1. I Access Control
    1. Identity, Authentication, Authorisation, Accounting
    2. Access Control Models
    3. Administration
    4. Controls
    5. Monitoring and practices
    6. Threats
  2. II Software Development Security
    1. programming
    2. development
    3. databases
    4. webapp security
    5. malware
  3. III Business Continuity and DR
    1. BCP Planning
    2. BCP Project
    3. Recovery strategy
    4. Technology Recovery
    5. Testing and Maintenance
  4. IV Cryptography
    1. history
    2. encryption systems
    3. message integrity
    4. key management and pki
    5. usage
    6. attacks
  5. V Information Security Governance
    1. definitions
    2. governance
    3. organisation
    4. risk management
    5. information classification
  6. VI Legal, Regulations and Investigation
    1. laws and regulations
    2. liability
    3. incident response
    4. investigation
    5. ethics
  7. VII Operational Security
    1. administration management
    2. system hardening
    3. config management
    4. infrastructure resilience
    5. media controls and backups
    6. vulnerability testing
  8. VIII Physical and Environmental Security
    1. site design
    2. internal support systems
    3. planning
    4. fire
    5. perimeter security
  9. IX Security Architecture and Design
    1. computer architecture
    2. security models
    3. frameworks
    4. evaluation criteria
    5. certification and accredation
    6. threats
  10. X Telecommunications and Network
    1. TCP/IP
    2. network protocols
    3. WiFi and Mobiles
    4. Routers and Firewalls
    5. LAN, WAN
    6. VPNs