GoogleCybersecurityCertificate
CISSP Security Domains (Part 1 of 2)
CISSP stands for Certified Information Systems Security Professional. It’s a globally recognized information security certification granted by the (ISC)² organization.
This note summarizes the first four of eight CISSP security domains:
1. Security and Risk Management: Focuses on defining security goals and objectives, risk mitigation, compliance (e.g., HIPAA), business continuity, and legal aspects. Example tasks include updating company policies based on changes in regulations.
2. Asset Security: Centers on securing both digital and physical assets, including data storage, maintenance, retention, and destruction. Example tasks include ensuring proper disposal of old equipment containing confidential information.
3. Security Architecture and Engineering: Focuses on optimizing data security through effective tools, systems, and processes. Example tasks include configuring firewalls to prevent network attacks.
4. Communication and Network Security: Focuses on managing and securing physical and wireless networks and communications. Example tasks include analyzing user behavior (e.g., connecting to unsecured hotspots) and creating network policies to mitigate risks.
Note: These domains are interconnected, and weaknesses in one area can negatively impact the organization as a whole. A basic understanding of all domains is beneficial for security professionals, even if specialization occurs in a particular area. The remaining four domains will be covered in a subsequent video/note.