Exam Objective:

Domain 01: Information Security Governance

Domain 02: Information Security Risk Management

Domain 03: Information Security Program Management

Domain 04: Information Security Management

Domain 05: Response Management

Detailed Syllabus:

Domain 01: Information Security Governance

Introduction
Developing an Information Security Strategy in Support of Business Strategy and Direction
Obtain Senior Management Commitment and Support
Establish Reporting Communications That Support Information Security Governance Activities
Legal and Regulatory Issues
Establish and Maintain Information Security Policies
Ensure the Development of Procedures and Guidelines that Support the Information Security Policy
Develop Business Case and Enterprise Value Analysis Support

Domain 02: Information Security Risk Management

Introduction
Develop a Systematic and Continuous Risk Management Process
Ensure Risk Identification, Analysis, and Mitigation Activities are Integrated into the Life Cycle Process
Define Strategies and Prioritize Options to Mitigate Risks to Levels Acceptable to the Enterprise
Report Significant Changes in Risk
Knowledge Statements

Domain 03: Information Security Program Management

Introduction
The OSI Model
The TCP/IP Model
IP Addressing
Transmission Control Protocol (TCP)
User Datagram Protocol (UDP)
Internet Control Message Protocol (ICMP)
CIA Triad
PPPN
Threats
Controls
Buffer Overflow versus Application Security
Virtual Private Network (VPNs)
Web Server Security versus Internet Security
Security Testing

Domain 04: Information Security Management

Introduction
Information System Compliance
Administrative Procedures
Ensure Services Outsourced are Consistent
Measure, Monitor, and Report Effectiveness and Efficiency of the Controls and Compliance Policies
Ensure that Information Security is not Compromised throughout the change Management Process
Perform Vulnerability Assessments to Evaluate Effectiveness of existing controls
Ensure that noncompliance issues and other variances are resolved in a timely manner
Information security awareness and education

Domain 05: Response Management

Introduction
Threat Source Information
Business Continuity Planning and Disaster Recovery Planning
Incident Response

If You Like What We Do Here On PentesterWorld, You Should Consider:

Stay Connected to: Twitter | Facebook

Subscribe to our email updates: Sign Up Now

 

We are thankful for your support.