cisa-d5-protection-info-assets-network-and-end-point-security

Network and End-Point Security

isaca-cisa · framework · Gold standard

Drawn fromCISA Review Manual · ISACA peer-reviewed case sets·Reviewed May 4, 2026

How this was built ▾

Every cubelet runs through five agent passes before publishing. Each stage's output is recorded so we can trace how a claim got here.

01 · RESEARCHSource synthesisClaude Haiku
02 · WRITERSix-face draftingClaude Sonnet
03 · EDITORCoherence + clarity passClaude Sonnet
04 · QAQuality gate scoringClaude Opus
05 · PUBLISHERCatalog + graph commitClaude Haiku

This runcourse-factory-pipeline-v1

1

Face 1 of 6 · WHAT

What is Network and End-Point Security

Network and End-Point Security is the discipline of designing, implementing, and evaluating technical controls that protect an organization's network infrastructure and computing endpoints—laptops, servers, mobile devices, IoT devices—from unauthorized access, compromise, lateral movement, and data exfiltration. It encompasses four interlocking control layers: (1) network architecture controls (segmentation, firewalls, Zero Trust design); (2) endpoint hardening and protection (EDR/EPP, OS hardening, encryption); (3) network access control (device compliance enforcement, visibility of on- and off-network assets); and (4) monitoring and forensics (SIEM integration, packet analysis, behavioral analytics). It is NOT application security (securing code or APIs in isolation), NOT identity and access management (though it enables IAM), and NOT physical security—though it depends on and integrates with all three. In the CISA exam context, the focus is on auditing and evaluating control effectiveness, not engineering implementation.

Where it stops · what it isn't

—INCLUDES: Firewall and IDS/IPS configuration review, network segmentation architecture, EDR/EPP deployment and governance, NAC policy, network monitoring tooling (SIEM, packet capture), endpoint hardening standards, incident containment at the network and endpoint layer, and DNS and network device security.
—EXCLUDES: Application-layer code security (secure SDLC), identity lifecycle management (covered by IAM cubelet), physical access controls (covered by Physical and Environmental Controls cubelet), and cloud application-level controls (covered by Cloud and Virtualized Environments cubelet).
—NOT the same as perimeter-only security: modern network and endpoint security assumes breach and focuses on detection and lateral movement prevention, not solely on blocking at the edge.
—CISA exam scope: emphasis is on control design, effectiveness evaluation, audit evidence collection, and risk assessment—not deep technical implementation of specific vendor tools.

Connected concepts in the graph

Every cubelet sits in a knowledge graph. Here's what this one connects to.

PART OF

Protection of Information Assets (CISA Domain 5)

REQUIRES

Data Encryption (data-in-transit and at-rest on endpoints)Data Loss Prevention (network-transmitted data monitoring)Cloud and Virtualized Environments (virtual network security controls)Mobile, Wireless, and IoT Devices (remote and wireless endpoint surface)

ENABLES

Identity and Access Management (network infrastructure layer upon which IAM operates)Security Incident Response (network isolation, forensic evidence, containment)

RELATED TO

Information Asset Security Policies and FrameworksPhysical and Environmental Controls

CONSTRAINS

Lateral movement post-compromise (via microsegmentation and NAC)

Practice this judgment ↗

Adaptive, ~8 min

Sit in the practitioner's chair ↗

Live simulator

06 · APPLYSign up to enter the judgment simulator →

Watch your judgment grow on this concept

Create a free account to unlock all 6 faces, the judgment simulator, and a mastery score that updates with every attempt.