1: Security Governance Through Principles and Policies
- Security 101
- Understand and Apply Security Concepts
- Security Boundaries
- Evaluate and Apply Security Governance Principles
- Manage the Security Function
- Security Policy, Standards, Procedures, and Guidelines
- Threat Modeling
- Supply Chain Risk Management
2: Personnel Security and Risk Management Concepts
- Personnel Security Policies and Procedures
- Understand and Apply Risk Management Concepts
- Social Engineering
- Establish and Maintain a Security Awareness, Education, and Training Program
3: Business Continuity Planning
- Planning for Business Continuity
- Project Scope and Planning
- Business Impact Analysis
- Continuity Planning
- Plan Approval and Implementation
4: Laws, Regulations, and Compliance
- Categories of Laws
- Laws
- State Privacy Laws
- Compliance
- Contracting and Procurement
5: Protecting Security of Assets
- Identifying and Classifying Information and Assets
- Establishing Information and Asset Handling Requirements
- Data Protection Methods
- Understanding Data Roles
- Using Security Baselines
6: Cryptography and Symmetric Key Algorithms
- Cryptographic Foundations
- Modern Cryptography
- Symmetric Cryptography
- Cryptographic Lifecycle
7: PKI and Cryptographic Applications
- Asymmetric Cryptography
- Hash Functions
- Digital Signatures
- Public Key Infrastructure
- Asymmetric Key Management
- Hybrid Cryptography
- Applied Cryptography
- Cryptographic Attacks
8: Principles of Security Models, Design, and Capabilities
- Secure Design Principles
- Techniques for Ensuring CIA
- Understand the Fundamental Concepts of Security Models
- Select Controls Based on Systems Security Requirements
- Understand Security Capabilities of Information Systems
9: Security Vulnerabilities, Threats, and Countermeasures
- Shared Responsibility
- Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements
- Client-Based Systems
- Server-Based Systems
- Industrial Control Systems
- Distributed Systems
- High-Performance Computing (HPC) Systems
- Internet of Things
- Edge and Fog Computing
- Embedded Devices and Cyber-Physical Systems
- Specialized Devices
- Microservices
- Infrastructure as Code
- Virtualized Systems
- Containerization
- Serverless Architecture
- Mobile Devices
- Essential Security Protection Mechanisms
- Common Security Architecture Flaws and Issues
10: Physical Security Requirements
- Apply Security Principles to Site and Facility Design
- Implement Site and Facility Security Controls
- Implement and Manage Physical Security
11: Secure Network Architecture and Components
- OSI Model
- TCP/IP Model
- Analyzing Network Traffic
- Common Application Layer Protocols
- Transport Layer Protocols
- Domain Name System
- Internet Protocol (IP) Networking
- ARP Concerns
- Secure Communication Protocols
- Implications of Multilayer Protocols
- Microsegmentation
- Wireless Networks
- Other Communication Protocols
- Cellular Networks
- Content Distribution Networks (CDNs)
- Secure Network Components
12: Secure Communications and Network Attacks
- Protocol Security Mechanisms
- Secure Voice Communications
- Remote Access Security Management
- Multimedia Collaboration
- Load Balancing
- Manage Email Security
- Virtual Private Network
- Switching and Virtual LANs
- Network Address Translation
- Third-Party Connectivity
- Switching Technologies
- WAN Technologies
- Fiber-Optic Links
- Security Control Characteristics
- Prevent or Mitigate Network Attacks
13: Managing Identity and Authentication
- Controlling Access to Assets
- Managing Identification and Authentication
- Implementing Identity Management
- Managing the Identity and Access Provisioning Lifecycle
14: Controlling and Monitoring Access
- Comparing Access Control Models
- Implementing Authentication Systems
- Understanding Access Control Attacks
15: Security Assessment and Testing
- Building a Security Assessment and Testing Program
- Performing Vulnerability Assessments
- Testing Your Software
- Implementing Security Management Processes
16: Managing Security Operations
- Apply Foundational Security Operations Concepts
- Addressing Personnel Safety and Security
- Provision Resources Securely
- Apply Resource Protection
- Managed Services in the Cloud
- Perform Configuration Management (CM)
- Managing Change
- Managing Patches and Reducing Vulnerabilities
17: Preventing and Responding to Incidents
- Conducting Incident Management
- Implementing Detective and Preventive Measures
- Logging and Monitoring
- Automating Incident Response
18: Disaster Recovery Planning
- The Nature of Disaster
- Understand System Resilience, High Availability, and Fault Tolerance
- Recovery Strategy
- Recovery Plan Development
- Training, Awareness, and Documentation
- Testing and Maintenance
19: Investigations and Ethics
- Investigations
- Major Categories of Computer Crime
- Ethics
20: Software Development Security
- Introducing Systems Development Controls
- Establishing Databases and Data Warehousing
- Storage Threats
- Understanding Knowledge-Based Systems
21: Malicious Code and Application Attacks
- Malware
- Malware Prevention
- Application Attacks
- Injection Vulnerabilities
- Exploiting Authorization Vulnerabilities
- Exploiting Web Application Vulnerabilities
- Application Security Controls
- Secure Coding Practices