| Security and Risk Management |
16% |
Governance, risk management, compliance, security policies, business continuity, and legal and regulatory issues |
| Security Architecture and Engineering |
13% |
Secure design principles, security models, cryptography, and the security of systems and facilities |
| Communication and Network Security |
13% |
Secure network architecture, network components, and secure communication channels |
| Identity and Access Management |
13% |
Identity, authentication, authorization, access control models, and the identity lifecycle |
| Security Operations |
13% |
Investigations, logging and monitoring, incident management, disaster recovery, and physical security |
| Security Assessment and Testing |
12% |
Assessment and test strategies, security control testing, audits, and reporting |
| Asset Security |
10% |
Information classification, ownership, data handling, retention, and protecting privacy |
| Software Development Security |
10% |
Security in the software development lifecycle, secure coding, and assessing software security |