IT Security/Objectives
1.0 General Security Concepts
edit1.1 Compare and contrast various types of security controls
edit
|
|
1.2 Summarize fundamental security concepts
edit
|
|
1.3 Explain the importance of change management processes and the impact to security.
edit
|
|
1.4 Explain the importance of using appropriate cryptographic solutions.
edit
|
|
2.0 Threats, Vulnerabilities, and Mitigations
edit2.1 Compare and contrast common threat actors and motivations.
edit
|
|
2.2 Explain common threat vectors and attack surfaces.
edit
|
|
2.3 Explain various types of vulnerabilities.
edit
|
|
2.4 Given a scenario, analyze indicators of malicious activity.
edit
|
|
2.5 Explain the purpose of mitigation techniques used to secure the enterprise.
edit
|
|
3.0 Security Architecture
edit3.1 Compare and contrast security implications of different architecture models.
edit
|
|
3.2 Given a scenario, apply security principles to secure enterprise infrastructure.
edit
|
|
3.3 Compare and contrast concepts and strategies to protect data.
edit
|
|
3.4 Explain the importance of resilience and recovery in security architecture.
edit
|
|
4.0 Security Operations
edit4.1 Given a scenario, apply common security techniques to computing resources.
edit
|
|
4.2 Explain the security implications of proper hardware, software, and data asset management.
edit
|
|
4.3 Explain various activities associated with vulnerability management.
edit
|
|
4.4 Explain security alerting and monitoring concepts and tools.
edit
|
|
4.5 Given a scenario, modify enterprise capabilities to enhance security.
edit
|
|
4.6 Given a scenario, implement and maintain identity and access management.
edit
|
|
4.7 Explain the importance of automation and orchestration related to secure operations.
edit
|
|
4.8 Explain appropriate incident response activities.
edit
|
|
4.9 Given a scenario, use data sources to support an investigation
edit
|
|
5.0 Security Program Management and Oversight
edit5.1 Summarize elements of effective security governance.
edit
|
|
5.2 Explain elements of the risk management process
edit
|
|
5.3 Explain the processes associated with third-party risk assessment and management.
edit
|
|
5.4 Summarize elements of effective security compliance.
edit
|
|
5.5 Explain types and purposes of audits and assessments.
edit
|
|
5.6 Given a scenario, implement security awareness practices.
edit
|
|