Domain 1:
Security Principles (26%, 20 items)
1.1
Understand the security concepts of information assurance
- Confidentiality
- Integrity
- Availability
- Authentication (e.g., methods of authentication, multi-factor authentication (MFA))
- Non-repudiation
- Privacy
1.2
Understand the risk management process
- Risk management (e.g., risk priorities, risk tolerance)
- Risk identification, assessment and treatment
1.3
Understand security controls
- Technical controls
- Administrative controls
- Physical controls
1.4
Understand (ISC)² Code of Ethics
- Professional code of conduct
1.5
Understand governance processes
- Policies
- Procedures
- Standards
- Regulations and laws