In this article, we look over the 8 security domains or abstractions of cybersecurity posture provided by The Certified Information Systems Security Professionals (CISSP) certificate syllabus. And the various types of attacks that can be connected to these domains.
8 CISSP security domains
Security Assessment and testing (Forensics and Testing)
Security and Risk management
Software development security
Security engineering and architecture
Communications and network security
Identity and Access management (User privileges)
Security Operations (Investigations, setting up tools)
Asset security (protection of data)
Security and Risk management
Assuring compliance
Abiding my policies and procedures
Asset Security
Data security measures
Categorisation and possession of data
Security Architecture and Engineering
Creation of security systems and frameworks
Evaluating existing vulnerabilities in the old system
Communications and network security
Focuses on network security
Protects communication channels
Identity and Access Management
Physical and cyber access to assets
Identification and authentication of parties
Security Assessment and Testing
Testing for vulnerabilities through assessments and pentetration tests
Disaster recovery
Awareness training for clients
Security Operations
Investigation for vulnerabilities
Logging and monitoring activities
Managing physical security
Software Development Security
Detect weakness and exploitable flaws in source code.
evaluate existing problems with code.
Types of Attacks
Password attacks
Social engineering attacks (like phishing)
Physical attacks (malicious flash drive)
Adversarial artificial intelligence (TRENDING)
- Making use of artificial intelligence to perform attacks in a more sophisticated manner.
Supply chain attacks
- Infecting products with malware during the delivery process of devices when third parties are involved.
Cryptographic attacks
Encryption cracking methods
Targets secure forms of communication