What’s in the Name, 10-D Security?
The 10 Domains of Security
Once upon a time in order to provide a common body of knowledge and define terms for information security professionals, the International Information Systems Security Certification Consortium (ISC)2 established the following ten (10) security domains:
- Security Management Practices;
- Access Control Systems and Methodology;
- Telecommunications and Networking Security;
- Security Architecture and Models;
- Operations Security;
- Application and Systems Development Security;
- Physical Security;
- Business Continuity and Disaster Recovery Planning; and
- Laws, Investigation, and Ethics.
Today, these domains still provide the foundation for security practices and principles in all industries, not just the financial sector.
Our name, 10-D Security, embraces all of these security domains and illustrates our commitment to them.
In April of 2015 (ISC)2 revised their training material to reflect eight (8) domains. An additional revision took place in April of 2018 to the following eight (8) domains:
- Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity);
- Asset Security (Protecting Security of Assets);
- Security Architecture and Engineering (Engineering and Management of Security);
- Communications and Network Security (Designing and Protecting Network Security);
- Identity and Access Management(IAM) (Controlling Access and Managing Identity);
- Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing);
- Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery); and
- Software Development Security (Understanding, Applying, and Enforcing Software Security).
Since the overall content and makeup of the original ten (10) domains is still valid and present within the revised eight (8) domains, 10-D Security will continue to embrace all of the original security domains. Besides, 10-D sounds better than 8-D . . .