Open in app

Sign in

Write

Sign in

Security domains cybersecurity analysts need to know

Joshua U
5 min readFeb 21, 2024

You can investigate various areas of cybersecurity that pique your interest as an analyst. Gaining knowledge of the various security domains and how they are utilized to structure the work of security professionals is one method for delving into these areas. This reading will elaborate on the relationship between the eight security domains of CISSP and the duties of a security analyst.

Domain one: Security and risk management

Every organization is required to establish a security posture. Security posture is the capacity of an organization to manage and respond to changes in its defense of critical assets and data. Aspects of the domain of security and risk management that influence the security posture of an organization include:

  • Security goals and objectives
  • Risk mitigation processes
  • Compilance
  • Business continuity plans
  • Legal regulations
  • Professional and organizational ethics

Information security, abbreviated InfoSec, pertains to a collection of procedures implemented with the purpose of safeguarding data. Depending on its requirements and risk perception, an organization may incorporate training and playbooks into its security and risk management program. Numerous InfoSec design processes exist, including:

  • Incident Response
  • Vulnerability Management
  • Application Security
  • Cloud Security
  • Infrastracture Security

One potential scenario in which a security team might be required to modify the handling of personally identifiable information (PII) is to comply with the General Data Protection Regulation (GDPR) of the European Union.

Domain two: Asset security

Asset security encompasses the oversight of the cybersecurity procedures that pertain to the physical and virtual data storage, maintenance, retention, and eradication that comprise an organization’s assets. Due to the exposed nature of an organization and the increased risk posed by the loss or theft of assets, it is critical to maintain accurate records of both assets and the data they contain. The extent to which a security impact analysis is performed, a recovery strategy is developed, and data exposure is managed is contingent upon the risk level associated with a given asset. It may be necessary for security analysts to create backups of data in order to store, maintain, and retain it so that they can restore the environment in the event that a security incident compromises the organization’s data.

Domain three: Security architecture and engineering

This field is concerned with data security management. Implementing and maintaining efficient tools, systems, and processes is crucial for safeguarding the assets and data of an organization. Engineers and security architects design these procedures.

A critical element within this field pertains to the notion of shared responsibility. Shared responsibility entails that every participant actively contributes to the mitigation of risk throughout the security system design process. Additional domain-specific design principles, which will be elaborated upon later in the program, consist of the following:

  • Threat modeling
  • Least privilege
  • Defence in depth
  • Fail securely
  • Seperation of duties
  • Keep it simple
  • Zero trust
  • Trust but verify

Utilizing a security information and event management (SIEM) tool to monitor for indicators associated with unusual login or user activity that may indicate a threat actor is attempting to access private data is an example of data management.

Domain four: Communication and network security

This field is concerned with the administration and protection of physical networks and wireless communications. This includes cloud, on-site, and remote communications.

Organizations that have hybrid, on-site, and remote work environments must ensure data security; however, it is difficult to manage external connections to ensure that remote workers are accessing the organization’s networks securely. Implementing network security controls, such as restricting network access, can safeguard users and maintain the integrity of an organization’s network in situations involving remote work or employee travel.

Domain five: Identity and access management

The primary concern of the identity and access management (IAM) domain is the protection of data. It accomplishes this by assuring authorization for access to physical and logical assets and verifying and authenticating user identities. This prevents unauthorized access while permitting authorized users to carry out their duties.

IAM operates on the basis of the principle of least privilege, which entails granting access and authorization insofar as is strictly necessary to accomplish a given task. For instance, a cybersecurity analyst could be tasked with ensuring that customer service representatives are only permitted to access the customer’s private information, such as their phone number, during the resolution process. Once the customer’s issue has been resolved, access to the customer’s private data would be revoked.

Domain six: Security assessment and testing

The primary objective of the security assessment and testing domain is the detection and reduction of vulnerabilities, hazards, and risks. Security assessments assist organizations in determining the level of risk or security pertaining to their internal systems. Organizations may utilize penetration testers, commonly known as “pen testers,” to identify potential exploitable vulnerabilities by threat actors.

This domain implies that in addition to collecting and analyzing data, organizations should perform security control testing. Furthermore, it underscores the significance of performing security audits in order to detect and mitigate the likelihood of a data intrusion. In order to facilitate the completion of such endeavors, cybersecurity experts might be entrusted with the responsibility of auditing user permissions to verify that users possess the appropriate degrees of access to internal systems.

Domain seven: Security operations

The security operations domain is concerned with the post-security incident implementation of preventative measures and the investigation of potential data breaches. This involves implementing the following strategies, processes, and tools:

  • Training and awarness
  • Reporting and documentation
  • Intrusion detection and prevention
  • SIEM tools
  • Log management
  • Incident management
  • Playbooks
  • Post-breach forensics
  • Reflecting on lessons learned

The cybersecurity experts engaged in this field collaborate harmoniously to oversee, avert, and examine potential dangers, weaknesses, and threats. These personnel have received specialized training to manage active assaults, which may involve unauthorized access to large volumes of data from the internal network of an organization, beyond regular business hours. After the identification of a threat, the team assiduously strives to safeguard confidential data and information against malicious actors.

Domain eight: Software development security

Developing secure applications through the implementation of secure programming practices and guidelines is the focus of the software development security domain. The delivery of secure and dependable services is facilitated by secure applications, thereby safeguarding organizations and their consumers.

Every phase of the software development life cycle — design, development, testing, and release — must incorporate security measures. Security must be considered at every stage of the software development process in order to be achieved. Ensuring security is not a secondary consideration.

Application security testing can aid in the detection and subsequent mitigation of vulnerabilities. It is essential to implement a testing system for the software’s embedded security measures, programming conventions, and executables. Involving quality assurance and penetration testing experts in the software development process is also critical for ensuring that the code meets security and performance requirements. An instance of this would be a pharmaceutical company employing an entry-level analyst tasked with ensuring that encryption is configured appropriately for a novel medical device designed to store confidential patient information.

Key takeaways

You gained a deeper understanding of the focal points of the eight CISSP security domains through this reading. Furthermore, you gained knowledge regarding InfoSec and the principle of least privilege. A comprehensive understanding of these security domains and associated concepts will facilitate your penetration into the realm of cybersecurity.

Cybersecurity
Cybersecurity Awareness
Cissp

--

--

Joshua U
Joshua U

Written by Joshua U

89 followers
7 following

Python Enthusiast, Assistant Professor, Care for developing

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech