Domain 1.0: Security and Risk Management

Foundational Concepts of the CIA Triad

Confidentiality - Prevent unauthorized disclosure of sensitive information.

Integrity - Prevent unauthorized modification of systems and information.

Availability - Prevent disruption of service and productivity.

1.2 Understand and apply security concepts
- 1.2.1 Confidentiality, integrity, and availability, authenticity and nonrepudiation
1.3 Evaluate and apply security governance principles
- 1.3.1 Alignment of security function to business strategy, goals, mission, and objectives
- 1.3.2 Organizational processes (e.g., acquisitions, divestitures, governance committees)
- 1.3.3 Organizational roles and responsibilities
- 1.3.4 Security control frameworks
- 1.3.5 Due care/due diligence
1.7 Develop, document, and implement security policy, standards, procedures, and guidelines
1.11 Understand and apply threat modeling concepts and methodologies
1.12 Apply Supply Chain Risk Management (SCRM) concepts
- 1.12.1 Risks associated with hardware, software, and services
- 1.12.2 Third-party assessment and monitoring
- 1.12.3 Minimum security requirements
- 1.12.4 Service level requirements

Page updated

Google Sites

Report abuse