Domain 1:
Security Operations and Administration
1.1
Comply with codes of ethics
- (ISC)² Code of Ethics
- Organizational code of ethics
1.2
Understand security concepts
- Confidentiality
- Integrity
- Availability
- Accountability
- Privacy
- Non-repudiation
- Least privilege
- Segregation of duties (SoD)
1.3
Identify and implement security controls
- Technical controls (e.j., session timeout, password aging)
- Physical controls (e.g., mantraps, cameras, locks)
- Administrative controls (e.g., security policies, standards, procedures, baselines)
- Assessing compliance
- Periodic audit and review
1.4
Document and maintain functional security controls
- Deterrent controls
- Preventative controls
- Detective controls
- Corrective controls
- Compensating controls
1.5
Participate in asset management lifecycle (hardware, software and data)
- Process, planning, design and initiation
- Development/Acquisition
- Inventory and licensing
- Implementation/Assessment
- Operation/Maintenance
- Archiving and retention requirements
- Disposal and destruction
1.6
Participate in change management lifecycle
- Change management (e.g., roles, responsibilities, processes)
- Security impact analysis
- Configuration management (CM)