Standards in this Framework
Standard | Description |
---|---|
1.12.2. | Differentiate between appropriate and inappropriate information. |
1.12.3. | Interpret security policies through job specific training and training updates. |
1.12.4. | Apply secure password behavior. |
1.12.5. | Apply physical and virtual situational awareness (e.g., clean desk policies, shoulder surfing, social engineering, tailgating). |
2.1.2. | Describe authentication, authorization, and auditing. |
2.1.4. | Identify security risks and describe associated safeguards and methodologies (e.g., auditing). |
2.1.5. | Describe major threats to computer systems (e.g., insider threats, viruses, worms, spyware, ransomware, spoofing, hacking, social engineering, phishing). |
2.1.10. | Describe computer forensics, its importance in information security and cybersecurity, and its relevance to law enforcement. |
2.1.11. | Identify the need for personal security in digital information and describe how personal information can be safeguarded. |
2.1.12. | Practice information security per job requirements. |
2.1.13. | Describe privacy security compliance on systems (e.g., Health Insurance Portability and Accountability Act [HIPAA], Payment Card Industry [PCI], Sarbanes Oxley Act [SOX], Americans with Disabilities Act [ADA], General Data Protection Regulation [GDPR], European Union Data Protection Regulation [EUDPR]). |
3.1.1. | Differentiate between authentication and authorization. |
3.1.2. | Compare authentication techniques (e.g. single factor, multifactor, passwords, biometrics, certificates, Radio Frequency Identification [RFID] cards). |
3.2.1. | Identify and implement data and application security. |
3.2.4 | Provide user authentication (e.g., assign and reset user accounts and passwords). |
3.2.5 | Install, test, implement, and update virus and malware detection and protection software. |
3.2.6 | Identify sources of virus and malware infection and remove viruses and malware. |
3.2.7 | Provide documentation, training, and support to users on established security procedures. |
3.3.1. | Describe network security policies (e.g., acceptable use policy). |
3.3.5. | Assess risks based on vulnerability of the organization, likelihood of risk, and impact on the organization. |
3.3.7 | Train users in network security procedures |
3.4.2 | Analyze system log files to identify security risks. |
3.4.4. | Identify the components of human security (e.g., social engineering) and techniques to mitigate human security threats (e.g., policies, procedures, training). |
3.5.1. | Describe wireless security risks (e.g., unauthorized access) and how to mitigate them. |
3.5.2 | Compare methods of increasing the security of wireless networks and devices (e.g., Media Access Control [MAC] address filtering, Wi-Fi Protected Access [WPA], 802.1x, Remote Authentication Dial In User Service [RADIUS]). |
3.5.3 | Research security enhancements provided by Institute of Electrical and Electronics Engineers (IEEE). |
3.5.4 | Describe practices and policies for preventing and detecting installation of rogue networks. |
3.5.5. | Describe security practices and policies for personal devices. |
3.5.6. | Implement and test the security of a wireless network. |
4.5.6. | Secure the wireless network. |
4.6.2 | Identify the advantages of protocols (e.g., Domain Name System [DNS], File Transfer Protocol [FTP], Hypertext Transfer Protocol [HTTP], Telecommunications Network [Telnet], Remote Desktop Protocol [RDP]], Secure Shell [SSH] ) and associated port numbers. |
4.6.7. | Describe a Virtual Private Network (VPN) and identify associated protocols (e.g., Layer 2 Tunneling Protocol [L2TP], Point-to-Point Tunneling Protocol [PPTP]). |
4.11.2 | Provision cloud services (e.g., Software as a Service [SaaS], Platform as a Service [PaaS], Infrastructure as a Service [IaaS], Security as a Service). |
4.13.1. | Differentiate between disaster recovery and business continuity. |
4.13.2. | Identify common backup devices. |
4.13.3. | Identify the criteria for selecting a backup system. |
4.13.4. | Establish a process for archiving files. |
4.13.5. | Develop a disaster recovery plan |
9.1.1. | Identify the goals, objectives and purposes of cybersecurity. |
9.1.2. | Describe the concepts of malware attack vectors. |
9.1.3 | Maintain data security using data labeling, handling and, disposal as prescribed by policy and law. |
9.1.4 | Mitigate threats by remaining abreast of industry information. |
9.1.5. | Identify types of controls (e.g., Deterrent, Preventive, Detective, Compensating, Technical, and Administrative). |
9.2.1 | Perform authorization control (e.g., least privilege, separation of duties, mandatory access, discretionary access, rule-based access control, role-based access control, time of day restrictions, location distractions). |
9.2.2 | Implement authentication techniques (e.g., Tokens, Common access card, Smart card, Multifactor authentication, Single sign-on, Biometrics, Personal identification verification card, Username, Federation, Transitive trust/authentication). |
9.2.3 | Use authentication factors (e.g., Something you are, Something you have, Something you know). |
9.2.4 | Mitigate security implications of third party connectivity and access. |
9.2.5 | Implement Data Loss Prevention (DLP). |
9.2.6 | Implement perimeter security (e.g., Fencing, Proximity readers, Access list, Proper lighting, Mantraps, Video Surveillance, Signs, Guards, Barricades, Biometrics, Protected distribution (cabling), Alarms, Motion detection). |
9.2.7 | Inventory devices. |
9.3.1. | Identify application vulnerabilities (e.g., Cross-site scripting, SQL injection, LDAP injection, XML injection, Directory traversal/command injection, Buffer overflow, Integer overflow, Zero-day, Cookies and attachments, Locally Shared Objects (LSOs), Flash cookies, Malicious add-ons, Session hijacking, Header manipulation, Arbitrary code execution/remote code execution). |
9.3.2 | Mitigate application attacks (e.g., SANS, OWASP). |
9.3.3 | Implement secure coding concepts (e.g., Error and exception handling, Input validation, Cross-site scripting prevention, Cross-site Request Forgery, (XSRF) prevention, OWASP). |
9.3.4 | Implement secure application configuration (e.g., Application hardening, Application patch management). |
9.3.5 | Discover and mitigate common database vulnerabilities and attacks. |
9.3.6. | Differentiate between Server-side vs. client-side validation. |
9.4.1 | Setup and maintain secure roles and system management techniques (e.g., password, group, and user privilege policies and monitoring). |
9.4.2 | Secure use of network Protocols (e.g., IPSec, SNMP, SSH, DNS, TLS, SSL, TCP/IP, FTPS, HTTPS, SCP, ICMP). |
9.4.3 | Apply principles of IPv4 and IPv6 securely. |
9.4.4 | Apply wireless security configurations (e.g., Disable SSID broadcast, TKIP, CCMP, Antenna placement, Power level controls). |
9.4.5 | Manage PKI and certificates (Transport encryption, Non-repudiation, Hashing, Key escrow, Steganography, Digital signatures). |
9.4.6 | Use of algorithms/protocols with transport encryption (e.g., SSL, TLS, IPSec, SSH, HTTPS). |
9.4.7 | Install and configure network devices (firewalls, switches, load balancers, proxies, web security gateways, VPN concentrators). |
9.4.8 | Install and configure network security devices. (Protocol analyzers, Spam filter, UTM security appliances, URL filter, Content inspection, Malware inspection). |
9.4.9 | Implement port security. |
9.4.10 | Monitor and manage network Unified Threat Management. |
9.4.11 | Mitigate network threats (e.g., Flood guards, Loop protection, Implicit deny, Network separation, Log analysis, Unified threat management, peripheral and removable media). |
9.4.12 | Apply the principles of secure Network Design (e.g., DMZ, Subnetting, NAT/PAT, Remote access, Telephony, Virtualization). |
9.5.1. | Describe, locate, and mitigate security threats (e.g., Adware, Viruses, Spyware, Trojan, Rootkits, Logic bomb, Botnets, Ransomware, Polymorphic malware). |
9.5.2. | Describe and discover vulnerabilities to and mitigate network attacks. (e.g., Man-in-the-middle, DDoS, DoS, Replay, Smurf attack, Spoofing, Spam, Phishing, Spim, Spit and other attacks). |
9.5.3 | Configure defenses for Password attacks (e.g., Brute Force, Dictionary attacks, Hybrid, Birthday attacks, Rainbow tables). |
9.5.4. | Describe, appraise for, and mitigate Social Engineering attacks (e.g., Shoulder surfing, Dumpster diving, Tailgating, Impersonation, Hoaxes, Phishing, Spear Phishing, Whaling, Vishing, Principles, URL hijacking, Watering Hole). |
9.6.1 | Adhere to licensing and intellectual property laws (e.g., copyright, trademark, digital-rights management). |
9.6.2 | Adhere to regulatory and industry standards (e.g., PCIDSS, PADSS). |
9.7.1. | Recognize digital reconnaissance techniques (e.g., packet capture, OS fingerprinting, topology discovery, DNS harvesting). |
9.7.4. | Collect digital evidence according to established policies and protocols (e.g., system image, packet captures). |
9.8.1 | Design and implement network segmentation. |
9.8.2. | Differentiate between detection controls and prevention controls (e.g., IDS vs. IPS, Camera vs. guard). |
9.8.3. | Use discovery tools and utilities to identify threats (e.g., Protocol analyzer, Vulnerability scanner, Honeypots, Honeynets, Port scanner). |
9.8.4 | Create, edit and use roles and system management tools. |
9.8.5 | Implement endpoint security. |
9.8.6 | Implement Access Control Lists (ACL). |
9.8.7 | Deploy a server hardening plan. |
9.8.8 | Implement a Network Access Control (NAC) plan. |
9.8.9 | Interpret alarms and alert trends. |
9.8.10 | Apply Incident response procedures (e.g., Preparation, Incident identification, Escalation and notification, Mitigation steps, Lessons learned, Reporting, Recovery procedures, First responder, Incident isolation, Quarantine, Device removal, Data breach). |
9.8.11 | Differentiate between types of Penetration testing (e.g., Black box, White box, Gray box). |
9.9.1 | Describe the concepts of Risk Management (e.g., Business continuity concepts, Business impact analysis, Identification of critical systems and components, Removing single points of failure). |
9.9.2 | Describe the concepts of Risk assessment (e.g., Disaster recovery plan, IT contingency planning - Succession planning, Redundancy). |
9.9.3 | Describe and plan Fault tolerance (e.g., Hardware, RAID, Clustering, Load balancing, Disaster recovery concepts, Backup plans/policies, Backup execution/frequency). |
9.10.1 | Enforce concepts related to threat vectors and probability/threat likelihood. |
9.10.2 | Identify concepts of risk calculation (Likelihood, ALE, Impact, SLE, ARO, MTTR, MTTF, MTBF). |
9.10.3 | Implement Governance, risk management and Compliance Management processes (risk mitigation, govern compliance). |