• 1.0 Threats, Attacks and Vulnerabilities
• 1.1 Given a scenario, analyze indicators of compromise and determine the type of malware
• 1.2 Compare and contrast types of attacks
• 1.3 Explain threat actor types and attributes
• 1.4 Explain penetration testing concepts
• 1.5 Explain vulnerability scanning concepts
• 1.6 Explain the impact associated with types of vulnerabilities

• 2.0 Install and configure network components, both hardwareand software-based, to support organizational security
• 2.1 Install and configure network components, both hardware and software-based, to support organizational security
• 2.2 Given a scenario, use appropriate software tools to assess the security posture of an organization
• 2.3 Given a scenario, troubleshoot common security issues
• 2.4 Given a scenario, analyze and interpret output from security technologies
• 2.5 Given a scenario, deploy mobile devices securely
• 2.6 Given a scenario, implement secure protocols

• 3.0 Architecture and Design
• 3.1 Explain use cases and purpose for frameworks, best practices and secure configuration guides
• 3.2 Given a scenario, implement secure network architecture concepts
• 3.3 Given a scenario, implement secure systems design
• 3.4 Explain the importance of secure staging deployment concepts
• 3.5 Explain the security implications of embedded systems
• 3.6 Summarize secure application development and deployment concepts
• 3.7 Summarize cloud and virtualization concepts
• 3.8 Explain how resiliency and automation strategies reduce risk
• 3.9 Explain the importance of physical security controls

• 4.0 Identity and Access Management
• 4.1 Compare and contrast identity and access management concepts
• 4.2 Given a scenario, install and configure identity and access services
• 4.3 Given a scenario, implement identity and access management controls
• 4.4 Given a scenario, differentiate common account management practices

• 5.0 Risk Management
• 5.1 Explain the importance of policies, plans and procedures related to organizational security.
• 5.2 Summarize business impact analysis concepts
• 5.3 Explain risk management processes and concepts
• 5.4 Given a scenario, follow incident response procedures
• 5.5 Summarize basic concepts of forensics
• 5.6 Explain disaster recovery and continuity of operation concepts
• 5.7 Compare and contrast various types of controls
• 5.8 Given a scenario, carry out data security and privacy practices

• 6.0 Cryptography and PKI
• 6.1 Compare and contrast basic concepts of cryptography
• 6.2 Explain cryptography algorithms and their basic characteristics
• 6.3 Given a scenario, install and configure wireless security settings
• 6.4 Given a scenario, implement public key infrastructure

Types of actors

A Threat actor is an attacker. In the following, we review the threat actors listed by CompTia:

• Script kiddies

  A Script Kiddie is an attacker that uses tools and scripts downloaded from the web to launch attack. It has little expertise, little knowledge and little funding. Anyway, if the scripts it launches are sophisticated, it could still make damage.

• Hacktivist

  An hacktivist is an attacker which is part of a group that launch attacks to foster a cause. Example: Anonymous.

• Organized crime

  Organize Crime is a dangerous threat actor that has both funding and skilled people to perform dangerous attacks. They use cyber attacks as another medium to make money.

• Nation states/APT

  An APT (Advanced Persistence Threat) is an organization, usually operating on behalf of a Nation or State, that has huge amount of funding and very advanced skills to launch very dangerous and stealth attacks. Their goal is usually to obtain confidential information from other States.

• Insiders

  An insider is an attacker that attacks the organization from the inside. It has valid credentials, and it is usually an employee of such organizations. Example: an employee that steals confidential information from the organization to sell to the best buyer.

• Competitors

  A competitor may use cyber attacks as a part of an industrial espionage tactics.

Attributes of actors

Each threat actor may be characterized by a list of attributes.

• Internal/external

  An internal threat actor is one acting from inside an organization, like an insider. An external threat actor is one acting from outside an organization, like a competitor that launches attacks from outside the organization's network.

• Level of sophistication

  Each threat actor is characterized by the level of sophistication of the attacks that it may launch. AS an example, a script kiddie is characterized by the lowest level of sophistication; organized crime may be characterized by a high level of sophistication; APTs are characterized by the highest level of sophistication.

• Resources/funding

  Each threat actor is characterized by distinct funding or resources. As an example, it may be hard to crack an encrypted text in reasonable time using a laptop, while it may be possible to do so if the attacker is using a cluster og high performance machines. Script Kiddie has the lest resource/funding; then you may find competitors and organized crime; at the top you find nation-sponsored APTs.

• Intent/motivation

  Threat actors launch attacks for different reasons. A script kiddie may launch an attack for fun; an hacktivist may launch an attack to foster a cause; organize crime and insiders may launch an attack for money; an APT may launch an attack to discover the secret of another State.

Use of open-source intelligence

The first step of an attack is to gather information about the target. This step is called Reconnaissance. The first step of Reconnaissance is called Passive Reconnaissance (see 1.4). Passive Reconnaissance is characterized by the use of open-source intelligence(OSINT). Using OSINT means to collect all the possible information on a target by using exclusively public information, like data on social networks, articles on newspapers or data from the company's web site.