Domain 1: Security and Risk Management

• CIA Triad: Confidentiality, Integrity, Availability
• Governance and Compliance (GDPR, HIPAA, SOX)
• Risk Management and Business Continuity
• Professional Ethics (ISC)² Code of Ethics
• Security Awareness and Training Programs

Domain 2: Asset Security

• Data Classification and Ownership
• Data Handling and Retention
• Privacy Protection Principles
• Secure Data Lifecycle Management
• Media Security Controls

Domain 3: Security Architecture and Engineering

• Secure System Design Principles
• Security Models and Concepts
• Cryptography: Symmetric, Asymmetric, Hashing
• Physical Security Controls
• Vulnerability Management

Domain 4: Communication and Network Security

• Secure Network Architecture Design
• Secure Protocols (TLS, SSH, IPSec)
• Network Devices and Segmentation
• Secure Communications Channels
• Wireless Network Security

Domain 5: Identity and Access Management (IAM)

• Identity Management Lifecycle
• Authentication and Authorisation Models
• Access Control Systems (RBAC, ABAC, DAC, MAC)
• Federated Identity Management
• Single Sign-On (SSO) and MFA

Domain 6: Security Assessment and Testing

• Security Control Testing
• Penetration Testing
• Security Audits and Assessments
• Log Reviews and Vulnerability Assessments
• Security Metrics and Reporting

Domain 7: Security Operations

• Incident Response and Recovery
• Forensics and Evidence Handling
• Disaster Recovery Planning
• Security Monitoring and SIEM
• Patch and Configuration Management

Domain 8: Software Development Security

• Secure SDLC Concepts
• Software Security Testing (SAST, DAST)
• Secure Coding Practices
• CI/CD Pipeline Security
• OWASP Top 10 Threats