Domain 1: Security and Risk Management
Security concepts, principles, governance, compliance
- Security frameworks & policies
- Risk assessment & management
- Business continuity planning
- Legal regulations & compliance
Domain 2: Asset Security
Information and asset classification, ownership, protection
- Data classification & handling
- Privacy protection
- Asset retention policies
- Data security controls
Domain 3: Security Architecture and Engineering
Security models, design principles, cryptography
- Security models & frameworks
- Cryptography & PKI
- Physical security controls
- Secure system architecture
Domain 4: Communication and Network Security
Network architecture, secure network components, protocols
- Network architectures & protocols
- Secure network components
- Secure communication channels
- Network attacks & countermeasures
Domain 5: Identity and Access Management
Authentication, authorization, access control systems
- Identity management lifecycle
- Authentication systems & factors
- Access control models
- Federation & single sign-on
Domain 6: Security Assessment and Testing
Security testing strategies, auditing, reporting
- Security testing strategies
- Vulnerability management
- Security audits & reviews
- Security monitoring & metrics
Domain 7: Security Operations
Investigations, incident management, disaster recovery
- Incident response & handling
- Digital forensics
- Disaster recovery processes
- Security awareness training
Domain 8: Software Development Security
Security in SDLC, development methodologies, vulnerabilities
- Secure coding practices
- Security in SDLC
- Code analysis & testing
- Software vulnerabilities
