8 CISSP Domains of Cybersecurity

Security and Risk Management

Defines security goals and objectives, risk mitigation, compliance, business continuity and the law. EX: Security Analysts may need to update federal compliance information like HIPPA or FDIC.

Asset Security

Secures digital and physical assets. Its also related to the storage, maintenance, retention and destruction of data. EX: Security Analysts may be tasked with making sure that old equipment that may include confidential information is wiped and disposed of.

Security Architecture and Engineering

Optimizes data security by ensuring effective tools, systems and processes are in place. EX: A Security Analyst may be tasked with building a firewall.

Communication and Network Security

Manage and secure physical networks and wireless communications. Ex: Analyst may analyze user behavior within your organization like checking for users connecting to unsecured hotspots or users downloading non authorized software or connecting unencrypted USB sticks.

Identity and Access Management

Keeps data secure by ensuring users follow established policies to control and manage physical assets like office spaces and logical assets such as networks and applications. EX:As Security Analyst, you may be tasked with setting up employees key cards to buildings or setting up or deleting an employees account.

Security Assessment and Testing

Conducting security control testing, collecting and analyzing data and conducting security audits to monitor for risks, threats and vulnerabilities. Ex: Security Analysts may conduct audits of users permissions to make sure that users have the correct level of access. Like payroll information should only be for payroll employees, so a Security Analyst will make sure unauthorized employees don’t have access to view employee salaries.

Security Operations

Focuses on conducting investigations and implementing preventative measures. Ex: A Security Analyst may receive an alert that an unknown device has been connected to the network.

Software Development Security

Uses the secure coding practices which are a set of recommended guidelines that are used to create secure applications and services. Ex: An Analyst may work with devs to ensure security practices are incorporated in the SDLC. Ex: A dev may be creating a new mobile app and may ask the Analyst on advice on the password policies and that user data is properly secured and managed.