Competency |
Student Checklist |
275. Access control attacks (brute force, dictionary, spoofing, denial of service, etc.) |
|
276. Access control policies |
|
277. Application and system vulnerabilities and threats -- client-based (i.e., applets, active-X) |
|
278. Application and system vulnerabilities and threats -- mainframe |
|
279. Application and system vulnerabilities and threats -- malicious code (i.e., Trojan horses, trap doors, viruses, worms) |
|
280. Application and system vulnerabilities and threats -- server-based |
|
281. Application and system vulnerabilities and threats -- web-based (i.e., xml, saml) |
|
282. Assessments used during system certification process |
|
283. Attack actions |
|
284. Attack actions addressed in training |
|
285. Cable characteristics (i.e., twisted pair, fiber) |
|
286. Capabilities offered by expert audit tools |
|
287. Capabilities offered by expert security tools |
|
288. Centralized/remote authentication access controls |
|
289. Computing and telecommunications hardware/ software |
|
290. Concentrators |
|
291. Control techniques and policies (i.e., discretionary, mandatory, and rule of least privilege decentralized/distributed -- single sign on (SSO) (i.e., kerberos) |
|
292. Data mining |
|
293. Databases and data warehousing vulnerabilities, threats and protections |
|
294. Elements of technical platforms |
|
295. EMSEC/TEMPEST security as it relates to the risk management process |
|
296. End systems (i.e., workstations, notebooks, PDA, smartphones, etc.) |
|
297. Front-end processors, hubs, modems, multiplexers |
|
298. Housekeeping procedures |
|
299. How the security architecture is affected by assurance, trust, and confidence countermeasures; covert channels; EMSEC/TEMPEST; maintenance hooks and privileged programs; states attacks (i.e., time of check / time of use); and timing attacks |
|
300. Identification and authentication techniques |
|
301. Importance of sound facility management procedures |
|
302. Incident response policies |
|
303. Inference |
|
304. IPSEC authentication and confidentiality |
|
305. LAN/WAN security |
|
306. Major benefits of auditing |
|
307. Multiple secure levels |
|
308. Network architecture/topologies (i.e., ethernet, fddi, bus, star, mesh, etc.) |
|
309. Network components (hardware, firmware, software, and media) |
|
310. Network protocols |
|
311. Network types |
|
312. Object reuse |
|
313. Organizational/agency systems emergency response team role |
|
314. OSI model |
|
315. Patch panels |
|
316. Polyinstantiation |
|
317. Principles of network security procedures |
|
318. Public key infrastructure (PKI) (i.e. Certification authorities, etc) |
|
319. Risk management |
|
320. Routers |
|
321. SA COMSEC procedures |
|
322. Security domains as applicable to organizational policies |
|
323. Single/multifactor authentication (knowledge based i.e., password/pass phrase, one time, smart cards and characteristic based i.e., biometrics) |
|
324. Switches |
|
325. System security architecture study |
|
326. Threat in its application to education, training, and awareness |
|
327. Threats/vulnerabilities of end systems (i.e., workstations, notebooks, PDA, smartphones, etc.) |
|
328. Transport control protocol/ internet protocol (TCP/IP) |
|
329. Tunneling protocol (PPTP), layer 2 tunneling protocol (l2tp) |
|
330. Virtual private network (VPN) (i.e., ssh2, socks) |
|
331. Ways to provide protection for Internet connections |
|
332. What is meant by zoning and zone of control |
|
333. Wireless security |
|
334. Zoning and zone of control procedures |
|
335. Zoning and zone of control ratings |
|
336. Access control physical, logical, and administrative configurations |
|
337. Access rights and permissions |
|
338. Accountability and monitoring (i.e., correction, alarms, audit trail) |
|
339. Accreditation plan/process |
|
340. Application layer security protocols (i.e., secure electronic transactions, secure hypertext, secure remote procedure call) |
|
341. AT&E as a countermeasure |
|
342. Attack response |
|
343. Authentication policies and procedures |
|
344. Automated security tools |
|
345. Automated tool for security test |
|
346. Automated tools for security compliance |
|
347. Automated tools for security testing |
|
348. Awareness materials as part of job |
|
349. Change control policies |
|
350. Change controls |
|
351. Compartmented/partitioned mode |
|
352. Configuration control |
|
353. Control techniques and policies (i.e., discretionary, mandatory, and rule of least privilege |
|
354. Copyright protection and licensing |
|
355. Countermeasures to deter/mitigate attack threats (i.e., malicious code, flooding, spamming) |
|
356. Data link layer security |
|
357. Data ownership and custodianship |
|
358. Decentralized/distributed -- single sign on (SSO) (i.e., kerberos) |
|
359. Disaster recovery |
|
360. Disaster recovery plan testing |
|
361. Disaster recovery procedures |
|
362. Disposition of media and data policies and procedures |
|
363. Email security (i.e., PGP, PEM) |
|
364. EMSEC/TEMPEST security countermeasures |
|
365. EMSEC/TEMPEST security safeguards |
|
366. Evidence preservation IAW legal guidance |
|
367. Facility management procedures |
|
368. FAX security policies/procedures |
|
369. Firewall architecture (i.e., bastion host, DMZ) |
|
370. Firewall technology (i.e., packet filtering, data inspection) |
|
371. Formal approval |
|
372. Gateways and routers |
|
373. Incident response policies and procedures |
|
374. Incident response policy/procedures |
|
375. Install a patch from an appropriate source |
|
376. Internet security |
|
377. Intrusion detection policies |
|
378. Multiple patches with a single batch file |
|
379. Network layer security |
|
380. Network security procedures |
|
381. Network security software |
|
382. Operating system from appropriate source |
|
383. Operating systems security procedures |
|
384. Operational procedure review |
|
385. OPSEC in conformance with organizational policies |
|
386. Organizational IA policies |
|
387. Organizational/agency systems emergency response team reports and advisories |
|
388. Organizational/agency systems emergency/incident response team security reporting |
|
389. Secure data communications |
|
390. Secure e-mail (i.e., PGP, s/mime) |
|
391. Secure voice and facsimile communications |
|
392. Security domain |
|
393. Security patch or upgrade |
|
394. Transport layer security (i.e., secure socket layer [SSL]) |
|
395. WAN security procedures |
|
396. Access authorization |
|
397. Accreditation |
|
398. Aggregation |
|
399. Anti-criminal activity preparedness planning (law enforcement) |
|
400. Anti-virus management |
|
401. Assessments for use during certification of information systems |
|
402. Assurance |
|
403. Attacks response |
|
404. Authentication mechanisms |
|
405. Backup critical information |
|
406. Breaches |
|
407. Certification policies as related to organizational requirements |
|
408. Computer network defense |
|
409. Computing and telecommunications hardware/software |
|
410. COMSEC procedures |
|
411. Concepts of availability, integrity, confidentiality, authentication, and non-repudiation |
|
412. Configuration control (management) |
|
413. Continuity/contingency plan |
|
414. Database integrity |
|
415. Defense in depth |
|
416. Different levels of countermeasures assurance |
|
417. Different levels of safeguards assurance |
|
418. Digital non-repudiation |
|
419. Digital signatures |
|
420. Disaster recovery planning |
|
421. Disposition of classified information |
|
422. Documentation |
|
423. DoDD 8500.1 policies (or appropriate civil agency guidance) |
|
424. Due care (due diligence) |
|
425. Electronic records management |
|
426. Electronic records management relative to compliance with organizational policies and procedures |
|
427. Electronic records oversight |
|
428. EMSEC/TEMPEST control policies |
|
429. EMSEC/TEMPEST security policies |
|
430. EMSEC/TEMPEST security procedures |
|
431. Evidence preservation |
|
432. Facility support systems (i.e., fire protection and HVAC) |
|
433. Formal approval to operate |
|
434. Functional requirements for operating system integrity |
|
435. Fundamental concepts of multilevel security |
|
436. Generally accepted systems security principles |
|
437. Goals, mission, and objectives of the organization |
|
438. Incident response |
|
439. Incident response procedure |
|
440. Incidents |
|
441. Information management |
|
442. Information operations |
|
443. Information sensitivity |
|
444. Internal controls and security |
|
445. Internet security procedures |
|
446. Intrusion detection |
|
447. Intrusion detection resources and policies |
|
448. Law enforcement interfaces |
|
449. Legal requirements |
|
450. Magnetic media degaussing as an example of destruction |
|
451. Marking of sensitive information procedures (defined in c.f.r. 32 section 2003, national security information - standard forms) as an example |
|
452. Marking, handling, storing, and destroying of classified, unclassified, and sensitive information & media |
|
453. Media (i.e., tape, paper or disks) management |
|
454. Message digests (i.e., md5, sha, hmac) |
|
455. Multilevel security |
|
456. Multiple secure level |
|
457. Need-to-know/least privilege |
|
458. Network firewalls |
|
459. NSTISSP 11 (Common Criteria) policies |
|
460. Object reuse policy and procedures |
|
461. Objectives of security inspections as a training issue |
|
462. Objectives of security reviews as a training issue |
|
463. Operations security (OPSEC) in conformance with organizational policies |
|
464. Operator/administrator privileges |
|
465. Organizational accountability policies |
|
466. Organizational area network (LAN) security as related to organizational policies |
|
467. Organizational e-mail privacy policies |
|
468. Organizational policies |
|
469. Organizational policies relating to secure systems operations |
|
470. Organizational policies relating to separation of duties |
|
471. Organizational wireless security policy |
|
472. Physical security policies |
|
473. Policies relating to marking of classified, unclassified, and sensitive information |
|
474. Policy enforcement |
|
475. Principle elements of security training |
|
476. Privacy act provisions |
|
477. Privacy and protection |
|
478. Privileges |
|
479. Proper use of security safeguards |
|
480. Record retention |
|
481. Records management |
|
482. Reporting |
|
483. Requirements for security awareness, training, and education |
|
484. Resource custodian |
|
485. Resource misuse prevention |
|
486. Safeguard corrective actions |
|
487. Secure data deletion for media reuse |
|
488. Security education |
|
489. Security inspections |
|
490. Security policies relating to ethics |
|
491. Separation of duties as a countermeasure |
|
492. Significant agency specific security policies |
|
493. System security architecture |
|
494. Testing policies |
|
495. Validation policies |
|
496. Verification and validation process policies |
|
497. Violations |
|
498. Wan security policies |
|
499. Workstation security policies |
|
500. Zoning and zone of control policies |
|
501. Access control software |
|
502. Alarms, signals, and reports |
|
503. Alarms, signals, and reports in accordance with existing policies and procedures |
|
504. Anti-virus tools and procedures |
|
505. Audit trails and logging policies |
|
506. Biometrics |
|
507. Client-server security |
|
508. Countermeasures |
|
509. Database security features |
|
510. Disaster recovery management/oversight |
|
511. Disaster recovery policies and procedures |
|
512. Disposition of classified info |
|
513. Disposition of media and data |
|
514. Document labeling |
|
515. Documentation policy and procedures |
|
516. Emergency destruction |
|
517. Error log |
|
518. Expert system tools (i.e., audit reduction and intrusion detection) available |
|
519. Intrusion detection resources |
|
520. Isolation and mediation |
|
521. Key management techniques |
|
522. KMI applications |
|
523. KMI products |
|
524. Management/oversight change controls |
|
525. Modes of operation |
|
526. Network access controls as designed |
|
527. Operating system security features |
|
528. Safeguards |
|
529. Separation of duties policies and procedures |
|
530. Single sign-on |
|
531. Organizational/agency systems emergency/incident response team |
|
532. Configuration management |
|
533. Information ownership of data held under his/her cognizance |
|
534. Education, training, literacy and awareness |
|
535. Audit collection requirements |
|
536. Disaster recovery operations |
|
537. Security policy for backup procedures |
|
538. Different categories of activities which may be logged |
|
539. Organizational password management policy |
|
540. Risks to ISSO |
|
541. Account deletions |
|
542. Employees to seek education in IA as a countermeasure |
|
543. Security education requirements for information system users |
|