Exam Objective:

Domain 01: Information Security Risk Management Program

Domain 02: Categorization of Information Systems (IS)

Domain 03: Selection of Security Controls

Domain 04: Implementation of Security Controls

Domain 05: Assessment of Security Controls

Domain 06: Authorization of Information System (IS)

Domain 07: Continuous Monitoring

Detailed Syllabus:

Domain 01: Information Security Risk Management Program

Understand the Foundation of an Organization-Wide Information Security Risk Management Program
Understand Risk Management Program Processes
Understand Regulatory and Legal Requirements

Domain 02: Categorization of Information Systems (IS)

Define the Information System (IS)
Determine Categorization of the Information System (IS)

Domain 03: Selection of Security Controls

Identify and Document Baseline and Inherited Controls
Select and Tailor Security Controls
Develop Security Control Monitoring Strategy
Review and Approve Security Plan (SP)

Domain 04: Implementation of Security Controls

Implement Selected Security Controls
Document Security Control Implementation

Domain 05: Assessment of Security Controls

Prepare for Security Control Assessment (SCA)
Conduct Security Control Assessment (SCA)
Prepare Initial Security Assessment Report (SAR)
Review Interim Security Assessment Report (SAR) and Perform Initial Remediation Actions
Develop Final Security Assessment Report (SAR) and Optional Addendum

Domain 06: Authorization of Information System (IS)

Develop Plan of Action and Milestones (POAM)
Assemble Security Authorization Package
Determine Information System (IS) Risk
Make Security Authorization Decision

Domain 07: Continuous Monitoring

Determine Security Impact of Changes to Information Systems (IS) and Environment
Perform Ongoing Security Control Assessments (SCA)
Conduct Ongoing Remediation Actions (e.g., resulting from incidents, vulnerability scans, audits, vendor updates)
Update Documentation
Perform Periodic Security Status Reporting
Perform Ongoing Information System (IS) Risk Acceptance
Decommission Information System (IS)

If You Like What We Do Here On PentesterWorld, You Should Consider:

Stay Connected to: Twitter | Facebook

Subscribe to our email updates: Sign Up Now

 

We are thankful for your support.