Risk Management
 

Summarize business and industry influences and associated security risks

Compare and contrast security, privacy policies and procedures based on organizational requirements

Execute risk mitigation strategies and controlsAnalyze risk metric scenarios to secure the enterprise
 

• Risk management of new products, new technologies and user behaviors

• New or changing business models/strategies

• Security concerns of integrating diverse industries

• Policy and process life cycle management

• Enterprise resilience

• Analyze security solution metrics and attributes to ensure they meet business needsand so on

Enterprise Security Architecture
 

Analyze a scenario and integrate network and security components,

concepts and architectures to meet security requirements

Analyze a scenario to integrate security controls for host devices to meet security requirements

Analyze a scenario to integrate security controls for mobile and

small form factor devices to meet security requirements

Given software vulnerability scenarios, select

appropriate security controls 
 

• Physical and virtual network and security devices

• Application and protocol-aware technologies

• Advanced network design (wired/wireless)

• Trusted OS (e.g., how and whento use it)

• Enterprise mobility management

• Security implications/privacy concerns

• Wearable technology

• Application security design considerations

• Specific application issues

And so on

Enterprise Security Operations
 

Conduct a security assessment

using the appropriate methods

Analyze a scenario or output, and select the appropriate tool for a security assessment

Implement incident response and recovery procedures
 

• Methods

• Types

• Network tool types

• Host tool types

• Physical security tools

 • E-discovery

• Data breach

• Facilitate incident detection and responseand so on

Technical Integration of Enterprise Security
 

Integrate hosts, storage, networks and applications into a secure enterprise architecture.

Integrate cloud and virtualization

technologies into a secure enterprise architecture

Integrate and troubleshoot advanced authentication and authorization technologies to support enterprise security objectives

Implement cryptographic techniques

Select the appropriate control to secure communications and collaboration solutions 
 

• Adapt data flow security to meet changing business needs

• Standards

• Interoperability issues

• Resilience issues

• Technical deployment models

(outsourcing/insourcing/managed services/partnership)

• Cloud augmented security services

• Security advantages and disadvantages of virtualization

• Vulnerabilities associated with comingling of hosts with different security requirements

• Data security considerations

• Resources provisioning and deprovisioningand so on

Research, Development and Collaboration
 

Apply research methods to determine industry trends and their impact to the enterprise

Implement security activities across the technology life cycle

Explain the importance of interaction across diverse business units to achieve security goals 
 

• Perform ongoing research

• Threat intelligence

• Global IA industry/community

• Systems development life cycle

• Software development life cycle

• Interpreting security requirements and goals to communicate with stakeholders from other disciplines

• Provide objective guidance and impartial recommendations to staff and senior management on security processes and controlsand so on



※ 세부내용은 일부 조정될 수 있습니다.