Cybersecurity domains refer to the various forms where cybersecurity methodologies can be implemented. Application security, physical security, risk assessment, and threat intelligence are some of the most common domains in cyber security.
An organization considers the various cybersecurity domains while building a cybersecurity policy. Therefore, you can also call them domains of cyber security policy. The following is a comprehensive cybersecurity domains list:
- Career development
- Computer operations security
- Cyber forensics
- Identity management
- Incident response
- Security architecture
- Telecommunications security
- User education
What are the Parts of Cyber Domain?
A newcomer to cybersecurity might ask what cybersecurity is. A cyber domain is defined as the area in which computer systems and networks are used. It has a high degree of complexity and is continuously changing.
Organizations necessitate developing a deeper understanding of the technologies and threats that exist in the cyber domain to be successful. There are 5 cyber domain parts, which are:
- The physical domain
- The logical domain
- The data domain
- The application domain, and
- The user domain
Each part of the cyber domain has its own distinctive set of security challenges and risks that must be taken care of. To secure the cyber domain, organizations need to find the challenges and risks associated with every subdomain and mitigate the same. The holistic strategy that they came up with is called a cybersecurity policy.
The physical domain and logical domain comprise the hardware and software, respectively, that go into a computer system. The physical domain includes I/O devices, networking components, processors, memory, storage, and other physical parts of a computer system.
Software that runs on a computer system, including BIOS, operating systems, applications, and data forms the logical domain. It defines how data is accessed and manipulated. All the data stored on a computer comes under the data domain.
The application domain contains all the applications available on a computer system while the user domain is the domain that contains user information. Securing it requires adding PINs, passwords, security phrases, and so on.
Cyber security domain refers to the different security approaches that we take to safeguard each type of cyber domain. We need to apply different approaches to different parts of cyber domains. In the next section we will discuss the various forms of cyber security domains.
List of Common Cyber Security Domains
Here, we will discuss various domains of cybersecurity in detail. Cybersecurity domains are also called cyber security categories, focus areas, and tiers.
Since the number of cyber security domains and their subdomains is big, it is not possible to cover each one of them in detail here. Hence, in this blog, we will cover only the most popular 1+10 domains of cyber security. So, here we go:
1. Frameworks & Standards
Cybersecurity frameworks and standards are the set of best practices to keep cybersecurity risk under check. These offer the ability to determine risk tolerance and set controls.
Many frameworks and standards are combinations of other cybersecurity frameworks and standards.
To develop a powerful cybersecurity compliance program, one needs to have knowledge of the various cyber security frameworks and standards. Some of the most popular cyber security frameworks and standards are:
- ASD (Australian Signals Directorate) Essential 8
- CIS (Center for Internet Security) Controls
- CISA (Cybersecurity and Infrastructure Security Agency) TSS (Transportation Systems Sector) Cybersecurity Framework
- ETSI (European Telecommunications Standards Institute)
- HITRUST CSF (Cybersecurity Framework)
- ISA/IEC (International Society of Automation) 62443
- IoTSF (Internet of Things Security Foundation) Security Compliance Framework
- MITRE ATT&CK
- NIST (National Institute of Technologies) CSF (Cybersecurity Framework)
- NIST SP (Special Publication) 800-82 Guide to ICS (Industrial Control Systems) Security
- OASIS SAML (Security Assertion Markup Language)
- PCI DSS (Payment Card Industry Data Security Standard)
An organization considers as many cybersecurity frameworks and standards as possible while devising a suitable cybersecurity policy.
2. Application Security
Application security is installing many forms of defenses within all software and services belonging to an organization to provide protection from a diverse range of threats. It simply means to safeguard applications that an organization develops, deploys, and uses.
There are several measures that are taken to limit unwanted access or change of application resources. This includes creating secure application architecture, implementing strong data input validation, threat modeling, writing secure code, etc.
API security, S-SDLC, security QA, security UX, and source code scan are the various subdomains of application security.
3. Risk Assessment
Risk assessment is the process of carefully analyzing the workplace for identifying scenarios, processes, et cetera that might cause harm to assets, i.e., people and systems belonging to an organization. It consists of:
- Hazard identification
- Risk analysis and risk evaluation
- Risk control
In risk assessment, we identify hazards and risk factors that can cause some form of harm. This is called hazard identification. Risk analysis and risk evaluation are done to analyze and evaluate the risks associated with the identified hazards and risk factors.
Risk control relates to the process of determining the best ways to eliminate the hazards and risks or control the same when they can’t be eliminated. Assets inventory, penetration tests, risk monitoring services, and vulnerability scans are subdomains of risk assessment.
4. Enterprise Risk Management
Enterprise risk management or ERM is an organization-specific strategy that aims to identify and prepare for hazards within an organization’s finances, objectives, and operations. It is risk management applied to an organization. The subdomains of enterprise risk management include:
- Crisis management
- Cyber insurance
- Lines of defense
- Risk acceptance statement
- Risk appetite
Some people wrongly believe that ERM is a product or service, which it is not. Instead, it is a process. This might be due to the similarity of ERM with ORM (object-relational mapping), CRM (customer relationship management), and ERP (enterprise resource planning).
For ERM to be effective, it necessitates being a part of the work culture of an organization. It is essential to maintain the brand reputation and ensure long-time business viability.
Cyber security governance offers a strategic view of how an organization defines its risk appetite, develops accountability frameworks, and establishes decision-making. It involves taking decisions for implementing security policies.
Governance aims to ensure that the organization manages to make the right decisions most of the time and places efficient and cost-effective policies to mitigate risk. Company written policy, executive management involvement, and laws and regulations are subdomains of governance.
6. Threat Intelligence
Also known as cyber threat intelligence (CTI), threat intelligence is the process of collecting information from a wide array of resources pertaining to existing or potential attacks against an organization.
The information collected via CTI is analyzed and refined to minimize and mitigate cybersecurity risks. Along with other cybersecurity tools, it is used to protect an organization from cyber-attacks. Threat intelligence can be external or internal.
7. End-user Education
The main intent of end-user education is to develop awareness in employees and equip them with the required skills and tools so that they can protect themselves and the organization from data attacks or data loss.
Employees can educate themselves too by learning different topics related to cybersecurity, like information security or infosec. Information security is a branch of cyber security that deals specifically with protecting information and information systems.
The 3 domains of information security are confidentiality, integrity, and availability. These information security domains are collectively known as the CIA triad. Awareness, cybersecurity tabletop exercises, and training are part of end-user education.
8. Security Operations
Security operations pertain to the tasks that put security plans into action. It covers applying resource protection techniques, disaster recovery, incident management, managing physical security, and understanding and supporting investigations.
This domain of cyber security also involves logging and monitoring services, requirements for investigation types, and securing the provision of resources.
9. Physical Security
Physical security is the process of protecting people, property, and physical assets from events and scenarios that can result in damage or loss. Different cybersecurity teams need to work in line to secure the digital and physical assets of an organization.
This is because the complexity of physical security is growing due to rapidly evolving technologies like the internet of things and artificial intelligence.
10. Career Development
Unbelievably, career development is also classified as one of the cyber domains. This is because the demand for skilled and qualified cybersecurity professionals has increased.
Career development in cybersecurity includes certifications, conferences, peer groups, self-study, training, and so on. Moreover, students can learn different topics and opt for programs like information security, risk assessment, or Ethical Hacking Certification Training.
11. Security Architecture
It is a unified security design to address the potential risks and requirements of a specific condition or environment. Security architecture also specifies where and when to apply security controls. This process is usually reproducible.
The design principles and in-depth security control specifications are documented clearly and in different documents. The key attributes of security architecture are:
- Benchmarking and good practice
- Legal and regulatory
- Risk management
- Relationships and dependencies
Architecture risk assessment, implementation, operations and monitoring, and security architecture and design are the key phases in the process of security architecture.
Map of Cybersecurity Domains
A map of the cybersecurity domain or a cyber security domain mind map is an image that demonstrates different domains in cyber security and their sub-domains. The following image is an illustrative example of a Cybersecurity Domains mind map download the PDF here:
As you can see in the cyber security domains map, there are various types of cybersecurity domains, which are further divided into cyber security subdomains that might further have subgroups.
For example, physical security is a domain of cyber security, and its domain is IoT security, which is a sub-domain of cybersecurity. Another example is security architecture, which has security engineering as its subdomain, which further has computer operations security and network security domains.