10 Domains that the CISSP covers
Certification: CISSP - Certified Information Systems Security Professional
The Certified Information System Security Professionals certification has ten domains. The ten domains are derived from different topics about information security in accordance with the specifications of (ISC)2 CBK. Each of the ten domains concentrates on different aspects of system security. While most of the domains relate to what you can do to your network, some domains do not. One of such domains is the Legal, Regulations, Investigation and Ethics or Compliance domain; this domain address crucial issues, but very few details on how to protect your system from attacks. Below is a discussion of the ten domains.
The domain comprises of procedures that work to produce security architecture to secure informational security's assets. The domain deals with concepts, effectiveness and attacks. The domain involves protection of critical components of the system. Security professionals protect the critical parts of the system through monitoring and restriction of access. The security domain involves access permission, use of passwords and usernames. Single sign-on (SSO) also falls under this security domain. If you want to understand the domain, you should know about biometric technologies, tools and models of authentication, possible threats, and types of control access as well as auditing practices.
Telecommunications and network security
The domain is one of the largest and most important security domains. It concentrates on network structures, methods of transmission, and formats of transportation as well as security measures used to ensure accessibility, honesty and secretiveness. For this reason, the main parts of the domain are network architecture and design, channels of communication, components of the network and attacks on the network. Thus, the domain deals with security of information as it moves from device to another among other things.
Information Security Governance and Risk Management
The domain deals with the recognition of information assets in the organization and creation, recording and execution of rules and regulations, standards, methodologies and recommendations. The domain entails Security governance and policy, Classification or Ownership of Information, Concepts of Risk Management, Security of Personnel, Education, Training and Awareness in Security and Confirmation and Attestation.
Under this domain, professionals learn how to deal with security threats such as Trojans, malware and malicious programs that may be harmful to the network system. Security professionals must pay attention to the risk management part of this domain in addition to classification of data, roles of information security and policies pertaining to security.
Software Development Security
The domain deals with controls that are part of the systems and applications software as well as procedures of developing the software. The domain has three main parts namely, system development life cycle (SDLC), Application and security control and Potency of application security.
Security staff with an understanding of this domain must ensure their corporate systems are not only developed to meet the needs of the corporate but also to ensure security of the system. Other than understanding software architecture, programming basics and software life cycle development, they should also understand data interfaces and change of control.
Cryptography deals with the basics, ways and procedures of camouflaging or concealment information to protect its honor, secretiveness and credibility. The domain, therefore, has the following sections, methods of encryption, signatures that are digital, disguised attacks, Public Key Infrastructure (PKI) as well as alternatives of hiding information.
Security Architecture and Design
You will learn approaches, basics, structures and classics used to model, device, regulate and protect operating systems, tools, networks, applications and controls used in enforceability of availability, integrity and confidentiality. There are four areas discussed under the domain. These are, Underlying ideas of security designs, Information system capability (including virtualization and protection of memory), Countermeasure golden rules and threats and vulnerability such as cloud computing, control of data flow and collection.
The domain deals with the identification of the controls over hardware, media and operators. It also addresses the privilege to access any of the following; response to incidents, protection of resource, prevention and response to attack and vulnerability as well as patch management. In other words, operation security involves management of security and assessment of risks to the network, computer system and the entire environment.
Security professionals must understand this domain to prevent attacks and keep information safe. They should understand the administrative responsibilities, types of attacks, how to change configuration management, as well as email security.
Continuity of Business and Recovery Planning after Disasters
The main areas of the domain are; analysis of the impact of business, strategy of recovery, the recovery process from disaster and provision of training. Thus, the domain deals with how to safeguard the business against factors that may cause disruption of the business's routine operations.
Legal, Regulations, Investigations and Compliance
The domain deals with the laws relating to computer crime. Computer crime in the form of theft and fraud occur in most organizations despite the security staff putting measures to prevent such crime. Thus, the Legal, Regulations, Investigations and Compliance domain deals with measures of carrying out an investigation to resolve whether someone has committed a crime. What is more, the domain deals with ways of gathering evidence regarding a computer crime. The four main areas of the domain are compliance requirements and procedures, investigations, legal issues and forensic procedures.
Physical (Environment ) Security
The domain deals with physical protection of the organization and its sensitive information. It addresses the threats, vulnerability and countermeasures to ensure physical protection of the organization. The four areas of the domain are consideration of the site or facility design, facilities security, internal safety and perimeter safety.
A reliable security program should consider both logical and physical security risks. In addition, it must emphasize on the use of proper door locks, quality construction materials during the construction, wise choice of location, detection and prevention of fire, power supply models and environmental factors such as pressure control and water drains.
Related IT Guides
- Become (and stay) a CISSP on a Budget
- Busting Through the Myths About the CISSP exam
- CASP Vs CISSP Security Certifications: Choose the Best
- Earning CISSP CPE Credit with blog posts
- How the 2012 CISSP CBK was built up?
- How to develop applications by being a CISSP
- Topics that you need to study most for becoming a CISSP