Security and Risk Management -
Information Security, Governance, and Risk Management; Legal, Regulations, Investigations and Compliance

• Explain how the fundamental elements of governing framework can be used to provide system security (O5)
• Develop comprehensive risk management plan (O5)
• Analyze and evaluate systems with respect to maintaining operations in the presence of risks and threats (ABET)
• Differentiate between legal, regulatory, and framework compliance (M10, O5)
• Summarize the applicable laws and policies related to cyber defense and describe the major components of each pertaining to the access to, storage, dissemination, and transmission of data including international components (M7, M10, O5)

Asset Security -
Physical security, Account management, and Cryptography

• Explain how crypto can be used, strengths and weaknesses, modes, and issues that have to be addressed in an implementation (e.g. key management), etc. (M7, M9, O2, O13)
• Develop a formalized security structure containing a security policy, standards, baselines, guidelines, and procedures. (M10)
• Participate in identification, implementation, and assessment of security controls (M7, M9, M10)
• Create an information asset inventory (M7, M9, O5)

Security Engineering -
Security Architecture and Design, and Physical (Environmental) Security

• Develop appropriate security architecture by demonstrating a solid understanding of information system platforms (M3, M6, M7, O1, O3, O4, O6, O7, O10, O14, O15)
• Demonstrate cybersecurity planning process by developing detailed operational plans and conducting strategic planning (M3, M6, M7, O1, O3, O4, O6, O7, O10, O14, O15)
• Apply security principles and practices to the environment, hardware, software, and human aspects of a system (ABET)
• Utilize defensive measures and information collected from a variety of sources to identify, analyze, and report events that might occur within the network to protect information, information systems, and networks from physical threats (M8, M9, O1, O2)

Communications and Network Security -
Telecommunications and Network Security, Security Architecture and Design, and Cryptography

• Examine the key components of network security to maintain confidentiality, integrity, availability and to prevent the disruption of data flow and intrusion (M4, M5, M7, M9, O2, O3)
• Implement network defense measures by applying the knowledge of a network monitoring tools or a network mapping tool (M4, M5, M9, O2, O3)
• Establish baseline countermeasures that should be in place to counter cyber attacks (M7, M8, M9, O3, O5)
• Evaluate security mechanisms based on cryptography (M7, M9, O2, O11, O13)

Identity and Access Management -
Access Control

• Explain the primary steps of “Access Control Process” for organizations to maintain the confidentiality, integrity, and availability of that information (M7, M9, O2)
• Analyze threat information to identify vulnerabilities and potential for exploitation (M7, M9, O2)
• Perform maintenance necessary to ensure effective and efficient information technology (IT) system performance and security (M7, M9, O2)
• Explore system security monitoring tools and techniques, e.g., incident response, event monitoring, data recovery, system management administration (M7, M9, O2)
• Manage processes and tools that enable the organization to identify, document, and access intellectual capital and information content (M7)

Security Assessment and Testing -
Business Continuity and Disaster Recovery Planning, Security Architecture and Design, Physical Security, Cryptography, and Framework Compliance, e.g. NEST, PCI, HIPPA

• Explain a basic network architecture given a specific need and set of hosts/clients (M7, O3)
• Conduct an exercise to test the disaster recovery plan in a predetermined scenario (M7, O5)
• Explain which cryptographic protocols, tools, and techniques are appropriate for a given situation (M6, O13)
• Design, perform, and analyze framework compliance in a given context (M8, M10, O5)
• Examine logical access controls to data processing systems, e.g., passwords, smartcards, tokens, biometrics, cryptography (M7, M8, M9, O2, O11)

Security Operations -
Operations Security, Business Continuity and Disaster Recovery Planning, Security architecture design, and Physical Security

• Examine the fundamental security concepts for an example system and implement the appropriate management methodologies (M10, O5)
• Perform activities to mitigate possible or real-time threats (e.g., system monitoring and incidence response) (M7, M8, M9, O2, O16)
• Analyze common security failures and identify specific design principles that have been violated. (M8, M9, M7, O16)
• Employ preventive controls to decrease the threat of unintentional errors or unauthorized users accessing the system and modifying information (M7, M8, M9, O16)

Software Development Security -
Software Development Security

• Explain the security controls of the software development life cycle (SDLC) and identify the key security issues at each stage (M2, M3, M7, M9, O8, O9)
• Explain the use of abuse cases to validate software performance and security (M2, M3, O8, M9, O9)
• Explain which cryptographic protocols, tools, and techniques are appropriate for a given situation (M1, M2, M6, O8)
• Explore automation tools for software security testing (M2, M3, O8, O9)