Information Security Domains

Information security domains or areas are the different fields where the practice and studies of information security can be split.

This post proposes different classifications for the security domains.

Information Security Domain Proposals

Information security domain proposals featured on this post:

  • ISACA
  • CISSP

ISACA IT Security Domains

As of 2022, ISACA’s security domains according to each certifications:

  • CISA
    1. Information system auditing process.
    2. Governance and management of IT.
    3. Information systems acquisition, development, and implementation.
    4. Information systems operations and business resilience.
    5. Protection of information assets.
  • CISM
    1. Information security governance
    2. Information risk management
    3. Information security program development and management
    4. Information security incident management

ISC2 Information Security Domains

As of 2024, these are the domains:

  1. SSCP
    1. Security Operations and Administration
    2. Access Controls
    3. Risk Identification, Monitoring, and Analysis
    4. Incident Response and Recovery
    5. Cryptography
    6. Network and Communications Security
    7. Systems and Application Security
  2. CISSP
    1. Security and Risk Management
    2. Asset Security
    3. Security Architecture and Engineering
    4. Communication and Network Security
    5. Identity and Access Management (IAM)
    6. Security Assessment and Testing
    7. Security Operations
    8. Software Development Security
  3. CCSP
    1. Cloud Concepts, Architecture and Design
    2. Cloud Data Security
    3. Cloud Platform and Infrastructure Security
    4. Cloud Application Security
    5. Cloud Security Operations
    6. Legal, Risk and Compliance

My Proposed Domains

I am making a proposal of domains try to cover all the previous domains.

My proposed domains:

  1. Governance, Risk and Compliance (GRC)
    1. IT Security Governance
    2. IT Risk Management
      • Supply Chain Risk Management
        • Cloud Risk Management
    3. IT Legal and Compliance
  2. Security Architecture and Engineering
    1. Secure Design Principles
    2. Security Models
    3. Securing IT Architectures
    4. Cryptography
    5. Identity and Access Management
    6. Control Selection
  3. IT Asset Security & Protection
    1. IT Physical & Hardware Security
    2. IT Software Security
      • Application Security
      • Database Security
      • Software Development
    3. IT Infrastructure, Communications & Network Security
    4. IT Data Security
    5. IT Service Security
      • IT Supply Chain Security
        • Cloud Security
  4. Security Operations
    1. Threat Intelligence
    2. IT Vulnerability Management
      • Penetration Testing
      • Support Patch
      • Quality Assurance
    3. IT Incident Monitoring, Response & Recovery
      • Incident Response
      • IT Forensics

The difference between software and data is that: software is executable, data isn’t.

Leave a Reply

Your email address will not be published. Required fields are marked *