Domains in Cyber Security

Introduction:

Cybercrime is a universal dispute that has liberated the news cycle. Discrete security is endangered, but significant worldwide banks, corporations, and governments are much more in danger. Organized criminal syndicates now operate like start-ups, with highly-trained engineers repeatedly inventing new cyber-attacks. With such data everywhere to exploit, cyber security has become critical.

What are the Domains in Cyber security?

The following are the 10 domains of cyber security.

1. Access Control:

   Controlling access to information is critical for companies to protect the information's confidentiality, integrity, and availability. Unauthorized users are prevented from retrieving, using, or modifying information via access restrictions. The risks, threats, and vulnerabilities that an organization faces define these controls.

2. Telecommunications and Network Security:

   Because it necessitates comprehension of communications infrastructure, methods of communication, data transport formats, and security procedures occupied to safeguard the network and broadcast, network security and telecommunication are some of the most technical topics of the CISSP certificate. The network is the key link that connects consumers to information resources. As a result, this domain emphasizes the network's design and architecture, as well as its components, in order to avoid data flow interruption and infiltration.

3. Information Security Governance and Risk Management:

   The domain for system security practice is the groundwork for a safety specialist's job. The core security principles, procedures, controls, and definitions are all listed in this domain. It also emphasizes several non-technical aspects of information security. IT security governance is the process through which an organization governs and regulates Information security (adapted from ISO 38500). The distinction between IT security management and IT security management is critical. IT security management is concerned with risk mitigation decisions, whereas governance is focused on determining who has the power.[1]

4. Software Development Security:

   The software design confidence domain is concerned with the whole systems development process (SDLC), from idea to requirement, design, improvement, deployment, procedure, and withdrawal from service. To guarantee the complete efficacy of confidence measures and that privacy issues are fingered, information security and privacy specialists must be contained within all phases of the SDLC.

   The widespread use of personal mobile devices, as well as an extensive range of susceptible mobile apps, increases the danger of revealing sensitive and business-related information in the workplace. When personal material is saved on digital phones, this can happen. Cyber-attacks frequently take advantage of flaws in software and operating systems. That is why software must be updated and patched on a regular basis.

5. Cryptography:

   The cryptography area is concerned with techniques of concealing information in order to secure the integrity, secrecy, and validity of data being sent (i.e., data in transit) as well as data being kept (i.e., data at rest). Cryptography safeguards that only the proper, authorized individual may read both types of data. This is frequently referred to as encryption in layman's terms. The transformation of basic text into an incomprehensible cipher text is known as encryption.

6. Security Architecture and Design:

   All component of the data technology infrastructure (e.g., servers, workplaces, storage area networks, switches, routers, firewalls, cloud computing, or virtualization) has their own set of vulnerabilities.

   For any kind of system platform, security design is indispensable for imposing security policies that may be implemented at numerous tiers. The enterprise's design is predicated on how it will manage each of the following:

   • Services and procedures that are permitted and prohibited
   • Vulnerability analysis
   • Patch administration
   • Upgrades to the firmware or software
7. Operations Security:

   Despite the fact that the security architect or engineer assists in the development of security standards and policies, operational security is the day-to-day activity of installing, maintaining, and monitoring protections and controls to prevent security events.

8. Business Continuity and Disaster Recovery Planning:

   In the event of a calamity or service outage, strategies must be in place to protect and carry on operations. Business endurance planning and disaster recovery scheduling are the two forms of planning that are highlighted in this subject. There are certain variances between the notions, despite the fact that they are fairly similar in nature.

9. Legal, Regulations, Investigations, and Compliance:

   Information security experts must be familiar with domestic and international laws, regulations, and industry standards. This encompasses cybercrime and challenges specific to investigating computer crimes, such as forensic processes for gathering confirmation and legal regulations for evidence control, room, and preservation.

   This domain also contains processes for breach notification. The federal administration has precisely specified the steps that must be monitored following a breach of PHI under the HIPAA privacy regulation and the HITECH breach reporting requirements for healthcare companies and their business connections.

10. Physical (Environmental) Security:

    Physical and environmental threats or susceptibilities may have been detected during dangerous risk assessments. This includes, among other things, disaster scenarios, service failures, regular disasters, and sabotage.

    Physical security includes locks, guardians, surveillance monitoring, interruption detectors, and sirens. It also includes adequate computer tools management, such as maintenance and register system, retention and storage, and a protocol for disposal.[1]

Conclusion:

One of the most crucial parts of the fast-paced, ever-changing digital world is cyber security. Its threats are difficult to dismiss, therefore learning how to guard against them and teaching others how to do so is critical.

1. The 10 Security Domains (Updated 2013) - Retired. Available from: https://library.ahima.org/PB/SecurityDomains#.YeuKVP5BzIV.