10 Domains that the CISSP covers

Certification: CISSP - Certified Information Systems Security Professional

The Certified Information System Security Professionals certification has ten domains. The ten domains are derived from different topics about information security in accordance with the specifications of (ISC)2 CBK.  Each of the ten domains concentrates on different aspects of system security. While most of the domains relate to what you can do to your network, some domains do not. One of such domains is the Legal, Regulations, Investigation and Ethics or Compliance domain; this domain address crucial issues, but very few details on how to protect your system from attacks. Below is a discussion of the ten domains.

Access control

The domain comprises of procedures that work to produce security architecture to secure informational security's assets. The domain deals with concepts, effectiveness and attacks. The domain involves protection of critical components of the system. Security professionals protect the critical parts of the system through monitoring and restriction of access.  The security domain involves access permission, use of passwords and usernames. Single sign-on (SSO) also falls under this security domain. If you want to understand the domain, you should know about biometric technologies, tools and models of authentication, possible threats, and types of control access as well as auditing practices.

Telecommunications and network security

The domain is one of the largest and most important security domains. It concentrates on network structures, methods of transmission, and formats of transportation as well as security measures used to ensure accessibility, honesty and secretiveness. For this reason, the main parts of the domain are network architecture and design, channels of communication, components of the network and attacks on the network. Thus, the domain deals with security of information as it moves from device to another among other things.

Information Security Governance and Risk Management

The domain deals with the recognition of information assets in the organization and creation, recording and execution of rules and regulations, standards, methodologies and recommendations. The domain entails Security governance and policy, Classification or Ownership of Information, Concepts of Risk Management, Security of Personnel,  Education, Training and Awareness in Security and Confirmation and Attestation.

Under this domain, professionals learn how to deal with security threats such as Trojans, malware and malicious programs that may be harmful to the network system. Security professionals must pay attention to the risk management part of this domain in addition to classification of data, roles of information security and policies pertaining to security.

Software Development Security

The domain deals with controls that are part of the systems and applications software as well as procedures of developing the software. The domain has three main parts namely, system development life cycle (SDLC), Application and security control and Potency of application security.

Security staff with an understanding of this domain must ensure their corporate systems are not only developed to meet the needs of the corporate but also to ensure security of the system. Other than understanding software architecture, programming basics and software life cycle development, they should also understand data interfaces and change of control.


Cryptography deals with the basics, ways and procedures of camouflaging or concealment information to protect its honor, secretiveness and credibility. The domain, therefore, has the following sections, methods of encryption, signatures that are digital, disguised attacks, Public Key Infrastructure (PKI) as well as alternatives of hiding information.

Security Architecture and Design

You will learn approaches, basics, structures and classics used to model, device, regulate and protect  operating systems, tools, networks, applications and controls used in enforceability of availability, integrity and confidentiality.  There are four areas discussed under the domain.  These are, Underlying ideas of security designs, Information system capability (including virtualization and protection of memory), Countermeasure golden rules and threats and vulnerability such as cloud computing, control of data flow and collection.

Operations Security 

The domain deals with the identification of the controls over hardware, media and operators. It also addresses the privilege to access any of the following; response to incidents, protection of resource, prevention and response to attack and vulnerability as well as patch management. In other words, operation security involves management of security and assessment of risks to the network, computer system and the entire environment.

Security professionals must understand this domain to prevent attacks and keep information safe. They should understand the administrative responsibilities, types of attacks, how to change configuration management, as well as email security.

Continuity of Business and Recovery Planning after Disasters

The main areas of the domain are; analysis of the impact of business, strategy of recovery, the recovery process from disaster and provision of training. Thus, the domain deals with how to safeguard the business against factors that may cause disruption of the business's routine operations.

Legal, Regulations, Investigations and Compliance

The domain deals with the laws relating to computer crime. Computer crime in the form of theft and fraud occur in most organizations despite the security staff putting measures to prevent such crime. Thus, the Legal, Regulations, Investigations and Compliance domain deals with measures of carrying out an investigation to resolve whether someone has committed a crime.  What is more, the domain deals with ways of gathering evidence regarding a computer crime. The four main areas of the domain are compliance requirements and procedures, investigations, legal issues and forensic procedures.

Physical (Environment ) Security

The domain deals with physical protection of the organization and its sensitive information. It addresses the threats, vulnerability and countermeasures to ensure physical protection of the organization. The four areas of the domain are consideration of the site or facility design, facilities security, internal safety and perimeter safety.

A reliable security program should consider both logical and physical security risks.  In addition, it must emphasize on the use of proper door locks, quality construction materials during the construction, wise choice of location, detection and prevention of fire, power supply models and environmental factors such as pressure control and water drains.

Related IT Guides

  1. CISSP exams
  2. Become (and stay) a CISSP on a Budget
  3. Busting Through the Myths About the CISSP exam
  4. CASP Vs CISSP Security Certifications: Choose the Best
  5. Earning CISSP CPE Credit with blog posts
  6. How the 2012 CISSP CBK was built up?
  7. How to develop applications by being a CISSP
  8. Topics that you need to study most for becoming a CISSP
100% Money Back

How to Claim the Refund / Exchange?

In case of failure your money is fully secure by BrainDumps Guarantee Policy. Before claiming the guarantee all downloaded products must be deleted and all copies of BrainDumps Products must be destroyed.

Under What Conditions I can Claim the Guarantee?

Full Refund is valid for any BrainDumps Testing Engine Purchase where user fails the corresponding exam within 30 days from the date of purchase of Exam. Product Exchange is valid for customers who claim guarantee within 90 days from date of purchase. Customer can contact BrainDumps to claim this guarantee and get full refund at support@braindumps.com. Exam failures that occur before the purchasing date are not qualified for claiming guarantee. The refund request should be submitted within 7 days after exam failure.

The money-back-guarantee is not applicable on following cases:

  1. Failure within 7 days after the purchase date. BrainDumps highly recommends the candidates a study time of 7 days to prepare for the exam with BrainDumps study material, any failures cases within 7 days of purchase are rejected because in-sufficient study of BrainDumps materials.
  2. Wrong purchase. BrainDumps will not entertain any claims once the incorrect product is Downloaded and Installed.
  3. Free exam. (No matter failed or wrong choice)
  4. Expired order(s). (Out of 90 days from the purchase date)
  5. Retired exam. (For customers who use our current product to attend the exam which is already retired.)
  6. Audio Exams, Hard Copies and Labs Preparations are not covered by Guarantee and no claim can be made against them.
  7. Products that are given for free.
  8. Different names. (Candidate's name is different from payer's name.)
  9. The refund option is not valid for Bundles and guarantee can thus not be claimed on Bundle purchases.
  10. Guarantee Policy is not applicable to CISSP, EMC, HP, Microsoft, PMI, SAP and SSCP exams as www.braindumps.com provides only the practice questions for these.
  11. Outdated Exam Products.
Get 10% Discount on Your Purchase When You Sign Up for E-mail

This is a ONE TIME OFFER. You will never see this Again

Instant Discount

Braindumps Testing Engine

10% OFF

Enter Your Email Address to Receive Your 10% OFF Discount Code Plus... Our Exclusive Weekly Deals

A confirmation link will be sent to this email address to verify your login.

* We value your privacy. We will not rent or sell your email address.
Your 10% Discount on Your Purchase

Save 10%. Today on all IT exams. Instant Download

Braindumps Testing Engine

Use the following Discount Code during the checkout and get 10% discount on all your purchases:


Start Shopping