GoogleCybersecurityCertificate
CISSP Security Domains (Part 2 of 2)
This note summarizes the final four of eight CISSP security domains, continuing from the previous note.
5. Identity and Access Management (IAM): Focuses on securing data by ensuring users adhere to established policies for controlling and managing both physical (e.g., office spaces) and logical (e.g., networks, applications) assets. Validating identities and documenting access roles are crucial. Example tasks include setting up employee keycard access.
6. Security Assessment and Testing: Focuses on conducting security control testing, data analysis, and security audits to identify risks, threats, and vulnerabilities. Example tasks include regularly auditing user permissions to ensure appropriate access levels (e.g., limiting access to payroll information).
7. Security Operations: Focuses on conducting investigations and implementing preventative measures to address security incidents. Example tasks include responding to alerts about unauthorized devices connected to the internal network and following established procedures to mitigate threats.
8. Software Development Security: Focuses on secure coding practices and integrating security into the software development lifecycle (SDLC). Example tasks include advising development teams on password policies and ensuring proper security and management of user data in new applications.
Note: These domains, along with those in Part 1, are interconnected and crucial for overall organizational security. Further detail on each domain will be provided in later coursework.