigates risk to critical assets and data.
Domain 3: Security Architecture and Engineering
What is the focus?
This domain is focused on optimizing data security by ensuring effective tools, systems, and processes are in place to protect an organization’s assets and data.
Domain 4: Communication and Network Security
What is the focus?
Mainly focused on managing and securing physical networks and wireless communications
Secure networks keep an organization’s data and communications safe whether on-site, or in the cloud, or when connecting to services remotely.
Domain 5: Identity and access management (IAM)
What is the focus?
Focused on access and authorisation to keep data secure by making sure users follow established policies to control and manage assets.
As an entry-level analyst, it’s essential to keep an organization’s systems and data as secure as possible by ensuring user access is limited to what employees need.
Basically, the goal of IAM is to reduce the overall risk to systems and data
There are four main components to IAM.
Identification
Authentication
Authorisation
Accountability
Domain 6: Security Assessment and Testing
What is the focus?
This domain focuses on conducting security control testing, collecting and analyzing data, and conducting security audits to monitor for risks, threats, and vulnerabilities.
Domain 7: Security Operations
What is the focus?
The security operations domain is focused on conducting investigations and implementing preventative measures. Investigations begin once a security incident has been identified.
Domain 8: Software Development Security
What is the focus?
This domain focuses on using secure coding practices. As you may remember, secure coding practices are recommended guidelines that are used to create secure applications and services.
The software development lifecycle is an efficient process used by teams to quickly build software products and features.
Threat
A threat is any circumstance or event that can negatively impact assets.
One example of a threat is a social engineering attack. Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables. Malicious links in email messages that look like they’re from legitimate companies or people is one method of social engineering known as phishing.
As a reminder, phishing is a technique that is used to acquire sensitive data, such as user names, passwords, or banking information.
Risks
Risks are different from threats. A risk is anything that can impact the confidentiality, integrity, or availability of an asset. Think of a risk as the likelihood of a threat occurring.
An example of a risk to an organization might be the lack of backup protocols for making sure its stored information can be recovered in the event of an accident or security incident.
Organizations tend to rate risks at different levels: low, medium, and high, depending on possible threats and the value of an asset.
Low risk asset
Information that would not harm the organization’s reputation or ongoing operations, and would not cause financial damage if compromised. This includes public information such as website content, or published research data.
Medium risk asset
A medium-risk asset might include information that’s not available to the public and may cause some damage to the organization’s finances, reputation, or ongoing operations.
For example, the early release of a company’s quarterly earnings could impact the value of their stock.
High risk asset
Information protected by regulations or laws, which if compromised, would have a severe negative impact on an organisation’s finances, ongoing operations, or reputation.
This could include leaked assets with SPII, PII, or intellectual property.
Vulnerability
A vulnerability is a weakness that can be exploited by a threat. And it’s worth noting that both a vulnerability and threat must be present for there to be a risk.
Examples of vulnerabilities include: an outdated firewall, software, or application; weak passwords; or unprotected confidential data. People can also be considered a vulnerability.
People’s actions can significantly affect an organization’s internal network. Whether it’s a client, external vendor, or employee, maintaining security must be a united effort.
