Please enable JavaScript.

Coggle requires JavaScript to display documents.

Cyber - Coggle Diagram

- - - - CISSP domains
        
        Security Assessment and Testing (12%)
        
        Designing and validating assessment and test strategies;
        
        Security control testing;
        
        Collecting security process data;
        
        Test outputs; and
        
        Internal and third-party security audits.
        
        Security Operations (13%)
        
        Understanding and supporting investigations;
        
        Requirements for investigation types;
        
        Logging and monitoring activities;
        
        Securing the provision of resources;
        
        Foundational security operations concepts;
        
        Applying resource protection techniques;
        
        Incident management;
        
        Disaster recovery;
        
        Managing physical security; and
        
        Business continuity.
        
        Software Development Security (11%)
        
        Security in the software development life cycle;
        
        Security controls in development environments;
        
        The effectiveness of software security; and
        
        Secure coding guidelines and standards.
        
        Communication and Network Security (13%)
        
        Security Engineering (13%)
        
        Engineering processes using secure design principles;
        
        Fundamental concepts of security models;
        
        Security capabilities of information systems;
        
        Assessing and mitigating vulnerabilities in systems;
        
        Cryptography; and
        
        Designing and implementing physical security.
        
        Asset Security (10%)
        
        The classification and ownership of information and assets;
        
        Privacy;
        
        Retention periods;
        
        Data security controls; and
        
        Handling requirements.
        
        Security and Risk Management (15%)
        
        The confidentiality, integrity and availability of information;
        
        Security governance principles;
        
        Compliance requirements;
        
        Legal and regulatory issues relating to information security;
        
        IT policies and procedures; and
        
        Risk-based management concepts.
        
        Identity and Access Management (13%)
        
        Physical and logical access to assets;
        
        Identification and authentication;
        
        Integrating identity as a service and third-party identity services;
        
        Authorisation mechanisms; and
        
        The identity and access provisioning lifecycle.
        
        Resources