2015 Exam Outline | 2018 Exam Outline |
Understand and support investigations - Evidence collection and handling
- Reporting and documenting
- Investigative techniques
- Digital forensics
| Understand and support investigations - Evidence collection and handling
- Reporting and documentation
- Investigative techniques
- Digital forensics tools, tactics, and procedures
#No Change
|
Understand requirements for investigation types - Operational
- Criminal
- Civil
- Regulatory
- Electronic Discovery
| Understand requirements for investigation types - Administrative
- Criminal
- Civil
- Regulatory
- Industry standards
#No Change. Removal of e-discovery.
|
Conduct logging and monitoring activities - Intrusion detection and prevention
- Security Information and Event Management (SIEM)
- Continuous monitoring
- Egress monitoring
| Conduct logging and monitoring activities - Intrusion detection and prevention
- Security Information and Event Management (SIEM)
- Continuous monitoring
- Egress monitoring
#No Change
|
Securely provisioning resources - Asset inventory
- Configuration management
- Physical Assets
- Virtual Assets
- Cloud Assets
- Applications
| Securely provisioning resources - Asset inventory
- Asset management
- Configuration management
#Limited Changes. Consolidation of resources under one subheading. |
Understand and apply foundational Security operations concepts - Need-to-know/least privileges
- Separation of duties and responsibilities
- Monitor special privileges.
- Job rotation
- Information lifecycle
- Service Level Agreements (SLA)
| Understand and apply foundational security operations concepts - Need-to-know/least privileges
- Separation of duties and responsibilities
- Privileged account management
- Job rotation
- Information lifecycle
- Service Level Agreements (SLA)
#No Change |
Employ resource protection techniques - Media management
- Hardware and software asset management
| Apply resource protection techniques - Media management
- Hardware and software asset management
#No Change |
Conduct incident management - Detection
- Response
- Mitigation
- Reporting
- Recovery
- Remediation
- Lessons learned
| Conduct incident management - Detection
- Response
- Mitigation
- Reporting
- Recovery
- Remediation
- Lessons learned
#No Change |
Operate and maintain preventative measures
- Firewalls
- Intrusion detection and prevention systems
- Whitelisting/blacklisting
- Third-party security services
- Sandboxing
- Honeypots/honeynets
- Anti-malware
| Operate and maintain detective and preventative measures - Firewalls
- Intrusion detection and prevention systems
- Whitelisting/blacklisting
- Third-party provided security services
- Sandboxing
- Honeypots/honeynets
- Anti-malware
#No Change |
Implement and support patch and vulnerability management | Implement and support patch and vulnerability management #No Change |
Participate in and understand change management processes | Understand and participate in change management processes #No Change |
Implement recovery strategies - Backup storage strategies
- Recovery site strategies
- Multiple processing sites
- System resilience, high availability, Quality of Service (QoS), and fault tolerance
| Implement recovery strategies - Backup storage strategies
- Recovery site strategies
- Multiple processing sites
- System resilience, high availability, Quality of Service (QoS), and fault tolerance
#No Change |
- Response
- Personnel
- Communications
- Assessment
- Restoration
- Training and awareness
| Implement Disaster Recovery (DR) processes - Response
- Personnel
- Communications
- Assessment
- Restoration
- Training and awareness
#No Change |
- Read-through/tabletop
- Walkthrough
- Simulation
- Parallel
- Full interruption
| Test Disaster Recovery Plans (DRP) - Read-through/tabletop
- Walkthrough
- Simulation
- Parallel
- Full interruption
#No Change
|
Participate in Business Continuity (BC) planning and exercises | Participate in Business Continuity (BC) planning and exercises #No Change |
Implement and manage physical security - Perimeter security controls
- Internal security controls
| Implement and manage physical security - Perimeter security controls
- Internal security controls
#No Change |
Participate in addressing personnel safety concerns | Address personnel safety and security concerns - Travel
- Security training and awareness
- Emergency management
- Duress
#Limited Change |