• 1.0 Threats, Attacks and Vulnerabilities
• 1.1 Given a scenario, analyze indicators of compromise and determine the type of malware
• 1.2 Compare and contrast types of attacks
• 1.3 Explain threat actor types and attributes
• 1.4 Explain penetration testing concepts
• 1.5 Explain vulnerability scanning concepts
• 1.6 Explain the impact associated with types of vulnerabilities

• 2.0 Install and configure network components, both hardwareand software-based, to support organizational security
• 2.1 Install and configure network components, both hardware and software-based, to support organizational security
• 2.2 Given a scenario, use appropriate software tools to assess the security posture of an organization
• 2.3 Given a scenario, troubleshoot common security issues
• 2.4 Given a scenario, analyze and interpret output from security technologies
• 2.5 Given a scenario, deploy mobile devices securely
• 2.6 Given a scenario, implement secure protocols

• 3.0 Architecture and Design
• 3.1 Explain use cases and purpose for frameworks, best practices and secure configuration guides
• 3.2 Given a scenario, implement secure network architecture concepts
• 3.3 Given a scenario, implement secure systems design
• 3.4 Explain the importance of secure staging deployment concepts
• 3.5 Explain the security implications of embedded systems
• 3.6 Summarize secure application development and deployment concepts
• 3.7 Summarize cloud and virtualization concepts
• 3.8 Explain how resiliency and automation strategies reduce risk
• 3.9 Explain the importance of physical security controls

• 4.0 Identity and Access Management
• 4.1 Compare and contrast identity and access management concepts
• 4.2 Given a scenario, install and configure identity and access services
• 4.3 Given a scenario, implement identity and access management controls
• 4.4 Given a scenario, differentiate common account management practices

• 5.0 Risk Management
• 5.1 Explain the importance of policies, plans and procedures related to organizational security.
• 5.2 Summarize business impact analysis concepts
• 5.3 Explain risk management processes and concepts
• 5.4 Given a scenario, follow incident response procedures
• 5.5 Summarize basic concepts of forensics
• 5.6 Explain disaster recovery and continuity of operation concepts
• 5.7 Compare and contrast various types of controls
• 5.8 Given a scenario, carry out data security and privacy practices

• 6.0 Cryptography and PKI
• 6.1 Compare and contrast basic concepts of cryptography
• 6.2 Explain cryptography algorithms and their basic characteristics
• 6.3 Given a scenario, install and configure wireless security settings
• 6.4 Given a scenario, implement public key infrastructure

The following malicious software types all belong to the malware category.

Viruses

Malicious piece of software that must be dowloaded and run by the user. It has not the capability to spread and infect other devices by itself.

Crypto-malware

A Crypto-malware, or Ransomware, is a kind of malware that encrypts user's data and locks out the user until it pays a ransom to the attacker.

Ransomware

A Crypto-malware, or Ransomware, is a kind of malware that encrypts user's data and locks out the user until it pays a ransom to the attacker.

Worm

Malware able to automatically replicate over a network, possibly using different transport channels. Example: Conficker.

Trojan

A Trojan is a piece of software with a double utility: one is benefical to the user while the other is benefical to the attacker. The user installs a trojan without knowing its second nature. Example: a pirated game that allows the user to play without paying the license and in the mean time allows the attacker to collect information about the infected system.

Rootkit

A Rootkit is a malicious piece of software that is able to infect a system and hide its traces. It has system-level privileges and uses hooked processes to hide, which are capable of intercepting operative system calls before and return arbitrary results to the user.
Detection Techniques: inspect the RAM or scan after booting in safe mode.

Keylogger

A Keylogger is a malware that collects keystrokes to steal sensitive information. It can be either hardware (like a usb stick) or software. It can automatically send the collect data to the attacker.

Adware

An Adware is a malware created to show advertisements to the user. Example: pop-up messages in the browser that still appear although the user tries to close them

Spyware

A Spyware is a malware installed on the user's system without its consent with the goal of observing user's behaviour and possibly steal data.

Bots

A bot is a system that has been successfully infected by a malware and it is now controlled by an attacker via a Command and Control (C2C) center. The infected system, also called zombie, joins a network of infected devices which is called botnet. The attacker controls this network without the legitimate users know it, and usually uses the controlled devices to launch distributed attacks or send spam. It is common that the attacker rent access to the botnet to launch DDoS attacks (DDoS as a Service). Example: Mirai was a very large botnet used in 2016 to launch DDoS attacks.

RAT (Remote Access Trojan)

A RAT is a type of malware that, once installed on the user's system, gives the attacker remote access to the infected machine.

Logic bomb

A Logic Bomb is a piece of software programmed to carry out malicious activities when certain conditions are met. Example: an employee could write a script that removes the company's sensitive data if it detects that the employee has been fired.

Backdoor

A Backdoor is an alternative method to access a system that bypasses the authentication methods. Example: a backdoor could be set up by a programmer to quickly access the system currently being developed, or by an attacker to stealthy access an infected system.