CISSP Security Domains Overview

Jul 11, 2025

Overview

This lecture introduces the final four of the eight CISSP security domains: identity and access management, security assessment and testing, security operations, and software development security.

Identity and Access Management

  • Focuses on securing data by controlling user access to physical and digital assets.
  • Involves validating user identities and documenting access roles within an organization.
  • Tasks may include managing keycard access for employees or controlling network/application permissions.

Security Assessment and Testing

  • Involves testing security controls, collecting and analyzing security data, and conducting audits.
  • Ensures correct user permissions and identifies potential risks, threats, and vulnerabilities.
  • Analysts may regularly audit access to sensitive information, like payroll data.

Security Operations

  • Centers on investigating security incidents and applying preventative measures.
  • Security analysts respond to alerts (e.g., unauthorized devices on the network) by following established protocols.
  • Emphasizes quick threat containment and adherence to organizational policies.

Software Development Security

  • Focuses on integrating secure coding practices throughout the software development life cycle.
  • Security analysts collaborate with development teams to create secure applications and services.
  • May include advising on password policies and safeguarding user data in new software projects.

Key Terms & Definitions

  • Identity and Access Management (IAM) — Processes to verify user identity and manage access to resources.
  • Security Assessment and Testing — Activities to evaluate, test, and audit security controls and policies.
  • Security Operations — Ongoing management of security incidents and preventive safeguards.
  • Software Development Security — Application of secure practices in the design, coding, and deployment of software.

Action Items / Next Steps

  • Review and strengthen understanding of all eight CISSP security domains.
  • Prepare for deeper study of each domain in upcoming courses.