Saturday, June 6, 2026

KINGSANIT

KINGSANIT

Random News
Latest

What are the various domains in Cyber Security?

04 mins

Cybersecurity is a specialized discipline within the broader field of Information Technology (IT). Information Technology acts as a horizontal function that enables digital transformation across industries such as healthcare, banking, manufacturing, retail, transportation, education, and government. As organizations increasingly rely on digital technologies, the need to protect themselves becomes critical. Cybersecurity addresses as explained in our post what-is-cyber-security-and-why-its-important/ is needed to safeguarding systems, networks, applications, and data from cyber threats. While IT focuses on enabling and operating technology solutions, cybersecurity focuses on protecting those solutions, ensuring that digital innovation can be adopted securely and confidently.

Following are the various domains in cyber security:

Governance, Risk, and Compliance (GRC)

Governance, Risk, and Compliance (GRC) establishes the strategic direction for cybersecurity within an organization. It ensures that security initiatives align with business objectives, regulatory requirements, and risk management practices.

Subdomains

  • Security Governance
  • Risk Management
  • Compliance Management
  • Security Policies and Standards
  • Security Auditing
  • Third-Party Risk Management
  • Business Continuity Management
  • Disaster Recovery Planning
  • Security Awareness and Training

Security Engineering and Architecture

Security Engineering and Architecture focuses on designing and building secure systems, applications, and infrastructure. This domain establishes the security foundations upon which organizations operate.

Subdomains

  • Enterprise Security Architecture
  • Security Design Principles
  • Secure System Engineering
  • Security Controls Design
  • Threat Modeling
  • Zero Trust Architecture
  • Security Baseline Development
  • Secure Infrastructure Design

Communication and Network Security

Communication and Network Security protects the networks and communication channels that connect users, systems, and applications.

Subdomains

  • Network Architecture Security
  • Network Segmentation
  • Firewall Security
  • Intrusion Detection and Prevention
  • Wireless Security
  • Network Access Control
  • DNS Security
  • Email Security
  • Remote Access Security
  • Network Monitoring and Analysis

Identity and Access Management (IAM)

Identity and Access Management ensures that only authorized individuals, applications, and systems can access organizational resources.

Subdomains

  • Authentication
  • Authorization
  • Identity Governance
  • Privileged Access Management
  • Single Sign-On
  • Multi-Factor Authentication
  • Identity Federation
  • User Lifecycle Management
  • Access Reviews and Certifications

Security Assessment and Testing

Security Assessment and Testing evaluates the effectiveness of security controls and identifies weaknesses before they can be exploited.

Subdomains

  • Vulnerability Assessment
  • Penetration Testing
  • Security Auditing
  • Security Control Validation
  • Configuration Assessment
  • Application Security Testing
  • Network Security Testing
  • Red Team Exercises
  • Purple Team Exercises

Security Operations (SecOps)

Security Operations focuses on continuously monitoring, detecting, analyzing, and responding to cybersecurity threats and incidents.

Security Operations Center (SOC)

The Security Operations Center serves as the operational hub for monitoring and defending an organization’s environment.

Subdomains

  • Security Monitoring
  • Security Information and Event Management (SIEM)
  • Log Management
  • Alert Triage
  • Threat Detection
  • Threat Intelligence
  • Threat Hunting
  • Endpoint Detection and Response (EDR)
  • Security Analytics

Incident Response (IR)

Incident Response focuses on managing and recovering from security incidents.

Subdomains

  • Incident Detection
  • Incident Analysis
  • Incident Containment
  • Incident Eradication
  • Incident Recovery
  • Digital Forensics
  • Malware Analysis
  • Cyber Crisis Management
  • Post-Incident Review

Personnel and Physical Security

Personnel and Physical Security protects people, facilities, and physical assets from unauthorized access, theft, damage, or disruption.

Personnel Security

Subdomains

  • Employee Screening
  • Background Verification
  • Insider Threat Management
  • Security Awareness Training
  • Personnel Security Policies
  • Privileged Personnel Management

Physical Security

Subdomains

  • Facility Security
  • Access Control Systems
  • Visitor Management
  • CCTV Surveillance
  • Security Guards
  • Physical Barriers
  • Environmental Controls
  • Fire Detection and Suppression
  • Data Center Security

Asset Security

Asset Security focuses on identifying, classifying, handling, storing, and protecting organizational assets throughout their lifecycle.

Subdomains

  • Asset Inventory Management
  • Asset Classification
  • Data Classification
  • Data Ownership
  • Data Retention
  • Data Handling Procedures
  • Data Loss Prevention
  • Information Lifecycle Management
  • Secure Data Disposal

Cryptography and VPN

Cryptography and VPN Security protect information and communications through encryption and secure communication technologies.

Cryptography

Subdomains

  • Symmetric Encryption
  • Asymmetric Encryption
  • Public Key Infrastructure (PKI)
  • Digital Certificates
  • Digital Signatures
  • Hashing
  • Key Management
  • Cryptographic Protocols

VPN Security

Subdomains

  • Remote Access VPN
  • Site-to-Site VPN
  • VPN Authentication
  • VPN Encryption
  • Secure Tunneling Protocols
  • Secure Remote Connectivity

Operational Technology (OT) Security

Operational Technology Security protects industrial systems that monitor and control physical processes and critical infrastructure.

Subdomains

  • Industrial Control Systems (ICS)
  • Supervisory Control and Data Acquisition (SCADA)
  • Distributed Control Systems (DCS)
  • Industrial Network Security
  • Industrial Protocol Security
  • OT Asset Management
  • Industrial Monitoring
  • OT Incident Response
  • Critical Infrastructure Protection

Internet of Things (IoT) Security

IoT Security protects interconnected devices, sensors, and embedded systems that communicate through networks and cloud platforms.

Subdomains

  • Device Security
  • Embedded System Security
  • Firmware Security
  • IoT Authentication
  • IoT Access Control
  • Secure Device Provisioning
  • IoT Network Security
  • IoT Data Protection
  • Device Lifecycle Management
  • Industrial IoT (IIoT) Security

Together, these domains form the foundation of a comprehensive cybersecurity.

Related News