Eight CISSP Security domains

Security and Risk Management

Defines security goals and objectives, risk mitigation, compliance, business continuity, and the law

Asset Security

Secures digital and physical assets. It’s also related to the storage, maintenance, retention, and destruction of data.

Security Architecture and Engineering

Optimizes data security by ensuring effective tools, systems, and processes are in place.

Communication and Network security

Manage and secure physical networks and wireless communications.

Identity and access management

Keeps data secure by ensuring users follow established policies to control and manage physical assets, like office spaces, and logical assets, such as networks and applications.

Security assessment and testing

Conducting security control testing, collecting, and analyzing data, and conducting security audits to monitor for risks, threats, and vulnerabilities.

Security Operations

Conducting investigations and implementing preventative measures.

Software development security

Uses secure coding practices, which are a set of recommended guidelines that are used to create secure applications and services.