• Understand investigative procedures and requirements

• Develop, document, and enforce security policies, standards, and procedures

• Analyze and prioritize business continuity (BC) needs

• Contribute to and uphold personnel security policies

• Utilize risk management methodologies

• Understand and apply threat modeling techniques

• Implement supply chain risk management strategies

• Develop and maintain security awareness, education, and training programs

​

Domain 2: Asset Security

• Classify and manage data and assets

• Define and enforce handling procedures for sensitive information

• Securely allocate and manage resources

• Oversee data lifecycle processes

• Ensure proper asset retention practices

• Implement security controls and compliance measures for data protection

 

Domain 3: Security Architecture and Engineering

• Apply secure design principles in engineering processes

• Understand security models and foundational concepts

• Select appropriate security controls based on system requirements

• Evaluate and enhance security features of information systems

• Identify and address vulnerabilities in security architectures and designs

• Understand cryptographic lifecycle management

• Recognize cryptanalytic attack techniques

• Apply security principles in facility and site design

• Implement security measures for physical locations

• Manage information system lifecycle security

 

Domain 4: Communication and Network Security

• Design and implement secure network architectures

• Protect network components against threats

• Establish secure communication channels aligned with design principles

 

Domain 5: Identity and Access Management (IAM)

• Control both physical and logical access to resources

• Manage authentication and identification for users, devices, and services

• Integrate third-party identity management solutions

• Implement and oversee authorization mechanisms

• Administer identity and access lifecycle processes

• Deploy authentication technologies

 

Domain 6: Security Assessment and Testing

• Develop and validate assessment, testing, and auditing strategies

• Perform security control evaluations

• Collect and analyze security-related process data

• Interpret test results and generate reports

• Conduct or support security audits

​

Domain 7: Security Operations

• Assist in security investigations

• Perform logging and monitoring to detect threats

• Securely allocate and manage system resources

• Apply fundamental security operations principles

• Utilize resource protection methods

• Execute incident response strategies

• Maintain and operate security measures for threat detection and prevention

• Manage patching and vulnerability remediation

• Participate in change management processes

• Develop and implement recovery strategies

• Establish and test disaster recovery (DR) plans

• Engage in business continuity (BC) planning and exercises

• Manage physical security measures

• Address personnel safety and security considerations

 

Domain 8: Software Development Security

• Incorporate security throughout the Software Development Life Cycle (SDLC)

• Apply security controls within development environments

• Evaluate software security effectiveness

• Assess security implications of acquired software

• Implement secure coding best practices and standards