| 1.
|
Describe fully each of the 10 domains within the Common Body of
Knowledge (CBK). (I-X)
|
| 2.
|
Describe the key components of security management practices. (I)
|
| 3.
|
Identify the purpose of, and describe the key elements of a Security
Policy. (I)
|
| 4.
|
Define the steps for Risk Management, including how to analyze and
quantify risk. (I)
|
| 5.
|
Identify and describe the security control types. (II)
|
| 6.
|
Describe the steps of implementing Access Control Mechanisms,
including all forms of authentication, biometrics, and effective
password practices. (II)
|
| 7.
|
Describe and implement all of the Access Control Models
(Discretionary, Mandatory, and Role-based Access Control). (II)
|
| 8.
|
Describe the computer architecture components. (III)
|
| 9.
|
Describe different secure computing evaluation standards. (III)
|
| 10.
|
Define the Key Components of Physical Security. (IV)
|
| 11.
|
Describe methods to secure sites and facilities, from various threats
including environmental. (IV)
|
| 12.
|
Describe network topologies and protocols. (V)
|
| 13.
|
Describe the historical aspects of Cryptography. (VI)
|
| 14.
|
Identify weaknesses, and methods for breaking encryption. (VI)
|
| 15.
|
Describe the differences between symmetric and asymmetric encryption.
(VI)
|
| 16.
|
Define the key components of Public Key Cryptography including key
management and data encryption technology. (VI)
|
| 17.
|
Describe the elements of a complete and effective Business Continuity
Plan and Disaster Recovery Plan including performing and analyzing the
results of a Business Impact Analysis, developing a Disaster Recovery
Team, and determining appropriate prevention controls. (VII)
|
| 18.
|
Describe management-level issues relative to computer law,
investigations and ethics. (VIII)
|
| 19.
|
Describe the key aspects of security relating to applications and
systems development. (IX)
|
| 20.
|
Describe change control, configuration management issues, software
development, application development methodology, object-oriented
programming, module interaction, cohesive and coupling, distributed
computing, java security, database systems, database security
mechanisms, data mining, artificial intelligence, artificial neural
networks, malicious code, and attack types. (IX)
|
| 21.
|
Describe audit components and various methods of data collection. (X)
|
| 22.
|
Identify various monitoring devices and techniques. (X)
|
|
|
|---|
I. Security Management
A. Security Management Responsibilities
B. Administering Security with Supporting Controls
C. Fundamental Principles of Security: Availability, Integrity
and Confidentiality
D. Organizational Security Model
E. Risk Management and Risk Analysis
F. Information Classification and Documentation
G. Separation of Duties/Responsibilities
H. Employment Practices and Evaluations
I. Security Awareness and Assessment
J. Privacy Issues and Regulations
K. Certification and Accreditation
L. Security Planning Process and Policy Development
M. Configuration controls and accepted industry practices
II. Access Control
A. Access Control Models, Methodologies and Implementations
B. Understand and Identify Control Attacks
C. Best Practices for Access Control Administration
D. Remote Access Authentication
E. Identification, Authentication, Authorization, and
Accountability (AAA)
F. Designing, Coordinating and Evaluating Penetration Testing
III. Security Architecture
A. Elements of Security Architecture
B. Theoretical Concepts of Security Models
C. System Security techniques: prevention, detection, and
corrective controls
D. Information Systems Evaluation Models
IV. Physical Security
A. Methods of Securing sites and facilities
B. Environmental and safety measures
C. Site Selection and Facility Design Configuration
D. Perimeter and Building Grounds Protections
E. Physical Security Threats
F. Enterprise Identity Management
G. Portable Devices and Components
V. Telecommunications and Networking Security
A. Securing Data, Voice, and Facsimile Communications
B. Network Components and Physical Media Types
C. Types of Networks and Topologies
D. Network Communications and Protocols
E. Network Based Attacks: prevention and controlling potential
threats
G. Remote Access Protocols
H. Telecommunications Security Management and Techniques
I. Configurations of Internets, Intranets, and Extranets
VI. Cryptography
A. History of Cryptography
B. Goals of Cryptosystems
C. Types and uses of Cryptography
E. Public Key Infrastructure (PKI)
G. Key Management Techniques
H. E-mail Security Standards
VII. Business Continuity Planning And Risk Response And Recovery
A. Business Continuity and Disaster Recovery Strategies
B. Business Impact Analysis
C. Business Continuity Planning Requirements
D. Asset Identification and Evaluation
E. Recovery and Restoration Plans
F. Testing and Evaluation of Threats, Vulnerabilities and
Exposures.
G. Emergency Response plans
H. Incident Investigation and Handling
J. Recovery Alternatives Evaluation
VIII. Law, Investigation, And Ethics
A. International Laws and Legal Systems
C. Parameters of Investigations
E. Liability and Legal Ramifications
IX. Applications Security
A. Device versus Software Security
B. Application Environment and Security Controls
C. System Life Cycle and Security
D. Databases: Threats, Vulnerabilities, and Protections
E. Application and System Vulnerabilities and Threats
F. Types of Malicious Codes
G. Malicious Code and non-technical Attacks
H. Countermeasure Techniques and Awareness Programs
I. Software Copy/Download Protections
X. Operations Security And Audit And Monitoring
B. Administrative Management and Control
C. Attack Response: handling of Violations Incidents and
Breaches
D. Audit Processes and Types of Controls
E. Audit Log Review and Protection
F. Monitoring Devices and Techniques
|