# |
Course Module (Learning Outcome) |
Module Topics |
Module Sub Topics |
~Hrs |
1 |
Security and Risk Management (Security, Risk, Compliance, Law, Regulations, and Business Continuity) |
Security Governance Through Principles and Policies |
- Understand and Apply Concepts of Confidentiality, Integrity, and Availability Apply Security Governance Principles
- Understand and Apply Concepts of Confidentiality, Integrity, and Availability Apply Security Governance Principles
- Develop and Implement Documented Security Policy, Standards, Procedures and Guidelines
- Understand and Apply Threat Modeling
- Integrate Security Risk Considerations into Acquisition Strategy and Practice
- Summary
|
2 |
|
|
Personnel Security and Risk Management Concepts |
- Contribute to Personnel Security Policies
- Security Governance
- Understand and Apply Risk Management Concepts
- Establish and Manage Information Security Education, Training, and Awareness
- Manage the Security Function
- Summary
|
2 |
|
|
Business Continuity Planning |
- Planning for Business Continuity
- Project Scope and Planning
- Business Impact Assessment
- Continuity Planning
- BCP Documentation
- Summary
|
1.5 |
|
|
Laws, Regulations, and Compliance |
- Categories of Laws
- Laws
- Compliance
- Contracting and Procurement
- Summary
|
1.5 |
2 |
Asset Security (Protecting Security of Assets) |
Protecting Security of Assets |
- Classifying and Labeling Assets
- Identifying Data Roles
- Protecting Privacy
- Summary
|
1.5 |
3 |
Security Architecture and Engineering (Engineering and Management of Security) |
Cryptography and Symmetric Key Algorithms |
- Historical Milestones in Cryptography
- Cryptographic Basics
- Modern Cryptography
- Symmetric Cryptography
- Cryptographic Life Cycle
- Summary
|
2 |
|
|
PKI and Cryptographic Applications |
- Asymmetric Cryptography
- Hash Functions
- Digital Signatures
- Public Key Infrastructure
- Asymmetric Key Management
- Applied Cryptography
- Cryptographic Attacks
- Summary
|
1.5 |
|
|
Principles of Security Models, Design, and Capabilities |
- Implement and Manage Engineering Processes Using Secure Design Principles
- Understand the Fundamental Concepts of Security Models
- Select Controls and Countermeasures Based on Systems Security Evaluation
Models
- Understand Security Capabilities of Information Systems
- Summary
|
2 |
|
|
Security Vulnerabilities, Threats, and Countermeasures |
- Assess and Mitigate Security Vulnerabilities
- Client-Based
- Server-Based
- Database Security
- Distributed Systems
- Industrial Control Systems
- Assess and Mitigate Vulnerabilities in Web-Based Systems
- Assess and Mitigate Vulnerabilities in Mobile Systems
- Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical Systems
- Essential Security Protection Mechanisms
- Common Architecture Flaws and Security Issues
- Summary
|
3 |
|
|
Physical Security Requirements |
- Apply Secure Principles to Site and Facility Design
- Design and Implement Physical Security
- Implement and Manage Physical Security
- Summary
|
1.5 |
4 |
Communications and Network Security (Designing and Protecting Network Security) |
Secure Network Architecture and Securing Network Components |
- OSI Model
- TCP/IP Model
- Converged Protocols
- Wireless Networks
- General Wi-Fi Security Procedure
- Cabling, Wireless, Topology, and Communications Technology
- Summary
|
3 |
|
|
Secure Communications and Network Attacks |
- Network and Protocol Security Mechanisms
- Secure Voice Communications
- Multimedia Collaboration
- Manage Email Security
- Remote Access Security Management
- Virtual Private Network
- Virtualization
- Network Address Translation
- Switching Technologies
- WAN Technologies
- Miscellaneous Security Control Characteristics
- Security Boundaries
- Prevent or Mitigate Network Attacks
- Summary
|
2.5 |
5 |
Identity and Access Management (Controlling Access and Managing Identity) |
Managing Identity and Authentication |
- Controlling Access to Assets
- Comparing Identification and Authentication
- Implementing Identity Management
- Managing the Identity and Access Provisioning Life Cycle
- Summary
|
1.5 |
|
|
Controlling and Monitoring Access |
- Comparing Access Control Models
- Understanding Access Control Attacks
- Summary
|
1.5 |
6 |
Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing) |
Security Assessment and Testing |
- Building a Security Assessment and Testing Program
- Performing Vulnerability Assessments
- Testing Your Software
- Implementing Security Management Processes
- Summary
|
1.5 |
7 |
Security Operations (Foundational Concepts, Investigations, Incident Management, and Disaster Recovery) |
Managing Security Operations |
- Applying Security Operations Concepts
- Provisioning and Managing Resources
- Managing Configuration
- Managing Change
- Managing Patches and Reducing Vulnerabilities
- Summary
|
1.5 |
|
|
Preventing and Responding to Incidents |
- Managing Incident Response
- Implementing Preventive Measures
- Logging, Monitoring, and Auditing
- Summary
|
3 |
|
|
Disaster Recovery Planning |
- The Nature of Disaster
- Understand System Resilience and Fault Tolerance
- Recovery Strategy
- Recovery Plan Development
- Training, Awareness, and Documentation
- Testing and Maintenance
- Summary
|
2 |
|
|
Incidents and Ethics |
- Investigations
- Major Categories of Computer Crime
- Incident Handling
- Ethics
- Summary
|
1.5 |
8 |
Software Development Security (Understanding, Applying, and Enforcing Software Security) |
Software Development Security |
- Introducing Systems Development Controls
- Establishing Databases and Data Warehousing
- Storing Data and Information
- Understanding Knowledge-Based Systems
- Summary
|
2 |
|
|
Malicious Code and Application Attacks |
- Malicious Code
- Password Attacks
- Application Attacks
- Web Application Security
- Reconnaissance Attacks
- Masquerading Attacks
- Summary
|
1.5 |
|
40 |