Domain 1. Access control systems and methodology: Access control techniques ; Access control administration ; Identification and authentication techniques ; Access control methodologies and implementation ; Methods of attack ; Monitoring and penetration testing -- Domain 2. Telecommunications and network security: Communications and network security ; Internet/Intranet/Extranet ; E-mail security ; Secure voice communications ; Network attacks and countermeasures -- Domain 3. Security management practices: Security management concepts and principles ; Change control management ; Data classification ; Risk management ; Employment policies and practices ; Policies, standards, procedures, and guidelines ; Security awareness training ; Security management planning -- Domain 4. Applications and system development security: Application issues ; Databases and data warehousing ; Systems development controls ; Malicious code ; Data/information storage -- Domain 5. Cryptography: Use of cryptography ; Cryptographic concepts, methodologies, and practices ; Private key algorithms ; Public key infrastructure (PKI) ; System architecture for implementing cryptographic functions ; Methods of attack -- Domain 6. Security architecture and models: Principles of computer and network organizations, architectures, and designs ; Principles of security models, architectures and evaluation criteria ; Common flaws and security issues -- system architecture and design -- Domain 7. Operations security: Concepts ; Resource protection requirements ; Auditing ; Intrusion detection ; Operations controls -- Domain 8. BCP and DRP: Business continuity planning ; Disaster recovery planning ; Elements of business continuity planning -- Domain 9. Law, investigation, and ethics: Information law ; Investigations ; Major categories of computer crime ; Incident handling ; Ethics -- Domain 10. Physical security: Facility requirements ; Technical controls ; Environment and life safety.