Governance and management activities, methodologies, processes and tools aimed at the preservation of confidentiality, integrity and availability of information as well as other properties such as authenticity, accountability and non-repudiation.
The subdomains for this knowledge domain are:
- Risk management, including modeling, assessment, analysis and mitigation
- Processes and procedures to ensure device end-of-life security and privacy (e.g. IT waste management and recycling)
- Threats and vulnerabilities modelling
- Attack modelling, techniques, and countermeasures (e.g. adversary machine learning)
- Managerial aspects concerning information security
- Assessment of information security effectiveness and degrees of control
- Identification of the impact of hardware and software changes on the management of Information Security
- Standards for Information Security
- Governance aspects of incident management, disaster recovery, business continuity
- Compliance with information security and privacy policies, procedures, and regulations
- Economic aspects of the cybersecurity ecosystem
- Privacy impact assessment and risk management
- Capability maturity models (e.g. assessment of capacities and capabilities)
- Modelling of cross-sectoral interdependencies and cascading effects
- Techniques to ensure business continuity/disaster recovery