Mastering Cybersecurity: Day 2 of the 100-Day Challenge

Every Cyber enthusiast must learn this as a beginner

Essential CISSP Domains for Beginners

Let's get started with the 8 domains. The first domain is security risk and risk management, which focuses on security aims & objectives, risk mitigation, compliance, business continuity, and the law. Let's take an example: security analysts may need to update company policies related to private health information if a change is made to a federal compliance regulation such as the Health Insurance Portability and Accountability Act, also known as HIPAA.

The second domain is access security. This domain focuses on securing digital and physical assets. It's also related to the storage, maintenance, retention, and destruction of data. When working with this domain, security analysts may be tasked with making sure that old equipment is properly disposed of and destroyed, including any type of confidential information.

The third domain is security architecture and engineering. This domain focuses on optimizing data security by ensuring effective tools, systems, and processes are in place. As a security analyst, you may be tasked with configuring a firewall. A firewall is a device used to monitor and filter incoming and outgoing computer network traffic. Setting up a firewall correctly helps prevent attacks that could affect productivity.

The fourth security domain is communication and network security. This domain focuses on managing and securing physical networks and wireless communications. As a security analyst, you may be asked to analyze user behavior within your organization.

Let's move into the fifth domain: identity and access management. Identity and access management focuses on keeping data secure by ensuring users follow established policies For example, as a security analyst, you may be tasked with setting up employees' keycard access to buildings.

The sixth domain is security assessment and testing. This domain focuses on conducting security control testing, collecting and analyzing data, and conducting security audits to monitor for risks, threats, and vulnerabilities. For example, access to payroll information is often limited to certain employees, so analysts may be asked to regularly audit permissions

The seventh domain is security operations. This domain focuses on conducting investigations and implementing preventative measures. Imagine that you, as a security analyst, receive an alert that an unknown device has been connected to your internal network. You would need to follow the organization's policies and procedures to quickly stop the potential threat.

The final, eighth domain is software development security. This domain focuses on using secure coding practices. If, for example, one of your partner teams is creating a new mobile app, then you may be asked to advise on the password policies or ensure that any user data is properly secured and managed.

Conclusion

Today, on day 2, I learned about eight domains in cybersecurity. I gained a lot of valuable knowledge about these domains and cybersecurity as a whole, from understanding HIPAA to recognizing the importance and responsibilities of a security analyst. I look forward to learning even more in the coming days.