Earn these career-relevant skills in weeks, not years.
- Categorize information systems based on the information stored, transmitted, and processed.
- Analyze the Center for Internet Security (CIS) Critical Security Controls for Effective Cyber Defense (formerly the SANS 20).
- Explain the relationship between Critical Controls, International Organization for Standardization/International Electro-technical Commission (ISO/IEC), National Institute of Standards and Technology (NIST), and Control Objectives for Information and Related Technologies (COBIT).
- Specify the risk management framework to be used for developing the security plan.
- Define the functional roles of the Information System Owner, Common Control Provider, Information Owner/Steward, Information System Security Officer, Information System Security Engineer, Risk Executive (Function), Authorizing Official or Designated Representative, Chief Information Officer, and Senior Information Security Officer.
- Identify and prioritize the attack vectors of a specified industry and organization.
- Select ten appropriate security controls, including system-specific controls, common controls, and hybrid controls.
- Plan for management of security controls using a security toolkit application.
- Provide polices that map to appropriate security controls for the specified organization including system-specific controls, common controls, and hybrid controls.
- Describe assessment objects, mechanisms, and specifications.
- Develop a security assessment plan.
- Distinguish assurance professional roles and responsibilities in the review and approval of an assessment plan.
- Distinguish information gathering tools and techniques used to assess and monitor security controls.
- Exemplify the assessment of security controls as defined in the security assessment plan.
- Provide a security assessment report.
- Communicate organizational risk, risk tolerance, and risk acceptance.
- Classify information system operation authorization.
- Describe how Control Objectives for Information and Related Technologies (COBIT), from an audit perspective, is used to manage a POA&M.
- Produce a Plan of Actions and Milestones (POA&M) based on the findings and recommendation of the security assessment report.
- Provide security and audit plans and policies to support continuous improvement to organizational stakeholders.