Access Control

• Identification, authentication, authorization methods
• Authentication methods, models and techniques
• Discretionary, mandatory and non-discretionary access control
• Accountability, monitoring and auditing practices
• Possible threats to access control practices and technologies

Security Architecture

• Computer architecture and the items that fall within it
• Components within an operating system
• OSI Model
• Trusted computing base and security mechanisms
• Different security models used in software development
• Security criterion and ratings
• Certification and accreditation processes

Business Continuity Planning

• Business Continuity Planning
• Disaster Recovery Planning
• Possible Threats
• Business Impact Analysis
• Roles and Responsibilities

Backups and Off-site Facilities

Cryptography

• History of cryptography
• Cryptography components and their relationships
• Government involvement in cryptography
• Symmetric and asymmetric key cryptosystems
• Public key infrastructure (PKI) concepts and mechanisms
• Hashing algorithms and uses
• Types of attacks on cryptosystems

Physical Security

• Administrative, technical and physical controls pertaining to physical security
• Facility location, construction and management
• Physical security risks, threats and countermeasures
• Electrical measures and countermeasures
• Fire prevention, detection and suppression
• Authenticating individuals and intrusion detection

Telecommunication, Network and Internet Security

• TCP/IP Suite
• Cabling and data transmission types
• LAN and WAN technologies
• Network devices and service
• Telecommunication protocols and devices
• Remote access methods and techniques
• Fault tolerance mechanisms

Law Investigations, Ethics

• Ethics, pertaining to security professionals and best practices
• Computer crimes and computer laws
• Motivations and profiles of attackers
• Computer crime investigation process and evidence collection
• Incident handling procedures
• Different handling procedures
• Different types of evidence
• Laws and acts put into effect to fight computer crime

Applications Security

• Different types of software controls and implementation
• Database concepts and security issues
• Data warehousing and data mining
• Software life cycle development processes
• Change control concepts
• Object-oriented programming components
• Expert systems and artificial intelligence

Operations Security

• Operations responsibilities
• Configuration management
• Media access protection
• System recovery
• Facsimile security
• Intrusion detection systems
• Attack types

Review of all ten domains