1.0 Threat Management
Given a scenario, apply environmental reconnaissance techniques using appropriate tools and processes.
- Procedures/common tasks
Given a scenario, analyze the results of a network reconnaissance.
- Point-in-time data analysis
- Data correlation and analytics
- Data output
Given a network-based threat, implement or recommend the appropriate response and countermeasure.
- Network segmentation
- Endpoint security
- Group policies
- Network Access Control (NAC)
Explain the purpose of practices used to secure a corporate environment.
- Penetration testing
- Reverse engineering
- Training and exercises
- Risk evaluation
2.0 Vulnerability Management
Given a scenario, implement an information security vulnerability management process.
- Identification of requirements
- Establish scanning frequency
- Configure tools to perform scans according to specification
- Execute scanning
- Generate reports
- Ongoing scanning and continuous monitoring
Given a scenario, analyze the output resulting from a vulnerability scan.
- Analyze reports from a vulnerability Scan
- Validate results and correlate other data points
Compare and contrast common vulnerabilities found in the following targets within an organization.
- Network infrastructure
- Network appliances
- Virtual infrastructure
- Mobile devices
- Interconnected networks
- Virtual private networsk (VPNs)
- Industrial Control Systems (ICSs)
- SCADA devices
3.0 Cyber Incident Response
Given a scenario, distinguish threat data or behavior to determine the impact of an incident.
- Threat classification
- Factors contributing to incident severity and prioritization
Given a scenario, prepare a toolkit and use appropriate forensics tools during an investigation.
- Forensics kit
- Forensic investigation suite
Explain the importance of communication during the incident response process.
- Purpose of communication processes
- Role-based responsibilities
Given a scenario, analyze common symptoms to select the best course of action to support incident response.
- Common network-related symptoms
- Common host-related symptoms
- Common application-related symptoms
Summarize the incident recovery and post-incident response process.
- Containment techniques
- Eradication techniques
- Corrective actions
- Incident summary report
4.0 Security Architecture and Tool Sets
Explain the relationship between frameworks, common policies, controls, and procedures.
- Regulatory compliance
- Policies controls
- Verifications and quality control
Given a scenario, use data to recommend remediation of security issues related to identity and access management.
- Security issues associated with context-based authentication
- Security issues associated with identities
- Security issues associated with identity repositories
- Security issues associated with federation and single sign-on
Given a scenario, review security architecture and make recommendations to implement compensating controls.
- Security data analytics
- Manual review
- Defense in depth
- Other security concepts
Given a scenario, use application security best practices while participating in the Software Development Life Cycle (SDLC).
- Best practices during software development
- Secure coding best practices
Compare and contrast the general purpose and reasons for using various cybersecurity tools and technologies.