This section covers information assets and data classification, highlighting various types of sensitive data such as personally identifiable information (PII), protected health information (PHI), and proprietary data. It explains classification levels for both government and non-government entities, ranging from public/unclassified to confidential/top secret, based on the potential damage from exposure. The section also explores data states—data at rest, in transit, and in use—and the encryption methods used to protect them. Compliance considerations, security controls, and best practices for data protection are emphasized, including the principle of minimizing data collection to reduce risk.

This section covers information and asset handling, focusing on data maintenance throughout its lifecycle. It highlights key security practices, including network separation, data loss prevention (DLP), proper labeling, and encryption for data protection. It also discusses secure data destruction methods like erasure, degaussing, and physical destruction.

Asset management is crucial for tracking both tangible (hardware, software) and intangible (intellectual property, reputation) assets. Responsibilities are divided between data owners (senior managers overseeing data classification and protection) and asset owners (managing systems and compliance).

Key security measures include configuration management, inventory tracking (using barcodes and RFID), software asset management, and compliance monitoring. Media management techniques protect data on storage devices, ensuring secure backup practices and proper disposal.

Finally, mobile device security, media lifecycle management, and failure metrics (MTTF/MTBF) are essential for maintaining data integrity and security across an organization's assets.

This section covers secure configuration with a focus on asset management, including tangible (hardware and software) and intangible (patents, copyrights, reputation) assets. It explains how Configuration Management Systems (CMS) help automate hardware asset management and the importance of tagging hardware with barcodes or RFID for tracking. Additionally, it highlights the need to protect and track software licenses and recognize Software as a Service (SaaS) as a software asset.

This section introduces various roles in data management, including data owners, asset owners, business owners, data processors, and data controllers. It explains their responsibilities, such as setting security rules, managing system security plans, and ensuring compliance with regulations like GDPR. Other key roles include data privacy officers, custodians, administrators, and users, each playing a part in data protection, processing, and oversight.

This section covers asset retention, focusing on the importance of maintaining assets and data throughout their lifecycle. Retention is necessary to meet various requirements dictated by contracts, regulations, and compliance. Key concepts introduced include end of life, end of support, and end of service life.

This section covers security control baselines, including low, moderate, and high-impact categories based on the potential loss of confidentiality, integrity, and availability (CIA). It discusses the tailoring and scoping of controls to align with organizational security needs, and introduces technologies like DRM and CASB to ensure data protection and secure cloud access. Additionally, methods like pseudonymization, tokenization, and anonymization are explained to protect sensitive data.

This section covers secure design principles and engineering processes, emphasizing the importance of integrating security from the start of a system’s development. Key concepts include threat modeling, least privilege, defense in depth, and zero trust. It also discusses fail-open, fail-safe, and fail-secure mechanisms. The importance of simplicity in security design is highlighted, along with principles like minimalism, least power, and avoiding redundancy. Additionally, Secure Access Service Edge (SASE) is introduced as a cloud-native approach to network security, supporting modern IT trends.

This section explores security models used to enforce security principles within systems. It introduces enterprise security architecture models like Zachman, SABSA, and TOGAF, as well as security models categorized into lattice-based (e.g., Bell-LaPadula, Biba) and rule-based (e.g., Clark-Wilson, Brewer-Nash). Key concepts include trusted computing, access control models (RBAC, ACLs, ABAC), and state-based models like the information flow and non-interference models. Additionally, models such as the Take-Grant, Biba Integrity, Clark-Wilson, and Brewer-Nash (Chinese Wall) models are discussed in the context of data security and integrity.

This section covers security controls derived from requirements, focusing on the Common Criteria framework. It explains how Common Criteria provides standardized security evaluations for products, enhancing buyer confidence and ensuring cost-effective testing. The two main elements—protection profiles and security targets—are introduced, along with the Evaluation Assurance Levels (EAL 1–7), which define varying levels of security testing rigor. Additionally, the concept of Authorization to Operate (ATO) within the Risk Management Framework (RMF) is discussed, including different authorization levels and conditions under which an ATO may be granted, inherited, or denied.

Security capabilities in IT systems encompass a range of protective measures to ensure system integrity, confidentiality, and availability. These include memory protection, which prevents unauthorized access and execution within memory spaces, and trusted platform modules (TPMs), which verify the integrity of a system during boot-up and operation. Encryption plays a crucial role in securing data at rest, in motion, and in use. Interfaces provide controlled access points to reduce the attack surface, ensuring that interactions with the system are secure. Fault tolerance is vital for maintaining high availability, protecting against system failures caused by attacks, misconfigurations, or natural disasters. Lastly, virtualization enhances security by enabling rapid redeployment of systems, creating immutable environments that can be easily updated or replaced when needed.

Architecture and design in IT systems involve understanding the internal components of hardware and their interaction with software. Processors enable multitasking, utilizing multi-core, multi-processing, multi-programming, and multi-threading techniques. Memory consists of various types such as read-only memory (ROM), flash memory, random access memory (RAM), and registers. Memory addressing includes direct, indirect, and immediate addressing, among others. Secondary memory provides long-term storage, such as hard drives and solid-state drives, but presents security risks like data theft and exposure through memory dumps.

This section provides an overview of security considerations in various technological environments, including corporate networks, databases, industrial control systems, cloud computing, distributed systems, and the Internet of Things (IoT). It covers key threats such as data leakage, denial-of-service attacks, and security vulnerabilities in networked devices. The section also explains security mechanisms like encryption, access control, load balancing, and database security models like ACID compliance.

This section explores various aspects of modern computing architectures, including microservices, containerization, serverless computing, and embedded systems. It covers the security concerns associated with each, such as API security, encryption limitations, and virtualization risks. The section also discusses high-performance computing, edge computing, virtualized systems, and software-defined networking, along with their role in improving efficiency, scalability, and security. Lastly, it introduces the information system lifecycle, detailing the key stages from stakeholder requirements to system retirement.

This section covers cryptographic solutions, focusing on encryption methods, hashing, digital signatures, and public key infrastructure (PKI). It explains the differences between symmetric and asymmetric encryption, including the use of public and private key pairs for secure communication. The section also discusses hashing algorithms and their role in verifying data integrity, as well as digital signatures for authentication and non-repudiation. Finally, it explores certificate authorities, certificate lifecycles, and real-world encryption use cases.

This section introduces various cryptanalytic attacks that attempt to weaken encryption through different methods, such as brute force, statistical analysis, and implementation flaws. It also explains Kerberos authentication and its potential vulnerabilities, including pass-the-hash and golden ticket attacks. The section concludes with a discussion on ransomware and its legal implications.

This section focuses on applying security principles and controls to facility designs, with an emphasis on site security, power considerations, environmental issues, data protection, and fire safety. Key concepts include selecting secure sites, crime prevention through environmental design (CPTED), designing for deterrence (such as boundary restrictions and surveillance), and ensuring power reliability through UPS systems. It covers physical access control methods, intrusion detection systems, secure storage, and clean desk policies. Environmental factors like temperature and humidity are considered for equipment security, and fire safety protocols such as fire classification, suppression techniques, and detection systems are explained.

This section focuses on network security, explaining the OSI model's seven layers and its role in secure network design. It also discusses common network attacks and the evolution of IP versions 4 and 6. The section covers essential network security protocols like IPSec, SSH, and TLS, and introduces port security and micro-segmentation as methods to safeguard networks. Additionally, it emphasizes the importance of physical security and network segmentation, as well as the role of Zero Trust in further isolating and securing network components.

This section covers secure network components, including key networking terms, network access control, firewalls, endpoints, transmission media, network topology, and monitoring and management. It defines critical concepts such as the internet, intranet, extranet, DMZ, proxies, jump boxes, hubs, switches, routers, and network sensors.

Network access control is explained as a method to enforce security policies, prevent attacks, and manage ingress/egress filtering. Firewalls, including static, stateful, circuit-level, next-gen, and application-level firewalls, are discussed in terms of their roles in managing and filtering traffic. Endpoint security is also introduced, with concepts like EDR, MDR, and XDR.

This section covers key administrative functions in network management, including configuration management, monitoring, security, and remote access control. It emphasizes the importance of authentication, authorization, least privilege, and secure remote access. Additionally, it discusses secure voice communication, common threats to VoIP and PBX systems, and security considerations for email, VPNs, and virtualized networks. The section also highlights the importance of agreements like MOUs and ISAs when working with external organizations.

This section addresses physical and logical access controls in network security. It covers various aspects of identity management, including devices (such as laptops and mobile devices), systems (both remote and on-premise), and services (including SaaS). The section emphasizes the importance of strong authentication methods like certificate-based authentication, password management, and role-based access control (RBAC). It also highlights the need for least privilege and monitoring of account access, especially for sensitive environments such as data centers and cloud services. Physical security measures like fencing and man traps are discussed as part of protecting access to critical resources.

This section covers managed identification, authentication, and session management. It explains how identities are claimed and authenticated through various methods such as password-based authentication, biometrics, multi-factor authentication (MFA), and passwordless authentication. The section also discusses best practices for password security, including NIST recommendations, and introduces biometric authentication metrics like failure rejection rate (FRR) and failure acceptance rate (FAR). Additionally, it explains session management, detailing how session IDs work, their security implications, and the importance of protecting active sessions through HTTPS encryption, session expiration policies, and screen lockouts.

This section covers federated identities, focusing on how authentication and identity management work in centralized vs. decentralized models. It explains single sign-on (SSO), where a user logs in once to access multiple applications, compared to decentralized identity management, which requires separate logins for each application. The section also introduces Federated Identity Management (FIM), which allows multiple organizations to share user identities across networks. Other topics include cloud-based, on-premise, and hybrid federation, just-in-time provisioning using SAML, credential management systems, and Identity as a Service (IDaaS) solutions like Google and Microsoft.

This section covers authorization and access control, explaining various models used to manage user permissions. It introduces Discretionary Access Control (DAC), where the owner controls access, compared to Non-Discretionary Access Control, which is centrally managed. It discusses Role-Based Access Control (RBAC), which grants permissions based on organizational roles, Rule-Based Access Control, which enforces rules and restrictions, and Attribute-Based Access Control (ABAC), which considers user attributes like network and device. Other models include Mandatory Access Control (MAC), which uses security classifications, and Risk-Based Access Control, which considers factors like time of day and IP address before granting access.

This section covers the identity lifecycle, including the creation, management, and deletion of user accounts within an organization. It explains the onboarding process, which involves creating a user account and assigning privileges, and the management phase, where modifications are made based on role changes. Finally, offboarding ensures account revocation and removal of access from all systems, including third-party applications.

The section also highlights access reviews, which help prevent over-provisioning and ensure compliance with security policies. It discusses privilege escalation, where a user gains more access than required—either intentionally or as an attack vector. It distinguishes between vertical privilege escalation (gaining higher-level permissions) and horizontal privilege escalation (gaining access to another user’s privileges).

This section explains authentication systems, focusing on Single Sign-On (SSO), OAuth, and OpenID Connect. It describes how SSO works, where an Identity Provider (IdP) grants users access to multiple services without requiring multiple logins. The process involves trust between the service provider and the IdP, allowing users to authenticate once and gain access to multiple applications.

It also covers OAuth, an open standard for access delegation, allowing users to grant applications access to their data without sharing their password. OAuth includes access tokens (short-lived) and refresh tokens (long-lived), ensuring secure, time-limited access.

This section covers assessments, testing, and auditing in cybersecurity. Testing verifies security controls through automated scans, while assessments identify vulnerabilities using tools and risk analysis. Audits, performed by independent auditors, evaluate security effectiveness for third-party validation. Internal audits are conducted by an organization’s independent staff, whereas external audits are performed by outside firms like Deloitte and KPMG. Third-party audits assess organizations on behalf of another entity. SOC reports provide control descriptions: SOC 1 focuses on financial reporting, SOC 2 on security, and SOC 3 is for public disclosure. Type 1 SOC reports capture a single point in time, whereas Type 2 validates control effectiveness over six months.

This section covers security controls testing, focusing on vulnerability assessments, scanning tools, and penetration testing. It explains how vulnerabilities are identified, categorized, and assessed using naming systems like CVE and CVSS. Various scanning techniques at the application, network, and database levels are discussed, including tools like Nmap for network discovery and SQLmap for database vulnerability detection. The vulnerability management process is outlined, from discovery and validation to remediation. The section also covers penetration testing methodologies (white, black, and gray box testing), red, blue, and purple team strategies, and testing techniques like static and dynamic application security testing (SAST & DAST). Finally, it introduces SIEM systems, which aggregate logs from various security devices to aid in threat detection and response.

This section covers key aspects of security process data, including account management, disaster recovery, training, and key performance indicators (KPIs). It emphasizes the importance of regularly reviewing user accounts to ensure appropriate access, testing disaster recovery and business continuity plans, and conducting ongoing security awareness training. The section also highlights the importance of tracking KPIs to monitor security trends and improve organizational resilience.

In this section, we discuss analyzing test output and reporting vulnerabilities. Testers, whether internal (QA) or external (through a Vulnerability Disclosure Program), must examine application test results to identify defects. Reports should provide clear details of what happened without exposing sensitive data. Responsible disclosure ensures that vulnerabilities are reported to the organization rather than shared publicly. The ultimate goal is remediation—fixing defects to improve application security.

This section covers compliance with investigations, focusing on evidence collection and handling in digital forensics. Digital evidence, known as artifacts, must be collected, stored, and analyzed following forensic principles. Sources of evidence include media, networks, memory, software, and hardware, each requiring specific techniques for proper retrieval. Maintaining chain of custody is critical to preserving evidence integrity. Investigations may involve voluntary information surrender or legal subpoenas, and should follow structured processes, including interviews and thorough documentation in a final report.

This section discusses logging and monitoring activities in cybersecurity, focusing on incident management, log collection, monitoring tools, and threat intelligence. It explains the steps in incident response, including detection, response, mitigation, recovery, and remediation. The importance of log protection, retention, and non-repudiation is emphasized. Security monitoring tools such as SIEMs, intrusion detection systems, and traffic analysis play a critical role in identifying threats. Concepts like SOAR, Cyber Kill Chain, and MITRE ATT&CK help organizations proactively respond to attacks. Threat intelligence and hunting techniques help detect potential threats before they cause harm.

This section covers configuration management, emphasizing the importance of securely deploying and maintaining systems. It explains the use of baselines and images to ensure consistency and security across environments. The process involves installing and configuring the system securely, creating an image after testing, and using that image for replication. Automation can assist in deploying secure configurations efficiently.

This section covers key security operation concepts, including need-to-know and least privilege principles, ensuring users only have necessary access. It also explains separation of duties and two-person control to prevent unauthorized actions. Job rotation and mandatory vacations help reduce fraud and improve oversight. Privileged Account Management (PAM) secures elevated access accounts from misuse or threats. Lastly, Service Level Agreements (SLAs) and Memorandums of Understanding (MOUs) define agreements between entities regarding service expectations and collaboration.

This section discusses resource protection, focusing on different types of media, their vulnerabilities, and best practices for securing them. It covers physical and digital media like hard drives, USBs, databases, and paper documents, emphasizing confidentiality, integrity, and availability. It also highlights media handling, backup strategies, and disaster recovery, detailing full, incremental, and differential backups. Organizations should implement encryption, controlled storage, and access restrictions to prevent data loss or breaches. Regular testing, retention policies, and cloud storage enhance resilience and operational efficiency.

This section covers detective and preventative security controls, including firewalls, intrusion detection and prevention systems (IDS/IPS), allow and deny lists, sandboxing, honeypots, anti-malware, and AI-driven security tools. These controls help protect networks, detect attacks, and prevent malicious activity. Organizations implement these technologies to filter traffic, detect anomalies, prevent breaches, and enhance cybersecurity resilience.

This section covers patch and vulnerability management, emphasizing the process organizations follow to identify, evaluate, test, deploy, and verify patches. It explains the importance of testing patches in a controlled environment before deployment to prevent system disruptions. The section also highlights the need for continuous verification to ensure vulnerabilities are resolved and systems remain functional.

This section discusses recovery and response strategies for handling disasters, including trusted recovery, crisis management, emergency communication, alternate recovery sites, database recovery strategies, and disaster recovery testing. Organizations must plan for human-made, natural, political, or economic disruptions by ensuring recovery plans, training, and testing procedures are in place to minimize downtime and restore operations effectively.

In this section, we focused on physical security and safety, emphasizing key performance indicators (KPIs) that measure organizational maturity in managing security incidents. Key topics included personnel safety, fail-safe systems, duress alarms, and best practices for employees traveling. The section also stressed the importance of security awareness training, emergency management plans, and recognizing security threats like social engineering and data misuse. Additionally, the importance of enhanced security measures like two-factor authentication was highlighted.

This section dives into security within the Software Development Life Cycle (SDLC), starting with software development methodologies like Waterfall, Spiral, Agile, and the Scaled Agile Framework (SAFE). It then covers maturity models such as CMM, SAM, and IDEAL, highlighting how security integrates throughout the SDLC. The section also introduces change management processes, explaining how changes are requested, reviewed, and implemented in production environments with necessary security controls. The importance of documentation, audits, and integrated product teams (IPTs) for effective change management is also emphasized.

In this section, the focus is on integrating security controls throughout the software development lifecycle (SDLC). It covers the key phases of development, such as defining requirements, designing the software, coding, testing, and operating it in a production environment. The section emphasizes the importance of considering security concerns in each phase, especially during the design and coding stages. It introduces methodologies like DevSecOps, where security is embedded into the development and operations process, and Continuous Integration/Continuous Deployment (CI/CD), which allows for quicker delivery of code to production. The section also discusses the use of various security tools, such as static and dynamic analysis, as well as the importance of managing code repositories and testing applications for vulnerabilities. Finally, it touches on security orchestration and automation for faster incident response and the role of different application security testing methodologies.

In this section, we covered assessing software security, focusing on the importance of auditing and logging changes within the change control process. This ensures that all changes are centralized, organized, and auditable. We discussed the importance of security testing for both third-party and open-source software, including security scans and patching. The section also introduced key concepts related to cloud services, including the shared responsibility model and various deployment models like public, private, community, and hybrid clouds. The need for data encryption and compliance with security standards was emphasized, especially for cloud services.

This section dives into secure coding guidelines and discusses various vulnerabilities commonly found in software. These include issues such as buffer overflows, time-of-use vulnerabilities, injection attacks, and cross-site scripting (XSS). It also highlights the importance of mitigating these risks through methods like input validation, using web application firewalls, parameterizing queries, and code signing. Additionally, the section touches on API security, emphasizing the need to protect API keys and verify APIs just as thoroughly as web applications. Finally, the section offers best practices for developers, including managing code comments, error handling, avoiding hard-coded secrets, and ensuring proper memory management.