The 10 Domains of Security

Once upon a time in order to provide a common body of knowledge and define terms for information security professionals, theInternational Information Systems Security Certification Consortium (ISC)2established the following ten (10) security domains:

  1. Security Management Practices;
  2. Access Control Systems and Methodology;
  3. Telecommunications and Networking Security;
  4. Cryptography;
  5. Security Architecture and Models;
  6. Operations Security;
  7. Application and Systems Development Security;
  8. Physical Security;
  9. Business Continuity and Disaster Recovery Planning; and
  10. Laws, Investigation, and Ethics.

Today, these domains still provide the foundation for security practices and principles in all industries, not just the financial sector.

Our name,10-D Security,embraces all of these security domains and illustrates our commitment to them.

In April of 2015 (ISC)2 revised their training material to reflect the following eight (8) domains:

  1. Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity);
  2. Asset Security (Protecting Security of Assets);
  3. Security Engineering (Engineering and Management of Security);
  4. Communications and Network Security (Designing and Protecting Network Security);
  5. Identity and Access Management (Controlling Access and Managing Identity);
  6. Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing);
  7. Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery); and
  8. Software Development Security (Understanding, Applying, and Enforcing Software Security).

Since the overall content and makeup of the original ten (10) domains is still valid and present within the revised eight (8) domains, 10-D Security will continue to embrace all of the original security domains. Besides, 10-D sounds better than 8-D…

Check out our latest Weekly Security Tips!