1. Goals, Roles and Actors
The candidate should understand the importance of IT security. This includes
understanding of essential security goals as well as understanding various
actors and roles in the field of IT security.
2. Risk Assessment and Management
The candidate should understand how to find and interpret relevant security
information. This includes understanding the risk of a security vulnerability
and determining the need and urgency for a reaction.
3.Ethical Behavior
The candidate should understand the technical, financial, and legal implications
of their behavior when using digital infrastructure. This includes understanding
the potential harm caused by using security tools. Furthermore, the candidate
should understand common concepts in copyright and privacy laws.
4.Cryptography and Public Key Infrastructure
The candidate should understand the concepts of symmetric and asymmetric
encryption as well as other types of commonly used cryptographic algorithms.
Furthermore, the candidate should understand how digital certificates are used
to associate cryptographic keys with individual persons and organizations.
5. Web Encryption
The candidate should understand the concepts of HTTPS. This includes verifying
the identity of web servers and understanding common browser error messages
related to security.
6. Email Encryption
The candidate should understand the concepts of OpenPGP and S/MIME for email
encryption. This includes handling OpenPGP keys and S/MIME certificates as well
as sending and receiving encrypted emails.
7.Data Storage Encryption
The candidate should understand the concepts of file encryption and storage
device encryption. Furthermore, the candidate should be able to encrypt data
stored on local storage devices and in the cloud.
8. Hardware Security
The candidate should understand security aspects of hardware. This includes
understanding the various types of computer devices as well as their major
components. Furthermore, the candidate should understand the security
implications of various devices that interact with a computer as well as the
security implications of physical access to a device.
9. Application Security
The candidate should understand the security aspects of software. This includes
securely installing software, managing software updates, and protecting software
from unintended network connections.
10. Malware
The candidate should understand the various types of malware. This includes
understanding of how they are installed on a device, what effects they cause,
and how to protect against malware.
11. Data Availability
The candidate should understand how to ensure the availability of their data.
This includes storing data on appropriate devices and services as well as
creating backups.
12. Networks, Network Services and the Internet
The candidate should understand the concepts of computer networks and the
Internet. This includes basic knowledge of various network media types,
addressing, routing, and packet forwarding as well as understanding of the most
important protocols used in the Internet.
13. Network and Internet Security
The candidate should understand common security aspects of using networks and
the Internet. This includes understanding of common security threats against
networks and networked computers, approaches for mitigation, as well as the
ability to securely connect to a wired or wireless network.
14. Network Encryption and Anonymity
The candidate should understand the concepts of virtual private networks (VPN).
This includes using a VPN provider to encrypt transmitted data. Candidates
should understand recognition and anonymity concepts when using the Internet as
well as anonymization tools, such as TOR.
15.Identity and Authentication
The candidate should understand common concepts on how to prove their identity
when using online services. This includes using a password manager, multi-factor
authentication, and single sign-on, as well as being aware of common security
threats regarding individual identities.
16. Information Confidentiality and Secure Communication
The candidate should understand how to keep confidential information secret and
ensure the confidentiality of digital communication. This includes recognizing
attempts of phishing and social engineering, as well as using secure means of
communication.