CISSP 8 DOMAINS

Security Operations

This domain focuses on conducting investigations and implementing preventative measures.

Security Assessment and Testing

This domain focuses on conducting security control testing, collecting and analyzing data, and conducting security audits to monitor for risks, threats, and vulnerabilities.

Security and Risk Management

This domain focuses on defining security goals and objectives, risk mitigation, compliance, business continuity, and the law.

Identity and Access Management

This domain focuses on keeping data secure, by ensuring users follow established policies to control and manage physical assets, like office spaces, and logical assets, such as networks and applications.

Communication and Network Security

This domain focuses on managing and securing physical networks and wireless communications.

Architecture and Engineering

This domain focuses on optimizing data security by ensuring effective tools, systems, and processes are in place.

Asset Security

This domain focuses on securing digital and physical assets. It's also related to the storage, maintenance, retention, and destruction of data.

Software Development Security

This domain focuses on using secure coding practices, which are a set of recommended guidelines that are used to create secure applications and services.