Domain 1: Information Security Governance

• Enterprise Governance Overview
• Organizational Culture, Structures, Roles and Responsibilities
• Legal, Regulatory and Contractual Requirements
• Information Security Strategy
• Information Governance Frameworks and Standards
• Strategic Planning

Domain 2: Information Security Risk Management

• Risk and Threat Landscape
• Vulnerability and Control Deficiency Analysis
• Risk Assessment, Evaluation and Analysis
• Information Risk Response
• Risk Monitoring, Reporting and Communication

Domain 3: Information Security Program

• IS Program Development and Resources
• IS Standards and Frameworks
• Defining an IS Program Road Map
• IS Program Metrics
• IS Program Management
• IS Awareness and Training
• Integrating the Security Program with IT Operations
• Program Communications, Reporting and Performance Management

Domain 4: Incident Management

• Incident Management and Incident Response Overview
• Incident Management and Response Plans
• Incident Classification/Categorization
• Incident Management Operations, Tools and Technologies
• Incident Investigation, Evaluation, Containment and Communication
• Incident Eradication, Recovery and Review
• Business Impact and Continuity
• Disaster Recovery Planning
• Training, Testing and Evaluation