Understand the importance of data privacy and protection.
Privacy vs. security
Non-technical controls
- Classification
- Ownership
- Retention
- Data types
- Retention standards
- Confidentiality
- Legal requirements
- Data sovereignty
- Data minimization
- Purpose limitation
- Non-disclosure agreement (NDA)
Technical controls
- Encryption
- Data loss prevention (DLP)
- Data masking
- Deidentification
- Tokenization
- Digital rights management (DRM)
- Geographic access requirements
- Access controls
Given a scenario, apply security concepts in support of organizational risk mitigation.
Business impact analysis
Risk identification process
Risk calculation
Communication of risk factors
Risk prioritization
- Security controls
- Engineering tradeoffs
Systems assessment
Documented compensating controls
Training and exercises
- Red team
- Blue team
- White team
- Tabletop exercise
Supply chain assessment
- Vendor due diligence
- Hardware source authenticity
Explain the importance of frameworks, policies, procedures, and controls.
Frameworks
Policies and procedures
- Code of conduct/ethics
- Acceptable use policy (AUP)
- Password policy
- Data ownership
- Data retention
- Account management
- Continuous monitoring
- Work product retention
Control types
- Managerial
- Operational
- Technical
- Preventative
- Detective
- Responsive
- Corrective
Audits and assessments
