Security Domains
7 Steps for Managing Risks
Common Strategies to Manage Risks
Threats, Risks, and
Vulnerabilities
Mix of Security Domains and Steps for Managing Risks
100

This security domain conducts security control testing audits, and collects and analyzes data.

What is Security Assessment and Testing?

100

This is the first step in the Risk Management Framework, which is necessary to manage security and privacy risks before a breach occurs.

What is to Prepare?

100

This is accepting a risk to avoid disrupting business continuity.

What is Acceptance?

100

Anything that can impact the confidentiality, integrity, and availability of an asset.

What are Risks?

100

This is the sixth step in the RMF of being accountable for the security and privacy risks that may exist in an organization.

What is to Authorize?

200

This security domain optimizes data security by using effective tools, systems, and processes.

What is Security Architecture and Engineering?

200

This is the second step in the Risk Management Framework that is used to develop risk management processes and tasks.

What is to Categorize?

200

This is creating a plan to avoid the risk altogether.

What is Avoidance?

200

Any circumstance or event that can negatively impact assets.

What are Threats?


200

This security domain conducts investigations and implements preventative measures.

What is Security Operations?

300

This security domain has security goals and objectives, risk, mitigation, compliance, business, continuity and the law.

What is Security and Risk Management?

300

This is the third step in the Risk Management Framework to choose, customize, and capture documentation of the controls that protect an organization.

What is it to Select?

300

This is Transferring risk to a third party to manage.

What is Transference?

300

A weakness that can be exploited by a threat.

What are Vulnerabilities?

300

This security domain uses access and authorization to secure data and manage assets.

What is Identity and Access Management?

400

This security domain secures assets; Storage, maintenance, retention, and destruction of data.

What is Asset Security?

400

This is the fourth step in the RMF for security and privacy plans for the organization.

What is to Implement?

400

This is lessening the impact of a known risk.

What is Mitigation?

400

Information that's not available to the public; may cause damage to the org's finances, reputation, or ongoing operations.

What is a Medium Risk?

400
This is the seventh step in the RMF which is to be aware of how systems are operating.

What is it to Monitor?

500

This security domain manages and secures physical networks and wireless communications.

What Communication and Network Security?

500

This is the fifth step in the RMF to determine if established controls are implemented correctly.

What is to Assess?

500

This is a Zero Logon.

What is a common vulnerability? 

500

Any information protected by regulations or laws, if compromised, would have a severe negative impact on the org's finances, ongoing operations, or reputation.

What is a high risk?

500

This security domain uses secure coding practices to create secure applications and services.

What is Software Development Security?