Contractual, legal, industry standards, and regulatory requirements
|
4
|
1.4.2
|
Privacy requirements
|
4
|
1.5
|
Understand legal and regulatory issues that pertain to information security in a holistic context
|
4
|
1.5.1
|
Cybercrimes and data breaches
|
4
|
1.5.2
|
Licensing and intellectual property (IP) requirements
|
4
|
1.5.3
|
Import/export controls
|
4
|
1.5.4
|
Transborder data flow
|
4
|
1.5.5
|
Privacy
|
4
|
1.6
|
Understand requirements for investigation types (i.e., administrative, criminal, civil, regulatory, industry standards)
|
19
|
1.7
|
Develop, document, and implement security policy, standards, procedures, and guidelines
|
1
|
1.8
|
Identify, analyze, and prioritize Business Continuity (BC) requirements
|
3
|
1.8.1
|
Business Impact Analysis (BIA)
|
3
|
1.8.2
|
Develop and document the scope and the plan
|
3
|
1.9
|
Contribute to and enforce personnel security policies and procedures
|
2
|
1.9.1
|
Candidate screening and hiring
|
2
|
1.9.2
|
Employment agreements and policies
|
2
|
1.9.3
|
Onboarding, transfers, and termination processes
|
2
|
1.9.4
|
Vendor, consultant, and contractor agreements and controls
|
2
|
1.9.5
|
Compliance policy requirements
|
2
|
1.9.6
|
Privacy policy requirements
|
2
|
1.10
|
Understand and apply risk management concepts
|
2
|
1.10.1
|
Identify threats and vulnerabilities
|
2
|
1.10.2
|
Risk assessment/analysis
|
2
|
1.10.3
|
Risk response
|
2
|
1.10.4
|
Countermeasure selection and implementation
|
2
|
1.10.5
|
Applicable types of controls (e.g., preventive, detective, corrective)
|
2
|
1.10.6
|
Control assessments (security and privacy)
|
2
|
1.10.7
|
Monitoring and measurement
|
2
|
1.10.8
|
Reporting
|
2
|
1.10.9
|
Continuous improvement (e.g., Risk maturity modeling)
|
2
|
1.10.10
|
Risk frameworks
|
2
|
1.11
|
|