Cybersecurity has many different aspects that requires different skills and specialties. Understanding the different domains and how to address each domain is necessary to have a strong and effective cybersecurity strategy.
The 9 domains of cybersecurity are covered in the CISSP examination by the International Information System Security Certification Consortium, also known as (ISC)2. The (ISC)2 is known as the “world’s largest IT security organization” that provides training and certifications for cybersecurity professional. Therefore, their categorization of the 8 cybersecurity domains is widely accepted in the cybersecurity community.
Cybersecurity or IT security protects the computer system as a whole. However, cybersecurity requires attention to detail, which is why it has been separated into different domains. Each domain specializes in different areas of cybersecurity. Therefore, cybersecurity professionals can focus on the characteristics of their specialized domain to optimize the cybersecurity of their organization.
Security and Risk Management
Security and risk management is one of the largest domains in cybersecurity. Of the 3 fundamentals to cybersecurity, security and risk management deals with the people and processes. Security and risk management ensures the security threats and risks are at an acceptable level. To do this, they ensure their organization is:
- Meeting compliance requirements
- Following legal and regulatory requirements
- Following IT procedures and policies
- Completing risk assessments
- Creating incident response plans
- Completing security awareness training
Security and risk management professionals might do more than the tasks mentioned above. However, everything they do ensures their organization will minimize the security risk.
Asset security covers the concepts, structures, principles, and standards that monitor and secure assets. Assets to be considered includes anything that is important to the organization. These include, but are not limited to, partners, employees, facilities, equipment, and information.
In asset security, professionals protect physical requirements needed for their organizations. This includes:
- Handling physical/asset requirements
- Data security controls
- Retention periods
- Classification/ownership of information and assets
Security engineering includes network security and computer operations security. This domain emphasizes technical expertise to prevent attacks on both the network and the host. This domain includes and covers the following:
- Router/switch security
- Intrusion detection and prevention systems (IDS/IPS)
- Host-based security tools (eg. antivirus, DLP, etc.)
- Email filtering
- Vulnerability scanning
Communications & Network Security
Communications and network security considers the fundamentals of security concerns found in network and communication channels. Here, professionals must design and protect the organization’s communication network. This includes securing:
- Communication channels
- Network components
- Design principles for network architecture
Identity and Access Management
Identity and access management considers all the systems, processes, and procedures in an organization. They need to assign identities, handle authentication, and manage access control for various parts of the organization’s network.
This domain establishes authentication of individuals within an organization. It also follows the principle of least privilege – where the organization assigns the bare minimum of access rights to their employees to complete duties. In other words, identity and access management involves controlling how the users of an organization accesses data.
Identity and access management professionals consider:
- Identity and access provisioning lifecycle
- Authorization mechanisms
- Integrating identity as a service
- Third-party identity services
- Identification and authentication
- Physical and logical access to assets
Security Assessment and Testing
Security assessment and testing determines the performance and design of an organization’s security. It can be considered an extension of the risk assessment responsibility under the “Security and Risk Management” domain. However, security assessment and testing focuses on determining and analyzing the security processes. It observes:
- Internal and third-party security audits
- Test outputs
- Collecting security process data
- Security control testing
- Designing and validating assessment and test strategies
By observing and analyzing the security tests and protocols put in place, the organization can identify what needs improvement to ensure the security of their network.
In security operations, individuals monitor and maintain the tools used by professionals in the security engineering domain. As a result, security operations experts must have a good understanding of all other domains to perform their job well. Security operations maintains:
- Business continuity
- Disaster recovery
- Incident management
- Physical security
- Provisions of resources
- Logging and monitoring activities
- Threat intelligence and digital forensics
- Cyber threat investigation
Security operations requires many different skills related to the cybersecurity field. Experts of this field must have the experience and knowledge to ensure the security processes in the organization is completed smoothly.
Software Development Security
Software development security helps professionals understand how to apply and enforce software security. Additionally, they deal with issues regarding the internally developed applications and/or systems. This domain, like the security engineering domain, also requires excellent technical skills. They must understand:
- Secure coding guidelines and standards
- Effectiveness of software security
- Security controls in development environments
- Security in the software development cycle
Understanding the above skills ensures the development of the organization’s software will be secure to use for both your organization’s employees and clients.
Information Security Governance
Lastly, information security governance contains understanding and implementing security frameworks – including the vision, mission, values, strategies, core policies and other factors for your organization’s security. Information security governance is the overview, or roadmap, of your security journey.
Information security governance experts must understand the various information security frameworks. This is because security frameworks are essential to setting up and organization your organization’s security network. A few of the commonly used governance frameworks include:
- National Institute for Security and Technology (NIST)
- International Organization for Standardization (ISO)
- Control Objectives for Information and Related Technology (COBIT)
- The Health Information Portability and Accountability Act (HIPAA)
- The Payment Card Industry Data Security Standard (PCI DSS)
Following governance guidelines helps set parameters for your organization’s security network. Based on the guidelines, information security governance professionals oversee and enact the security policies to ensure the organization is safe and secure by following security protocols.
Each domain is critical to ensuring the organization’s security is maintained. As a result, many cybersecurity professionals specialize in a domain to ensure each section of cybersecurity is appropriately addressed. However, cybersecurity professionals can (and will) operate in multiple domains.
If you found this blog useful, please share with others: