Introduction to the Eight CISSP Security Domains

Overview of Security Domains

1. Security Risk and Management

Defines security goals and objectives, risk mitigation, compliance, business continuity, and the law

E.g. Updating company policies depending on regulation changes

2. Asset Security

Secures digital and physical assets. It's also related to the storage, maintenance, retention, and destruction of data.

E.g. Making sure that old equipment is properly disposed of and destroyed

3. Security Architecture and Engineering

Optimizes data security by ensuring effective tools, systems, and processes are in place.

E.g. Configuring a firewall

4. Communication and Network Security

Manage and secure physical networks and wireless communications

E.g. Analyze user behavior within organization

5. Identity and Access Management

Keeps data secure, by ensuring users follow established policies to control and manage physical assets, like office spaces, and logical assets, such as networks and applications.

E.g. Setting up employee keycard access

6. Security Assessment and Testing

Conducting security control testing, collecting and analyzing data, and conducting security audits to monitor for risks, threats, and vulnerabilities.

E.g. Auditing employee permissions

7. Security Operations

Conducting investigations and implementing security measures

E.g. Stopping potential network threats

8. Software Development Security

Uses secure coding practices, which are a set of recommended guidelines that are used to create secure applications and services.

E.g. Advising password policies or user data usage in apps