1.0 Risk Management (19% of exam)
- Summarise business and industry influences and associated security risks.
- Compare and contrast security, privacy policies and procedures based on organisational requirements.
- Given a scenario, execute risk mitigation strategies and controls.
- Analyse risk metric scenarios to secure the enterprise.
2.0 Enterprise Security Architecture (25% of exam)
- Analyse a scenario and integrate network and security components, concepts and architectures to meet security requirements.
- Analyse a scenario to integrate security controls for host devices to meet security requirements.
- Analyse a scenario to integrate security controls for mobile and small form factor devices to meet security requirements.
- Given software vulnerability scenarios, select appropriate security controls
3.0 Enterprise Security Operations (20% of exam)
- Given a scenario, conduct a security assessment using the appropriate methods.
- Analyse a scenario or output, and select the appropriate tool for a security assessment.
- Given a scenario, implement incident response and recovery procedures
4.0 Technical Integration of Enterprise Security (23% of exam)
- Given a scenario, integrate hosts, storage, networks and applications into a secure enterprise architecture.
- Given a scenario, integrate cloud and virtualisation technologies into a secure enterprise architecture.
- Given a scenario, integrate and troubleshoot advanced authentication and authorisation technologies to support enterprise security objectives.
- Given a scenario, implement cryptographic techniques.
- Given a scenario, select the appropriate control to secure communications and collaboration solutions.
5.0 Research, Development and Collaboration (13% of exam)
- Given a scenario, apply research methods to determine industry trends and their impact to the enterprise
- Given a scenario, implement security activities across the technology life cycle.
- Explain the importance of interaction across diverse business units to achieve security goals.