Key Sessions

• Understand confidentiality, integrity, and availability concepts.
• Apply security governance principles and establish a compliance framework.
• Develop and implement documented security policies, standards, procedures, and guidelines.
• Understand legal and regulatory issues that pertain to information security in a global context.
• Manage data classification and data lifecycle processes to enhance confidentiality and value.

2. Asset Security

• Identify and classify information and assets to apply appropriate controls.
• Establish information and asset handling requirements to maintain information security.
• Ensure appropriate retention of information and disposal processes.
• Determine data security controls and compliance requirements.
• Protect privacy, ensuring proper storage and handling of sensitive information.

3. Security Architecture and Engineering

• Analyse and implement security designs in hardware, software, and network architecture.
• Assess and mitigate vulnerabilities in web-based systems, mobile systems, and other digital systems.
• Apply cryptography to protect data in transit, at rest, and in use.
• Understand principles of secure engineering and secure application design.
• Evaluate and apply security models to maintain system integrity.

4. Communication and Network Security

• Design and protect network architecture including IP networking, LANs, WANs, and remote access technology.
• Secure network components and implement secure communication channels.
• Manage secure network management and operational controls.
• Understand network attacks and apply defensive strategies.
• Implement secure network architecture concepts and systems design.

5. Identity and Access Management (IAM)

• Control physical and logical access to assets.
• Manage identification and authentication of people, devices, and services.
• Integrate identity as a third-party service (IDaaS, Federated Identity).
• Implement and manage authorisation mechanisms.
• Manage the identity and access provisioning lifecycle.

6. Security Assessment and Testing

• Design and validate assessment, test, and audit strategies to ensure proper security controls.
• Conduct security control testing and review of configuration and patch management processes.
• Perform vulnerability assessments and penetration testing.
• Use logging and monitoring activities to provide security analysis.
• Ensure the effectiveness of security controls through regular assessment and testing.

7. Security Operations

• Understand and support investigations according to incident response protocols.
• Manage physical security, personnel security, and the safe design of facilities.
• Apply resource protection techniques and manage incident response.
• Operate and configure technologies to detect and prevent attacks.
• Understand disaster recovery processes and develop disaster recovery plans.

8. Software Development Security

• Understand and integrate security in the Software Development Lifecycle (SDLC).
• Manage security risks in software development and enforce software security controls.
• Secure software applications by applying security best practices.
• Assess the security impact of acquired software and manage the security aspects of the end-user environment.
• Enforce compliance with secure coding standards and effectively manage software vulnerabilities.