Skip to main content

What are CISSP domains?

 The CISSP certification is assembled into eight domains. The extensive stretch of topics embraced in CISSP certify its aptness through all directions in information security. Productive candidates are proficient in these domains. Diverse exposure of information is dealt by these 8 domains. Individual lookout of all the domains will be apprehended symbolically.

1. Security and Risk Management 

This domain consists of the fundamentals of security policies, compliance law and regulations, professional ethics, risk management, and threat modeling. The following approaches are adopted to implement cybersecurity. There are some points that you need heed in this domain:

  • Here, security measures are decided compliance based.
  • Confidentiality - It means that information and functions can be accessed only by authorized parties. For example, military secrets. 
  • Integrity - Here, information and features can be added, altered, or removed only by authorized people and means. 
  • Governance - Such a program ensures that goals are achieved, provides strategic plans, and so on.
  • the organizations look into all types of risks such as investment and cyber-security, cyber-risks.
  • Let's have a look at the characteristics of the security policies: 
  • Firstly, these policies should align with the vision and mission of the company.
  • Secondly, these policies must integrate all the business units.
  • Thirdly, they should also be regularly updated. 
  • Lastly, these security policies should be easy to comprehend, and this allows everyone to abide by them without any issues.

A risk analysis team is also formed in an organization to perform the analysis of each known risk. The team first 

assesses the value of the company’s assets, then there is an analysis made based on the risks to assets, and finally, the team discovers solutions to mitigate these risks.

2. Asset Security 

In the second domain of CISSP asset security, is about dealing protection of assets such as data, and devices. There are various areas or points that you need heed in Asset security:

  • Data Classification - Here, first, the data owner classifies the data. This classification is carried out based on a set of predefined criteria. After which the classification is annually reviewed to see if there has to be some change or not.
  • Data Management - This manages the information lifecycle needs of an enterprise effectively.
  • Data Remanence - This is a term used for the residual of digital data that is present, despite trying to erase it.

3. Security Engineering

This domain considers security architecture, security models, cryptography, and physical security. Here, we have few points that you need heed in security engineering:

The security engineering domain establishes a common practice for creating, analyzing, and using architecture descriptions within a particular domain. 

Semaphore is a part of security engineering. Here, Semaphore secures information by converting data from a readable format to a non-readable format.

4. Communication and Network Security 

This domain is all about network structures, transmission methods, and security measures used to achieve the CIA in an organization. For a few points you need heed in this domain. Let’s throw some insight into a few of these measures:

  • OSI model - This is the foundation of networking. The Open Systems Interconnection, known as the OSI model, describes how data is transferred from one computer to another.
  • Firewall - This fourth domain also speaks about firewalls. A firewall is a hardware or software which is used to filter the malicious traffic from the internet to your computer. 
  • Here IDS(intrusion detect system) detect a unauthorized data.

Moving ahead, let us see how CISSP deals with authentication in the next domain. 

5. Identity and Access Management

This domain of CISSP is all about access control, identification, authorization, and attacks on access control and its countermeasures. To access a dataset or a resource, a subject must be identified, authenticated, and authorized. Let’s have a look at a few of the crucial fields in this domain:

  • In Identity management, various automated means, users are identified and authenticated. 
  • Kerberos - This is an authentication protocol based on symmetric-key cryptography that provides end-to-end security.
  • Access criteria - Access to data shouldn’t be granted to anyone and everyone. It should be issued based on the level of trust and the job role in the organization. It is also better if it is provided based on the location and the time.

6. Security Assessment and Testing

The sixth domain of CISSP is - security assessment and testing. Like other fields, you must perform regular assessments even in this field. So in this domain, we will look into audits, security control assessment, and testing reports. 

  • Audits - An audit is nothing but a repeated process wherein an independent professional evaluates and analyzes evidence.
  • destructibility Assessment - Here, IT risks are identified and assessed. It helps in identifying, quantifying, and prioritizing detructibility.
  • Testing allows well-planned assessment and test strategy can provide valuable information about risk and risk mitigation. The evaluation and test are executed by a working group called the integrated product team. Testing is performed to check the data flow between the application and the system.

7. Security Operations

This one is about investigations, monitoring and logging, recovery, and change management. The security operations domain of this CISSP tutorial will focus on digital forensics, incident management, and perimeter security such as:

  • Digital Forensics - Here, digital data is examined to identify, recover, and analyze opinions about digital information.
  • Incident Management - Incident management works towards restoring the services to normalcy, as soon as possible. A team called the incident response team is deployed to handle emergencies. Incidence response is defined as detecting a problem, determining its cause, minimizing the damage, resolving the issue, and documenting each step. This team provides management with sufficient information and defends the company against future attacks.
  • Perimeter Security - Perimeter defense allows us to detect and keep a check on unauthorized physical access. This field also controls access to the facility.

With that, we have explored security operations as a domain. Now, let’s move onto our eighth and final domain. 

8. Software Development Security

As the name suggests, this domain talks about security in a software development lifecycle. We will be looking into topics like API, Malware, Spyware, Adware, social engineering attacks, and SQL injection attacks.

  • Application Program Interface (API) - API is a collection of protocols and functions used to create applications. It supports formats such as Representational State Transfer (REST) and Simple Object Access Protocol (SOAP).
  • In Malware, we have a term referring to malicious software, viruses, ransomware, and worms. We can also call a trojan virus a form of malware capable of disguising itself as legitimate software.
  • Spyware - It is a type of malware used to secretly gather information of the victim to give it to a third party.
  • Adware - As the name suggests, this is a type of malware that continually displays ads and pop-ups. These are capable of gathering your information. 
  • Social Engineering Attack - It is the art of manipulating people to give their confidential information. It is broken down into Phishing, Spear Phishing, and Whaling Phishing Attacks.
  • SQL Injection - In a database-driven website, the hacker manipulates a standard SQL query and inserts malicious codes into a SQL server to obtain information.

Apart from this entire syllabus available online you can also get CISSP dumps which are intended to assist IT professionals in making the most of their expertise and experience gained over several years in the most recent syllabus.


Originally Published at https://www.aclassblogs.com/2021/05/what-are-cissp-domains.html




Suit Stores Vancouver

Labels:

Comments

Post a Comment

Popular posts from this blog

Major Benefits of Earning the CEH Certification in 2021

CEH(Certified Ethical Hacker) is the most popular certifications in the market and it provides the knowledge and skills needed for black hat hacking and white hat hacking. Certified professionals are required in cyber crime to respond adequately to mitigate risks and damaged caused due to security violations.  As the pandemic hits the firms and the leading organization have turned to digital world and as they realized the investment done in cybersecurity have increased due to it has turn to digital world. For a skilled professional, cybersecurity wing of business enterprises and government organizations have opened plenty of opportunities. Now, we will discuss the importance of certified ethical hacking CEH v11 certification and why you need this for enhancing your career.  What is Ethical Hacking? Ethical hacking is the process of penetrating applications devices with some destructibility and it is the art of securing the potential threats to digital assets like websites, networks an
Post a Comment
Read more

How cissp dumps can help you to clear the exam

Since the importance of certifications is increasing, you have to ensure that you make the most of them. you know everyone wants to do some or the other certification so as to grow in their respective field. Well, talking about information security, there are many professionals who do play to go for Cissp certification. They even take up the training and use cissp for dummies to ensure that they make the best out of it. After all, CISSP is a significant certification that everyone should do to ensure the best outcomes. YOU can practice and excel There are so many platforms that provide CISSP dumps. You can find them and use them. you can make sure that you solve manifold questions repeatedly and ensure that the concepts are clear to you. you can talk to professionals and they would take the pain and get you the best understanding of everything. Moreover, you can also ensure that you have expert guidance at every step.  Since you know that this ISC2 CISSP exam is one of the
Post a Comment
Read more

CISSP Certification Online Training, Cost, Advantages and Requirements

Advantages of CISSP Certification , Online Training, Cost and Requirements Advantages of CISSP Certification The CISSP's popularity continues to grow, as indicated by the data. There are currently over 131,000 CISSPs in over 170 nations and regions throughout the world. And demand for CISSP-certified workers is at an all-time high, according to various workforce studies, with the number of CISSP credential holders greatly outnumbering the demand. Why would you want to get your CISSP certification? Here are seven compelling reasons why the CISSP might be the best choice for you. Your earning potential will be maximised. You'll achieve your full career potential. You'll be a leader among your peers. You will have a thorough understanding of the cybersecurity landscape. Years of hands-on cybersecurity experience will be displayed. You'll be remembered as the best of the best. You will become a member of the world's largest cybersecurity professional association. CISSP
Post a Comment
Read more