Overview
This lecture introduces the final four of the eight CISSP security domains: identity and access management, security assessment and testing, security operations, and software development security.
Identity and Access Management
- Focuses on securing data by controlling user access to physical and digital assets.
- Involves validating user identities and documenting access roles within an organization.
- Tasks may include managing keycard access for employees or controlling network/application permissions.
Security Assessment and Testing
- Involves testing security controls, collecting and analyzing security data, and conducting audits.
- Ensures correct user permissions and identifies potential risks, threats, and vulnerabilities.
- Analysts may regularly audit access to sensitive information, like payroll data.
Security Operations
- Centers on investigating security incidents and applying preventative measures.
- Security analysts respond to alerts (e.g., unauthorized devices on the network) by following established protocols.
- Emphasizes quick threat containment and adherence to organizational policies.
Software Development Security
- Focuses on integrating secure coding practices throughout the software development life cycle.
- Security analysts collaborate with development teams to create secure applications and services.
- May include advising on password policies and safeguarding user data in new software projects.
Key Terms & Definitions
- Identity and Access Management (IAM) — Processes to verify user identity and manage access to resources.
- Security Assessment and Testing — Activities to evaluate, test, and audit security controls and policies.
- Security Operations — Ongoing management of security incidents and preventive safeguards.
- Software Development Security — Application of secure practices in the design, coding, and deployment of software.
Action Items / Next Steps
- Review and strengthen understanding of all eight CISSP security domains.
- Prepare for deeper study of each domain in upcoming courses.