1. Security & Risk Management, Legal and Compliance
- Security & Risk Management
- Confidentiality, Integrity, and Availability
- Security Governance
- The Complete and Effective Security Program
- Compliance
- Global Legal and Regulatory Issues
- Understand Professional Ethics
- Develop and Implement Security Policy
- Business Continuity (BC) & Disaster Recovery (DR) Requirements
- Manage Personnel Security
- Risk Management Concepts
- Threat Modeling
- Acquisitions Strategy and Practice
- Security Education, Training, and Awareness
2. Asset Security
- Asset Security
- Data Management: Determine and Maintain Ownership
- Data Standards
- Longevity and Use
- Classify Information and Supporting Assets
- Asset Management
- Protect Privacy
- Ensure Appropriate Retention
- Determine Data Security Controls
- Standards Selection
3. Security Engineering
- Security Engineering
- The Engineering Lifecycle Using Security Design Principles
- Fundamental Concepts of Security Models
- Information Systems Security Evaluation Models
- Security Capabilities of Information Systems
- Vulnerabilities of Security Architectures
- Database Security
- Software and System Vulnerabilities and Threats
- Vulnerabilities in Mobile Systems
- Vulnerabilities in Embedded Devices and Cyber-Physical Systems
- The Application and Use of Cryptography
- Site and Facility Design Considerations
- Site Planning
- Implementation and Operation of Facilities Security
4. Communications & Network Security Architecture
- Communications & Network Security
- Secure Network Architecture and Design
- Implications of Multi-Layer Protocols
- Converged Protocols
- Securing Network Components
- Secure Communication Channels
- Network Attacks
5. Identity & Access Management Architecture
- Identity & Access Management
- Physical and Logical Access to Assets
- Identification and Authentication of People and Devices
- Identity Management Implementation
- Identity as a Service (IDaaS)
- Integrate Third-Party Identity Services
- Implement and Manage Authorization Mechanisms
- Prevent or Mitigate Access Control Attacks
- Identity and Access Provisioning Lifecycle
6. Security Assessment & Testing
- Security Assessment & Testing
- Assessment and Test Strategies
- Collect Security Process Data
- Internal and Third-Party Audits
7. Security Operations Architecture
- Security Operations
- Investigations
- Provisioning of Resources through Configuration Management
- Resource Protection
- Incident Response
- Preventative Measures against Attacks
- Patch and Vulnerability Management
- Change and Configuration Management
- The Disaster Recovery Process
- Test Plan Review
- Business Continuity and Other Risk Areas
- Access Control
- Personnel Safety
8. Security in the Software Development Life Cycle
- Security in the Software Development Life Cycle
- Software Development Security Outline
- Environment and Security Controls
- Security of the Software Environment
- Software Protection Mechanisms
- Assess the Effectiveness of Software Security
- Assess Software Acquisition Security
