Skip to main content

THE 8 CISSP SECURITY DOMAINS

 


CBK means Common Body of Knowledge.

DOMAIN ONE: SECURITY & RISK MANAGEMENT

This domain covers many of the foundation concepts of information systems security.

Some of the topics covered are as follows:

ü The principles of confidentiality, integrity, & availability

ü Security governance & compliance

ü Legal & regulatory issues

ü Professional ethnics

ü Personnel security policies

ü Risk management

ü Threat modelling

DOMAIN TWO: ASSET SECURITY

This domain examines the protection of assets throughout their life cycle.

The following are topics examined in this domain:

ü Asset identification & classification

ü Maintaining information & asset ownership

ü Privacy

ü Asset retention

ü Data security controls

ü Information & asset handling requirements

DOMAIN THREE: SECURITY ARCHITECTURE & ENGINEERING

Domain three is all about the development of information systems that remain secure in the face of a myriad of threats.

The domain covers the following:

ü Security design principles

ü Selection of effective controls

ü Mitigation of vulnerabilities

ü Cryptography

ü Secure site & facility design

ü Physical security

DOMAIN FOUR: COMMUNICATION & NETWORK SECURITY

Domain four covers network architectures, communication technologies % network protocols with a goal of understanding how to secure them.

The topics this domain covers are as follows:

ü Secure network architectures

ü Secure network components

ü Secure communication channels

DOMAIN FIVE: IDENTITY & ACCESS MANAGEMENT

Identity & access management domain is one of the most important topics in information security.

Domain five covers the interaction between users & systems as well as between systems & other systems.

This domain covers the following topics:

ü Controlling physical & logical access to assets

ü Identification & authentication

ü Identity as a service

ü Third-party identity services

ü Authorization methods

DOMAIN SIX: SECURITY ASSESSMENT & TESTING

Domain six covers ways to verify the security of our information systems.

This domain overs the following topics:

ü Assessment & testing strategies

ü Testing security controls

ü Collecting security process data

ü Analyzing & reporting results

ü Conducting & facilitating audits

DOMAIN SEVEN: SECURITY OPERATIONS

This domain examines the many activities involved in the daily business of maintaining the security of our networks.

Some of the topics include:

ü Supporting investigations

ü Investigation types & their requirements

ü Logging & monitoring

ü Secure provisioning of resources

DOMAIN EIGHT: SOFTWARE DEVELOPMENT SECURITY

Domain eight examines the application of security principles to the acquisition and development of software systems.

This domain covers the following topics:

ü Security in the software development life cycle

ü Security controls in development environments

ü Assessing software security

ü Assessing the security implications of acquired software

ü Secure coding guidelines & standards

Labels:

Comments

Post a Comment

Popular posts from this blog

INTRODUCTION TO ETHICAL HACKING

  Technology Brief Information Security Overview Information security ensures the confidentiality, integrity, & availability. An organization without security policies & appropriate security rules are at great risk, & the confidential information & data related to that organization are not secure in the absence of these security policies. An organization along well-defined security policies & procedures helps in protecting the assets of that organization from unauthorized access & disclosures. Essential Terminologies HACK VALUE – This is a value that denotes attractiveness, interest or something that is worthy. ZERO-DAY ATTACK – This refers to threats & vulnerabilities that can exploit the victim before the developer identify or address & release patch for that vulnerability. VULNERABILITY – IT refers to a week point, loophole or a cause in any system, software, or network which can be helpful & utilized by the attackers to go t...
Post a Comment
Read more

CISM-: INFORMATION SECURITY GOVERNANCE (LESSON ONE PART ONE)

      CERTIFIED INFORMATION SECURITY MANAGER (CISM) CERTIFICATION TRAINING DOMAIN ONE: INFORMATION SECURITY GOVERNANCE LESSON ONE: PART ONE DOMAIN DEFINITION Establish &/or maintain an information security governance framework & supporting processes to ensure that the information security strategy is aligned with organization goals & objectives. LEARNING OBJECTIVES ·         Understand the purpose of information security governance, what it consists of & how to accomplish it ·         Understand the purpose of an information security strategy, its objectives, & the reasons & steps required to develop one ·         Understand the meaning, content, creation & use of policies. Standards, procedures & guidelines & how they relate to each other ·         Develop business cases & gain commitment from ...
Post a Comment
Read more

CERTIFIED ETHICAL HACKER v10

  C|EHv10 CERTIFICATION DESCRIPTION The Certified Ethical Hacker (C|EHv10) certification program is a trusted & respected ethical hacking certification program that any information security professional will need. Certified Ethical Hacker (C|EH) didn’t gain the reputation & value it has by being easy to attain. It’s challenging examination that tests more than just simple memorization. It’s worth has elevated it as one of the top certifications a technician can attain. This certification actually means something to employers because they know the effort it takes to attain it. C|EH is used as a hiring standard & is a core sought after certification by many of the Fortune 500 organizations, governments, cybersecurity practices, & a cyber staple in education across many of the most prominent degree programs in top universities around the globe. Hundreds of thousands of InfoSec Professionals as well as career Starter have challenged the exam & for thos...
Post a Comment
Read more