Introduction to the Eight CISSP Security Domains
Overview of Security Domains
1. Security Risk and Management
Defines security goals and objectives, risk mitigation, compliance, business continuity, and the law
2. Asset Security
Secures digital and physical assets. It's also related to the storage, maintenance, retention, and destruction of data.
3. Security Architecture and Engineering
Optimizes data security by ensuring effective tools, systems, and processes are in place.
4. Communication and Network Security
Manage and secure physical networks and wireless communications
5. Identity and Access Management
Keeps data secure, by ensuring users follow established policies to control and manage physical assets, like office spaces, and logical assets, such as networks and applications.
6. Security Assessment and Testing
Conducting security control testing, collecting and analyzing data, and conducting security audits to monitor for risks, threats, and vulnerabilities.
7. Security Operations
Conducting investigations and implementing security measures
8. Software Development Security
Uses secure coding practices, which are a set of recommended guidelines that are used to create secure applications and services.
Last updated