Threat Management
 

Apply environmental

Reconnaissance techniques using appropriate tools and processes

Analyze the results of a network reconnaissance

A network-based threat, implement or recommend the appropriate response and countermeasure

Explain the purposeof practices used to secure a corporate environment

• Procedures/common tasks

• Variables

• Tools

• Point-in-time data analysis

• Data correlation and analytics

• Data output

• Network segmentation

• Honeypot

• Endpoint security

• Group policies

• ACLs

• Hardening
and so on
 

Vulnerability Management
 

Implement an information Security vulnerability management process

Analyze the output resulting

from a vulnerability scan

Compare and contrast common vulnerabilities found in the following targets within an organization

• Identification of requirements

• Establish scanning frequency

• Configure tools to perform scans according to specification

• Execute scanning

• Generate reports

• Remediation

• Analyze reports from a vulnerability scan
and so on
 

Cyber Incident Response
 

Distinguish threat data or behavior to determine the impact of an incident

Prepare a toolkit and use appropriate forensics tools during an investigation

Explain the importance of communication during the incident response process

Analyze common symptoms to select the best course of action to support incident response

Summarize the incident recovery and post-incident response process

• Threat classification

• Factors contributing to incident severity and prioritization

• Forensics kit

• Forensic investigation suite

• Stakeholders

• Purpose of communication processes

• Role-based responsibilities

• Common network-related symptoms

• Common host-related symptoms

• Common application-related symptoms
and so on
 

Security Architecture and Tool Sets
 

Explain the relationship between frameworks,

common policies, controls, and procedures

Use data to recommend remediation of security issues related to identity and access management.

Review security architecture and makerecommendations to implement compensating controls

Use application security best practices while participating in the Software Development Life Cycle (SDLC)

Compare and contrast the general purpose and reasons for using various cybersecurity tools and technologies

• Regulatory compliance

• Frameworks

• Policies

• Controls

• Procedures

• Verifications and quality control

• Security issues associated with context-based authentication

• Security issues associated with identities

• Security issues associated with identity repositories

• Security issues associated with federation and single sign-on

• Exploits

• Security data analytics

• Manual review

• Defense in depth

• Best practices during software development

• Secure coding best practices