Overview
This lecture introduces the first four of the eight CISSP security domains, providing an overview of each and highlighting their importance for security professionals.
CISSP Security Domains Overview
- Security domains organize core security concepts into categories defined by CISSP.
- Gaps in one domain can have negative impacts across an organization.
- Understanding domains helps guide career paths and professional roles.
Security and Risk Management
- Focuses on setting security goals, risk mitigation, compliance, business continuity, and legal issues.
- Involves updating policies for compliance with laws such as HIPAA.
Asset Security
- Involves securing both digital and physical assets of an organization.
- Covers procedures for data storage, maintenance, retention, and secure destruction.
Security Architecture and Engineering
- Optimizes data security through the implementation of tools, systems, and processes.
- Includes tasks like configuring firewalls to filter and monitor network traffic.
Communication and Network Security
- Concerns the management and protection of physical and wireless networks.
- Addresses risks such as users connecting to unsecured wireless hotspots and the need for strong network policies.
Key Terms & Definitions
- CISSP — Certified Information Systems Security Professional, a widely recognized security certification and framework.
- Security Domain — A category that organizes related security concepts and practices.
- HIPAA — Health Insurance Portability and Accountability Act, a federal regulation concerning health information privacy.
- Firewall — A device or software that filters and monitors network traffic to prevent unauthorized access.
Action Items / Next Steps
- Review the first four CISSP security domains introduced in this lecture.
- Prepare to learn about the next four CISSP domains in the upcoming session.