Information assurance concepts, risk management, security controls, ethics, and governance processes.
This domain covers 26% of the exam. It focuses on understanding the security concepts of information assurance (confidentiality, integrity, availability, authentication, non-repudiation, and privacy), the risk management process (identification, assessment, treatment, priorities, and tolerance), types of security controls (physical, administrative, and technical), the ISC2 Code of Ethics and professional conduct, and governance processes including regulations, laws, standards, procedures, and policies.
5 minutes
5 Questions
Domain 1: Security Principles forms the foundational cornerstone of the ISC2 Certified in Cybersecurity (CC) certification. This domain covers the essential concepts that every cybersecurity professional must understand.
At its core, this domain introduces the CIA Triad — Confidentiality, Integrity, and Availability. Confidentiality ensures that sensitive information is accessible only to authorized individuals. Integrity guarantees that data remains accurate, consistent, and unaltered by unauthorized parties. Availability ensures that systems and data are accessible to authorized users when needed.
The domain also covers Authentication, Authorization, and Accounting (AAA). Authentication verifies a user's identity through methods like passwords, biometrics, or multi-factor authentication. Authorization determines what resources an authenticated user can access. Accounting tracks and logs user activities for auditing purposes.
Key security principles such as least privilege, separation of duties, and defense in depth are explored. Least privilege ensures users have only the minimum access necessary to perform their duties. Separation of duties prevents any single individual from having complete control over critical processes. Defense in depth implements multiple layers of security controls to protect assets.
Risk management fundamentals are also addressed, including risk identification, assessment, treatment, and acceptance. Students learn to understand threats, vulnerabilities, and the potential impact of security incidents. Risk treatment options include avoidance, mitigation, transfer, and acceptance.
The domain covers governance concepts including policies, procedures, standards, and guidelines that form an organization's security framework. Security controls are categorized as administrative, technical, and physical, and further classified by function as preventive, detective, corrective, deterrent, and compensating.
Professional ethics and the ISC2 Code of Ethics are also emphasized, highlighting the importance of acting responsibly, legally, and in the best interest of stakeholders. Understanding privacy principles and compliance requirements rounds out this essential domain, preparing candidates with a solid security mindset.Domain 1: Security Principles forms the foundational cornerstone of the ISC2 Certified in Cybersecurity (CC) certification. This domain covers the essential concepts that every cybersecurity professional must understand.
At its core, this domain introduces the CIA Triad — Confidentiality, Integrit…
