Skip to main content

THE 8 CISSP SECURITY DOMAINS

 


CBK means Common Body of Knowledge.

DOMAIN ONE: SECURITY & RISK MANAGEMENT

This domain covers many of the foundation concepts of information systems security.

Some of the topics covered are as follows:

ü The principles of confidentiality, integrity, & availability

ü Security governance & compliance

ü Legal & regulatory issues

ü Professional ethnics

ü Personnel security policies

ü Risk management

ü Threat modelling

DOMAIN TWO: ASSET SECURITY

This domain examines the protection of assets throughout their life cycle.

The following are topics examined in this domain:

ü Asset identification & classification

ü Maintaining information & asset ownership

ü Privacy

ü Asset retention

ü Data security controls

ü Information & asset handling requirements

DOMAIN THREE: SECURITY ARCHITECTURE & ENGINEERING

Domain three is all about the development of information systems that remain secure in the face of a myriad of threats.

The domain covers the following:

ü Security design principles

ü Selection of effective controls

ü Mitigation of vulnerabilities

ü Cryptography

ü Secure site & facility design

ü Physical security

DOMAIN FOUR: COMMUNICATION & NETWORK SECURITY

Domain four covers network architectures, communication technologies % network protocols with a goal of understanding how to secure them.

The topics this domain covers are as follows:

ü Secure network architectures

ü Secure network components

ü Secure communication channels

DOMAIN FIVE: IDENTITY & ACCESS MANAGEMENT

Identity & access management domain is one of the most important topics in information security.

Domain five covers the interaction between users & systems as well as between systems & other systems.

This domain covers the following topics:

ü Controlling physical & logical access to assets

ü Identification & authentication

ü Identity as a service

ü Third-party identity services

ü Authorization methods

DOMAIN SIX: SECURITY ASSESSMENT & TESTING

Domain six covers ways to verify the security of our information systems.

This domain overs the following topics:

ü Assessment & testing strategies

ü Testing security controls

ü Collecting security process data

ü Analyzing & reporting results

ü Conducting & facilitating audits

DOMAIN SEVEN: SECURITY OPERATIONS

This domain examines the many activities involved in the daily business of maintaining the security of our networks.

Some of the topics include:

ü Supporting investigations

ü Investigation types & their requirements

ü Logging & monitoring

ü Secure provisioning of resources

DOMAIN EIGHT: SOFTWARE DEVELOPMENT SECURITY

Domain eight examines the application of security principles to the acquisition and development of software systems.

This domain covers the following topics:

ü Security in the software development life cycle

ü Security controls in development environments

ü Assessing software security

ü Assessing the security implications of acquired software

ü Secure coding guidelines & standards

Labels:

Comments

Post a Comment

Popular posts from this blog

THE C|EHv10 (PRACTICAL) EXAM

  The C|EH (Practical) is a 6-hours practical exam built to exacting specifications by subject matter experts in the Ethical Hacking field. Professionals that posses the C|EH credential will be able to sit for an exam that will test their limits in unearthing vulnerabilities across major: ü Operating Systems ü Databases ü Networks To those who meet & exceed the skills level set, they will earn the new industry required certification – the C|EH (Practical) certification. C|EH (Practical) is available fully proctored (meaning you are being invigilated), online with remote facilities globally. The combined benefit of a practical exam that is fully proctored anywhere in the world will provide organizations with a skills-validated & trusted credential when employing cybersecurity professionals. With its global availability, organizations can now quickly train, test & deploy a cyber-ready workforce effectively. You can check EC-Council website for applic...
Post a Comment
Read more