CISSP 8 Domains
Domain #1: Security Assessment and Testing
defining security goals and obectives, risk mitigation, compliance, business continuity and the law
Domain #2 Asset Security
focuses on secuting digital and physical assets. Also related to stoage, maintenance, retention and destruction of data.
Example of Security Assessment and Testing?
Security Analysts may need to update company policies related to private health info if a change is made to federal compliance regulation such as HIPPA, for instance.
Example of Asset Security?
Security Analysts may be tasked with making sure old equipment is properly disposed of
Domain #3: Security Engineering
focuses on optimiing data security by ensuring effective tools, systems and processes are in place
Example og Security Engineering?
As a security analyst you may be tasked with configuring a firewall (device used to monitor and filter incoming and outgoing computer network traffic.
Domain #4: Communication and network strategy
focuses on managig and securing physical networks and wireless communications.
Example of Communications and Network Security
as a security analyst, you may be asked to analyse user behaviour within your organization
Domain #5 Identity and Access Management
focuseson keeping data secure by ensuring uders follow established policies to control and manage physical assets like office spaces, and logical assets like networks and applications
Example of Identity and Access Management
validating identities of employees and documenting access roles are essential to maintaining the organization's physical and digital security. You May be tasked with setting up an emplopyee's key card access.
Domain #6: Security Assessment and Testing
Focuses on conducting security control testing, collecting and analyzing data, and conducting security audits to monitor risks and vulnerabilities.
Example of Security Assessment and Testing
Security analysts may conduct regular audits of user permissions and make sure users have correct level of access, such as making sure payroll info is only limited to certain users.
Security analysts may conduct audits to ensure no unauthorized person can view employee salaries.
Domain #7: Security Operations
focuses on conducting investigations and implementing preventative measures
An Example of Security Operations
as a security analyst, you may recieve an alert that an unknown device has connected to your internal network. You would need to follow an orgnization's policies and procedures to stop a potential threat.
Domain #8: Softwarev development security
focuses on using secure coding pravctices, which are an a set of reccomended guidlines that are used to create secure applications and services. Security Analysts may work with software development teams to ensure security practices are incorporated into the software development life cycle.
Example of Software Development Security
if one of your partner teams is creating a new mobile app, you may be asked to advice on passwords policies or ensure thst user data is properly secured and managed.