Risk Management 19%

• Partnerships
• Outsourcing
• Cloud
• Acquisition/merger – divestiture/demerger
  Data ownership
  Data reclassification

3.Security concerns of integrating diverse industries

• Rules
• Policies
• Regulations
  Export controls
  Legal requirements
• Geography
  Data sovereignty
  Jurisdictions

4.Internal and external influences

• Competitors
• Auditors/audit findings
• Regulatory entities
• Internal and external client requirements
• Top-level management

5.Impact of de-perimeterization (e.g., constantly changing network boundary)

• Telecommuting
• Cloud
• Mobile
• BYOD
• Outsourcing
• Ensuring third-party providers have requisite levels of information security

• New business
• New technologies
• Environmental changes
• Regulatory requirements
• Emerging risks

2.Support legal compliance and advocacy by partnering with human resources, legal, management and other entities
3.Understand common business documents to support security

• Risk assessment (RA)
• Business impact analysis (BIA)
• Interoperability agreement (IA)
• Interconnection security agreement (ISA)
• Memorandum of understanding (MOU)
• Service-level agreement (SLA)
• Operating-level agreement (OLA)
• Non-disclosure agreement (NDA)
• Business partnership agreement (BPA)
• Master service agreement (MSA)

4.Research security requirements for contracts

• Request for proposal (RFP)
• Request for quote (RFQ)
• Request for information (RFI)

5.Understand general privacy principles for sensitive information
6.Support the development of policies containing standard security practices

• Separation of duties
• Job rotation
• Mandatory vacation
• Least privilege
• Incident response
• Forensic tasks
• Employment and termination procedures
• Continuous monitoring
• Training and awareness for users
• Auditing requirements and frequency
• Information classification

• Magnitude of impact based on ALE and SLE
• Likelihood of threat
  Motivation
  Source
  ARO
  Trend analysis
• Return on investment (ROI)
• Total cost of ownership

8.Translate technical risks in business terms
9.Recommend which strategy should be applied based on risk appetite

• Avoid
• Transfer
• Mitigate
• Accept

10.Risk management processes

• Exemptions
• Deterrence
• Inherent
• Residual

11.Continuous improvement/monitoring
12.Business continuity planning

• RTO
• RPO
• MTTR
• MTBF

13.IT governance

• Adherence to risk management frameworks

14.Enterprise resilience

• Gap analysis
• Lessons learned
• After-action reports

2.Reverse engineer/deconstruct existing solutions
3.Creation, collection and analysis of metrics

• KPIs
• KRIs

4.Prototype and test multiple solutions
5.Create benchmarks and compare to baselines
6.Analyze and interpret trend data to anticipate cyber defense needs
7.Analyze security solution metrics and attributes to ensure they meet business needs

• Performance
• Latency
• Scalability
• Capability
• Usability
• Maintainability
• Availability
• Recoverability
• ROI
• TCO

8.Use judgment to solve problems where the most secure solution is not feasible

Enterprise Security Architecture 25%

• UTM
• IDS/IPS
• NIDS/NIPS
• INE
• NAC
• SIEM
• Switch
• Firewall
• Wireless controller
• Router
• Proxy
• Load balancer
• HSM
• MicroSD HSM

2.Application and protocol-aware technologies

• WAF
• Firewall
• Passive vulnerability scanners
• DAM

3.Advanced network design (wired/wireless)

• Remote access
  VPN
  IPSec
  SSL/TLS
  SSH
  RDP
  VNC
  VDI
  Reverse proxy
• IPv4 and IPv6 transitional technologies
• Network authentication methods
• 802.1x
• Mesh networks
• Placement of fixed/mobile devices
• Placement of hardware and applications

4.Complex network security solutions for data flow

• DLP
• Deep packet inspection
• Data flow enforcement
• Network flow (S/flow)
• Data flow diagram

5.Secure configuration and baselining of networking and security components
6.Software-defined networking
7.Network management and monitoring tools

• Alert definitions and rule writing
• Tuning alert thresholds
• Alert fatigue

8.Advanced configuration of routers, switches and other network devices

• Transport security
• Trunking security
• Port security
• Route protection
• DDoS protection
• Remotely triggered black hole

9.Security zones

• DMZ
• Separation of critical assets
• Network segmentation

10. Network access control

• Quarantine/remediation
• Persistent/volatile ornon-persistent agent
• Agent vs. agentless

11.Network-enabled devices

• System on a chip (SoC)
• Building/home automation systems
• IP video
• HVAC controllers
• Sensors
• Physical access control systems
• A/V systems
• Scientific/industrial equipment

12.Critical infrastructure

• Supervisory control and data acquisition (SCADA)
• Industrial control systems (ICS)

• SELinux
• SEAndroid
• TrustedSolaris
• Least functionality

2.Endpoint security software

• Anti-malware
• Antivirus
• Anti-spyware
• Spam filters
• Patch management
• HIPS/HIDS
• Data loss prevention
• Host-based firewalls
• Log monitoring
• Endpoint detection response

3.Host hardening

• Standard operating environment/ configuration baselining
  Application whitelisting and blacklisting
• Security/group policy implementation
• Command shell restrictions
• Patch management
  Manual
  Automated
  Scripting and replication
• Configuring dedicated interfaces
  Out-of-band management
  ACLs
  Management interface
  Data interface
• External I/O restrictions
  USB
  Wireless
  Bluetooth
  NFC
  IrDA
  RF
  802.11
  RFID
  Drive mounting
  Drive mapping
  Webcam
  Recording mic
  Audio output
  SD port
  HDMI port
• File and disk encryption
• Firmware updates

4.Boot loader protections

• Secure boot
• Measured launch
• Integrity measurement architecture
• BIOS/UEFI
• Attestation services
• TPM

5.Vulnerabilities associated with hardware
6.Terminal services/application delivery services

• Containerization
• Configuration profiles and payloads
• Personally owned, corporate-enabled
• Application wrapping
• Remote assistance access
  VNC
  Screen mirroring
• Application, content and data management
• Over-the-air updates (software/firmware)
• Remote wiping
• SCEP
• BYOD
• COPE
• VPN
• Application permissions
• Side loading
• Unsigned apps/system apps
• Context-aware management
  Geolocation/geofencing
  User behavior
  Security restrictions
  Time-based restrictions

2.Security implications/privacy concerns

• Data storage
  Non-removable storage
  Removable storage
  Cloud storage
  Transfer/backup data to uncontrolled storage
• USB OTG
• Device loss/theft
• Hardware anti-tamper
  eFuse
• TPM
• Rooting/jailbreaking
• Push notification services
• Geotagging
• Encrypted instant messaging apps
• Tokenization
• OEM/carrier Android fragmentation
• Mobile payment
  NFC-enabled
  Inductance-enabled
  Mobile wallet
  Peripheral-enabled payments (credit card reader)
• Tethering
  USB
  Spectrum management
  Bluetooth 3.0 vs. 4.1
• Authentication
  Swipe pattern
  Gesture
  Pin code
  Biometric
  Facial
  Fingerprint
  Iris scan
• Malware
• Unauthorized domain bridging
• Baseband radio/SOC
• Augmented reality
• SMS/MMS/messaging

3.Wearable technology

• Devices
  Cameras
  Watches
  Fitness devices
  Glasses
  Medical sensors/devices
  Headsets
• Security implications
  Unauthorized remote activation/ deactivation of devices or features
  Encrypted and unencrypted communication concerns
  Physical reconnaissance
  Personal data theft
  Health privacy
  Digital forensics of collected data

• Secure: by design, by default, by deployment

2.Specific application issues

• Unsecure direct object references
• XSS
• Cross-site request forgery (CSRF)
• Click-jacking
• Session management
• Input validation
• SQL injection
• Improper error and exception handling
• Privilege escalation
• Improper storage of sensitive data
• Fuzzing/fault injection
• Secure cookie storage and transmission
• Buffer overflow
• Memory leaks
• Integer overflows
• Race conditions
  Time of check
  Time of use
• Resource exhaustion
• Geotagging
• Data remnants
• Use of third-party libraries
• Code reuse

3.Application sandboxing
4.Secure encrypted enclaves
5.Database activity monitor
6.Web application firewalls
7.Client-side processing vs. server-side processing

• JSON/REST
• Browser extensions
  ActiveX
  Java applets
• HTML5
• AJAX
• SOAP
• State management
• JavaScript

8.Operating system vulnerabilities
9.Firmware vulnerabilities

Enterprise Security Operations 20%

• Malware sandboxing
• Memory dumping, runtime debugging
• Reconnaissance
• Fingerprinting
• Code review
• Social engineering
• Pivoting
• Open source intelligence
  Social media
  Whois
  Routing tables
  DNS records
  Search engines

2.Types

• Penetration testing
  Black box
  White box
  Gray box
• Vulnerability assessment
• Self-assessment
  Tabletop exercises
• Internal and external audits
• Color team exercises
  Red team
  Blue team
  White team

1.Network tool types

• Port scanners
• Vulnerability scanners
• Protocol analyzer
  Wired
  Wireless
• SCAP scanner
• Network enumerator
• Fuzzer
• HTTP interceptor
• Exploitation tools/frameworks
• Visualization tools
• Log reduction and analysis tools

2.Host tool types

• Password cracker
• Vulnerability scanner
• Command line tools
• Local exploitation tools/frameworks
• SCAP tool
• File integrity monitoring
• Log analysis tools
• Antivirus
• Reverse engineering tools

3.Physical security tools

• Lock picks
• RFID tools
• IR camera

• Electronic inventory and asset control
• Data retention policies
• Data recovery and storage
• Data ownership
• Data handling
• Legal holds

2.Data breach

• Detection and collection
  Data analytics
• Mitigation
  Minimize
  Isolate
• Recovery/reconstitution
• Response
• Disclosure

3.Facilitate incident detection and response

• Hunt teaming
• Heuristics/behavioral analytics
• Establish and review system, audit and security logs

4.Incident and emergency response

• Chain of custody
• Forensic analysis of compromised system
• Continuity of operations
• Disaster recovery
• Incident response team
• Order of volatility

5.Incident response support tools

• dd
• tcpdump
• nbtstat
• netstat
• nc (Netcat)
• memdump
• tshark
• foremost

6.Severity of incident or breach

• Scope
• Impact
• Cost
• Downtime
• Legal ramifications

7.Post-incident response

• Root-cause analysis
• Lessons learned
• After-action report

Technical Integration of Enterprise Security 23%

1.Adapt data flow security to meet changing business needs
2.Standards

• Open standards
• Adherence to standards
• Competing standards
• Lack of standards
• De facto standards

3.Interoperability issues

• Legacy systems and software/current systems
• Application requirements
• Software types
  In-house developed
  Commercial
  Tailored commercial
  Open source
• Standard data formats
• Protocols and APIs

4.Resilience issues

• Use of heterogeneous components
• Course of action automation/orchestration
• Distribution of critical assets
• Persistence and non- persistence of data
• Redundancy/high availability
• Assumed likelihood of attack

5.Data security considerations

• Data remnants
• Data aggregation
• Data isolation
• Data ownership
• Data sovereignty
• Data volume

6.Resources provisioning and deprovisioning

• Users
• Servers
• Virtual devices
• Applications
• Data remnants

7.Design considerations during mergers, acquisitions and demergers/divestitures
8.Network secure segmentation and delegation
9.Logical deployment diagram and corresponding physical deployment diagram of all relevant devices
10. Security and privacy considerations of storage integration
11.Security implications of integrating enterprise applications

• CRM
• ERP
• CMDB
• CMS
• Integration enablers
  Directory services
  DNS
  SOA
  ESB

• Cloud and virtualization considerations and hosting options
  Public
  Private
  Hybrid
  Community
  Multi-tenancy
  Single tenancy
• On-premise vs. hosted
• Cloud service models
  SaaS
  IaaS
  PaaS

2.Security advantages and disadvantages of virtualization

• Type 1 vs. Type 2 hypervisors
• Container-based
• vTPM
• Hyperconverged infrastructure
• Virtual desktop infrastructure
• Secure enclaves and volumes

3.Cloud augmented security services

• Anti-malware
• Vulnerability scanning
• Sandboxing
• Content filtering
• Cloud security broker
• Security as a service
• Managed security service providers

4.Vulnerabilities associated with comingling of hosts with different security requirements

• VMEscape
• Privilege elevation
• Live VM migration
• Data remnants

5.Data security considerations

• Vulnerabilities associated with a single server hosting multiple data types
• Vulnerabilities associated with a single platform hosting multiple data types/owners on multiple virtual machines

6.Resources provisioning and deprovisioning

• Virtual devices
• Data remnants

• Certificate-based authentication
• Single sign-on
• 802.1x
• Context-aware authentication
• Push-based authentication

2.Authorization

• OAuth
• XACML
• SPML

3.Attestation
4.Identity proofing
5.Identity propagation
6.Federation

• SAML
• OpenID
• Shibboleth
• WAYF

7.Trust models

• RADIUS configurations
• LDAP
• AD

• Key stretching
• Hashing
• Digital signature
• Message authentication
• Code signing
• Pseudo-random number generation
• Perfect forward secrecy
• Data-in-transit encryption
• Data-in-memory/processing
• Data-at-rest encryption
  Disk
  Block
  File
  Record
• Steganography

2.Implementations

• Crypto modules
• Crypto processors
• Cryptographic service providers
• DRM
• Watermarking
• GPG
• SSL/TLS
• SSH
• S/MIME
• Cryptographic applications and proper/improper implementations
  Strength
  Performance
  Feasibility to implement
  Interoperability
• Stream vs. block
• PKI
  Wild card
  OCSP vs. CRL
  Issuance to entities
  Key escrow
  Certificate
  Tokens
  Stapling
  Pinning
• Cryptocurrency/blockchain
• Mobile device encryption considerations
• Elliptic curve cryptography
• P-256 vs. P-384 vs. P521

• Resource and services
• Desktop and application sharing
• Remote assistance

2.Unified collaboration tools

• Conferencing
  Web
  Video
  Audio
• Storage and document collaboration tools
• Unified communication
• Instant messaging
• Presence
• Email
• Telephony and VoIP integration
• Collaboration sites
  Social media
  Cloud-based

Research, Development and Collaboration 13%

1.Perform ongoing research

• Best practices
• New technologies, securitysystems and services
• Technology evolution (e.g., RFCs, ISO)

2. Threat intelligence

• Latest attacks
• Knowledge of currentvulnerabilities and threats
• Zero-day mitigation controls and remediation
• Threat model

3.Research security implications of emerging business tools

• Evolving social media platforms
• Integration within the business
• Big Data
• AI/machine learning

4.Global IA industry/community

• Computer emergency response team (CERT)
• Conventions/conferences
• Research consultants/vendors
• Threat actor activities
• Emerging threat sources

1. Systems development life cycle

• Requirements
• Acquisition
• Test and evaluation
• Commissioning/decommissioning
• Operational activities
  Monitoring
  Maintenance
  Configuration and change management
• Asset disposal
• Asset/object reuse

2.Software development life cycle

• Application security frameworks
• Software assurance
  Standard libraries
  Industry-accepted approaches
  Web services security (WS-security)
  Forbidden coding techniques
  NX/XN bit use
  ASLR use
  Code quality
  Code analyzers
  Fuzzer
  Static
  Dynamic
• Development approaches
  DevOps
  Security implications of agile, waterfall and spiral software development methodologies
  Continuous integration
  Versioning
• Secure coding standards
• Documentation
  Security requirements traceability matrix (SRTM)
  Requirements definition
  System design document
  Testing plans
• Validation and acceptance testing
  Regression
  User acceptance testing
  Unit testing
  Integration testing
  Peer review

3.Adapt solutions to address:

• Emerging threats
• Disruptive technologies
• Security trends

4.Asset management (inventory control)

• Sales staff
• Programmer
• Database administrator
• Network administrator
• Management/executive management
• Financial
• Human resources
• Emergency response team
• Facilities manager
• Physical security manager
• Legal counsel

2.Provide objective guidance and impartial recommendations to staff and senior management on security processes and controls
3.Establish effective collaboration within teams to implement secure solutions
4.Governance, risk and compliance committee