Scope:
- A computing-based discipline involving technology, people, information, and processes to enable assured operations.
- A focus on implementation, operation, analysis, and testing of the security of computing technologies
- Recognition of the interdisciplinary nature of the application of cybersecurity including aspects of law, policy, human factors, ethics, and risk management in the context of adversaries.
- The practice of assuring information and managing risks related to the use, processing, storage, and transmission of information or data and the systems and processes used for those purposes.
- Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation.
Competencies:
- Evaluate the purpose and function of cybersecurity technology
identifying the tools and systems that reduce the risk of data
breaches while enabling vital organization practices.
(Cybersecurity functions) - Implement systems, apply tools, and use concepts to minimize
the risk to an organization’s cyberspace to address cybersecurity
threats. (Tools and threats) - Use a risk management approach for responding to and
recovering from a cyber-attack on system that contains high
value information and assets such as an email system. (Response
and risks) - Develop policies and procedures needed to respond and
remediate a cyber-attack on a credit card system and describe
plan to restore functionality to the infrastructure. (Policies and
procedures)
Subdomains and Skill Levels
| Subdomain | Level |
| ITE-CSP-01 Perspectives and impact | 1 |
| ITE-CSP-02 Policy goals and mechanisms | 1 |
| ITE-CSP-03 Security services, mechanisms, and countermeasures | 2 |
| ITE-CSP-04 Cyber-attacks and detection | 2 |
| ITE-CSP-05 High assurance systems | 2 |
| ITE-CSP-06 Vulnerabilities, threats, and risk | 2 |
| ITE-CSP-07 Anonymity systems | 1 |
| ITE-CSP-08 Usable security | 1 |
| ITE-CSP-09 Cryptography overview | 1 |
| ITE-CSP-10 Malware fundamentals | 1 |
| ITE-CSP-11 Mitigation and recovery | 1 |
| ITE-CSP-11 Mitigation and recovery | 1 |
| ITE-CSP-12 Personal information | 1 |
| ITE-CSP-13 Operational issues | 2 |
| ITE-CSP-14 Reporting requirements | 1 |
Suggestions Accepted for consideration for the next Edition:
Please provide your suggestions about this knowledge unit. All submitted comments will be reviewed at the end of the month. Comments accepted for inclusion will be listed above.