Chapter 1: Security Governance Through Principles and Policies
- Security 101
- Understand and Apply Security Concepts
- Security Boundaries
- Evaluate and Apply Security Governance Principles
- Manage the Security Function
- Security Policy, Standards, Procedures, and Guidelines
- Threat Modeling
- Supply Chain Risk Management
Chapter 2: Personnel Security and Risk Management Concepts
- Personnel Security Policies and Procedures
- Understand and Apply Risk Management Concepts
- Social Engineering
- Establish and Maintain a Security Awareness, Education, and Training Program
Chapter 3: Business Continuity Planning
- Planning for Business Continuity
- Project Scope and Planning
- Business Impact Analysis
- Continuity Planning
- Plan Approval and Implementation
Chapter 4: Laws, Regulations, and Compliance
- Categories of Laws
- Laws
- State Privacy Laws
- Compliance
- Contracting and Procurement
Chapter 5: Protecting Security of Assets
- Identifying and Classifying Information and Assets
- Establishing Information and Asset Handling Requirements
- Data Protection Methods
- Understanding Data Roles
- Using Security Baselines
Chapter 6: Cryptography and Symmetric Key Algorithms
- Cryptographic Foundations
- Modern Cryptography
- Symmetric Cryptography
- Cryptographic Life Cycle
Chapter 7: PKI and Cryptographic Applications
- Asymmetric Cryptography
- Hash Functions
- Digital Signatures
- Public Key Infrastructure
- Asymmetric Key Management
- Hybrid Cryptography
- Applied Cryptography
- Cryptographic Attacks
Chapter 8: Principles of Security Models, Design, and Capabilities
- Secure Design Principles
- Techniques for Ensuring CIA
- Understand the Fundamental Concepts of Security Models
- Select Controls Based on Systems Security Requirements
- Understand Security Capabilities of Information Systems
Chapter 9: Security Vulnerabilities, Threats, and Countermeasures
- Shared Responsibility
- Data Localization and Data Sovereignty
- Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements
- Client-Based Systems
- Server-Based Systems
- Industrial Control Systems
- Distributed Systems
- High-Performance Computing (HPC) Systems
- Real‐Time Operating Systems
- Internet of Things
- Edge and Fog Computing
- Embedded Devices and Cyber-Physical Systems
- Microservices
- Infrastructure as Code
- Immutable Architecture
- Virtualized Systems
- Containerization
- Mobile Devices
- Essential Security Protection Mechanisms
- Common Security Architecture Flaws and Issues
Chapter 10: Physical Security Requirements
- Apply Security Principles to Site and Facility Design
- Implement Site and Facility Security Controls
- Implement and Manage Physical Security
Chapter 11: Secure Network Architecture and Components
- OSI Model
- TCP/IP Model
- Analyzing Network Traffic
- Common Application Layer Protocols
- Transport Layer Protocols
- Domain Name System
- Internet Protocol (IP) Networking
- ARP Concerns
- Secure Communication Protocols
- Implications of Multilayer Protocols
- Segmentation
- Wireless Networks
- Edge Networks
- Satellite Communications
- Cellular Networks
- Content Distribution Networks (CDNs)
- Secure Network Components
Chapter 12: Secure Communications and Network Attacks
- Protocol Security Mechanisms
- Secure Voice Communications
- Remote Access Security Management
- Multimedia Collaboration
- Monitoring and Management
- Load Balancing
- Manage Email Security
- Virtual Private Network
- Switching and Virtual LANs
- Network Address Translation
- Third-Party Connectivity
- Switching Technologies
- WAN Technologies
- Fiber-Optic Links
- Prevent or Mitigate Network Attacks
Chapter 13: Managing Identity and Authentication
- Controlling Access to Assets
- The AAA Model
- Implementing Identity Management
- Managing the Identity and Access Provisioning Life Cycle
Chapter 14: Controlling and Monitoring Access
- Comparing Access Control Models
- Implementing Authentication Systems
- Zero‐Trust Access Policy Enforcement
- Understanding Access Control Attacks
Chapter 15: Security Assessment and Testing
- Building a Security Assessment and Testing Program
- Performing Vulnerability Assessments
- Testing Your Software
- Training and Exercises
- Implementing Security Management Processes and Collecting Security Process Data
Chapter 16: Managing Security Operations
- Apply Foundational Security Operations Concepts
- Address Personnel Safety and Security
- Provision Information and Assets Securely
- Managed Services in the Cloud
- Perform Configuration Management (CM)
- Manage Change
- Manage Patches and Reduce Vulnerabilities
Chapter 17: Preventing and Responding to Incidents
- Conducting Incident Management
- Implementing Detection and Preventive Measures
- Logging and Monitoring
- Automating Incident Response
Chapter 18: Disaster Recovery Planning
- The Nature of Disaster
- Understand System Resilience, High Availability, and Fault Tolerance
- Recovery Strategy
- Recovery Plan Development
- Training, Awareness, and Documentation
- Testing and Maintenance
Chapter 19: Investigations and Ethics
- Investigations
- Major Categories of Computer Crime
- Ethics
Chapter 20: Software Development Security
- Introducing Systems Development Controls
- Establishing Databases and Data Warehousing
- Storage Threats
- Understanding Knowledge-Based Systems
Chapter 21: Malicious Code and Application Attacks
- Malware
- Malware Prevention
- Application Attacks
- Injection Vulnerabilities
- Exploiting Authorization Vulnerabilities
- Exploiting Web Application Vulnerabilities
- Application Security Controls
- Secure Coding Practices