Module 1: Security & Risk Management
- Security Governance Principles
- Compliance
- Professional Ethics
- Security Documentation
- Risk Management
- Threat Modeling
- Business Continuity Plan Fundamentals
- Acquisition Strategy and Practice
- Personnel Security Policies
- Security Awareness and Training
Module 2: Asset Security
- Asset Security
- Privacy Protection
- Asset Retention
- Data Security Controls
- Secure Data Handling
Module 3: Security Engineering
- Security in the Engineering Lifecycle
- System Component Security
- Security Models
- Controls and Countermeasures in Enterprise Security
- Information System Security Capabilities
- Design and Architecture Vulnerability Mitigation
- Vulnerability Mitigation in Embedded, Mobile, and Web-Based Systems
- Cryptography Concepts
- Cryptography Techniques
- Site and Facility Design for Physical Security
- Physical Security Implementation in Sites and Facilities
Module 4: Communications and Network Security
- Network Protocol Security
- Network Components Security
- Communication Channel Security
- Network Attack Mitigation
Module 5: Identity and Access Management
- Physical and Logical Access Control
- Identification, Authentication, and Authorization
- Identity as a Service
- Authorization Mechanisms
- Access Control Attack Mitigation
Module 6: Security Assessment and Testing
- System Security Control Test
- Software Security Control Testing
- Security Process Data Collection
- Audits
Module 7: Security Operations
- Security Operations Concepts
- Physical Security
- Personnel Security
- Logging and Monitoring
- Preventative Measures
- Resource Provisioning and Protection
- Patch and Vulnerability Management
- Change Management
- Incident Response
- Investigations
- Disaster Recovery Planning
- Disaster Recovery Strategies
- Disaster Recovery Implementation
Module 8: Software Development Security
- Security Principles in the System Lifecycle
- Security Principles in the Software Development Lifecycle
- Database Security in Software Development
- Security Controls in the Development Environment
- Software Security Effectiveness Assessment