-
Section 1 - General Security Concepts
-
Compare and contrast various types of security controls.
-
Summarise fundamental security concepts.
-
Explain the importance of change management processes and the impact to security.
-
Explain the importance of using appropriate cryptographic solutions.
-
Section 2 - Threats, Vulnerabilities, and Mitigations
-
Compare and contrast common threat actors and motivations.
-
Explain common threat vectors and attack surfaces.
-
Explain various types of vulnerabilities.
-
Given a scenario, analyse indicators of malicious activity.
-
Explain the purpose of mitigation techniques used to secure the enterprise.
-
Section 3 - Security Architecture
-
Compare and contrast security implications of different architecture models.
-
Given a scenario, apply security principles to secure enterprise infrastructure.
-
Compare and contrast concepts and strategies to protect data.
-
Explain the importance of resilience and recovery in security architecture.
-
Section 4 - Security Operations
-
Given a scenario, apply common security techniques to computing resources.
-
Explain the security implications of proper hardware, software, and data asset management.
-
Explain various activities associated with vulnerability management.
-
Explain security alerting and monitoring concepts and tools.
-
Given a scenario, modify enterprise capabilities to enhance security.
-
Given a scenario, implement and maintain identity and access management.
-
Explain the importance of automation and orchestration related to secure operations.
-
Explain appropriate incident response activities.
-
Given a scenario, use data sources to support an investigation.
-
Section 5 - Security Program Management and Oversight
-
Summarise elements of effective security governance.
-
Explain elements of the risk management process.
-
Explain the processes associated with third-party risk assessment and management.
-
Summarise elements of effective security compliance.
-
Explain types and purposes of audits and assessments.
-
Given a scenario, implement security awareness practices.