1.0 General Security Concepts (12%)
- 1.1 – Compare and contrast various types of security controls. Distinguishes technical, physical, and administrative controls by purpose (preventive, detective, corrective, etc.).
- 1.2 – Summarize fundamental security concepts. Covers principles like CIA triad, AAA, Zero Trust, and least privilege.
- 1.3 – Explain the importance of change management processes and the impact to security. Describes how unmanaged changes create risk and disrupt secure environments.
- 1.4 – Explain the importance of using appropriate cryptographic solutions. Highlights the role of cryptography in confidentiality, integrity, and non-repudiation.
2.0 Threats, Vulnerabilities, and Mitigations (22%)
- 2.1 – Compare and contrast common threat actors and motivations. Identifies adversaries like nation-states, hacktivists, and insiders based on objectives and sophistication.
- 2.2 – Explain common threat vectors and attack surfaces. Describes how attackers exploit entry points such as emails, open ports, and supply chains.
- 2.3 – Explain various types of vulnerabilities. Examines software flaws, weak configurations, and emerging zero-day threats.
- 2.4 – Given a scenario, analyze indicators of malicious activity. Demonstrates use of logs, alerts, and behavioral anomalies to identify threats.
- 2.5 – Explain the purpose of mitigation techniques used to secure the enterprise. Outlines practices like patching, segmentation, and encryption for minimizing exposure.
3.0 Security Architecture (18%)
- 3.1 – Compare and contrast security implications of different architecture models. Addresses cloud, hybrid, and OT systems like ICS or SCADA.
- 3.2 – Given a scenario, apply security principles to secure enterprise infrastructure. Focuses on zoning, segmentation, and access control practices.
- 3.3 – Compare and contrast concepts and strategies to protect data. Covers encryption, tokenization, and data classification across data states.
- 3.4 – Explain the importance of resilience and recovery in security architecture. Explores HA, backups, and disaster recovery to ensure business continuity.
4.0 Security Operations (28%)
4.1 Security Techniques
Given a scenario, apply common security techniques to
computing resources.
System hardening, patch management, and endpoint protection
are key techniques.
4.2 Asset Management
Explain the security implications of proper hardware,
software, and data asset management.
Asset inventory and tracking support risk mitigation and
compliance.
4.3 Vulnerability Management
Explain various activities associated with vulnerability
management.
Includes scanning, prioritizing, remediating, and
validating vulnerabilities.
4.4 Monitoring Tools
Explain security alerting and monitoring concepts and tools.
SIEMs, IDS/IPS, and endpoint monitoring help detect and
respond to threats.
4.5 IAM
Given a scenario, implement and maintain identity and access
management.
MFA, SSO, and RBAC reduce unauthorized access risks.
4.6 Security Enhancements
Given a scenario, modify enterprise capabilities to enhance
security.
Security upgrades must be integrated into business
processes and tools.
4.7 Automation
Explain the importance of automation and orchestration related
to secure operations.
Automated processes reduce errors and improve response
times.
4.8 Incident Response
Explain appropriate incident response activities.
Activities include detection, containment, eradication,
recovery, and lessons learned.
4.9 Data Sources
Given a scenario, use data sources to support an
investigation.
Logs, alerts, and forensic data reveal indicators of
compromise.
4.10 New Section
Given a scenario, implement new security measures.
New protocols and technologies enhance overall
security.
5.0 Program Management and Oversight (20%)
5.1 Governance
Summarize elements of effective security governance.
Defines security roles, responsibilities, and policies that
align with business goals.
5.2 Risk Management
Explain elements of the risk management process.
Risk identification, analysis, and mitigation help
prioritize defense strategies.
5.3 Third-Party Risk
Explain the processes associated with third-party risk
assessment and management.
Includes vendor evaluations, SLAs, and due diligence
procedures.
5.4 Compliance
Summarize elements of effective security compliance.
Involves understanding and adhering to standards and
regulations like GDPR or HIPAA.
5.5 Audits
Explain types and purposes of audits and assessments.
Audits verify control effectiveness; assessments identify
gaps or misalignments.
5.6 Awareness
Given a scenario, implement security awareness practices.
Training programs build a security-minded workforce and
reduce human error.