(This article is motivated by the Google Cybersecurity Professional Certificate and I simply put the pieces together for beginner's reading and understanding)
Domain 1: Security and Risk Management
- Defines security goals and objectives, risk mitigation, compliance, business continuity, and the law.
- By defining goals and objectives, organizations can reduce the risk of critical assets and data like PII (Personal Identifiable Information).
- Risk mitigation: The process of having the right procedures and rules in place to quickly reduce the impact of risk like a breach. risk mitigation is generally considered a proactive process. It involves identifying potential risks before they occur and taking actions to reduce their likelihood or impact. By addressing risks in advance, organizations can enhance their ability to achieve their goals and minimize negative consequences.
- Compliance: It is a primary method used to develop an organization’s internal security policies, regulatory requirements, and independent standards that are set by a governing body or authority.
- Business continuity: An organization’s ability to maintain their everyday productivity by establishing a risk disaster recovery plan.
- Laws: laws related to security and risk management are different worldwide. The overall goals are similar. As a security professional, this means following rules and expectations for ethical behavior to minimize negligence, abuse, and fraud.
- For example, security analysts may need to update company policies related to private health information. Social engineering attacks are related to the security and risk management domain.
- Supply-chain attacks can fall under several domains, including but not limited to the security and risk management, security architecture and engineering, and security operations domains.
- Secures digital and physical assets. It is also related to the storage, maintenance, retention, and destruction of data. Analysts make sure that old equipment is properly disposed of or destroyed and any confidential documents.
- PII or SPII should be securely handled and protected, whether stored on a computer, transferred over a network like the internet, or even physically collected.
- Organizations also need to have policies and procedures that ensure data is properly stored, maintained, retained, and destroyed. Knowing what data, you have and who has access to it is necessary for having a strong security posture that mitigates risk to critical assets and data.
- Physical attacks like card cloning and malicious USB cable fall under the asset security domain.
Domain 3: Security Architecture and Engineering:
- Optimizes data security by ensuring effective tools, systems and processes are in place.
- Secure networks keep an organization's data and communications safe whether on-site, or in the cloud, or when connecting to services remotely.
- As a security analyst, you might be asked to configure a firewall.
- Supply-chain attacks can fall under several domains, including but not limited to the security and risk management, security architecture and engineering, and security operations domains.
Domain 4: Communication and Network Security:
- Manage and secure physical networks and wireless communication.
- Password attacks fall under the communication and network security domain.
- Adversarial artificial intelligence falls under both the communication and network security and the identity and access management domains.
- Cryptographic attacks fall under the communication and network security domain.
Domain 5: Identity and Access Management
- Keep data secure, by ensuring users follow established policies and manage physical assets, like office spaces, and logical assets, such as networks and applications.
- Components of IAM Identification – Username, keycard, biometric data like fingerprint Authentication – Password or pin Authorization – level of access Accountability – monitoring and recording user actions
- As a security analyst, you may be tasked with setting up the employee’s keycard access to buildings.
- Adversarial artificial intelligence falls under both the communication and network security and the identity and access management domains.
Domain 6: Security Assessment and Testing
- Conducting security control testing, collecting and analyzing the data, and conducting security audits to monitor for risks, threats and vulnerabilities.
- This involves examining organizational goals and objectives and evaluating if the controls being used achieve those goals. Collecting and analyzing security data regularly also helps prevent threats and risks to the organization.
- Security analysts may conduct regular audits of user permissions to make sure that users have the correct level of access. For example, access of payroll information often limited to certain employees so analysts will do regular audits to make sure that no unauthorized person can view employee salaries.
Domain 7: Security Operations
- Conducting investigation and implementing preventive measures.
- Investigations begin once a security incident has been identified.
- This process requires a heightened sense of urgency to minimize potential risks to the organization. If there is an active attack, mitigating the attack and preventing it from escalating further is essential for ensuring that private information is protected from threat actors.
- Once the threat has been neutralized, the collection of digital and physical evidence to conduct a forensic investigation will begin. A digital forensic investigation must take place to identify when, how, and why the breach occurred. This helps security teams determine areas for improvement and preventative measures that can be taken to mitigate future attacks.
- For example, receiving an alert that an unknown device has been connected to your internet network.
- Supply-chain attacks can fall under several domains, including but not limited to the security and risk management, security architecture and engineering, and security operations domains.
Domain 8: Software Development Security
- Use secure coding practices, which are a set of recommended guidelines that are used to create secure applications and services.
- Analysts engage with the software development team to make sure that security is in place in SDLC.
- For example, performing a secure design review during design phase, Secure code reviews during the development and testing phase and penetration testing during the deployment and implementation phase ensures that security is embedded into the software product at every step.