Module 1.0 Governance, Risk, and Compliance
1.1 Given a set of organizational security requirements, implement the appropriate governance components.
· Security program documentation
· Security program management
· Governance frameworks
· Change/configuration management
· Governance risk and compliance (GRC) tools
· Data governance in staging environments
1.2 Given a set of organizational security requirements, perform risk management activities.
· Impact analysis
· Third-party risk management
· Availability risk considerations
· Confidentiality risk considerations
· Integrity risk considerations
· Privacy risk considerations
· Crisis management
· Breach response
1.3 Explain how compliance affects information security strategies.
· Awareness of industry-specific compliance
· Industry standards
· Security and reporting frameworks
· Audits vs. assessments vs. certifications
· Privacy regulations
· Awareness of cross-jurisdictional compliance requirements
1.4 Given a scenario, perform threat-modeling activities.
· Actor characteristics
· Attack patterns
· Frameworks
· Attack surface determination
· Modeling applicability of threats to the organization/environment
1.5 Summarize the information security challenges associated with artificial intelligence (AI) adoption.
· Legal and privacy implications
· Threats to the model
· AI-enabled attacks
· Risks of AI usage
· AI-enabled assistants/digital workers
Module 2.0 Security Architecture
2.1 Given a scenario, analyze requirements to design resilient systems.
· Component placement and configuration
· Availability and integrity design considerations
2.2 Given a scenario, implement security in the early stages of the systems life cycle and throughout subsequent stages.
· Security requirements definition
· Software assurance
· Continuous integration/continuous deployment (CI/CD)
· Supply chain risk management
· Hardware assurance
· End-of-life (EOL) considerations
2.3 Given a scenario, integrate appropriate controls in the design of a secure architecture.
· Attack surface management and reduction
· Detection and threat-hunting enablers
· Information and data security design
· Hybrid infrastructures
· Third-party integrations
· Control effectiveness
2.4 Given a scenario, apply security concepts to the design of access, authentication, and authorization systems.
· Provisioning/deprovisioning
· Federation
· Single sign-on (SSO)
· Conditional access
· Identity provider
· Service provider
· Attestations
· Policy decision and enforcement points
· Access control models
· Logging and auditing
· Public key infrastructure (PKI) architecture
· Access control systems
2.5 Given a scenario, securely implement cloud capabilities in an enterprise environment.
· Cloud access security broker (CASB)
· Shadow IT detection
· Shared responsibility model
· CI/CD pipeline
· Terraform
· Ansible
· Package monitoring
· Container security
· Container orchestration
· Serverless
· API security
· Cloud vs. customer-managed
· Cloud data security considerations
· Customer-to-cloud connectivity
· Cloud service integration
· Cloud service adoption
2.6 Given a scenario, integrate Zero Trust concepts into system architecture design.
· Continuous authorization
· Context-based reauthentication
· Network architecture
· API integration and validation
· Asset identification, management, and attestation
· Security boundaries
· Deperimeterization
· Defining subject-object relationships
Module 3.0 Security Engineering
3.1 Given a scenario, troubleshoot common issues with identity and access management (IAM) components in an enterprise environment.
· Subject access control
· Biometrics
· Secrets management
· Attestation
· Cloud IAM access and trust policies
· Logging and monitoring
· Privilege identity management
· Authentication and authorization - Security Assertions Markup Lang
3.2 Given a scenario, analyze requirements to enhance the security of endpoints and servers.
· Application control
· Endpoint detection response (EDR)
· Event logging and monitoring
· Endpoint privilege management
· Attack surface monitoring and reduction
· Host-based intrusion protection system/ host-based detection system (HIPS/ HIDS)
· Anti-malware
· SELinux
· Host-based firewall
· Browser isolation
· Configuration management
· Mobile device management (MDM) technologies
· Threat-actor tactics, techniques, and procedures (TTPs)
3.3 Given a scenario, troubleshoot complex network infrastructure security issues.
· Network misconfigurations
· IPS/IDS issues
· Observability
· Domain Name System (DNS) security
· Transport Layer Security (TLS) errors
· Cipher mismatch • PKI issues
· Issues with cryptographic implementations
· DoS/distributed denial of service (DDoS)
· Resource exhaustion
· Network access control list (ACL) issues
3.4 Given a scenario, implement hardware security technologies and techniques.
· Roots of trust
· Virtual hardware
· Host-based encryption
· Self-encrypting drive (SED)
· Secure Boot
· Measured boot
· Self-healing hardware
· Tamper detection and countermeasures
· Threat-actor TTPs
3.5 Given a set of requirements, secure specialized and legacy systems against threats.
· Operational technology (OT)
· Internet of Things (IoT)
· System-on-chip (SoC)
· Embedded systems
· Wireless technologies/radio frequency (RF)
· Security and privacy considerations
3.6 Given a scenario, use automation to secure the enterprise.
· Scripting
· Cron/scheduled tasks
· Event-based triggers
· Infrastructure as code (IaC)
· Configuration files
· Cloud APIs/software development kits (SDKs)
· Generative AI
· Containerization
· Automated patching
· Auto-containment
· Security orchestration, automation, and response (SOAR)
· Vulnerability scanning and reporting
· Security Content Automation Protocol (SCAP)
3.7 Explain the importance of advanced cryptographic concepts.
· Post-quantum cryptography (PQC)
· Key stretching and splitting
· Homomorphic encryption
· Forward secrecy
· Hardware acceleration
· Envelope encryption
· Performance vs. security
· Secure multiparty computation
· Authenticated encryption with associated data (AEAD)
· Mutual authentication
3.8 Given a scenario, apply the appropriate cryptographic use case and/or technique.
Module 4.0 Security Operations
4.1 Given a scenario, analyze data to enable monitoring and response activities.
· Security information event management (SIEM)
· Aggregate data analysis
· Behavior baselines and analytics
4.2 Given a scenario, analyze vulnerabilities and attacks, and recommend solutions to reduce the attack surface.
· Vulnerabilities and attacks
· Mitigations
4.3 Given a scenario, apply threat-hunting and threat intelligence concepts.
· Internal intelligence sources
· External intelligence sources
· Counterintelligence and operational security
· Threat intelligence platforms (TIPs)
· Indicator of compromise (IoC) sharing
· Rule-based languages
4.4 Given a scenario, analyze data and artifacts in support of incident response activities.
· Malware analysis
· Reverse engineering
· Volatile/non-volatile storage analysis
· Network analysis
· Host analysis
· Metadata analysis
· Data recovery and extraction
· Threat response
· Preparedness exercises
· Timeline reconstruction
· Root cause analysis
· Cloud workload protection platform (CWPP)
· Insider threat