8 Domains of CISSP

0.0(0)
studied byStudied by 0 people
0.0(0)
full-widthCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/7

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

8 Terms

1
New cards

security and risk management

defines security goals and objectives, risk mitigation, compliance, business continuity, and the law (ex: security analysts may need to update company policies related to private health information; if a change is made to a federal compliance regulation such as the Health Insurance Portability and Accountability Act)

2
New cards

Asset security

focuses on securing digital and physical assets. It's also related to the storage, maintenance, retention, and destruction of data (ex: security analysts may be tasked with making sure that old equipment is properly disposed of and destroyed, including any type of confidential information)

3
New cards

security architecture and engineering

focuses on optimizing data security by ensuring effective tools, systems, and processes are in place. (ex: As a security analyst, you may be tasked with configuring a firewall. A firewall is a device used to monitor and filter incoming and outgoing computer network traffic)

4
New cards

communication and network security

focuses on managing and securing physical networks and wireless communications (ex: As a security analyst, you may be asked to analyze user behavior within your organization. Imagine discovering that users are connecting to unsecured wireless hotspots. This could leave the organization and its employees vulnerable to attacks. To ensure communications are secure, you would create a network policy to prevent and mitigate exposure) 

5
New cards

Identity & Access Management (IAM)

Controlling who can access systems and data; this includes both physical and digital world things. (physical ex: Your badge opens the office door, but not the server room) (logical/digital ex: You can log in to email, Teams/Slack, and your department’s software; But you cannot open the finance system, IT admin panel, or HR payroll because you don’t have permission.)

6
New cards

Security assessment and testing

Checking for weaknesses through audits, tests, and evaluations; (ex: Running a penetration test to see if hackers can break into the system.)

7
New cards

Security Operations

conducting investigations and implementing preventative measures (ex: The SOC detecting a malware alert and isolating the infected computer.)

8
New cards

Software Development Security

uses secure coding practices, which are a set of recommended guidelines that are used to create secure applications and services. (ex: Developers scanning code for vulnerabilities before releasing an app. )