The domains collectively focus on building a secure, well-managed IT environment:

• Security & Risk Management establishes policies, governance, and risk handling strategies.
• Asset Security ensures proper handling and protection of data throughout its lifecycle.
• Security Architecture & Engineering focuses on designing secure systems and applying cryptography.
• Network Security protects communication channels and prevents cyber attacks.
• IAM (Identity & Access Management) controls who can access resources and how.
• Security Assessment & Testing identifies vulnerabilities and ensures system strength.
• Security Operations manages real-time monitoring, incident response, and recovery.
• Software Development Security ensures applications are built securely from the start.

1. Security and Risk Management
   
   • Core foundation domain
   • CIA Triad (Confidentiality, Integrity, Availability)
   • Risk management (risk assessment, treatment)
   • Security governance & policies
   • Compliance (legal, regulatory, privacy laws)
   • Business continuity & disaster recovery
   • Professional ethics
      
2. Asset Security
   
   • Data classification & ownership
   • Data lifecycle (creation → storage → destruction)
   • Data handling requirements
   • Privacy protection
   • Secure data retention
3. Security Architecture and Engineering
   
   • Security models (Bell-LaPadula, Biba)
   • Cryptography (encryption, PKI)
   • Secure system design principles
   • Physical security
   • Hardware & embedded system security
      
4. Communication and Network Security
   
   • OSI & TCP/IP models
   • Network architecture & secure design
   • Firewalls, VPNs, IDS/IPS
   • Secure communication protocols
   • Network attacks & mitigation
5. Identity and Access Management (IAM)
   
   • Authentication (MFA, biometrics)
   • Authorization methods
   • Access control models (RBAC, ABAC, DAC, MAC)
   • Identity lifecycle management
   • Privileged access management
6. Security Assessment and Testing
   
   • Vulnerability assessment
   • Penetration testing
   • Security audits
   • Log reviews & monitoring
   • Testing strategies and metrics
      
7. Security Operations
   
   • Incident response
   • Disaster recovery execution
   • Logging & monitoring
   • Digital forensics
   • Security operations center (SOC)
   • Patch & change management
8. Software Development Security
   
   • Secure software development lifecycle (SDLC)
   • Code vulnerabilities (OWASP Top 10)
   • DevSecOps concepts
   • Application security testing
   • Database security