Identify and implement security controls

• Technical, physical controls, administrative control

• Assessing compliance

• Periodic audit and review

Document and maintain functional security controls

• Deterrent controls

• Preventative controls

• Detective controls

• Corrective controls

• Compensating controls

Participate in asset management lifecycle

• Process, planning, design and initiation

• Development/acquisition

• Inventory and licensing

• Implementation/assessment

• Operation/maintenance

• Archiving and retention requirements

• Disposal and destruction

Participate in change management lifecycle

• Change management (roles, responsibilities, processes)

• Security impact analysis

• Configuration management

• Collaborate with physical security operations

Implement and maintain authentication methods

• Single/multi-factor authentication

• SSO, ADFS, OpenID Connect

• Device authentication

• OAuth2, SAML

Participate in the identity management lifecycle

• Authorization

• Proofing

• Provisioning/de-provisioning

• Maintenance

• Entitlement

• Identity and access management

Understand and apply access controls

• Mandatory

• Discretionary

• Role-based, rule-based

Understand the risk management process

• Risk visibility and reporting

• Risk management concepts and frameworks

• Risk tolerance, risk treatment

• Understand legal and regulatory concerns

Participate in security assessment and vulnerability management activities

• Security testing

• Risk review

• Vulnerability management lifecycle

Operate and monitor security platforms

• Source systems

• Anomalies, intrusions, unauthorized changes, compliance monitoring

• Log management

• Event aggregation and correlation

Analyze monitoring results

• Security baselines and anomalies

• Visualizations, metrics, and trends

• Event data analysis

• Document and communicate findings

Support incident lifecycle

• Preparation

• Detection, analysis and escalation

• Containment

• Eradication

• Recovery

• Lessons learned/Implementation of new countermeasure

Understand and support forensic investigations

• Legal and ethical principles

• Evidence handling

• Reporting of analysis

Understand and support business continuity plan (BCP) and disaster recovery plan (DRP) activities

• Emergency response plans and procedures

• Interim or alternate processing strategies

• Restoration planning

• Backup and redundancy implementation

• Testing and drills

Understand reasons and requirements for cryptography

• Confidentiality

• Integrity and authenticity

• Data sensitivity

• Regulatory and industry best practice

Apply cryptography concepts

• Hashing

• Salting

• Symmetric/Asymmetric encryption/Elliptic curve cryptography (ECC)

• Non-repudiation (digital signatures/certificates, HMAC, audit trails)

• Strength of encryption algorithms and keys

• Cryptographic attacks, cryptanalysis, and countermeasures

Understand and implement secure protocols

• Services and protocols

• Common use cases

• Limitations and vulnerabilities

Understand and support public key infrastructure systems

• Fundamental key management concepts (storage, rotation, composition, generation, destruction, exchange, revocation, escrow)

• Web of Trust

Understand and apply fundamental concepts of networking

• OSI model, TCP/IP model

• Network topologies

• Network relationships (P2P, client-server)

• Transmission media types (wired, wireless)

• Software-defined networking

• Commonly used ports and protocols

Understand network attacks (DDoS, MITM, DNS poisoning) and countermeasures

Manage network access controls

• Network access controls, standards and protocols

• Remote access operation and configuration

Manage network security

• Logical and physical placement of network devices (inline, passive, virtual)

• Segmentation (physical/logical, data/control plane, virtual local area network, access control list, firewall zones, micro-segmentation)

• Secure device management

Operate and configure network-based security devices

• Firewalls and proxies (filtering methods, web application firewall)

• Intrusion detection systems (IDS) and intrusion prevention systems (IPS)

• Routers and switches

• Traffic-shaping devices

Secure wireless communications

• Technologies (cellular network, Wi-Fi, Bluetooth, Near-Field Communication)

• Authentication and encryption protocols (WEP, WPA, EAP)

• Internet of Things (IoT)

Identify and analyze malicious code and activity

• Malware (rootkits, spyware, scareware, ransomware, trojans, virus, worms, trapdoors, backdoors, fileless)

• Malicious activity countermeasures (user awareness, system hardening, patching, isolation, data loss prevention)

• Malware countermeasures (scanners, antimalware, code signing)

• Social engineering (phishing, impersonation)

• Malicious activity (insider threat, data theft, DDoS, botnet, zero-day exploits, web-based attacks, advanced persistent threat)

• Behaviour analytics (machine learning, Artificial Intelligence, data analytics)

Implement and operate endpoint device security

• Host-based intrusion prevention system (HIPS)

• Host-based firewalls

• Application whitelisting

• Endpoint encryption

• Trusted Platform Module (TPM)

• Secure browsing

• Endpoint Detection and Response (EDR)

Administer Mobile Device Management (MDM)

• Provisioning techniques (COPE, BYOD)

• Containerization

• Encryption

• Mobile application management (MAM)

Operate and maintain secure virtual environments

• Deployment models

• Data storage, processing, and transmission

• Service models (IaaS, PaaS, SaaS)

• Third-party/outsourcing requirements

• Virtualization

• Legal and regulatory concerns

• Shared responsibility model

Understand and configure cloud security

• Hypervisor

• Virtual appliances

• Containers

• Continuity and resilience

• Attacks and countermeasures

• Shared storage