Skip to main content

THE 8 CISSP SECURITY DOMAINS

 


CBK means Common Body of Knowledge.

DOMAIN ONE: SECURITY & RISK MANAGEMENT

This domain covers many of the foundation concepts of information systems security.

Some of the topics covered are as follows:

ü The principles of confidentiality, integrity, & availability

ü Security governance & compliance

ü Legal & regulatory issues

ü Professional ethnics

ü Personnel security policies

ü Risk management

ü Threat modelling

DOMAIN TWO: ASSET SECURITY

This domain examines the protection of assets throughout their life cycle.

The following are topics examined in this domain:

ü Asset identification & classification

ü Maintaining information & asset ownership

ü Privacy

ü Asset retention

ü Data security controls

ü Information & asset handling requirements

DOMAIN THREE: SECURITY ARCHITECTURE & ENGINEERING

Domain three is all about the development of information systems that remain secure in the face of a myriad of threats.

The domain covers the following:

ü Security design principles

ü Selection of effective controls

ü Mitigation of vulnerabilities

ü Cryptography

ü Secure site & facility design

ü Physical security

DOMAIN FOUR: COMMUNICATION & NETWORK SECURITY

Domain four covers network architectures, communication technologies % network protocols with a goal of understanding how to secure them.

The topics this domain covers are as follows:

ü Secure network architectures

ü Secure network components

ü Secure communication channels

DOMAIN FIVE: IDENTITY & ACCESS MANAGEMENT

Identity & access management domain is one of the most important topics in information security.

Domain five covers the interaction between users & systems as well as between systems & other systems.

This domain covers the following topics:

ü Controlling physical & logical access to assets

ü Identification & authentication

ü Identity as a service

ü Third-party identity services

ü Authorization methods

DOMAIN SIX: SECURITY ASSESSMENT & TESTING

Domain six covers ways to verify the security of our information systems.

This domain overs the following topics:

ü Assessment & testing strategies

ü Testing security controls

ü Collecting security process data

ü Analyzing & reporting results

ü Conducting & facilitating audits

DOMAIN SEVEN: SECURITY OPERATIONS

This domain examines the many activities involved in the daily business of maintaining the security of our networks.

Some of the topics include:

ü Supporting investigations

ü Investigation types & their requirements

ü Logging & monitoring

ü Secure provisioning of resources

DOMAIN EIGHT: SOFTWARE DEVELOPMENT SECURITY

Domain eight examines the application of security principles to the acquisition and development of software systems.

This domain covers the following topics:

ü Security in the software development life cycle

ü Security controls in development environments

ü Assessing software security

ü Assessing the security implications of acquired software

ü Secure coding guidelines & standards

Labels:

Comments

Post a Comment

Popular posts from this blog

WHY BECOME A CISSP

  CISSP means Certified Information Systems Security Professional CISSP is an (ISC)2 Certification (ISC)2 means The International Information System Security Certification Consortium (ISC)2 said CISSP is  THE WORLD PREMIER CYBERSECURITY CERTIFICATION Jobs that Typically Use or Require CISSP are as follows: Chief Information Officer Chief Information Security Officer Director of Security IT Director/Manager Network Architect Security Analyst Security Architect Security Auditor Security Consultant Security Manager Security Systems Engineer  As the Internet continues to change the world, corporations and other organizations are desperate to identify and recruit talented and experienced security professionals. They do this to protect the resources on which they depend to run their businesses in other to remain competitive. Some of the main reasons for becoming a CISSP are as follows: You will b...
Post a Comment
Read more

THE C|EHv10 (PRACTICAL) EXAM

  The C|EH (Practical) is a 6-hours practical exam built to exacting specifications by subject matter experts in the Ethical Hacking field. Professionals that posses the C|EH credential will be able to sit for an exam that will test their limits in unearthing vulnerabilities across major: ü Operating Systems ü Databases ü Networks To those who meet & exceed the skills level set, they will earn the new industry required certification – the C|EH (Practical) certification. C|EH (Practical) is available fully proctored (meaning you are being invigilated), online with remote facilities globally. The combined benefit of a practical exam that is fully proctored anywhere in the world will provide organizations with a skills-validated & trusted credential when employing cybersecurity professionals. With its global availability, organizations can now quickly train, test & deploy a cyber-ready workforce effectively. You can check EC-Council website for applic...
Post a Comment
Read more

AFTER PASSING THE CISSP EXAM

  After passing the CISSP exam, (ISC)2 will ask CISSP test taker to supply their endorsement documentation supported by an endorser/sponsor. For the endorsement, the application must be endorsed & digitally signed by an (ISC)2 certified professional. The (ISC)2 certified professional is anyone who: ü Is able to attest to test taker professional experience ü Is an active (ISC)2 credential holder in good standing. This will proof that the test taker indeed has the type of experience required to obtain this certification. The endorser/sponsor must sign the test taker endorsement document vouching for the security experience the test taker is submitting. The endorsed/sponsor will attest that the test taker assertions regarding professional experience are true to the best of the endorser’s/sponsor’s knowledge, & that the test taker are in good standing within the cybersecurity industry. So, the test taker has to be sure about his/her endorser/sponsor prior to r...
Post a Comment
Read more