Security and Risk Management

• Availability, Confidentiality, and Integrity
• Security Governance
• Comprehensive Security Programs
• Compliance
• Legal Concerns and Regulations
• Professional Ethics
• Implementing Security Policies
• Requirements for Business Continuity and Disaster Recovery
• Personnel Security
• Concepts and Terms for Risk Management
• Threats
• Acquisitions
• Education, Awareness and Training for Organizational Security

Asset Security

• Data Management
• Standards for Data
• Assets Support and Information Classification
• Managing Assets
• Privacy Protection
• Data Security Controls

Security Engineering

• Security Design Principles and Engineering Lifecycle
• Security Models Concepts
• Information Systems Security Models for Evaluation
• Information Systems Security Abilities
• Security Architecture Vulnerabilities
• Database Security
• Vulnerabilities and Threats for Software and Info Systems
• Mobile Vulnerabilities
• Cryptography Usage and Application
• Designing and Implementing Physical Facility Security
• Physical Security Implementation and Operations

Network and Communications Security

• Network Design and Architecture Security
• Multi-Layer Protocols
• Converged Protocols
• Network Component Security
• Communication Channel Security
• Network Attacks

Access and Identity Management

• Physical and Logical Access
• People and Device Identification and Authentication
• Implementing Identity Management
• Identity as a Service (IDaaS)
• Authorization Method Implementation and Management
• Preventing and Mitigating Access Control Attacks
• Access and Identity Provisioning Lifecycle

Security Assessment and Testing

• Strategies for Assessing and Testing Security
• Collection of Security Process Data
• Internal and Third-Party Audits

Security Operations

• Conducting Investigations
• Configuration Management for Resource Provisioning
• Security Operations Concepts
• Protecting Resources
• Incident Response
• Preventative Security
• Managing Patches and Vulnerabilities
• Editing Configuration Management
• Disaster Recovery Process
• Business Continuity
• Access Control
• Personnel Safety

Security in the Software Development Life Cycle

• Software Development Security
• Environment Security Controls
• Security of Software Environments
• Software Protection
• Assessing Software Security Effectiveness
• Assessing Software Acquisition Security