1.0 Security Architecture

1.1 Analyze the security requirements and objectives to ensure an appropriate, secure network architecture for a new or existing network.
1.2 Given a scenario, analyze the organizational requirements to determine the proper infrastructure security design.
1.3 Given a scenario, integrate software applications securely into an enterprise architecture.
1.4 Given a scenario, implement data security techniques for securing enterprise architecture.
1.5 Given a scenario, analyze the security requirements and objectives to provide the appropriate authentication and authorization controls.
1.6 Given a set of requirements, implement secure cloud and virtualization solutions.
1.7 Explain how cryptography and public key infrastructure (PKI) support security objectives and requirements.
1.8 Explain the impact of emerging technologies on enterprise security and privacy.

2.0 Security Operations

2.1 Given a scenario, perform threat management activities.
2.2 Given a scenario, analyze indicators of compromise and formulate an appropriate response.
2.3 Given a scenario, perform vulnerability management activities.
2.4 Given a scenario, use the appropriate vulnerability assessment and penetration testing methods and tools.
2.5 Given a scenario, analyze vulnerabilities and recommend risk mitigations.
2.6 Given a scenario, use processes to reduce risk.
2.7 Given an incident, implement the appropriate response.
2.8 Explain the importance of forensic concepts.
2.9 Given a scenario, use forensic analysis tools.

3.0 Security Engineering and Cryptography

3.1 Given a scenario, apply secure configurations to enterprise mobility.
3.2 Given a scenario, configure and implement endpoint security controls.
3.3 Explain security considerations impacting specific sectors and operational technologies.
3.4 Explain how cloud technology adoption impacts organizational security.
3.5 Given a business requirement, implement the appropriate PKI solution.
3.6 Given a business requirement, implement the appropriate cryptographic protocols and algorithms.
3.7 Given a scenario, troubleshoot issues with cryptographic implementations.

4.0 Governance, Risk, and Compliance

4.1 Given a set of requirements, apply the appropriate risk strategies.
4.2 Explain the importance of managing and mitigating vendor risk.
4.3 Explain compliance frameworks and legal considerations, and their organizational impact.
4.4 Explain the importance of business continuity and disaster recovery concepts.