M. Mekin Pesen

Cyber Arrows: The Posts About Cyber Security and Information Security

Home / Information Security / Crossing Information Security Domains and Expertise

by on

Crossing Information Security Domains and Expertise

When it comes to becoming an expert in an information security or cybersecurity domain/subject, the road is very long. Even if we limit the number of umbrella domains in information security, the number of main subjects associated with the domains is quite high. And the number of topics and families of technologies under the main subjects is growing at a dizzying rate and becoming more populated every day. Navigating such a constantly evolving technology landscape requires more focus and less greed.

You have come across numerous taxonomies, classifications and mind maps related to information security or cybersecurity on the Internet. Unfortunately, most of them are wrong or not based on a systematic and disciplined approach. Two systematic and structured publications are also available from JRC Technical Reports below:

However, they are too detailed and include a sectoral dimension. Here we will be more pragmatic and practical.

Before Reading the Table

There are some assumptions about the cross-table below.

  • We take a security architecture perspective when building our Domains/Subjects vs Expertise table.
  • Human aspects, privacy, governance and compliance subjects are outside our scope. So, our umbrealla domains can be divided into 9 categories as network security, endpoint security, data security, application security, identity and access management, security management, virtualisation security, cyber-physical system security and cloud security.
  • Some domains are so intertwined and broad. For example, some cloud security subjects or topics may already be included in network security, data security, identity and access management and virtualization security. Because they are not easily distinguishable from each other, and cloud security is actually a transitional domain.
  • Some subjects or topics may be reminiscent of a tool or solution but should not be. Because they are either broad technical terms or concepts. For example, attack surface management.
  • The subject is the overall theme, and the topic is a particular element within that theme.
  • Subjects and topics can address an area of expertise.

Information Security Domains vs Expertise Table