| Section | Weight | Objectives |
| Topic 1: Technical Security Controls | 25% | - Network, cloud, and infrastructure security - Malware protection, encryption, authentication
|
| Topic 2: Security Lifecycle | 10% | - Security integration, review, audit, and change control - Phases of information and system lifecycle
|
| Topic 3: Procedural and People Security Controls | 15% | - Policies, procedures, and security awareness training - User access management and incident response
|
| Topic 4: Physical and Environmental Security Controls | 5% | - Facility access, surveillance, and environmental protection - Asset protection and physical security policies
|
| Topic 5: Business Continuity and Disaster Recovery | 10% | - Recovery strategies and backup procedures - Continuity planning and incident recovery
|
| Topic 6: Information Security Framework | 15% | - Legal, regulatory, and compliance requirements - Standards: ISO 27001, NIST, and industry frameworks - Organizational roles and responsibilities
|
| Topic 7: Information Risk | 10% | - Vulnerabilities, risk assessment, and risk treatment - Threat types: accidental vs deliberate, internal vs external
|
| Topic 8: Information Security Management Principles | 10% | - Definitions of cybersecurity, assets, and security value - Core concepts: confidentiality, integrity, availability, non-repudiation
|