TOPICS

Course Outline
1. Security and Risk Management (e.g., Security, Risk, Compliance, Law, Regulations, Business Continuity)
Understand and Apply Concepts of Confidentiality, Integrity, and Availability  Apply Security Governance Principles  Compliance

Understand Legal and Regulatory Issues that Pertain to Information Security in a Global Context
Develop and Implement Documented Security Policy, Standards, Procedures, and Guidelines
Understand Business Continuity Requirements
Contribute to Personnel Security Policies
Understand and Apply Risk Management Concepts
Understand and Apply Threat Modeling
Integrate Security Risk Considerations into Acquisitions Strategy and Practice
Establish and Manage Security Education, Training, and Awareness
2. Asset Security (Protecting Security of Assets)
Classify Information and Supporting Assets
Determine and Maintain Ownership
Protect Privacy
Ensure Appropriate Retention
Determine Data Security Controls
Establish Handling Requirements
3. Security Engineering (Engineering and Management of Security)
Implement and Manage an Engineering Life Cycle Using Security Design Principles
Understand Fundamental Concepts of Security Models
Select Controls and Countermeasures Based Upon Information Systems Security Standards
Understand the Security Capabilities of Information Systems
Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements
Assess and Mitigate Vulnerabilities in Web-based Systems
Assess and Mitigate Vulnerabilities in Mobile Systems
Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical Systems
Apply Cryptography
Apply Secure Principles to Site and Facility Design
Design and Implement Facility Security
4. Communications and Network Security (Designing and Protecting Network Security)
Apply Secure Design Principles to Network Architecture
Securing Network Components
Design and Establish Secure Communication Channels
Prevent or Mitigate Network Attacks
5. Identity and Access Management (Controlling Access and Managing Identity)
Control Physical and Logical Access to Assets
Manage Identification and Authentication of People and Devices
Integrate Identity as a Service (IDaaS)
Integrate Third-Party Identity Services
Implement and Manage Authorization Mechanisms
Prevent or Mitigate Access Control Attacks
Manage the Identity and Access Provisioning Life Cycle
6. Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
Design and Validate Assessment and Test Strategies
Conduct Security Control Testing
Collect Security Process Data
Conduct or Facilitate Internal and Third-Party Audits
7. Security Operations (e.g., Foundational Concepts, Investigations, Incident Management, Disaster Recovery)
Understand and Support Investigations
Understand Requirements for Investigation Types
Conduct Logging and Monitoring Activities
Secure the Provisioning of Resources through Configuration Management
Understand and Apply Foundational Security Operations Concepts
Employ Resource Protection Techniques
Conduct Incident Response
Operate and Maintain Preventative Measures
Implement and Support Patch and Vulnerability Management
Participate in and Understand Change Management Processes
Implement Recovery Strategies
Implement Disaster Recovery Processes
Test Disaster Recovery Plan
Participate in Business Continuity Planning
Implement and Manage Physical Security
Participate in Personnel Safety
8. Software Development Security (Understanding, Applying, and Enforcing Software Security)
Understand and Apply Security in the Software Development Life Cycle
Enforce Security Controls in the Development Environment
Assess the Effectiveness of Software Security
Assess Software Acquisition Security.