Detailed Course Outline
Domain 1: Security Operations and Administration
- Comply with codes of ethics
- Understand security concepts
- Identify and implement security controls
- Document and maintain functional security controls
- Participate in asset management lifecycle
- Participate in change management lifecycle
- Participate in implementing security awareness and training
- Collaborate with physical security operations
Domain 2: Access Controls
- Implement and maintain authentication methods
- Support internetwork trust architectures
- Participate in the identity management lifecycle
- Understand and apply access controls
Domain 3: Risk Identification, Monitoring, and Analysis
- Understand the risk management process
- Understand legal and regulatory concerns
- Participate in security assessment and vulnerability management activities
- Operate and monitor security platforms
- Analyze monitoring results
Domain 4: Incident Response and Recovery
- Support incident lifecycle
- Understand and support forensic investigations
- Understand and support Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) activities
Domain 5: Cryptography
- Understand cryptography
- Apply cryptography concepts
- Understand and implement secure protocols
- Understand Public Key Infrastructure (PKI) systems
Domain 6: Network and Communication Security
- Understand and apply fundamental concepts of networking
- Understand network attacks and countermeasures (e.g., DDoS, man-in-the-middle, DNS poisoning)
- Manage network access controls
- Manage network security
- Operate and configure network-based security devices
- Secure wireless communications
Domain 7: Systems and Application Security
- Identify and analyze malicious code and activity
- Implement and operate endpoint device security
- Administer Mobile Device Management (MDM)
- Understand and configure cloud security
- Operate and maintain secure virtual environments