home *** CD-ROM | disk | FTP | other *** search

---

/ Handbook of Infosec Terms 2.0 / Handbook_of_Infosec_Terms_Version_2.0_ISSO.iso / text / dacum / dacumiii.txt

< prev

next >

Wrap

Text File  |  1996-09-12  |  205KB  |  9,634 lines

---

1. DACUM III
2.  
3. Center for Decision Support
4.  
5. Idaho State University
6. Center Report 184
7.  
8. Edited by
9. Corey D. Schou
10. The Center for Decision Support
11. and
12. James Frost, Nathan Wingert, Herb LaFond
13. Simplot Decision Support Center
14.  
15.  
16.  
17.  
18. January 1994
19. Draft
20.  
21.  
22.  
23.  
24.  
25.  
26.  
27.  
28. Preface
29.  
30. As a result of the Computer Security Act of 1987 , government agencies have identified over 50,000 
31. sensitive systems. Individuals who are operationally involved with these systems are required by the 
32. 1987 act to receive security training. The National Institute of Standards and Technology (NIST) is 
33. entrusted with the major program responsibilities for government wide computer security and their 
34. initiatives have increased the awareness and improved management and application of technology to 
35. government security. Many companies have recognized the need to meet the spirit of this require-
36. ment. One conservative estimate based on numbers of systems is that the private sector need for in-
37. formation and computer security is at least twice the governmental need.
38.  
39. As we all know, the United States Federal Government is characterized by a large number of com-
40. peting agencies with complex agendas. An example of this complexity is shown by a recent Office of 
41. Personnel Management (OPM) regulation that outlines the training requirement of the Computer 
42. Security Act.
43.  
44. The December 4, 1991, edition of the Federal Register announced that effective January 3, 1992 , the 
45. heads of Federal agencies are to provide computer security training as outlined in the National 
46. Institute of Standards and Technology (NIST Computer Security Training Guidelines).
47.  
48.  
49.  
50. The mandated training is to be provided:
51. 1.    to all new employees who fit one of five categories of computer users, within 60 days of their appointment
52. 2.    whenever there is a significant change in the agency information security environment or procedures or 
53. when an employee enters a new position which deals with sensitive information.
54. 3.    as computer security refresher training as determined by the agency, based on the sensitivity of 
55. information that the employee uses or processes.
56.  
57. This training must be provided by all agencies and many Federal contractors. The spectrum of end 
58. users extends from the United States Postal Service to the Department of Defense Ñ The Department 
59. of Education to the Department of Energy.
60.  
61. How should one go about identifying and resolving the critical training issues? These issues were de-
62. fined in NIST Special Publication 500-172, Computer Security Training Guidelines, by Mary Anne 
63. Todd and Constance Guitan. During 1992 NIST and the NCSC convened a meeting at the Simplot 
64. Decision Center at Idaho State University. 
65.  
66. Todd Model NIST 500-172
67. The Todd model had been reviewed as part of DACUM I. The original model had five categories:
68. ¥    Executives
69. ¥    Program/Functional Managers
70. ¥    IRM, Security, and Audit Personnel
71. ¥    ADP Management, Operations and 
72.     Programming Staff
73. ¥    End Users
74. The objective was to review the Todd model and to develop awareness materials for use by FISSEA . 
75. As a result of experience in working with the NIST publication and subsequent technological 
76. development, updating the document was recommended in terms of security awareness, training 
77. content, and target audience categories.
78.  
79. Todd Model as Revised by DACUM I
80. Based on the consensus reached during DACUM I, the granularity of target categories was modified. 
81. The new categories were
82. ¥    Executives
83. ¥    Program Managers
84. ¥    Functional Managers
85. ¥    IRM
86. ¥    Security and Audit
87. ¥    ADP Management and Operations
88. ¥    End Users 
89.  
90. The DACUM I team decided that the changes were appropriate for the awareness level activities. As 
91. the DACUM II team addressed the training activities, they decided that a category set that dealt with 
92. function performed rather than management level made more useful. 
93.  
94. Creation of New AT&E Matrix
95. After the team had identified the areas that needed change, they developed a new approach that 
96. combined the best of the Todd, McCumber, and NSTISSC models. After reviewing the Todd model, 
97. the team decided that the awareness materials and categories as modified by the DACUM 1.5  
98. meeting would be adequate. 
99.  
100. At the training level the team then decided to create categories based on functions. These categories 
101. were:
102. Manage    Acquire    Design and Implement    Operate     Use
103. The team realized that others may define new categories; therefore, they created a category called 
104. Other  to provide extensibiility.
105.  
106. To provide transition from Awareness to Training, the team decided to prescribe a common knowl-
107. edge base that would be expected for each of the functional categories. This element has been called 
108. Literacy and INFOSEC Basics. This is envisioned as a common course (above the Awareness level) 
109. across all Federal agencies. If an employee were to have had this background, he/she could be ex-
110. pected to enter any of the appropriate functional courses.
111.  
112. The preliminary results of the second Design a Curriculum (DACUM  II) sessions held at Idaho State 
113. University were published in August 1993 as Center For Decision Report 154. The DACUM was 
114. conducted over a six-day period during August 1993.
115.  
116. The meetings were conducted by the staff of the Center for Decision Support in the Simplot Decision 
117. Center. All data were collected using the Paradigm software package (v 1.5.8). All materials from 
118. DACUM I (1992), DACUM II (1993) and the OGreen BookO  (Center Report 162), were available 
119. to all participants as on-line documents. In addition there were over 33Mb of documents for 
120. participant use. As the teams worked on the various aspects of the project, all related pervious writing 
121. was made available to the entire team.
122.  
123.  
124.  
125.  
126.  
127. Introduction
128.  
129. A Unified Taxonomy for INFOSEC Professionals
130.  
131. The taxonomy presented in this report represents a compilation, distillation, and enhancement of ex-
132. isting attempts by a variety of organizations to define a Common Body of Knowledge (CBK) for 
133. INFOSEC practitioners and professionals.. For definitional purposes, a Common Body of Knowledge 
134. represents that body of knowledge that is integral to the manner in which an INFOSEC professional 
135. performs his/her job. A CBK also represents a relatively stable body of knowledge, encompassing the 
136. axioms, lore, and methods of the trade. The CBK outlined in this report condensed over nine hundred 
137. individual items  into a listing of 384 behavioral descriptions. Those descriptions are partitioned into 
138. two major categories:
139. ¥    things you need to know, and
140. ¥    things you need to do.
141.  
142. The resulting Unified Taxonomy can be used as a reference point by both curriculum developers and 
143. authors. This taxonomy codifies, for the moment , those knowledges, skills and abilities (KSA) 
144. which define the core information for all practitioners, regardless of individual areas of expertise. The 
145. Unified Taxonomy also serves as a guide to job classification, career development, and profes-
146. sionalization activities.
147.  
148. Using a model developed by Dr. Gary Smith as part of a contract with the Center for Information 
149. Systems Security, INFOSEC topic areas were divided into OEncyclopedic KnowledgeO and 
150. OProcess KnowledgeOÑ where Encyclopedic Knowledge describes facts, technologies, and 
151. principles. and Process Knowledge describes how encyclopedic knowledge is used.
152.  
153.  
154. Figure 1: Smith Model
155.  
156. Building on this conceptual framework, the group developed a model that is able to account for all 
157. the behavioral descriptions. The two major categories are subdivided into 6 partitions as follows:
158.  
159.     THINGS YOU NEED TO KNOW    THINGS YOU NEED TO DO
160.     
161.     Laws and Regulations    Designing and Engineering
162.         AIS to be Secure
163.     Fundamental Security Elements    
164.         Using and Operating AIS Securely
165.     Technology Oriented Security Elements
166.  
167.     Organization Specific Security Elements
168.  
169. Figure 2: Unified Taxonomy Model
170.  
171. The Unified Taxonomy was developed a continuation of work done previously to update NIST 
172. Special Publication No. 500-172 (Computer Security Training Guidelines (CSTG)). In that July 1993 
173. initiative  professionals identified 
174. (a) The need for a unified taxonomy and 
175. (b) The existence of several taxonomies which had been developed by government, industry 
176. and academia. 
177. The Unified Taxonomy presented in this document represents the uppermost level of operations in the 
178. proposed update to the CSTG, as shown below.
179.  
180. The following figure depicts the relationship of the elements defined by DACUM II.
181.  
182.  
183.  
184. Figurte 3: DACUM II Model with DACUM III Modifications
185.  
186. The basis of the DACUM II model is the awareness material developed at DACUM I. It provides 
187. minimum compliance with U.S. Code 5 CFR Part 930 subpart C. 
188.  
189. After Federal employees have been made aware of their security responsibilities, they should take part 
190. in the second-level Literacy and INFOSEC Basics courses. This course or courses could be de-
191. veloped as an agency independent training element. This should represent savings to the government.
192.  
193. The third component of the DACUM II model is Function Specific training. It is intended to be spe-
194. cific to agency needs.
195.  
196. The final component of the model is for security Experts. This is more of an Education rather than a 
197. training or awareness element. Both here and in the Function Specific Training, one would be ex-
198. pected to demonstrate performance and knowledge. It is expected that future work will be done to 
199. establish the knowledge and performance criteria in each category.
200.  
201. The DACUM II model was designed to be extensible by adding functional categories in the OOther 
202. AreasO of the Function Specific Training. The authors and FISSEA expect suggestions for additions 
203. to this area and suggestions for further refinement of the Literacy and INFOSEC training content ar-
204. eas. Upon receipt and incorporation of suggestions, FISSEA will submit a working draft revision of 
205. the Computer Security Training Guidelines to NIST for further revision and issuance, and will be 
206. available to coordinate development of the agency independent Basics courses(s)
207.  
208. Integrating DACUM II and DACUM III Results
209. This Unified Taxonomy presents a model that requires the addition of details. For example, under the 
210. partition labeled "Laws and Regulations,O the authors listed several behavior expectations of 
211. INFOSEC practitioners. One such label is, ORegulations and Public Policies.O It is incumbent upon 
212. course developers and authors to research and list the specific items under this label. Such items 
213. might include entries such as:
214.  
215.     Privacy Act of 1974 (PL 93-579)
216.     The Computer Security Act of 1987 (PL 100-235)
217.     Computer Fraud and Abuse Act of 1986 (PL 99-474)
218.     Management of Federal Information Resources (OMB Circular No. A-130)
219.  
220. When this additional activity is completed, a working OCommon Body Of KnowledgeO will be es-
221. tablished. At the same time, we recognize that such research will be an ongoing effort -- especially 
222. considering the very dynamic and ever-growing nature of our profession. This fact simply reflects the 
223. extent to which our profession is evolving in response to changes in technology
224.  
225. It appeared to the group that no one final structure of the results of DACUM III would ever satisfy 
226. all end users. Therefore, the final materials will be developed as an interactive Hypertext document. 
227. This strategy will enable all users of the materials to fit the contents of the taxonomy to their organi-
228. zational needs
229.  
230.  
231.  
232.  
233.  
234.  
235.  
236. THE PROCESS
237.  
238. In November 1993 a group of experts from within the INFOSEC community gathered at The Center 
239. for Decision Support at Idaho State University. These experts representing leaders from government, 
240. industry and academia, employed a process now referred to as ETCORP or an Electronic DACUM . 
241. The purpose of this session was to produce a behaviorally based taxonomy that describes the KSAs 
242. required of an INFOSEC professional. The resulting Unified Taxonomy would then be ready for:
243.  
244. a.    adding specific data/points of information
245. b.    use by:
246. 1. Job analysts
247. 2. Educators
248. 3. Authors
249.  
250. The steps used to produce this document were:
251.  
252. a.    Agree upon common Knowledges, Skills, and Abilities (KSAs), based on research into the 
253. existing CBK's and professional knowledge of the participants .
254. b.    Agree on a taxonomic model;
255. c.    Identify appropriate verbs to agreed-upon KSAs;
256.         NOTE: This step equates to a Desk Audit type Job Task Analysis.
257. d.    Group the behavioral statements into an agreed-upon taxonomic model; and
258. e.     Categorize the behavioral statements into an educational industry standard taxonomy of 
259. learning. The learning hierarchy of that model is divided into three domains: Cognitive, 
260. Psychomotor, and Affective. Each domain is further separated into levels of opera-
261. tion/complexity. There are commonly accepted verbs that have been associated with each of 
262. those levels.
263.  
264. A by-product of this DACUM is the verification of a hypothesis that topics are not associated with 
265. only one area or category of thinking or behaving. Thus, the treatment of topics such as OthreatO 
266. may realistically be expected to be treated in discussions in several areas (e.g., Organization-Specific 
267. Security Elements and Designing and Engineering AIS).
268.  
269.  
270.  
271.  
272.  
273.  
274.  
275. PARTICIPANTS
276.  
277.  
278. Patti Black
279. Treasury Department
280. 1500 Penn. Ave., N.W.
281. Room 3090 Annex
282. Washington, D.C. 20220
283. Genevieve Burns
284. Monsanto Co.
285. 800 No. Lindbergh Blvd.
286. M/S G2EE
287. St. Louis, MO 63167
288. Ken Cutler
289. Information Security Institute
290. MIS Training Institute
291. 7022 W. Oraibi Drive
292. Glendale, AZ 85308
293. Joe Daniel
294. GSA
295. 1500 Bannistar Rd. 
296. KVIS-6
297. Kansas City, MO. 64131
298. Dorothea E. de Zafra, MPIA
299. Federal Information Systems Security Educators
300. 5600 Fishers Lane
301. Rm. 17-45, Parklawn
302. Rockville, MD 20857
303. Partick Gallagher
304. National Computer Security Center
305. 9800 Savage Road, ATTN: X64
306. Ft. George G. Meade, MD 20755-6000
307. Dennis M. Gilbert
308. National Institute of Standards and Technology
309. Building. 225, Rm. A216
310. Gaithersburg, Md 20899-0001
311. F. Lynn McNulty
312. National Institute of Standards and Technology
313. Building. 225
314. Gaithersburg, Md 20899-0001
315. W. Vic Maconachy
316. National Computer Security Center
317. 9800 Savage Road, ATTN: X64
318. Ft. George G. Meade, MD 20755-6000
319. Ramiro A. Montalvo
320. NESSEC, 3801 Nebraska Ave, NW, Code B40A, 
321. Washington, DC 20393-5454
322. Cinthia F. Pickett, MPA
323. National Computer Security Center
324. 9800 Savage Road, ATTN: X64
325. Ft. George G. Meade, MD
326. Joan M. Pohly
327. 1415 Lakeside Drive West, Canyon Lake, TX 78133-
328. 5823
329. Corey D. Schou
330. Center for Decision Support
331. Idaho State University
332. P.O. Box 4043 Pocatello, Idaho 83205-4043
333. John D. Tressler
334. Director, ADP Security Oversight Staff 
335. US Dept. of Education
336. Hal Tipton
337. ISC2
338. Director Computer Security
339. Information Systems Center
340. Rockwell International Corporation
341. P. O. Box 2515, Seal Beach, CA 90740, M/C SL64
342.  
343.  
344. In addition to these direct participants, the group used the input from the NIST workshops held dur-
345. ing the summer of 1993.  We have relied heavily on hard work of R. Koenig, Bill Murrary, and their 
346. working groups in building this integrated taxonomy.
347.  
348.  
349.  
350.  
351.  
352.  
353. Laws and Regulations
354.  
355. From the Unified Taxonomy Model, Laws and Regulations represents one of the areas where indi-
356. viduals are expected to know details about the specific items. Laws and Regulations established by all 
357. levels of government form the basis for most of the information security requirements. Issues not 
358. specifically covered in existing statutes are usually addressed in the "principles of due care" category 
359. which should be followed to avoid adverse judgments under tort law. The knowledge areas are re-
360. ported here with the appropriate verbs that should be used to develop the behavioral objectives and 
361. instruction.
362.  
363.  
364. Access Control Policies
365. Apply, Cognizant-Of, Comply-With, Compose, 
366. Defend, Discuss, Explain, Evaluate, Implement, 
367. Revise, Write
368. Administrative Security Policies And Procedures
369. Apply, Cognizant-Of, Comply-With, Compose, 
370. Defend, Discuss, Explain, Evaluate, Implement, 
371. Revise, Write
372. Communications Security Policies And Guidelines
373. Apply, Cognizant-Of, Comply-With, Compose, 
374. Defend, Discuss, Explain, Evaluate, Implement, 
375. Revise, Write
376. Computer Matching Responsibilities
377. Cognizant-Of, Define, Explain, Identify, Perform, 
378. State
379. COMSEC Accounting
380. Cognizant-Of, Describe, Perform
381. COMSEC Material Destruction Procedures
382. Cognizant-Of, Complies-With, Define, Demonstrate, 
383. Describe, Evaluate, Identify, Use
384. Contingency Planning
385. Cognizant-Of, Complies-With, Assist, Define, 
386. Describe, Evaluate, Influence, Initiate, Interpret, 
387. Perform, Use, Verify
388. Continuity Planning
389. Cognizant-Of, Complies-With, Assist, Define, 
390. Describe, Evaluate, Influence, Initiate, Interpret, 
391. Perform, Use, Verify
392. Copyright Protection And Licensing
393. Cognizant-Of, Complies-With, Assist, Define, 
394. Describe, Evaluate, Monitor, Perform, Use, 
395. Verify
396. Criminal Prosecution
397.     Prepare, Propose, Support
398. Delegation Of Authority
399. Cognizant-Of, Complies-With, Explain, Use
400. Disaster Recovery
401. Cognizant-Of, Complies-With, Define, Describe, 
402. Evaluate, Plan, Support, Test, Report, Use, Write
403. Disposition Of Classified Information
404. Cognizant-Of, Complies-With, Describe, Explain, 
405. Organize, Perform, Use, Verify
406. Education. Training And Awareness
407. Cognizant-Of, Assist, Develop, Evaluate, Explain, 
408. Initiate, Integrate, Perform, Plan, Prepare, 
409. Present, Select, Support, Use
410. Electronic Funds Transfer
411.     Cognizant-Of, Describe, Evaluate, Support, Use, 
412. Verify
413. Electronic Monitoring
414. Cognizant-Of, Defend, Define, Describe, Evaluate, 
415. Explain, Initiate, Justify, Perform, Report, Use
416. Development (Life Cycle)
417. Apply, Cognizant-Of, Complies-With, Define, 
418. Describe, Initiate, Use
419. Electronic Records Management
420. Apply, Cognizant-Of, Complies-With, Describe, 
421. Perform, Report, Use, Verif
422.  
423.  
424.  
425.  
426.  
427.  
428. Fundamental Security Elements
429.  
430. From the Unified Taxonomy Model, Fundamental Security Elements represents one of the areas 
431. where individuals are expected to know details about the specific items. The Fundamental Security 
432. Elements are the basic building blocks of information security working knowledge (e.g., threats, 
433. vulnerabilities, safeguards, countermeasures, security tools). They are addressed in generic terms so 
434. as to be independent of the technology. That is, they should remain constant through changes in 
435. technology or in the way we think about systems. As an example, specific mechanisms are described 
436. instead of products that may contain multiple mechanisms. The knowledge areas are reported here 
437. with the appropriate verbs that should be used to develop the behavioral objectives and instruction.
438.  
439.  
440. Access Control Models
441. Compare, Define, Explain, 
442. Identify, Evaluate
443. Access Control Policies
444. Defend, Explain, Evaluate, 
445. Interpret
446. Access Controls
447. Choose, Identify, Justify, 
448. Evaluate, Recommend
449. Access Privileges
450. Determine, Evaluate, Recommend
451. Accountability
452. Define, Support, Recommend, 
453. Verify
454. Accountability For Sensitive Data
455. Defend, Define, Outline, Verify
456. Administrative Security
457. Defend, Define, Evaluate, 
458. Interpret
459. Administrative Security Policies 
460. And Pro
461. Defend, Explain, Evaluate, 
462. Interpret
463. Aggregation
464. Define, Discuss, Evaluate, 
465. Identify
466. Applications Security
467. Defend, Define, Evaluate, Verify, 
468. Recommend
469. Assessments (E.G.. Surveys. 
470. Inspections)
471. Assist, Review, Perform, Report, 
472. Verify
473. Assurance
474. Define, Explain
475. Audit
476. Assist, Evaluate, Explain, 
477. Interpret
478. Audit Trails And Logging
479. Defend, Define, Interpret, Select
480. Audit Trails And Logging Policies
481. Defend, Explain, Evaluate, 
482. Interpret
483. Authentication
484. Define, Discuss, Verify
485. Availability
486. Define, Discuss, Verify
487. Background Investigations
488. Define, Justify
489. Backups(Data. Software. Etc.)
490. Define, Initiate, Justify, Verify
491. Careless Employees
492. Identify, Influence
493. Change Control Policies
494. Defend, Explain, Evaluate, 
495. Interpret
496. Change Controls
497. Define, Identify, Justify, Evaluate, 
498. Recommend
499. Communications Center Security
500. Define, Evaluate
501. Communications Security
502. Define, Evaluate, Identify, Justify, 
503. Plan
504. Communications Security Policies 
505. And Guidelines
506. Defend, Explain, Evaluate, 
507. Interpret
508. Communications Systems Abuse
509. Define, Evaluate, Identify, Verify
510. Computer Abuse
511. Define, Evaluate, Identify, Verify
512. Computer Matching Responsibilities
513. Define, Describe, Discuss
514. Computers At Risk
515. Read, Describe
516. Confidentiality
517. Define, Discuss, Verify
518. Configuration Management
519. Define, Discuss, Evaluate, Verify
520. Consequences
521. Define, Explain, Examples
522. Contingency Planning
523. Define, Describe, Evaluate, Verify
524. Continuity Planning
525. Define, Describe, Evaluate, Verify
526. Contracting For Security Services
527. Discuss, Evaluate, Justify
528. Contracts. Agreements. & Other 
529. Obligation
530. Appraise, Describe, Discuss, 
531. Evaluate, Specify
532. Coordination With Related 
533. Disciplines
534. Discuss, Identify, Influence
535. Copyright Protection And Licensing
536. Define, Discuss, Enforce, Support
537. Corrective Actions
538. Define, Defend, Discuss, 
539. Evaluate, Initiate, Plan, 
540. Recommend, Report, Select, 
541. Verify
542. Cost/Benefit Analysis
543. Define, Explain, Verify
544. Countermeasures
545. Define, Compare, Defend, 
546. Evaluate, Explain, Identify, 
547. Integrate, Justify, Verify
548. Criminal Prosecution
549. Define, Discuss
550. Critical Systems
551. Define, Compare, Defend, 
552. Evaluate, Explain, Identify, 
553. Integrate, Justify
554. Cryptography
555. Define, Compare, Evaluate, 
556. Explain, Identify, Integrate, 
557. Justify, Verify
558. Data Access Control
559. Choose, Compare, Identify, 
560. Justify, Evaluate, 
561. Recommend
562. Data Processing Center Security
563. Define, Evaluate, Identify, Justify, 
564. Plan, Verify
565. Database Integrity
566. Define, Evaluate, Identify, Justify, 
567. Plan, Verify
568. Delegation Of Authority
569. Define, Explain, Verify
570. Denial Of Service
571. Define, Evaluate, Explain, 
572. Identify, Justify, Verify
573. Detective Controls
574. Define, Evaluate, Interpret, 
575. Recommend, Verify
576. Development (Life Cycle)
577. Define, Describe, Evaluate, Verify
578. Dial-Up Security
579. Define, Compare, Evaluate, 
580. Explain, Identify, Integrate, 
581. Justify, Verify
582. Disaster Recovery
583. Define, Compare, Evaluate, 
584. Explain, Identify, Integrate, 
585. Justify, Verify
586. Disclosure Of Sensitive Data
587. Define, Evaluate, Identify, Plan, 
588. Report, Verify
589. Disgruntled Employees
590. Define, Identify, Report, Verify
591. Disposition Of Classified 
592. Information
593. Define, Evaluate, Discuss, Verify
594. Disposition Of Media & Data
595. Define, Evaluate, Discuss, Verify
596. Document Labeling
597. Define, Evaluate, Discuss, Verify
598. Documentation Policies
599. Defend, Explain, Evaluate, 
600. Interpret
601. Due Care
602. Define, Evaluate, Example, 
603. Interpret, Verify
604. Education. Training And Awareness
605. Define, Evaluate, Identify, Justify, 
606. Plan
607. Electronic Monitoring
608. Define, Discuss, Evaluate, Justify, 
609. Report
610. Electronic Records Management
611. Define, Discuss, Evaluate, Verify
612. Electronic-Mail Privacy
613. Define, Evaluate, Identify, Justify, 
614. Plan, Verify
615. Electronic-Mail Security
616. Define, Evaluate, Identify, Justify, 
617. Plan, Verify
618. Emanations Security
619. Define, Evaluate, Identify, Justify, 
620. Plan, Verify
621. Emergency Destruction
622. Define, Evaluate, Identify, Justify, 
623. Plan, Verify
624. End User Computing Security
625. Define, Evaluate, Identify, Justify, 
626. Plan, Verify
627. Environmental Controls
628. Define, Evaluate, Identify, Justify, 
629. Plan, Verify
630. Environmental/Natural Threats
631. Define, Discuss, Evaluate, 
632. Identify
633. Ethics
634. Define, Discuss, Follows
635. Evaluated Products
636. Define, Compare, Evaluate, 
637. Explain, Identify, Integrate, 
638. Justify, Plan, Verify
639. Export Controls
640. Define, Identify, Verify
641. Facilities Planning
642. Define, Describe, Evaluate, Plan, 
643. Verify
644. Facility Management
645. Define, Discuss, Evaluate, Plan, 
646. Verify
647. Fax Security
648. Define, Evaluate, Identify, Justify, 
649. Plan, Verify
650. Fire Prevention And Protection
651. Define, Evaluate, Identify, Justify, 
652. Plan, Verify
653. Fraud
654. Define, Identify, Report, Verify
655. Fraud. Waste And Abuse
656. Define, Identify, Report, Verify
657. Generally Accepted Systems 
658. Security Principles
659. Cognizant-Of, Complies-With, 
660. Describe, Identify, Influence, 
661. Interpret, Use
662. Hackers And Unauthorized Users
663. Define, Discuss, Identify, Report
664. Hardware Asset Management
665. Define, Discuss, Evaluate, Verify
666. History Of Information Security
667. Discuss, Example
668. Hostile Overseas Intelligence 
669. Sources(Ho
670. Define, Discuss, Evaluate, 
671. Identify, Report
672. Housekeeping Procedures
673. Define, Verify
674. Human Threats
675. Define, Discuss, Evaluate, 
676. Identify, Report
677. Identification & Authentication
678. Define, Evaluate, Identify, Justify, 
679. Plan, Verify
680. Implementation (Life Cycle)
681. Define, Identify, Verify
682. Incident Response
683. Define, Evaluate, Identify, Justify, 
684. Plan, Verify
685. Industrial Espionage
686. Define, Discuss, Evaluate, 
687. Identify, Report
688. Industrial Security
689. Define, Evaluate, Identify, Justify, 
690. Plan, Plan, Verify
691. Info Sys Security Program 
692. Budgeting
693. Define, Discuss, Evaluate, Justify, 
694. Report, Verify
695. Info Sys Security Program Planning
696. Define, Describe, Evaluate, Verify
697. Information Availability
698. Define, Evaluate, Identify, Justify, 
699. Plan, Verify
700. Information Categorization
701. Define, Evaluate, Outline, Verify
702. Information Classification
703. Define, Evaluate, Outline, Verify
704. Information Confidentiality
705. Define, Evaluate, Outline, Verify
706. Information Criticality
707. Define, Discuss, Evaluate
708. Information Security Policy
709. Defend, Explain, Evaluate, 
710. Interpret
711. Information State
712. Define, Evaluate, Outline, Verify
713. Information Systems Security 
714. Officer
715. Define, Verify
716. Information Valuation
717. Define, Evaluate, Outline, Verify
718. Insurance
719. Define, Evaluate, Outline, Verify
720. Integrity
721. Define, Evaluate, Outline, Verify
722. Internal Controls And Security
723. Define, Evaluate, Identify, Justify, 
724. Plan, Verify
725. International Espionage
726. Define, Discuss, Evaluate, 
727. Identify, Report
728. International Security 
729. Considerations
730. Cognizant-Of, Compare, 
731. Describe, Explain, Identify, 
732. Study
733. INTERNET Security
734. Define, Evaluate, Identify, Justify, 
735. Plan, Verify
736. Intrusion Detection
737. Define, Evaluate, Identify, Justify, 
738. Plan, Verify
739. Intrusion Deterrents
740. Define, Evaluate, Identify, Justify, 
741. Plan, Verify
742. Is/It Asset Valuation
743. Define, Evaluate, Identify, Justify, 
744. Plan, Verify
745. Key Management
746. Define, Evaluate, Identify, Justify, 
747. Plan, Verify
748. Keystroke Monitoring
749. Define, Evaluate, Identify, Justify, 
750. Plan, Verify
751. Law Enforcement Interfaces
752. Evaluate, Identify, Plan, Verify
753. Lessons Learned
754. Define, Discuss, Evaluate, 
755. Outline
756. Life Cycle System Security Planning
757. Define, Describe, Evaluate, Verify
758. Local Area Network Security
759. Define, Evaluate, Identify, Justify, 
760. Plan, Verify
761. Low Power
762. Define, Discuss, Evaluate, 
763. Identify, Report
764. Magnetic Remanance
765. Define, Discuss, Evaluate, 
766. Identify, Report
767. Malicious Code
768. Define, Discuss, Evaluate, 
769. Identify, Report
770. Management Of The Security 
771. Function
772. Define, Outline, Verify
773. Marking Of Media
774. Define, Evaluate, Justify, Plan, 
775. Verify
776. Marking Of Sensitive Information
777. Define, Evaluate, Justify, Plan, 
778. Verify
779. Masquerading
780. Define, Discuss, Evaluate, 
781. Identify, Report
782. Media Convergence
783. Define, Discuss, Explain, Plan
784. Mobile Workstation Security
785. Define, Evaluate, Identify, Justify, 
786. Plan, Verify
787. Modems
788. Define, Evaluate, Select, 
789. Recommend, Verify
790. Monitoring
791. Define, Discuss, Evaluate, 
792. Outline, 
793. National Information Infrastructure 
794. (NII
795. Define, Describe, Discuss
796. Need-To-Know Controls
797. Define, Evaluate, Identify, Justify, 
798. Plan, Verify
799. Network Security
800. Define, Evaluate, Identify, Justify, 
801. Plan, Verify
802. Network Topology
803. Define, Discuss, Evaluate, 
804. Outline
805. Non-Repudiation
806. Define, Evaluate, Outline, Verify
807. Object Reuse
808. Define, Discuss, Evaluate, 
809. Identify, Report
810. Off-Site Security (Information. 
811. Processing)
812. Define, Evaluate, Identify, Justify, 
813. Plan, Verify
814. Operating Systems
815. Define, Discuss, Evaluate
816. Operations Security
817. Define, Evaluate, Identify, Justify, 
818. Plan, Verify
819. Optical/Imaging Systems Security
820. Define, Evaluate, Identify, Justify, 
821. Plan, Verify
822. Oversight
823. Define, Discuss, Verify
824. Password Management
825. Define, Discuss, Evaluate, Verify
826. Personnel Security Policies And 
827. Guidance
828. Defend, Explain, Evaluate, 
829. Interpret
830. Physical Security
831. Define, Evaluate, Identify, Justify, 
832. Plan, Verify
833. Policy Development
834. Defend, Discuss, Outline, Justify, 
835. Verify
836. Policy Enforcement
837. Define, Evaluate, Identify, Justify, 
838. Plan, Verify
839. Position Sensitivity
840. Define, Evaluate, Identify, Justify, 
841. Plan, Verify
842. Power Controls (Ups. Emergency 
843. Power)
844. Define, Evaluate, Identify, Justify, 
845. Plan, Verify
846. Preventive Controls
847. Define, Evaluate, Identify, Justify, 
848. Plan, Verify
849. Principles Of Control
850. Define, Discuss, Evaluate
851. Privacy
852. Define, Describe, Evaluate, Verify
853. Private Branch Exchange (PBX) 
854. Security
855. Define, Evaluate, Identify, Justify, 
856. Plan, Verify
857. Professional Interfaces
858. Build, Define, Outline
859. Protected Distributed System
860. Define, Evaluate, Identify, Justify, 
861. Plan, Recommend, Select, 
862. Verify
863. Protected Services
864. Define, Evaluate, Identify, Justify, 
865. Plan, Recommend, Select, 
866. Verify
867. Protection From Malicious Code
868. Define, Evaluate, Identify, Justify, 
869. Plan, Recommend, Select, 
870. Verify
871. Quality Assurance
872. Define, Discuss, Verify
873. Redundancy
874. Define, Evaluate, Identify, Justify, 
875. Plan, Recommend, Select, 
876. Verify
877. Reference Monitor
878. Define, Evaluate, Identify, Justify, 
879. Plan, Recommend, Select, 
880. Verify
881. Remanance
882. Define Discuss, Evaluate, 
883. Identify, Report
884. Risk Acceptance Process
885. Define, Evaluate, Identify, Justify, 
886. Plan, Recommend, Select, 
887. Verify
888. Risk Assessment
889. Define, Evaluate, Identify, Justify, 
890. Plan, Recommend, Select, 
891. Verify
892. Risk Management
893. Words Define, Evaluate, Identify, 
894. Justify, Plan, Recommend, 
895. Select, Verify
896. Risks
897. Define Discuss, Evaluate, 
898. Identify, Report
899. Safeguards
900. Define Discuss, Evaluate, 
901. Identify, Report, Verify
902. Safety
903. Define Discuss, Evaluate, 
904. Identify, Report, Verify
905. Secure System Operations
906. Define, Evaluate, Identify, Justify, 
907. Plan, Verify
908. Security Architecture
909. Define, Evaluate, Identify, Justify, 
910. Plan, Verify
911. Security Awareness
912. Define, Evaluate, Identify, Justify, 
913. Perform, Plan
914. Security Education
915. Define, Evaluate, Identify, Justify, 
916. Plan
917. Security Products
918. Define, Evaluate, Identify, Justify, 
919. Plan, Recommend, Select, 
920. Verify
921. Security Reviews
922. Define, Evaluate, Identify, Justify, 
923. Plan, Verify
924. Security Training
925. Categorize, Define, Evaluate, 
926. Identify, Justify, Plan, Verify
927. Sensitive System
928. Define, Evaluate, Explain, 
929. Identify, Integrate, Justify
930. Separation Of Duties
931. Define, Evaluate, Identify, Justify, 
932. Plan, Verify
933. Social Engineering
934. Define, Defend, Discuss, 
935. Evaluate, Initiate, Plan, 
936. Recommend, Report, Select, 
937. Verify
938. Software Asset Management
939. Define, Evaluate, Identify, Justify, 
940. Plan, Verify
941. Software Licensing
942. Define, Discuss, Evaluate, Verify
943. Software Piracy
944. Define, Discuss, Verify
945. Software Security
946. Define, Evaluate, Identify, Justify, 
947. Plan, Verify
948. Spoofing
949. Define, Evaluate, Identify, Verify
950. Standards
951. Define, Describe, Summarize, 
952. Verify
953. Standards Of Conduct
954. Define, Evaluate, Identify, Justify, 
955. Plan, Verify
956. Storage Media Protection And 
957. Control
958. Define, Evaluate, Identify, Justify, 
959. Plan, Verify
960. Technical Surveillance 
961. Countermeasures
962. Define Discuss, Evaluate, 
963. Identify, Verify
964. Technological Threats
965. Define, Discuss, Evaluate, 
966. Identify, Report
967. Technology Trends
968. Define, Identify, Discuss
969. Third-Party Evaluation
970. Define, Evaluate, Identify, Justify, 
971. Plan, Verify
972. Threat
973. Define, Discuss, Evaluate, 
974. Identify, Report
975. Transportation Of Media
976. Define, Evaluate, Identify, Justify, 
977. Plan, Verify
978. Trust
979. Categorize, Define, Discuss
980. Trusted Comp Sys Eval. 
981. Criteria(Orange Book)
982. Describe, Read
983. Trusted Network Interpretation 
984. (Red Book
985. Describe, Read
986. Unauthorized Disclosure Of 
987. Information
988. Define, Discuss, Evaluate, 
989. Identify, Report
990. Voice Communications Security
991. Define, Evaluate, Identify, Justify, 
992. Plan, Verify
993. Voice Mail Security
994. Define, Evaluate, Identify, Justify, 
995. Plan, Verify
996. Vulnerability Analysis
997. Define, Evaluate, Identify, Justify, 
998. Plan, Verify
999. Warranties
1000. Define, Discuss, Evaluate, Verify
1001. Wide Area Network Security
1002. Define, Evaluate, Identify, Justify, 
1003. Plan, Verify
1004. Witness Interviewing/Interrogation
1005. Define, Discuss
1006. Workstation Security
1007. Define, Evaluate, Identify, Justify, 
1008. Plan, Verify
1009. Certification
1010. Assist, Define, Evaluate, Plan, 
1011. Verify
1012.  
1013.  
1014.  
1015.  
1016.  
1017.  
1018. Technology Oriented Security Elements
1019.  
1020. From the Unified Taxonomy Model, Technology Oriented Security Elements represents one of the 
1021. areas where individuals are expected to know details about the specific items. The Technology 
1022. Oriented Security Elements provide a technological perspective both on how Fundamental Security 
1023. Elements are packaged in major parts of systems (e.g., operating systems, networks) and other tech-
1024. nology-based considerations (e.g., architecture issues). Information about security designs, con-
1025. straints, issues, features and examples are provided. The knowledge areas are reported here with the 
1026. appropriate verbs that should be used to develop the behavioral objectives and instruction.
1027.  
1028.  
1029. Access Authorization
1030. Define, Verify, Evaluate
1031. Access Control Models
1032. Define, Compare, Contrast, 
1033. Explain, Select, Evaluate
1034. Access Control Policies
1035. Defend, Explain, Evaluate, 
1036. Interpret
1037. Access Control Software
1038. Define, Evaluate, Justify, 
1039. Recommend
1040. Access Controls
1041. Define, Describe, Evaluate, Select
1042. Access Privileges
1043. Define, Describe, Evaluate
1044. Alarms. Signals And Report
1045. Define, Select, Evaluate, Verify
1046. Acquisitions
1047. Define, Evaluate, Recommend
1048. Asynchronous & Synchronous 
1049. Communication
1050. Define, Compare, Contrast, 
1051. Verify, Examples
1052. Attenuation
1053. Define, Describe, Verify, 
1054. Examples
1055. Binding/Handshaking
1056. Define, Evaluate, Explain
1057. Biometrics
1058. Define, Compare, Contrast, 
1059. Evaluate, Justify
1060. Burst Transmission
1061. Define, Describe, Evaluate, 
1062. Justify, Plan
1063. Cabling
1064. Define, Compare, Contrast, 
1065. Recommend, Verify
1066. Call-Back Security
1067. Define, Describe, Evaluate, 
1068. Justify, Plan
1069. Caller Id
1070. Define, Describe, Evaluate, 
1071. Justify, Plan
1072. Circuit-Switched Networks
1073. Define, Compare, Defend, 
1074. Evaluate, Integrate, Justify, 
1075. Verify
1076. Client/Server Security
1077. Define, Explain, Compare, 
1078. Contrast, Justify, Evaluate, 
1079. Integrate, Verify
1080. Common Carrier Security
1081. Define, Explain, Compare, 
1082. Defend, Integrate, Justify, 
1083. Verify
1084. Communications Security
1085. Define, Evaluate, Identify, Justify, 
1086. Plan
1087. Compartmented/Partitioned Mode
1088. Define, Compare, Justify, 
1089. Evaluate, Verify
1090. Computer Emergency Response 
1091. Team(CERT)
1092. Define, Describe, Justify, Plan
1093. Computer Science & Architecture
1094. Define, Discuss, Evaluate
1095. COMSEC Accounting
1096. Define, Describe
1097. COMSEC Custodian
1098. Define, Describe, Identify
1099. COMSEC Material Destruction 
1100. Procedures
1101. Define, Describe, Evaluate, Verify
1102. COMSEC Material Identification & 
1103. Invent
1104. Define, Describe, Comply, Verify
1105. COMSEC Testing
1106. Define, Describe, Evaluate, 
1107. Report, Verify
1108. Configuration Management
1109. Define, Discuss, Evaluate, Verify
1110. Conformance Testing
1111. Define, Describe, Evaluate, 
1112. Report, Verify
1113. Contingency Plan Testing
1114. Define, Describe, Evaluate, 
1115. Report, Verify
1116. Corrective Actions
1117. Define, Defend, Discuss, 
1118. Example, Evaluate, Initiate, 
1119. Plan, Recommend, Report, 
1120. Select, Verify
1121. Covert Channels
1122. Define, Describe, Compare, 
1123. Evaluate, Report
1124. Cryptographic Techniques
1125. Define, Compare, Describe, 
1126. Evaluate, Integrate, Justify, 
1127. Verify
1128. Cryptovariable
1129. Define, Describe, Examples
1130. Dedicated Line
1131. Define, Compare, Defend, 
1132. Evaluate, Integrate, Justify, 
1133. Verify
1134. Dedicated Mode
1135. Define, Compare, Defend, 
1136. Evaluate, Integrate, Justify, 
1137. Verify
1138. Dial Number Indicator
1139. Define, Describe, Compare, 
1140. Verify
1141. Dial-Up Security
1142. Define, Explain, Compare, 
1143. Defend, Integrate, Justify, 
1144. Verify
1145. Digital/Analog Technology
1146. Define, Compare, Contrast, 
1147. Evaluate, Justify, Verify
1148. Diskless Workstations
1149. Define, Describe, Examples
1150. Disaster Recovery
1151. Define, Describe, Defend, 
1152. Evaluate, Integrate, Justify, 
1153. Verify
1154. Disaster Recovery Plan Testing
1155. Define, Describe, Evaluate, 
1156. Justify, Verify
1157. Disaster Recovery Planning
1158. Define, Describe, Integrate, 
1159. Evaluate, Verify
1160. Discretionary Access Control
1161. Define, Describe, Evaluate, 
1162. Justify, Verify
1163. Disposition Of Media & Data
1164. Define, Evaluate, Discuss, Plan, 
1165. Verify
1166. Distributed Systems Security
1167. Define, Evaluate, Identify, Justify, 
1168. Plan
1169. Document Labeling
1170. Define, Evaluate, Describe, 
1171. Justify, Verify
1172. Documentation
1173. Define, Categorize, Outline, 
1174. Verify, Evaluate, Justify, 
1175. Examples
1176. Drop-Off/Add-On Protection(Piggy 
1177. Backing
1178. Define, Describe, Identify, 
1179. Report, Verify
1180. Electromagnetic Countermeasures
1181. Define, Defend, Describe, 
1182. Evaluate, Justify, Plan, Verify
1183. Electromagnetic Interference
1184. Define, Describe, Evaluate, 
1185. Report, Verify
1186. Electronic Data Interchange
1187. Define, Describe, Example, 
1188. Evaluate, Integrate, Interpret, 
1189. Verify
1190. Electronic Funds Transfer
1191. Define, Describe, Example, 
1192. Evaluate, Integrate, Interpret, 
1193. Verify
1194. Electronic Key Management System
1195. Define, Compare, Describe, 
1196. Evaluate, Identify, Integrate, 
1197. Justify, Verify
1198. Electronic Monitoring
1199. Define, Discuss, Evaluate, Justify, 
1200. Report
1201. Electronic Records Management
1202. Define, Discuss, Evaluate, Verify
1203. Electronic Sources Of Security 
1204. Information
1205. Define, Discuss, Evaluate, 
1206. Recommend, Verify
1207. Electronic-Mail Privacy
1208. Define, Example, Evaluate, 
1209. Identify, Justify, Plan, Verify
1210. Electronic-Mail Security
1211. Define, Example, Evaluate, 
1212. Identify, Justify, Plan, Verify
1213. Emanations Security
1214. Define, Example, Evaluate, 
1215. Identify, Justify, Plan, Verify
1216. Encryption Modes
1217. Define, Describe, Compare, 
1218. Contrast, Examples
1219. Error Logs
1220. Define, Discuss, Evaluate, Verify
1221. Evaluated Products
1222. Define, Discuss, Evaluate, Justify, 
1223. Example, Identify, Plan, 
1224. Verify
1225. Evaluation Techniques
1226. Define, Discuss, Evaluate, Justify, 
1227. Example, Identify, Plan, 
1228. Verify
1229. Expert Security/Audit Tools
1230. Define, Describe, Evaluate, 
1231. Justify, Example, Identify, 
1232. Plan, Verify
1233. Expert Systems
1234. Define, Describe, Evaluate, 
1235. Justify, Example, Identify, 
1236. Plan, Verify
1237. Fault Tolerance
1238. Define, Explain, Evaluate, Justify, 
1239. Example, Identify, Plan, 
1240. Verify
1241. Fax Security
1242. Define, Explain, Evaluate, Justify, 
1243. Example, Identify, Plan, 
1244. Verify
1245. Filtered Power
1246. Define, Explain, Evaluate, Justify, 
1247. Example, Identify, Plan, 
1248. Verify
1249. Firmware Security
1250.  
1251. Formal Methods For Security 
1252. Design
1253. Define, Describe, Summarize
1254. Frequency Hopping
1255. Define, Explain, Evaluate, Justify, 
1256. Example, Identify, Plan, 
1257. Verify
1258. Grounding
1259. Define, Compare, Contrast, 
1260. Describe, Evaluate, Identify, 
1261. Plan, Verify
1262. INTERNET Security
1263. Define, Evaluate, Identify, Justify, 
1264. Plan, Verify
1265. Intrusion Detection
1266. Define, Compare, Contrast, 
1267. Describe, Evaluate, Identify, 
1268. Plan, Verify
1269. Intrusion Deterrents
1270. Define, Compare, Contrast, 
1271. Describe, Evaluate, Identify, 
1272. Plan, Verify
1273. Isolation And Mediation
1274. Define, Compare, Contrast, 
1275. Describe, Evaluate, Identify, 
1276. Plan, Verify
1277. Jamming
1278. Define, Compare, Contrast, 
1279. Describe, Evaluate, Identify, 
1280. Plan, Verify
1281. Kernel
1282. Define, Demonstrate, Describe, 
1283. Evaluate, Example, Integrate, 
1284. Interpret, Verify
1285. Key Certificate Administration
1286. Define, Describe, Evaluate, 
1287. Report, Verify
1288. Keystroke Monitoring
1289. Define, Compare, Contrast, 
1290. Describe, Evaluate, Identify, 
1291. Plan, Verify
1292. Labeling
1293. Define, Describe, Evaluate, 
1294. Example, Justify, Plan, 
1295. Verify
1296. Leased-Line Networks
1297. Define, Compare, Defend, 
1298. Evaluate, Integrate, Justify, 
1299. Verify
1300. Least Privilege
1301. Define, Describe, Evaluate, 
1302. Example, Justify, Plan, 
1303. Verify
1304. Line Authentication
1305. Define, Describe, Evaluate, 
1306. Example, Justify, Plan, 
1307. Verify
1308. Line Of Sight
1309. Define, Evaluate, Example, 
1310. Explain, Identify, Verify
1311. List-Based Access Controls
1312. Define, Compare, Contrast, 
1313. Describe, Evaluate, Example, 
1314. Justify, Plan, Verify
1315. Local Area Network Security
1316. Define, Evaluate, Example, 
1317. Explain, Identify, Verify
1318. Logs And Journals
1319. Define, Describe, Evaluate, 
1320. Example, Identify, Verify
1321. Low Power
1322. Define, Discuss, Evaluate, 
1323. Identify, Report
1324. Magnetic Remanance
1325. Define, Discuss, Evaluate, 
1326. Identify, Report
1327. Malicious Code
1328. Define, Discuss, Evaluate, 
1329. Identify, Report
1330. Mandatory Access Control
1331. Define, Describe, Evaluate, 
1332. Justify, Verify
1333. Marking Of Media
1334. Define, Describe, Evaluate, 
1335. Justify, Verify
1336. Marking Of Sensitive Information
1337. Define, Describe, Evaluate, 
1338. Justify, Verify
1339. Memory (Non-Volatile)
1340. Define, Describe, Evaluate, 
1341. Justify, Verify
1342. Memory (Random)
1343. Define, Describe, Evaluate, 
1344. Justify, Verify
1345. Memory (Sequential)
1346. Define, Describe, Evaluate, 
1347. Justify, Verify
1348. Memory (Volatile)
1349. Define, Describe, Evaluate, 
1350. Justify, Verify
1351. Message Authentication Codes
1352. Define, Describe, Evaluate, 
1353. Justify, Verify
1354. Microwave/Wireless 
1355. Communications Security
1356. Define, Explain, Evaluate, Justify, 
1357. Example, Identify, Plan, 
1358. Verify
1359. Mobile Workstation Security
1360. Define, Explain, Evaluate, Justify, 
1361. Example, Identify, Plan, 
1362. Verify
1363. Modems
1364. Define, Evaluate, Select, 
1365. Recommend, Verify
1366. Modes Of Operation
1367. Define, Contrast, Evaluate, 
1368. Identify
1369. Monitoring (E.G.. Data. Line)
1370. Define, Discuss, Evaluate, 
1371. Outline
1372. Multilevel Processing
1373. Define, Describe, Evaluate, 
1374. Justify, Verify
1375. Multilevel Security
1376. Define, Describe, Evaluate, 
1377. Justify, Verify
1378. Network Communications Protocols
1379. Define, Demonstrate, Describe, 
1380. Evaluate, Example, Integrate, 
1381. Interpret, Verify
1382. Network Firewalls
1383. Define, Describe, Evaluate, 
1384. Justify, Verify
1385. Network Monitoring
1386. Define, Describe, Evaluate, 
1387. Justify, Verify
1388. Network Security
1389. Define, Evaluate, Example, 
1390. Explain, Identify, Verify
1391. Network Security Software
1392. Define, Explain, Evaluate, Justify, 
1393. Example, Identify, Plan, 
1394. Verify
1395. Network Switching
1396. Define, Compare, Defend, 
1397. Evaluate, Integrate, Justify, 
1398. Verify
1399. Network Topology
1400. Define, Discuss, Evaluate, 
1401. Outline
1402. Object Labeling
1403. Define, Describe, Evaluate, 
1404. Justify, Verify
1405. Object Reuse
1406. Define, Discuss, Evaluate, 
1407. Identify, Report
1408. Off-Site Security (Information. 
1409. Processing)
1410. Define, Evaluate, Identify, Justify, 
1411. Plan, Verify
1412. One-Time Passwords
1413. Define, Describe, Evaluate, 
1414. Justify, Verify
1415. Open Systems Interconnect (OSI) 
1416. Model
1417. Define, Describe, Summarize, 
1418. Verify, Relate
1419. Operating System Integrity
1420. Define, Evaluate, Outline, Verify
1421. Operating System Security Features
1422. Define, Compare, Evaluate, 
1423. Explain, Identify, Integrate, 
1424. Justify, Verify
1425. Operating Systems
1426. Define, Discuss, Evaluate
1427. Operations Security
1428. Define, Evaluate, Identify, Justify, 
1429. Plan, Verify
1430. Optical/Imaging Systems Security
1431. Define, Evaluate, Identify, Justify, 
1432. Plan, Verify
1433. Packet Filtering
1434. Define, Describe, Evaluate, 
1435. Justify, Verify
1436. Packet-Switched Networks
1437. Define, Compare, Defend, 
1438. Evaluate, Integrate, Justify, 
1439. Verify
1440. Password Management
1441. Define, Discuss, Evaluate, Plan, 
1442. Verify
1443. Peer-To-Peer Security
1444. Define, Evaluate, Identify, Justify, 
1445. Plan, Verify
1446. Penetration Testing
1447. Define, Evaluate, Identify, Justify, 
1448. Plan, Verify
1449. Platform-Specific Security
1450. Define, Evaluate, Identify, Justify, 
1451. Plan, Verify
1452. Power Controls (Ups. Emergency 
1453. Power)
1454. Define, Evaluate, Identify, Justify, 
1455. Plan, Verify
1456. Private Branch Exchange (PBX) 
1457. Security
1458. Define, Evaluate, Identify, Justify, 
1459. Plan, Verify
1460. Private Key Cryptology
1461. Define, Evaluate, Identify, Justify, 
1462. Plan, Verify
1463. Private Networks
1464. Define, Compare, Defend, 
1465. Evaluate, Integrate, Justify, 
1466. Verify
1467. Privileges (Class. Nodes)
1468. Define, Evaluate, Identify, Justify, 
1469. Plan, Verify
1470. Protected Distributed System
1471. Define, Evaluate, Identify, Justify, 
1472. Plan, Verify
1473. Protected Services
1474. Define, Evaluate, Identify, Justify, 
1475. Plan, Recommend, Select, 
1476. Verify
1477. Protection From Malicious Code
1478. Define, Evaluate, Identify, Justify, 
1479. Plan, Recommend, Select, 
1480. Verify
1481. Protective Technology
1482. Defend, Define, Evaluate, 
1483. Identify, Justify, Select, 
1484. Verify
1485. Public Key Encryption
1486. Define, Evaluate, Identify, Justify, 
1487. Plan, Recommend, Select, 
1488. Verify
1489. Redundancy
1490. Define, Evaluate, Identify, Justify, 
1491. Plan, Recommend, Select, 
1492. Verify
1493. Remote Terminal Protection 
1494. Devices
1495. Define, Evaluate, Identify, Justify, 
1496. Plan, Recommend, Select, 
1497. Verify
1498. Role-Based Access Controls
1499. Define, Evaluate, Identify, Justify, 
1500. Plan, Recommend, Select, 
1501. Verify
1502. Rules-Based Access Control
1503. Define, Evaluate, Identify, Justify, 
1504. Plan, Recommend, Select, 
1505. Verify
1506. Safeguards
1507. Define, Evaluate, Identify, Justify, 
1508. Plan, Recommend, Select, 
1509. Verify
1510. Satellite Communications Security
1511. Define, Evaluate, Identify, Justify, 
1512. Plan, Verify
1513. Security Architecture
1514. Define, Evaluate, Identify, Justify, 
1515. Plan, Verify
1516. Security Domains
1517. Define, Evaluate, Identify, Justify, 
1518. Plan, Recommend, Select, 
1519. Verify
1520. Security Product Integration
1521. Define, Evaluate, Identify, Justify, 
1522. Plan, Recommend, Select, 
1523. Verify
1524. Security Product Testing/Evaluation
1525. Define, Evaluate, Identify, Justify, 
1526. Plan, Recommend, Select, 
1527. Verify
1528. Security Products
1529. Define, Evaluate, Identify, Justify, 
1530. Plan, Recommend, Select, 
1531. Verify
1532. Shielded Enclosures
1533. Define, Evaluate, Identify, Justify, 
1534. Plan, Recommend, Select, 
1535. Verify
1536. Single Sign-On
1537. Define, Evaluate, Identify, Justify, 
1538. Plan, Recommend, Select, 
1539. Verify
1540. Smartcards/Token Authentication
1541. Define, Evaluate, Identify, Justify, 
1542. Plan, Recommend, Select, 
1543. Verify
1544. Software Asset Management
1545. Define, Discuss, Evaluate, Verify
1546. Software Engineering
1547. Define, Discuss, Evaluate, Verify
1548. Space Systems Security
1549. Define, Evaluate, Identify, Justify, 
1550. Plan, Verify
1551. Spoofing
1552. Define, Evaluate, Identify, Verify, 
1553. Report
1554. Spread Spectrum Analysis
1555. Define, Evaluate, Identify, Justify, 
1556. Plan, Recommend, Select, 
1557. Verify
1558. Standalone Systems And Remote 
1559. Terminals
1560. Define, Compare, Evaluate, 
1561. Explain, Identify, Integrate, 
1562. Justify, Verify
1563. System Software Controls
1564. Define, Evaluate, Identify, Justify, 
1565. Plan, Verify
1566. System Testing And Evaluation 
1567. Process
1568. Define, Evaluate, Identify, Justify, 
1569. Plan, Recommend, Select, 
1570. Verify
1571. System-High Mode
1572. Define, Evaluate, Identify, Justify, 
1573. Plan, Verify
1574. Systems Security Engineering
1575. Define, Discuss, Evaluate, Verify
1576. Technology Trends
1577. Define, Identify, Discuss
1578. Tempest
1579. Define, Evaluate, Identify, Justify, 
1580. Plan, Verify
1581. Validation (Testing)
1582. Define, Evaluate, Identify, Justify, 
1583. Plan, Recommend, Select, 
1584. Verify
1585. Value-Added Networks
1586. Define, Evaluate, Identify, Verify, 
1587. Report
1588. Verification And Validation Process
1589. Define, Evaluate, Identify, Verify, 
1590. Report
1591. Voice Communications Security
1592. Define, Evaluate, Identify, Justify, 
1593. Plan, Verify
1594. Voice Mail Security
1595. Define, Evaluate, Identify, Justify, 
1596. Plan, Verify
1597. Wide Area Network Security
1598. Define, Evaluate, Identify, Justify, 
1599. Plan, Verify
1600. Wide Area Networks
1601. Define, Evaluate, Identify, Verify, 
1602. Report
1603. Workstation Security
1604. Define, Evaluate, Identify, Justify, 
1605. Plan, Verify
1606.  
1607.  
1608.  
1609.  
1610.  
1611.  
1612. Organization Specific Security Elements
1613.  
1614. From the Unified Taxonomy Model, Organization Specific Security Elements represents one of the 
1615. areas where individuals are expected to know details about the specific items. Organization Specific 
1616. Security Elements identify major elements of the operational environment that must be known to ef-
1617. fectively implement and operate information systems securely. The major elements include both 
1618. knowledge about the organizational environment and the security properties of the installed base of 
1619. information technology.
1620.  
1621. Prerequisite knowledge includes management techniques, organizational budgeting and planning, and 
1622. organizational policies and procedures used in the management and operation of information and 
1623. telecommunications systems.
1624.  
1625. The knowledge areas are reported here with the appropriate verbs that should be used to develop the 
1626. behavioral objectives and instruction.
1627.  
1628. Access Authorization
1629. Verify, Assign, Maintain
1630. Access Control Policies
1631. Develop, Explain, Revise, 
1632. Access Controls
1633. Choose, Justify, Explain
1634. Access Privileges
1635. Evaluate
1636. Account Administration
1637. Evaluate, Define
1638. Accountability For Sensitive Data
1639. Defend, Define, Verify
1640. Administrative Security Policies 
1641. And Procedures
1642. Change, Defend, Define, Explain, 
1643. Evaluate, Follows, Influence, 
1644. Initiate, Integrate, Interpret
1645. Agency-Specific Security Policies
1646. Change, Defend, Define, Explain, 
1647. Evaluate, Follows, Influence, 
1648. Initiate, Integrate, Interpret
1649. Audit Trails And Logging Policies
1650. Change, Defend, Define, Explain, 
1651. Evaluate, Follows, Influence, 
1652. Initiate, Integrate, Interpret
1653. Background Investigations
1654. Request, Use
1655. Basic/Generic Management Issues
1656. Explain, Identify, Interpret, 
1657. Assist, Present, Integrate
1658. Business Aspects Of Information 
1659. Security
1660. Explain, Identify, Illustrate, 
1661. Interpret
1662. Change Control Policies
1663. Change, Defend, Define, Explain, 
1664. Evaluate, Follows, Influence, 
1665. Initiate, Integrate, Interpret
1666. Classified Materials(E.G. Handling 
1667. And Shipping)
1668. Define, Evaluate, Labels, Report, 
1669. Communications Security Policies 
1670. And Guidelines
1671. Change, Defend, Define, Explain, 
1672. Evaluate, Follows, Influence, 
1673. Initiate, Integrate, Interpret
1674. Communications Center Security
1675. Evaluate, Influence, Points Out
1676. Computer Emergency Response 
1677. Team(CERT)
1678. Describe, Directs, Use, Evaluate, 
1679. Initiate
1680. Computer Matching Responsibilities
1681. Explain, Points Out, Report
1682. COMSEC Custodian
1683. Describe, Identify, Listens, 
1684. Support
1685. COMSEC Material Destruction 
1686. Procedures
1687. Change, Defend, Define, Explain, 
1688. Evaluate, Follows, Influence, 
1689. Initiate, Integrate, Interpret, 
1690. Report
1691. COMSEC Material Identification & 
1692. Inventory
1693. Describe, Perform, Use, Report, 
1694. Labels
1695. Configuration Management
1696. Define, Describe, Evaluate, 
1697. Influence, Justify, Propose
1698. Contingency Plan Testing
1699. Describe, Evaluate, Outline, 
1700. Directs, Initiate, 
1701. Demonstrate, Design, Drills, 
1702. Estimate, Perform, Plan, 
1703. Prepare, Propose, 
1704. Summarize, Use, Verify, 
1705. Report, Integrate
1706. Contingency Planning
1707. Assist, Define, Describe, Develop, 
1708. Evaluate, Influence, Initiate, 
1709. Use, Verify
1710. Continuity Planning
1711. Assist, Define, Describe, Develop, 
1712. Evaluate, Influence, Initiate, 
1713. Use, Verify
1714. Contracting For Security Services
1715. Assist, Discuss, Evaluate, 
1716. Influence, Justify, Perform, 
1717. Propose, Revise, Use
1718. Contracts, Agreements & Other 
1719. Obligations
1720. Arrange, Describe, Discuss, 
1721. Evaluate, Influence, 
1722. Integrate, Interpret, Prepare, 
1723. Revise, Use, Verify
1724. Corrective Actions
1725. Assist, Defend, Design, Discuss, 
1726. Evaluate, Follows-Up, 
1727. Identify, Initiate, Perform, 
1728. Plan, Propose, Report, Select, 
1729. Support
1730. Cost/Benefit Analysis
1731. Assist, Defend, Define, Evaluate, 
1732. Explain, Initiate, Interpret, 
1733. Orders, Perform, Support, 
1734. Use, Verify
1735. Criminal Prosecution
1736. Request, Choose, Influence, 
1737. Initiate, Prepare, 
1738. Recommends, Support
1739. Critical Systems
1740. Define, Differentiate, Example, 
1741. Identify, Monitor
1742. Customer It Security Needs
1743. Categorize, Compile, Contrasts, 
1744. Define, Describe, Discuss, 
1745. Estimate, Generalize, 
1746. Identify, Influence, Interpret, 
1747. Justify, Listens, Plan, 
1748. Predicts, Questions, Relate, 
1749. Report, Study, Support, 
1750. Verify, Weighs, Prioritizes
1751. Customer Service Orientation
1752. Answers, Assist, Demonstrate, 
1753. Discuss, Evaluate, Explain, 
1754. Helps, Influence, Initiate, 
1755. Interpret, Listens, Plan, 
1756. Points Out, Points To, 
1757. Responds, Support
1758. Data Processing Center Security
1759. Assist, Builds, Defend, Describe, 
1760. Design, Discuss, Evaluate, 
1761. Identify, Influence, Initiate, 
1762. Integrate, Interpret, Operate, 
1763. Organize, Plan, Estimate, 
1764. Present, Propose, Report, 
1765. Support, Use
1766. Delegation Of Authority
1767. Comply, Defend, Define, Explain, 
1768. Interpret, Verify
1769. Disaster Recovery Plan Testing
1770. Describe, Evaluate, Outline, 
1771. Directs, Initiate, 
1772. Demonstrate, Design, Drills, 
1773. Estimate, Perform, Plan, 
1774. Prepare, Propose, 
1775. Summarize, Use, Verify, 
1776. Report, Integrate
1777. Disaster Recovery Planning
1778. Assist, Define, Describe, Develop, 
1779. Evaluate, Influence, Initiate, 
1780. Use, Verify
1781. Disposition Of Classified 
1782. Information
1783. Destroys, Store, Comply, Explain, 
1784. Organize, Perform, Verify, 
1785. Plan, 
1786. Disposition Of Media & Data
1787. Destroys, Store, Comply, Explain, 
1788. Organize, Perform, Verify, 
1789. Plan, 
1790. Distributed Systems Security
1791. Define, Describe, Evaluate, 
1792. Identify, Integrate, Justify, 
1793. Operate, Plan, Report
1794. Documentation
1795. Assemble, Assist, Categorize, 
1796. Create, Describe, Discuss, 
1797. Example, Identify, Outline, 
1798. Paraphrase, Produce, 
1799. Organize, Reproduce, Write, 
1800. State, Use. Integrate.
1801. Documentation Policies
1802. Change, Defend, Define, Explain, 
1803. Evaluate, Follows, Influence, 
1804. Initiate, Integrate, Interpret
1805. Due Care
1806. Use, Verify
1807. Education. Training And Awareness
1808. Plan, Perform, Evaluate
1809. Electronic Records Management
1810. Comply, Demonstrate, Evaluate, 
1811. Explain, Identify, Integrate, 
1812. Justify, Perform
1813. Electronic-Mail Privacy
1814. Comply, Defend, Describe, 
1815. Evaluate, Perform, Plan, 
1816. Points To, Verify
1817. Emergency Destruction Procedures
1818. Assist, Demonstrate, Describe, 
1819. Perform, Produce, 
1820. End User Computing Security
1821. Perform, Plan, Evaluate, Assist
1822. Ethics
1823. Practice, Promotes
1824. Evidence Collection And 
1825. Preservation
1826. Assist, Perform, Evaluate, 
1827. Support
1828. Expert Security/Audit Tools
1829. Choose, Use
1830. Facilities Planning
1831. Assist, Define, Describe, Develop, 
1832. Evaluate, Influence, Initiate, 
1833. Use, Verify
1834. Facilities Management
1835. Evaluate, Influence, Assist
1836. Fraud. Waste And Abuse
1837. Identify, Report, Assist
1838. Hackers And Unauthorized Users
1839. Identify, Report, Describe, Assist
1840. Guidelines
1841. Change, Defend, Define, Explain, 
1842. Evaluate, Follows, Influence, 
1843. Initiate, Integrate, Interpret
1844. Hardware Asset Management
1845. Assemble, Categorize, Comply, 
1846. Define, Estimate, Explain, 
1847. Perform, Produce, 
1848. Inventories
1849. Housekeeping Procedures
1850. Plan, Evaluate, Practice
1851. Identification & Authentication
1852. Words Discuss, Assist, Perform
1853. Implementation (Life Cycle)
1854. Define, Discuss, Distinguish, 
1855. Example, Plan
1856. Incident Response
1857. Perform, Design, Evaluate, 
1858. Explain, Initiate, Organize, 
1859. Plan, Report
1860. Industrial Espionage
1861. Breaks Down, Categorize, Define, 
1862. Describe, Discuss, Example, 
1863. Identify, Report
1864. Info Sys Security Program 
1865. Budgeting
1866. Builds, Compile, Defend, 
1867. Discuss, Displays, Estimate, 
1868. Evaluate, Justify, Prepare, 
1869. Present, Questions, Report, 
1870. Revise, Summarize, Support, 
1871. Implements
1872. Info Sys Security Program Planning
1873. Change, Defend, Define, Discuss, 
1874. Evaluate, Justify, Modify, 
1875. Predicts, Perform, Prepare, 
1876. Propose, Questions, 
1877. Reorganize, Report, Write, 
1878. Information Categorization
1879. Evaluate, Defend, Define, 
1880. Differentiate, Example, 
1881. Explain, Identify, Interpret, 
1882. Labels, Organize, Present, 
1883. Propose
1884. Information Classification
1885. Evaluate, Defend, Define, 
1886. Differentiate, Example, 
1887. Explain, Identify, Interpret, 
1888. Labels, Organize, Present, 
1889. Propose
1890. Information Criticality
1891. Evaluate, Defend, Define, 
1892. Differentiate, Example, 
1893. Explain, Identify, Interpret, 
1894. Labels, Organize, Present, 
1895. Propose
1896. Information Ownership
1897. Define, Differentiate, Identify
1898. Information Resource 
1899. Owner/Custodian
1900. Identify, Labels, Verify
1901. Information Security Policy
1902. Change, Defend, Define, Explain, 
1903. Evaluate, Follows, Influence, 
1904. Initiate, Integrate, Interpret
1905. Information Sensitivity
1906. Define, Describe, Evaluate, 
1907. Example, Explain, Labels, 
1908. Questions, Responds
1909. Information Systems Security 
1910. Officer
1911. Perform, Identify, Evaluate, 
1912. Assist
1913. Information Valuation
1914. Analyze, Assist, Describe, 
1915. Evaluate, Identify, Interpret, 
1916. Justify, Labels, Report
1917. Insurance
1918. Appraise, Categorize, Identify, 
1919. Describe, Estimate, Justify, 
1920. Propose, Assist
1921. Internal Controls And Security
1922. Discuss, Distinguish, Evaluate, 
1923. Explain, Identify, Illustrate, 
1924. Integrate, Perform, Plan, 
1925. Comply, Initiate, Assist
1926. INTERNET Security
1927. Appraise, Define, Design, 
1928. Distinguish, Example, 
1929. Explain, Identify, Integrate, 
1930. Questions, Use, Verify
1931. Intrusion Detection
1932. Implements, Define, Design, 
1933. Discuss, Evaluate, Explain, 
1934. Identify, Operate, Plan, 
1935. Select, Solve, Verify
1936. Investigation Of Security Breaches
1937. Corrects, Define, Perform, 
1938. Discovers, Evaluate, Explain, 
1939. Identify, Questions, Study, 
1940. Report
1941. Investigative Authorities
1942. Identify, Distinguish, Explain
1943. Is/It Asset Valuation
1944. Analyze, Assist, Describe, 
1945. Evaluate, Identify, Interpret, 
1946. Justify, Labels, 
1947. Report
1948. Keystroke Monitoring
1949. Assist, Comply, Describe, 
1950. Distinguish, Evaluate, 
1951. Integrate, Perform, Plan
1952. Leased-Line Networks
1953. Builds, Connects, Integrate, 
1954. Design, Diagrams, Evaluate, 
1955. Example, Explain, Identify, 
1956. Integrate, Plan
1957. Legal And Liability Issues
1958. Comply, Discuss, Evaluate, 
1959. Example, Explain, Identify
1960. Lessons Learned
1961. Categorize, Compare, Describe, 
1962. Evaluate, Example, Identify, 
1963. Illustrate, Influence, Discuss, 
1964. Verify, Practice, Report
1965. Life Cycle System Security Planning
1966. Builds, Define, Demonstrate, 
1967. Design, Discuss, Evaluate, 
1968. Explain, Prepare, Support, 
1969. Assist
1970. Local Area Network Security
1971. Perform, Plan, Evaluate, Assist
1972. Logs And Journals
1973. Compile, Define, Describe, 
1974. Discuss, Example, Explain, 
1975. Documents, Analyzes
1976. Management Of The Security 
1977. Function
1978. Assist, Defend, Describe, Discuss, 
1979. Evaluate, Example, Explain, 
1980. Organize, Perform, Plan, 
1981. Allocates
1982. Marking Of Sensitive Information
1983. Organize, Perform, Comply, 
1984. Define, Discuss, Example, 
1985. Explain, Produce, Support
1986. Marking Of Media
1987. Organize, Perform, Comply, 
1988. Define, Discuss, Example, 
1989. Explain, Produce, Support
1990. Monitoring (E.G.. Data. Line)
1991. Organize, Perform, Discuss, 
1992. Explain, Report
1993. Multilevel Processing
1994. Comply, Organize, Perform, 
1995. Create, Define, Discuss, 
1996. Explain
1997. Need-To-Know Controls
1998. Initiate, Outline, Practice, 
1999. Integrate
2000. Network Monitoring
2001. Define, Design, Interpret, Justify, 
2002. Organize, Select, Analyze, 
2003. Use, Prepare, Evaluate, 
2004. Operate, Plan, 
2005. Network Security
2006. Assist, Builds, Defend, Describe, 
2007. Design, Discuss, Evaluate, 
2008. Identify, Integrate, Operate, 
2009. Organize, Estimate, Propose, 
2010. Report, Support
2011. Network Topology
2012. Assist, Builds, Design, Evaluate, 
2013. Identify, Integrate, Select, 
2014. Organize, Plan, Estimate, 
2015. Present, Propose, Support, 
2016. Use
2017. Off-Site Security (Information. 
2018. Processing)
2019. Assist, Defend, Describe, Design, 
2020. Evaluate, Identify, Integrate, 
2021. Organize, Plan, Estimate, 
2022. Propose, Use
2023. One-Time Passwords
2024. Defend, Define, Describe, 
2025. Evaluate, Influence, Operate, 
2026. Propose, Select, Generates
2027. Operating System Security Features
2028. Define, Describe, Design, 
2029. Evaluate, Identify, Propose, 
2030. Support, Cleans, Complies
2031. Org.. Placement Of The Is/It 
2032. Security Function
2033. Defend, Define, Explain, 
2034. Influence, Support
2035. Organizational Culture
2036. Define, Discuss, Explain, 
2037. Influence, Comply, Integrate
2038. Oversight
2039. Define, Discuss, Influence, 
2040. Comply, Support, 
2041. Coordinate, Practice, Locate, 
2042. Report
2043. Password Management
2044. Comply, Define, Design, 
2045. Evaluate, Explain, Justify, 
2046. Operate, Constructs, Labels
2047. Personnel Security Policies And 
2048. Guidance
2049. Assist, Describe, Discuss, 
2050. Integrate, Propose, Support, 
2051. Define, Evaluate, Use
2052. Platform-Specific Security
2053. Perform, Plan, Evaluate, Assist
2054. Policy Development
2055. Influence, Write, Define, 
2056. Describe, Evaluate, Explain, 
2057. Justify, Propose, Plan, 
2058. Integrate
2059. Policy Enforcement
2060. Assist, Practice, Defend, Discuss, 
2061. Evaluate, Influence, Explain, 
2062. Report
2063. Position Sensitivity
2064. Assist, Categorize, Describe, 
2065. Discuss, Evaluate, Interpret, 
2066. Propose
2067. Practices
2068. Define, Evaluate, Identify, 
2069. Influence, Support, Estimate, 
2070. Corrects, Criticize, Explain, 
2071. Justify, Propose
2072. Procedures
2073. Define, Describe, Design, 
2074. Evaluate, Identify, Influence, 
2075. Support, Write, Criticize, 
2076. Explain, Justify, Propose
2077. Professional Interfaces
2078. Builds, Define, Discuss, Extends, 
2079. Evaluate, Integrate
2080. Protection From Malicious Code
2081. Categorize, Define, Design, 
2082. Evaluate, Explain, Influence, 
2083. Initiate, Perform, Plan, 
2084. Study, Verify, Support, 
2085. Report
2086. Quality Assurance
2087. Define, Discuss, Support, 
2088. Comply, Evaluate
2089. Redundancy
2090. Define, Explain, Describe, Justify, 
2091. Design, Evaluate, Support
2092. Risk Acceptance Process
2093. Define, Describe, Discuss, 
2094. Explain, Recommends, 
2095. Support, Evaluate
2096. Risk Management
2097. Define, Describe, Evaluate, 
2098. Support, Design, Perform, 
2099. Justify, Plan
2100. Roles And Responsibilities
2101. Define, Categorize, Compare, 
2102. Contrasts, Explain, Verify, 
2103. Evaluate
2104. Secure System Operations
2105. Describe, Discuss, Evaluate, 
2106. Justify, Plan, Support
2107. Security Architecture
2108. Define, Describe, Evaluate, 
2109. Justify, Prescribes
2110. Security Awareness
2111. Describe, Discuss, Organize, 
2112. Promote, Perform, Support, 
2113. Plan, Evaluate
2114. Security Education
2115. Describe, Discuss, Organize, 
2116. Promote, Perform, Evaluate, 
2117. Plan
2118. Security Product Integration
2119. Define, Describe, Develop, 
2120. Evaluate, Plan, Support, 
2121. Perform, Integrate
2122. Security Reviews
2123. Define, Describe, Plan, Perform, 
2124. Support, Evaluate, Follows-
2125. Up, Recommends
2126. Security Staffing Requirements
2127. Define, Propose, Evaluate, Justify, 
2128. Plan, Prioritize, Present
2129. Security Training
2130. Define, Specify, Outline, 
2131. Evaluate, Perform, Promote, 
2132. Verify
2133. Security Violations Reporting 
2134. Process
2135. Define, Describe, Develop, 
2136. Evaluate, Monitor, Organize, 
2137. Follows-Up, Perform, Report
2138. Sensitive System
2139. Define, Describe, Evaluate, 
2140. Identify, Verify
2141. Separation Of Duties
2142. Define, Describe, Monitor, 
2143. Promote, Example, Evaluate
2144. Software Asset Management
2145. Define, Promote, Justify, 
2146. Evaluate, Report, Verify
2147. Software Licensing
2148. Define, Example, Promote, 
2149. Monitor, Evaluate
2150. Standalone Systems And Remote 
2151. Terminals
2152. Define, Support, Integrate, 
2153. Evaluate
2154. (Suggest This Item Be Broken 
2155. Into Two Items)
2156. Standards Of Conduct
2157. Describe, Support, Exemplify, 
2158. Report, Follows-Up
2159. Storage Area Controls
2160. Define, Develop, Evaluate, 
2161. Example, Support, Verify, 
2162. Plan, Report, Follows-Up
2163. Storage Media Protection And 
2164. Control
2165. Define, Develop, Evaluate, 
2166. Example, Support, Verify, 
2167. Plan, Report, Follows-Up
2168. Transportation Of Media
2169. Define, Describe, Compare, 
2170. Evaluate, Plan, Justify
2171. Warranties
2172. Define, Describe, Evaluate, 
2173. Monitor, Verify
2174. Wide Area Network Security
2175. Define, Describe, Integrate, Plan, 
2176. Promote, Evaluate, Perform, 
2177. Support
2178. Witness Interviewing/Interrogation
2179. Define, Describe, Perform, 
2180. Evaluate, Support
2181. Workstation Security
2182. Define, Describe, Promote, Plan, 
2183. Report, Verify, Perform
2184. Zone Of Control/Zoning
2185. Define, Recommends, Justify, 
2186. Report, Describe, Evaluate
2187.  
2188.  
2189.  
2190.  
2191.  
2192.  
2193. Designing & Engineering AIS To Be Secure
2194.  
2195. From the Unified Taxonomy Model, Designing And Engineering Information Systems To Be Secure 
2196. represents one of the areas where individuals are expected to know details about the specific items 
2197. and perform specific tasks. Designing And Engineering Information Systems To Be Secure requires 
2198. process knowledge involving tasks up to deployment of an operational system. There are several 
2199. parallel processes (e.g., risk management, life cycle management, certification) that are used to build 
2200. and deploy information systems with appropriate security. These processes use much of the encyclo-
2201. pedic knowledge in this framework. The knowledge and performance areas are reported here with the 
2202. appropriate verbs that should be used to develop the behavioral objectives and instruction.
2203.  
2204.  
2205. Access Control Models
2206. Create, Compare, Evaluate, Test
2207. Access Control Policies
2208. Apply, Interpret
2209. Access Control Software
2210. Select, Propose, Use, Evaluate, 
2211. Test
2212. Access Controls
2213. Apply, Use, Evaluate
2214. Acquisitions
2215. Questions, Support
2216. Agency-Specific Security Policies
2217. Interpret, Apply
2218. Application Development Control
2219. Define, Design, Evaluate, Modify, 
2220. Propose, Test
2221. Applications Security
2222. Apply, Define, Design, Evaluate, 
2223. Use, Verify
2224. Assurance
2225. Define, Evaluate, Explain, Verify, 
2226. Builds-In
2227. Audit Trails And Logging Policies
2228. Complies-With, Interpret
2229. Authentication
2230. Builds-In
2231. Cabling
2232. Select, Evaluate, Propose, Use
2233. Call-Back Security
2234. Apply
2235. Certification
2236. Defend, Design, Evaluate, 
2237. Explain, Influence, Perform
2238. Client/Server Security
2239. Design, Evaluate, Influence, 
2240. Solve, Apply, Use
2241. Common Carrier Security
2242. Evaluate, Identify, Questions, Use
2243. COMSEC Testing
2244. Define, Describe, Evaluate, 
2245. Influence, Perform, Report, 
2246. Verify
2247. Confidentiality
2248. Apply, Builds-In, Support
2249. Configuration Management
2250. Influence, Complies-With
2251. Conformance Testing
2252. Design, Describe, Evaluate, 
2253. Influence, Initiate, Perform, 
2254. Report, Verify
2255. Cost/Benefit Analysis
2256. Influence, Support
2257. Countermeasures
2258. Builds-In, Combine, Compare, 
2259. Design, Evaluate, Influence, 
2260. Integrate, Modify
2261. Cover And Deception
2262. Apply
2263. Cryptographic Techniques
2264. Apply, Design, Explain, Use, 
2265. Verify
2266. Cryptography
2267. Apply, Design, Describe, 
2268. Influence, Justify, Plan, 
2269. Study, Use
2270. Cryptovariable
2271. Use
2272. Dedicated Line
2273. Integrate, Justify, Propose, Use
2274. Dedicated Mode
2275. Propose, Select
2276. Denial Of Service
2277. Solves
2278. Detective Controls
2279. Builds-In, Design, Evaluate, 
2280. Propose, Use, Verify
2281. Development (Life Cycle)
2282. Apply, Complies- With, Evaluate, 
2283. Integrate
2284. Discretionary Access Control
2285. Apply, Builds-In, Design, 
2286. Propose, Use
2287. Distributed Systems Security
2288. Design, Evaluate, Influence, 
2289. Solve, Apply, Use
2290. Documentation
2291. Create, Produce, Modify
2292. Electromagnetic Countermeasures
2293. Builds-In, Design, Evaluate, 
2294. Identify, Initiate, Integrate, 
2295. Select, Verify
2296. Electromagnetic Interference
2297. Address, Evaluate, Study
2298. Electronic Data Interchange
2299. Design, Evaluate, Integrate, Use
2300. Electronic Key Management System
2301. Design, Evaluate, Integrate, 
2302. Select, Use, Verify
2303. Electronic-Mail Security
2304. Apply, Design, Evaluate, 
2305. Influence, Solve, Use
2306. Emanations Security
2307. Apply, Design, Evaluate, 
2308. Influence, Solve, Use
2309. Encryption Modes
2310. Apply, Use
2311. Evaluated Products
2312. Compare, Evaluate, Influence, 
2313. Integrate, Select, Test, Use
2314. Evaluation Techniques
2315. Apply, Design, Evaluate, Identify, 
2316. Select, Use, Verify
2317. Expert Security/Audit Tools
2318. Apply, Create, Design, Evaluate, 
2319. Select, Use, Verify
2320. Expert Systems
2321. Apply, Builds, Evaluate, Select, 
2322. Use
2323. Fault Tolerance
2324. Builds-In, Design, Evaluate, 
2325. Select, Use, Verify
2326. Fax Security
2327. Apply, Design, Evaluate, 
2328. Influence, Solve, Use
2329. Firmware Security
2330. Apply, Builds-In, Create, Design, 
2331. Evaluate, Influence, Select, 
2332. Use
2333. Formal Methods For Security 
2334. Design
2335. Apply, Evaluate, Use, Verify
2336. Identification & Authentication
2337. Address, Builds-In, Evaluate, 
2338. Test, Verify
2339. Inference
2340. Address, Evaluate, Test, Verify
2341. Inference Engine
2342. Apply, Evaluate, Use, Verify
2343. Information Availability
2344. Address, Builds-In, Evaluate, 
2345. Verify
2346. Information Confidentiality
2347. Address, Builds-In, Evaluate, 
2348. Verify
2349. Information Integrity
2350. Address, Builds-In, Evaluate, 
2351. Verify
2352. Information State
2353. Apply, Define, Evaluate, Identify, 
2354. Use, Verify
2355. Integrity
2356. Apply, Builds-In, Evaluate, Test, 
2357. Verify
2358. Intrusion Detection
2359. Apply, Builds-In, Design, 
2360. Evaluate, Select, Study, 
2361. Verify
2362. Intrusion Deterrents
2363. Apply, Builds-In, Compare, 
2364. Design, Devise, Evaluate, 
2365. Identify, Propose, Select, Use, 
2366. Verify
2367. Isolation And Mediation
2368. Apply, Builds-In, Create, 
2369. Evaluate, Propose, Study, 
2370. Use, Verify
2371. Jamming
2372. Address, Evaluate, Identify, 
2373. Verify
2374. Kernel
2375. Builds-In, Design, Evaluate, 
2376. Integrate, Modify, Propose, 
2377. Use, Verify
2378. Lattice Model
2379. Apply, Builds-In, Constructs, 
2380. Evaluate, Interpret, Modify, 
2381. Propose, Test, Verify
2382. Least Privilege
2383. Apply, Builds-In, Complies-With, 
2384. Evaluate, Test, Use, Verify
2385. Line Authentication
2386. Apply, Builds-In, Evaluate, 
2387. Support, Use, Verify
2388. Line Of Sight
2389. Apply, Evaluate, Use, Verify
2390. Local Area Network Security
2391. Address, Builds-In, Design, 
2392. Evaluate, Integrate, Support, 
2393. Test, Verify
2394. Mandatory Access Control
2395. Apply, Builds-In, Complies-With, 
2396. Design, Evaluate, Propose, 
2397. Support, Test, Use, Verify
2398. Media Convergence
2399. Addresses
2400. Memory (Non-Volatile)
2401. Apply, Use
2402. Memory (Random)
2403. Apply, Use
2404. Memory (Sequential)
2405. Apply, Use
2406. Memory (Volatile)
2407. Apply, Use
2408. Message Authentication Codes
2409. Apply, Builds-In, Evaluate, 
2410. Propose, Test, Use, Verify
2411. Microwave/Wireless 
2412. Communications Security
2413. Design, Evaluate, Integrate, 
2414. Propose, Test, Use, Verify
2415. Mobile Workstation Security
2416. Address, Apply, Design, 
2417. Evaluate, Propose, Test, Use, 
2418. Verify
2419. Monitoring
2420. Address, Apply, Builds-In, 
2421. Design, Evaluate, Propose, 
2422. Test, Use, Verify
2423. Multilevel Processing
2424. Address, Design, Evaluate, Test, 
2425. Verify
2426. Multilevel Security
2427. Address, Design, Evaluate, Test, 
2428. Verify
2429. Network Communications Protocols
2430. Apply, Builds-In, Complies-With, 
2431. Integrate, Interpret, Select, 
2432. Use
2433. Network Firewalls
2434. Apply, Builds-In, Design, 
2435. Evaluate, Influence, 
2436. Integrate, Propose, Select, 
2437. Test, Use, Verify
2438. Network Monitoring
2439. Address, Apply, Builds-In, 
2440. Design, Evaluate, Influence, 
2441. Propose, Select, Use, Verify
2442. Network Security
2443. Address, Apply, Builds-In, 
2444. Design, Evaluate, Propose, 
2445. Select, Use, Verify
2446. Network Security Software
2447. Apply, Alters, Builds-In, Design, 
2448. Evaluate, Integrate, Modify, 
2449. Propose, Select, Test, Use, 
2450. Verify
2451. Non-Repudiation
2452. Address, Apply, Builds-In, 
2453. Design, Evaluate, Integrate, 
2454. Propose, Support, Test, Use, 
2455. Verify
2456. Non-Inference Model
2457. Apply, Evaluate, Use, Verify
2458. Object Labeling
2459. Apply, Builds-In, Design, 
2460. Evaluate, Integrate, Support, 
2461. Test, Use, Verify
2462. Object Reuse
2463. Address, Controls, Evaluate, Test, 
2464. Verify
2465. One-Time Passwords
2466. Address, Apply, Builds-In, 
2467. Evaluate, Influence, 
2468. Integrate, Propose, Test, Use, 
2469. Verify
2470. Open Systems Interconnect (OSI) 
2471. Model
2472. Apply, Evaluate, Integrate, 
2473. Propose, Test, Use, Verify
2474. Open Systems Security
2475. Address, Apply, Design, 
2476. Evaluate, Influence, 
2477. Integrate, Propose, Test, Use, 
2478. Verify
2479. Operating System Integrity
2480. Apply, Builds-In, Evaluate, Test, 
2481. Use, Verify
2482. Operating System Security Features
2483. Apply, Evaluate, Integrate, Test, 
2484. Use, Verify
2485. Operating Systems
2486. Evaluate, Propose, Test, Use
2487. Optical/Imaging Systems Security
2488. Apply, Builds-In, Design, 
2489. Evaluate, Influence, 
2490. Integrate, Propose, Test, Use, 
2491. Verify
2492. Packet Filtering
2493. Apply, Design, Evaluate, 
2494. Integrate, Propose, Support, 
2495. Test, Verify
2496. Peer-To-Peer Security
2497. Address, Apply, Builds-In, 
2498. Design, Evaluate, Influence, 
2499. Integrate, Select, Test, Verify
2500. Penetration Testing
2501. Apply, Design, Propose, Support, 
2502. Verify
2503. Platform-Specific Security
2504. Apply, Design, Evaluate, 
2505. Influence, Integrate, Support, 
2506. Test, Use, Verify
2507. Power Controls (Ups. Emergency 
2508. Power)
2509. Propose, Test, Use
2510. Preventive Controls
2511. Address, Apply, Builds-In, 
2512. Design, Evaluate, Influence, 
2513. Propose, Select, Test, Verify
2514. Private Key Cryptology
2515. Apply, Evaluate, Propose, Select, 
2516. Test, Use, Verify
2517. Privileges (Class. Nodes)
2518. Apply, Integrate, Propose, Test, 
2519. Verify
2520. Protected Distributed System
2521. Address, Apply, Design, 
2522. Evaluate, Integrate, Test, 
2523. Verify
2524. Protection From Malicious Code
2525. Address, Apply, Builds-In, 
2526. Design, Evaluate, Influence, 
2527. Integrate, Propose, Select, 
2528. Test, Verify
2529. Public Key Encryption
2530. Apply, Builds-In, Evaluate, 
2531. Propose, Select, Test, Verify
2532. Quality Assurance
2533. Apply, Influence, Support
2534. Rainbow Series
2535. Apply, Complies-With
2536. Redundancy
2537. Apply, Builds-In, Design, 
2538. Evaluate, Propose, Support, 
2539. Test, Use, Verify
2540. Reference Monitor
2541. Apply, Build-In, Evaluate, 
2542. Integrate, Test, Use, Verify
2543. Remote Terminal Protection 
2544. Devices
2545. Design, Evaluate, Integrate, 
2546. Propose, Select, Test, Use, 
2547. Verify
2548. Risks
2549. Address, Control, Evaluate, 
2550. Identify
2551. Role-Based Access Controls
2552. Apply, Build-In, Design, 
2553. Evaluate, Support, Test, Use, 
2554. Verify
2555. Rules-Based Access Control
2556. Apply, Build-In, Design, 
2557. Evaluate, Support, Test, Use, 
2558. Verify
2559. Safeguards
2560. Apply, Build-In, Design, 
2561. Evaluate, Influence, Propose, 
2562. Select, Support, Test, Use, 
2563. Verify
2564. Safety
2565. Address, Apply, Build-In, Design, 
2566. Evaluate, Propose, Support, 
2567. Test, Verify
2568. Satellite Communications Security
2569. Address, Apply, Design, 
2570. Evaluate, Influence, 
2571. Integrate, Propose, Test, Use, 
2572. Verify
2573. Secure System Operations
2574. Apply, Influence, Support, Test, 
2575. Verify
2576. Security Architecture
2577. Apply, Comply-With, Design, 
2578. Evaluate, Influence, Propose, 
2579. Select, Support
2580. Security Awareness
2581. Cognizant-Of, Influence, Initiate, 
2582. Propose, Support
2583. Security Domains
2584. Address, Apply, Design, 
2585. Influence, Test, Use, Verify
2586. Security Education
2587. Cognizant-Of, Influence, Propose, 
2588. Support, Use
2589. Security Product Integration
2590. Apply, Design, Evaluate, 
2591. Influence, Propose, Test, Use, 
2592. Verify
2593. Security Product Testing/Evaluation
2594. Design, Influence, Perform, 
2595. Report, Verify
2596. Security Training
2597. Cognizant-Of, Influence, Propose, 
2598. Support, Use
2599. Shielded Enclosures
2600. Cognizant-Of, Influence, Propose
2601. Single Sign-On
2602. Address, Apply, Design, 
2603. Evaluate, Influence, Propose, 
2604. Support, Test, Use, Verify
2605. Smartcards/Token Authentication
2606. Apply, Build-In, Design, 
2607. Evaluate, Integrate, Propose, 
2608. Select, Support, Test, Use, 
2609. Verify
2610. Software Engineering
2611. Apply, Integrate, Propose, Use
2612. Software Security
2613. Apply, Build-In, Design, 
2614. Evaluate, Influence, Propose, 
2615. Select, Test, Use, Verify
2616. Space Systems Security
2617. Apply, Cognizant-Of, Use
2618. Spread Spectrum Analysis
2619. Apply, Integrate, Propose, Use
2620. System Software Controls
2621. Apply, Build-In, Evaluate, 
2622. Influence, Propose, Test, Use, 
2623. Verify
2624. System Testing And Evaluation 
2625. Process
2626. Apply, Comply-With, Initiate, 
2627. Propose, Use, Verify
2628. System-High Mode
2629. Address, Cognizant-Of, Propose, 
2630. Use
2631. Systems Security Engineering
2632. Apply, Comply-With, Use
2633. TCSEC/ITSEC/Common Criteria
2634. Cognizant-Of, Integrate, Use
2635. Technological Threats
2636. Cognizant-Of, Control, Evaluate
2637. Technology Trends
2638. Cognizant-Of, Evaluate
2639. Tempest
2640. Apply, Cognizant-Of, Comply-
2641. With, Propose, Use
2642. Third-Party Evaluation
2643. Apply, Perform, Propose, Select, 
2644. Support, Use, Verify
2645. Threat
2646. Cognizant-Of, Control, Evaluate
2647. Trust
2648. Apply, Cognizant-Of, Evaluate, 
2649. Identify, Influence
2650. Trusted Comp Sys Eval. 
2651. Criteria(Orange Bo
2652. Apply, Cognizant-Of, Comply-
2653. With, Propose, Use
2654. Trusted Network Interpretation 
2655. (Red Book
2656. Apply, Cognizant-Of, Comply-
2657. With, Propose, Use
2658. Validation (Testing)
2659. Apply, Design, Integrate, 
2660. Perform, Propose, Report, 
2661. Verify
2662. Verification And Validation Process
2663. Apply, Cognizant-Of, Design, 
2664. Influence, Perform, Plan, 
2665. Propose, Report, Select, 
2666. Verify
2667. Voice Communications Security
2668. Apply, Evaluate, Integrate, 
2669. Propose, Test, Use, Verify
2670. Voice Mail Security
2671. Apply, Evaluate, Integrate, 
2672. Propose, Test, Use, Verify
2673. Wide Area Network Security
2674. Address, Apply, Builds-In, 
2675. Design, Evaluate, Propose, 
2676. Select, Use, Verify
2677. Workstation Security
2678. Apply, Design, Evaluate, 
2679. Influence, Propose, Select, 
2680. Use, Verify
2681. Zone Of Control/Zoning
2682. Cognizant-Of, Comply-With, 
2683. Propose, Use
2684.  
2685.  
2686.  
2687.  
2688.  
2689.  
2690.  
2691. Using and Operating AIS Securely
2692.  
2693. From the Unified Taxonomy Model, Using and Operating Information Systems Securely represents 
2694. one of the areas where individuals are expected to know details about the specific items and perform 
2695. specific tasks. The Using and Operating Information Systems Securely category contains knowledge 
2696. that addresses activities used in an operational environment to ensure that information systems are 
2697. operated and used securely. These activities also use much of the encyclopedic knowledge. The 
2698. knowledge and performance areas are reported here with the appropriate verbs that should be used to 
2699. develop the behavioral objectives and instruction.
2700.  
2701.  
2702. Access Authorization
2703. Change, Verify, Generates
2704. Access Control Policies
2705. Defend, Explain, Revise, Write, 
2706. Evaluate, Use
2707. Access Control Software
2708. Evaluate, Identify, Propose, 
2709. Select, Use
2710. Access Controls
2711. Evaluate, Identify, Propose, 
2712. Select, Use
2713. Access Privileges
2714. Describe, Design, Evaluate, 
2715. Modify, Use
2716. Account Administration
2717. Cognizant-Of, Use
2718. Accountability
2719. Support, Verify
2720. Accountability For Sensitive Data
2721. Defend, Define, Describe, 
2722. Evaluate, Verify
2723. Administrative Security
2724. Apply, Follows, Initiate, Interpret
2725. Administrative Security Policies 
2726. And Procedures
2727. Apply, Follows, Influence, 
2728. Propose, 
2729. Agency-Specific Security Policies
2730. Apply, Follows, Influence, 
2731. Propose
2732. Aggregation
2733. Define, Discuss, Evaluate, 
2734. Identify, Points Out, 
2735. Questions, Solves
2736. Alarms. Signals And Report
2737. Evaluate, Propose, Select, Use
2738. Applications Security
2739. Defend, Define, Evaluate, Use
2740. Assessments (E.G.. Surveys. 
2741. Inspections)
2742. Assist, Evaluate, Initiate, 
2743. Interpret, Perform
2744. Audit
2745. Assist, Evaluate, Influence, 
2746. Interpret, Reads, Reply, 
2747. Support
2748. Audit Trails And Logging
2749. Defend, Define, Interpret, Reads, 
2750. Use
2751. Audit Trails And Logging Policies
2752. Defend, Define, Evaluate, 
2753. Interpret, Justify, Modify, 
2754. Use, Write
2755. Auditing Tools
2756. Evaluate, Identify, Propose, 
2757. Select, Use
2758. Authentication
2759. Cognizant-Of, Use
2760. Automated Security Tools
2761. Evaluate, Identify, Propose, 
2762. Select, Use
2763. Backups(Data. Software. Etc.)
2764. Influence, Initiate, Justify, 
2765. Perform, Propose, Verify
2766. Biometrics
2767. Justify, Select, Use
2768. Cabling
2769. Evaluate, Identify, Influence, 
2770. Propose, Select, Use
2771. Call-Back Security
2772. Justify, Propose, Select, Use
2773. Caller Id
2774. Justify, Propose, Use
2775. Change Control Policies
2776. Apply, Use
2777. Change Controls
2778. Apply, Use
2779. Classified Materials(Eg. Handling 
2780. And Sh
2781. Identify, Labels, Report, Use
2782. Client/Server Security
2783. Apply, Propose, Select, Use
2784. Common Carrier Security
2785. Cognizant -Of, Use
2786. Communications Center Security
2787. Cognizant-Of, Influence, Use
2788. Computer Abuse
2789. Corrects, Define, Evaluate, 
2790. Identify, Report, Verify
2791. Computer Emergency Response 
2792. Team(CERT)
2793. Describe, Identify, Points To, Use
2794. COMSEC Accounting
2795. Cognizant-Of
2796. COMSEC Custodian
2797. Identify, Support
2798. COMSEC Material Destruction 
2799. Procedures
2800. Cognizant-Of, Use
2801. COMSEC Material Identification & 
2802. Invent
2803. Assist, Comply, Support
2804. Confidentiality
2805. Define, Influence, Promote, 
2806. Verify
2807. Consequences
2808. Define, Identify, Illustrate
2809. Contingency Plan Testing
2810. Describe, Design, Evaluate, 
2811. Perform
2812. Contingency Planning
2813. Describe, Design, Evaluate, 
2814. Influence, Interpret, Perform, 
2815. Use, Verify
2816. Continuity Planning
2817. Describe, Design, Evaluate, 
2818. Influence, Interpret, Perform, 
2819. Use, Verify
2820. Contracting For Security Services
2821. Assist, Discuss, Evaluate, 
2822. Influence, Justify, Propose, 
2823. Reviews
2824. Coordination With Related 
2825. Disciplines
2826. Builds, Defend, Demonstrate, 
2827. Discuss, Evaluate, Identify, 
2828. Influence, Invite, Justify, 
2829. Propose, Select, Use
2830. Copyright Protection And Licensing
2831. Adhere, Follows, Support, Use
2832. Corrective Actions
2833. Assist, Defend, Discuss, 
2834. Influence, Initiate, Propose, 
2835. Recommends, Report
2836. Countermeasures
2837. Combine, Compare, Create, 
2838. Defend, Define, Describe, 
2839. Evaluate, Identify, Influence, 
2840. Initiate, Integrate, Justify, 
2841. Modify, Practice, Present, 
2842. Propose, Use, Verify
2843. Criminal Prosecution
2844. Defend, Influence, Propose, 
2845. Support
2846. Critical Systems
2847. Describe, Propose, Select, 
2848. Support, Use
2849. Customer Service Orientation
2850. Answers, Assist, Helps, Influence, 
2851. Listens, Support, Shows, 
2852. Tells
2853. Data Access Control
2854. Defend, Define, Design, Explain, 
2855. Identify, Initiate, Interpret, 
2856. Justify, Modify, Support, Use, 
2857. Verify
2858. Data Processing Center Security
2859. Cognizant-Of, Influence, Use
2860. Database Integrity
2861. , Define, Describe, Design, 
2862. Explain, Identify, Initiate, 
2863. Integrate, Justify, Support, 
2864. Use, Verify
2865. Dedicated Mode
2866. Apply, Defend, Describe, Initiate, 
2867. Propose, Select, Use, Verify
2868. Delegation Of Authority
2869. Cognizant-Of
2870. Denial Of Service
2871. Corrects, Discovers, Solves
2872. Detective Controls
2873. Describe, Use, Verify
2874. Dial Number Indicator
2875. Cognizant-Of, Propose, Use
2876. Dial-Up Security
2877. Cognizant-Of, Define, Justify, 
2878. Operate, Propose, Select, 
2879. Support, Use, Verify
2880. Disaster Recovery
2881. Comply, Conforms, Use
2882. Disaster Recovery Plan Testing
2883. Describe, Design, Evaluate, 
2884. Perform, Plan, Propose, 
2885. Verify
2886. Disaster Recovery Planning
2887. Assist, Defend, Design, Evaluate, 
2888. Rewrite, Support, Use, Write
2889. Disclosure Of Sensitive Data
2890. Discovers, Evaluate, Points Out
2891. Discretionary Access Control
2892. Defend, Define, Design, Evaluate, 
2893. Initiate, Modify, Propose, 
2894. Use, Verify
2895. Disgruntled Employees
2896. Controls, Hammers, Identify, 
2897. Points To, Questions
2898. Diskless Workstations
2899. Cognizant-Of, Use
2900. Disposition Of Classified 
2901. Information
2902. Comply, Perform, Verify
2903. Disposition Of Media & Data
2904. Comply, Perform, Verify
2905. Distributed Systems Security
2906. Apply, Define, Describe, 
2907. Evaluate, Integrate, Justify, 
2908. Operate, Propose, Use, Verify
2909. Document Labeling
2910. Complies-With, Perform, Use, 
2911. Verify
2912. Documentation
2913. Describe, Modify, Use, Write
2914. Drop-Off/Add-On Protection(Piggy 
2915. Backing
2916. Cognizant-Of, Propose, Use
2917. Due Care
2918. Complies-With, Evaluate, 
2919. Initiate, Integrate, Interpret, 
2920. Justify, Use, Verify
2921. Education. Training And Awareness
2922. Cognizant-Of, Defend, Define, 
2923. Give, Identify, Initiate, 
2924. Integrate, Justify, Perform, 
2925. Propose, Select, Shows, 
2926. Support, Use, Verify
2927. Electromagnetic Countermeasures
2928. Apply, Cognizant-Of, Integrate, 
2929. Select, Use, Verify
2930. Electromagnetic Interference
2931. Cognizant-Of, Corrects
2932. Electronic Data Interchange
2933. Complies-With, Explain, Justify, 
2934. Use, Verify
2935. Electronic Funds Transfer
2936. Complies-With, Initiate, Report, 
2937. Use
2938. Electronic Key Management System
2939. Apply, Integrate, Support, Use
2940. Electronic Monitoring
2941. Apply, Defend, Define, Discovers, 
2942. Evaluate, Identify, Initiate, 
2943. Integrate, Justify, Perform, 
2944. Plan, Practice, Report, Use, 
2945. Verify
2946. Electronic Records Management
2947. Complies-With, Evaluate, 
2948. Initiate, Integrate, Perform, 
2949. Report, Use, Verify
2950. Electronic-Mail Privacy
2951. Complies-With, Defend, 
2952. Evaluate, Justify, Use, Verify
2953. Electronic-Mail Security
2954. Complies-With, Defend, Define, 
2955. Evaluate, Influence, Initiate, 
2956. Integrate, Select, Use, Verify
2957. Emanations Security
2958. Apply, Use
2959. Emergency Destruction
2960. Complies-With, Initiate, Justify, 
2961. Plan, Report, Use, Verify
2962. Emergency Destruction Procedures
2963. Complies-With, Defend, Initiate, 
2964. Justify, Modify, Perform, 
2965. Report, Use, Verify, Write
2966. Encryption Modes
2967. Cognizant-Of, Propose, Use
2968. End User Computing Security
2969. Corrects, Define, Describe, 
2970. Evaluate, Identify, Influence, 
2971. Initiate, Justify, Modify, 
2972. Perform, Plan, Practice, 
2973. Present, Propose, Questions, 
2974. Support, Use, Verify, Write
2975. Entrapment
2976. Cognizant-Of, Describe, 
2977. Evaluate, Verify
2978. Environmental Controls
2979. Apply, Design, Identify, Initiate, 
2980. Integrate, Justify, Use
2981. Environmental/Natural Threats
2982. Cognizant-Of
2983. Error Logs
2984. Assemble, Design, Evaluate, 
2985. Interpret, Reads, Use
2986. Ethics
2987. Apply, Complies-With, Defend
2988. Evidence Acceptability
2989. Cognizant-Of
2990. Evidence Collection And 
2991. Preservation
2992. Assist, Complies-With, Support
2993. Expert Security/Audit Tools
2994. Apply, Influence, Propose, Use
2995. Expert Systems
2996. Cognizant-Of, Propose, Select, 
2997. Use
2998. Facility Management
2999. Assist, Cognizant-Of, Influence, 
3000. Practice, Support
3001. Fax Security
3002. Apply, Propose, Select, Use
3003. Filtered Power
3004. Cognizant-Of, Propose, Use
3005. Fire Prevention And Protection
3006. Apply, Cognizant-Of, Use
3007. Fraud
3008. Cognizant-Of, Corrects, Describe, 
3009. Evaluate, Prevents, Verify
3010. Fraud. Waste And Abuse
3011. Corrects, Define, Evaluate, 
3012. Prevents
3013. Frequency Hopping
3014. Apply, Cognizant-Of, Propose, 
3015. Use
3016. Generally Accepted Systems 
3017. Security Principles
3018. Cognizant-Of, Complies-With, 
3019. Describe, Identify, Influence, 
3020. Interpret, Use
3021. Grounding
3022. Apply, Cognizant-Of, Use
3023. Hackers And Unauthorized Users
3024. Control, Discover, Dismantle, 
3025. Hammer, Identify, Prevent
3026. Hardware Asset Management
3027. Apply, Influence, Initiate, 
3028. Perform, Support
3029. Housekeeping Procedures
3030. Apply, Cognizant-Of, Perform, 
3031. Support, Use
3032. Human Intelligence (Humint)
3033. Cognizant-Of, Use
3034. Human Threats
3035. Cognizant-Of, Controls, Prevents
3036. Identification & Authentication
3037. Apply, Cognizant-Of, Use
3038. Incident Response
3039. Evaluate, Initiate, Perform, 
3040. Report, Use
3041. Industrial Espionage
3042. Cognizant-Of, Controls, Describe, 
3043. Prevents, Report
3044. Information Availability
3045. Define, Influence, Promote, 
3046. Verify
3047. Information Categorization
3048. Define, Differentiate, Identify, 
3049. Interpret, Labels, Propose, 
3050. Revise, Use
3051. Information Classification
3052. Apply, Define, Differentiate, 
3053. Identify, Labels, Use
3054. Information Confidentiality
3055. Define, Influence, Promote, 
3056. Support, Verify
3057. Information Criticality
3058. Information Integrity
3059. Define, Influence, Promote, 
3060. Support, Verify
3061. Information Ownership
3062. Define, Identify, Labels, Name, 
3063. Verify
3064. Information Resource 
3065. Owner/Custodian
3066. Define, Identify, Labels, Name, 
3067. Verify
3068. Information Sensitivity
3069. Apply, Define, Differentiate, 
3070. Identify, Labels, Use
3071. Information State
3072. Apply, Cognizant-Of, Use
3073. Information Systems Security 
3074. Officer
3075. Acts, Assist, Defend, Identify, 
3076. Influence, Listens, Locate, 
3077. Support
3078. Information Valuation
3079. Apply, Cognizant-Of, Propose, 
3080. Support, Use
3081. Integrity
3082. Define, Influence, Promote, 
3083. Support, Verify
3084. Internal Controls And Security
3085. Apply, Cognizant-Of, Influence, 
3086. Propose, Select, Use
3087. INTERNET Security
3088. Questions, Use
3089. Intrusion Detection
3090. Apply, Cognizant-Of, Propose, 
3091. Use
3092. Intrusion Deterrents
3093. Apply, Cognizant-Of, Propose, 
3094. Use, Verify
3095. Investigation Of Security Breaches
3096. Propose, Recommend, Support
3097. Investigative Authorities
3098. Assist, Cognizant-Of, Identify, 
3099. Select, Support
3100. Is/It Asset Valuation
3101. Apply, Influence, Initiate, 
3102. Perform, Support
3103. Key Management
3104. Apply, Integrate, Support, Use
3105. Keystroke Monitoring
3106. Apply, Cognizant-Of, Evaluate, 
3107. Propose, Use, Verify
3108. Labeling
3109. Apply, Cognizant-Of, Use
3110. Law Enforcement Interfaces
3111. Assist, Propose, Support, Use
3112. Least Privilege
3113. Apply, Propose, Select, Use, 
3114. Verify
3115. List-Based Access Controls
3116. Apply, Propose, Select, Use, 
3117. Verify
3118. Local Area Network Security
3119. Apply, Follows, Initiate, Propose, 
3120. Support
3121. Logs And Journals
3122. Complies-With, Propose, Use
3123. Low Power
3124. Apply, Propose, Use
3125. Magnetic Remanance
3126. Apply, Cognizant-Of, Controls
3127. Malicious Code
3128. Cognizant-Of, Controls, Describe, 
3129. Report
3130. Mandatory Access Control
3131. Apply, Follows, Initiate, Support, 
3132. Use, Verify
3133. Marking Of Media
3134. Apply, Follows, Initiate, Support, 
3135. Use
3136. Marking Of Sensitive Information
3137. Apply, Follows Initiate, Support, 
3138. Use, Verify
3139. Media Convergence
3140. Explain, Synthesizes
3141. Message Authentication Codes
3142. Comply, Initiate, Use, Verify
3143. Metrics
3144. Apply, Select, Use
3145. Mobile Workstation Security
3146. Apply, Propose, Select, Use
3147. Modes Of Operation
3148. Cognizant-Of, Propose, Use
3149. Monitoring
3150. Apply, Cognizant-Of, Evaluate, 
3151. Propose, Use, Verify
3152. Multilevel Processing
3153. Cognizant-Of, Propose, Use
3154. Multilevel Security
3155. Apply, Cognizant-Of, Propose, 
3156. Use
3157. Need-To-Know Controls
3158. Apply, Initiate, Practice, Support, 
3159. Use, Verify
3160. Network Firewalls
3161. Cognizant-Of, Propose, Use
3162. Network Monitoring
3163. Apply, Cognizant-Of, Evaluate, 
3164. Propose, Use, Verify
3165. Network Security
3166. Apply, Propose, Select, Use
3167. Network Security Software
3168. Apply, Initiate, Propose, Select, 
3169. Use, Verify
3170. Non-Repudiation
3171. Apply, Cognizant-Of, Propose, 
3172. Use, Verify
3173. Object Labeling
3174. Apply, Follows Initiate, Support, 
3175. Use, Verify
3176. Off-Site Security (Information, 
3177. Processing)
3178. Define, Defend, Evaluate, 
3179. Influence, Justify, Perform, 
3180. Plan, Support, Use
3181. One-Time Passwords
3182. Apply, Initiate, Propose, Select, 
3183. Use, Verify
3184. Operating System Integrity
3185. Define, Influence, Promote, 
3186. Support, Verify
3187. Operations Security
3188. Apply, Follows, Propose, Select, 
3189. Support, Use
3190. Optical/Imaging Systems Security
3191. Apply, Describe, Defend, 
3192. Evaluate, Influence, Initiate, 
3193. Propose, Select, Use
3194. Password Management
3195. Apply, Defend, Define, Influence, 
3196. Propose, Support, Use, Verify
3197. Penetration Testing
3198. Cognizant-Of
3199. Physical Security
3200. Apply, Follows, Influence, 
3201. Propose, Select, Support, Use
3202. Platform-Specific Security
3203. Apply, Follows, Influence, 
3204. Initiate, Propose, Perform, 
3205. Select, Support, Use, Verify
3206. Policy Enforcement
3207. Defend, Evaluate, Influence, 
3208. Initiate, Propose, Select, 
3209. Support, Use, Verify
3210. Power Controls (Ups. Emergency 
3211. Power)
3212. Apply, Initiate, Propose, Use
3213. Practices
3214. Apply, Evaluate, Follows, 
3215. Propose, Select, Support, Use
3216. Preventive Controls
3217. Apply, Describe, Evaluate, 
3218. Identify, Influence, Initiate, 
3219. Integrate, Justify, Use
3220. Privacy
3221. Apply, Evaluate, Follows, 
3222. Propose, Select, Support, Use
3223. Privileges (Class. Nodes)
3224. Apply, Identify, Labels, Propose, 
3225. Initiate, Support, Use, Verify
3226. Procedures
3227. Apply, Evaluate, Follows, 
3228. Propose, Select, Support, Use
3229. Professional Interfaces
3230. Builds, Defend, Demonstrate, 
3231. Discuss, Evaluate, Identify, 
3232. Influence, Invite, Justify, 
3233. Propose, Select, Use
3234. Protection From Malicious Code
3235. Controls, Describe, Defend, 
3236. Evaluate, Influence, Initiate, 
3237. Perform, Plan, Select, Use, 
3238. Verify
3239. Quality Assurance
3240. Apple, Describe, Influence, 
3241. Support, Verify
3242. Remanance
3243. Apply, Cognizant-Of, Controls
3244. Remote Terminal Protection 
3245. Devices
3246. Apply, Describe, Defend, 
3247. Evaluate, Influence, Initiate, 
3248. Propose, Select, Use
3249. Risks
3250. Define, Defend, Evaluate, Identify
3251. Role-Based Access Controls
3252. Apply, Describe, Evaluate, 
3253. Identify, Influence, Initiate, 
3254. Integrate, Justify, Use
3255. Roles And Responsibilities
3256. Apply, Describe, Defend, 
3257. Evaluate, Influence, Initiate, 
3258. Propose, Select, Use
3259. Rules-Based Access Control
3260. Apply, Describe, Evaluate, 
3261. Identify, Influence, Initiate, 
3262. Integrate, Justify, Use
3263. Safeguards
3264. Apply, Describe, Defend, 
3265. Evaluate, Influence, Initiate, 
3266. Propose, Select, Use
3267. Safety
3268. Apply, Describe, Defend, 
3269. Evaluate, Influence, Initiate, 
3270. Propose, Select, Support, Use
3271. Satellite Communications Security
3272. Apply, Describe, Influence, 
3273. Propose, Support, Use
3274. Secure System Operations
3275. Define, Describe, Evaluate, 
3276. Influence, Justify, Perform, 
3277. Propose, Support, Use, Verify
3278. Security Architecture
3279. Cognizant-Of, Use
3280. Security Awareness
3281. Apply, Defend, Describe, Design, 
3282. Explain, Influence, Initiate, 
3283. Perform, Propose, Support, 
3284. Use, Plan, Practices
3285. Security Education
3286. Apply, Defend, Describe, 
3287. Influence, Initiate, Propose, 
3288. Support, Use
3289. Security Product Integration
3290. Apply, Define, Describe, 
3291. Evaluate, Influence, Justify, 
3292. Perform, Propose, Support, 
3293. Use, Verify
3294. Security Training
3295. Apply, Defend, Describe, 
3296. Influence, Initiate, Propose, 
3297. Support, Use
3298. Security Violations Reporting 
3299. Process
3300. Defend, Define, Describe, Design, 
3301. Evaluate, Identify, Influence, 
3302. Initiate, Justify, Perform, 
3303. Plan, Use, Verify
3304. Sensitive System
3305. Define, Describe, Evaluate, 
3306. Identify, Influence, Propose, 
3307. Select, Support, Use
3308. Separation Of Duties
3309. Defend, Define, Describe, Design, 
3310. Evaluate, Identify, Influence, 
3311. Initiate, Justify, Perform, 
3312. Plan, Use, Verify
3313. Single Sign-On
3314. Apply, Initiate, Propose, Select, 
3315. Use, Verify
3316. Smartcards/Token Authentication
3317. Apply, Propose, Initiate, Select, 
3318. Support, Use, Verify
3319. Social Engineering
3320. Cognizant-Of, Controls, Describe, 
3321. Report
3322. Software Asset Management
3323. Apply, Defend, Define, Influence, 
3324. Propose, Support, Use, Verify
3325. Software Piracy
3326. Controls, Describe, Defend, 
3327. Evaluate, Influence, Initiate, 
3328. Perform, Plan, Select, Use, 
3329. Verify
3330. Software Security
3331. Apply, Follows, Influence, 
3332. Initiate, Propose, Perform, 
3333. Select, Support, Use, Verify
3334. Spoofing
3335. Controls, Describe, Evaluate, 
3336. Verify
3337. Storage Area Controls
3338. Apply, Describe, Evaluate, 
3339. Identify, Influence, Initiate, 
3340. Integrate, Justify, Use
3341. Storage Media Protection And 
3342. Control
3343. Apply, Describe, Evaluate, 
3344. Identify, Influence, Initiate, 
3345. Integrate, Justify, Use, Verify
3346. System-High Mode
3347. Apply, Initiate, Propose, Justify, 
3348. Support, Use, Verify
3349. Technical Surveillance 
3350. Countermeasures
3351. Apply, Cognizant-Of, Define, 
3352. Defend, Evaluate, Influence, 
3353. Propose, Use, Verify
3354. Technological Threats
3355. Define, Discovers, Evaluate, 
3356. Identify, Lists, Report, Study, 
3357. Verify
3358. Tempest
3359. Apply, Use
3360. Threat
3361. Define, Discovers, Evaluate, 
3362. Identify, Lists, Report, Study, 
3363. Verify
3364. Traffic Analysis
3365. Apply, Initiate, Propose, Support, 
3366. Use, Verify
3367. Transportation Of Media
3368. Controls, Perform
3369. Unauthorized Disclosure Of 
3370. Information
3371. Define, Controls, Describe, 
3372. Evaluate, Report
3373. Voice Communications Security
3374. Apply, Follows, Propose, Select, 
3375. Support, Use, Verify
3376. Voice Mail Security
3377. Apply, Follows, Propose, Select, 
3378. Support, Use, Verify
3379. Vulnerability Analysis
3380. Assist, Evaluate, Initiate, 
3381. Interpret, Perform, Use, 
3382. Verify
3383. Warranties
3384. Cognizant-Of, Reads, Use
3385. Wide Area Network Security
3386. Apply, Follows, Propose, Select, 
3387. Support, Use, Verify
3388. Witness Interviewing/Interrogation
3389. Initiate, Perform, Support, 
3390. Report, Use
3391. Workstation Security
3392. Apply, Follows, Propose, Select, 
3393. Support, Use, Verify
3394. Zone Of Control/Zoning
3395. Apply, Use, Verify
3396.  
3397.  
3398.  
3399.  
3400.  
3401.  
3402. The OUNKNOWN GODO
3403. In both DACUM II and DACUM III the OOtherO category was often referred to as the unknown 
3404. god .  
3405.  
3406. In this case it represents items which the group agreed belonged in the Unified taxonomy document; 
3407. however, they could not decide where they actually belonged.
3408.  
3409. Several others have been proposed and may be added in the future.
3410.  
3411. Electronic Funds Transfer
3412. Adhere, Choose, Comply, Conclude, Conforms, Connects, Define, Describe, Evaluate, Explain, Initiate, Integrate, 
3413. Interpret, Justify, Plan, Points Out, Points To, Produce, Rearrange, Report, Separate, Support, Use, Verify
3414. Peer-To-Peer Security
3415. Contrasts, Categorize, Design, Discuss, Evaluate, Influence, Justify, Operate, Select, Write, Cleans
3416. Reconciliation
3417. Describe, Discuss, Support, Conforms, Connects, Identify
3418. Social Engineering
3419. Acts, Answers, Asks, Compare, Conclude, Define, Differentiate, Discuss, Generalize, Identify, Illustrate, Interpret, 
3420. Questions, Report, Verify, Write
3421. Standalone Systems And Remote Terminals
3422. Appraise, Assist, Compare, Define, Evaluate, Propose, Questions
3423. Contractor Security Standards
3424. Define, Describe, Design, Evaluate, Explain, Sets, State, Support, Write
3425.  
3426.  
3427.  
3428. The Maslow Hierarchy Verbs
3429.  
3430. In order to establish the characteristics of the information systems profession, the participants were 
3431. asked to ascribe verbs to each of the activities established in the CBK.  The participants did not know 
3432. the verb categories in advance.  This allowed us to break down the common body of knowledge into 
3433. each of the three domains and their respective sub categories.
3434.  
3435. Folder List
3436. Affective Domain
3437. Receiving
3438.     Example: The student will be able to ask proper questions, use systems, and follow direction ...
3439. Responding
3440.     Example: The student will demonstrate an interest and commitment to the profession ...
3441. Valuing
3442.     Example: The student will be demonstrate a continuing desire to learn by reading and self development...
3443. Organization
3444.     Example: The student will demonstrate the ability to adhere to, synthesize, organize, alter and compare sys-
3445. tems ...
3446. Value Complex
3447.     Example: The student will be able to lead discussions, freely express opinions, and form abstract relation-
3448. ships ...
3449. Cognitive Domain
3450. Knowledge
3451.     Example: The student will be able to define the terms ...
3452. Comprehension
3453.     Example: The student will be able to give his/her own examples of ...
3454. Application
3455.     Example: Given appropriate data, the student will be able to solve a problem ...
3456. Analysis
3457.     Example: The student will be able to detect discrepancies between two representative systems ...
3458. Synthesis
3459.     Example: The student will be able to create a hypothetical security system ...
3460. Evaluation
3461.     Example: The student will be able to evaluate objectively two working systems ...
3462. Psychomotor Domain
3463.  
3464.  
3465.  
3466. The verb list may be used to aid in the development of behavioral objectives and instructional mate-
3467. rials.  
3468.  
3469. For example, selecting receiving from within the affective domain, one might state that the student 
3470. shall be able to form appropriate questions about {Access Control Policies; Access Control Software; 
3471. Access Controls; Access Privileges; Account Administration; Accountability for Sensitive Data; 
3472. Administrative Security; Administrative Security Policies and Procedures}. One would then be able to 
3473. discuss how to aid the student in these areas.
3474.  
3475.  
3476. This report lists all ideas for each Maslow category.
3477.  
3478.  
3479.  
3480. Affective Domain
3481.  
3482.  
3483. Receiving
3484.  
3485. Access Control Policies
3486. Access Control Software
3487. Access Controls
3488. Access Privileges
3489. Account Administration
3490. Accountability for Sensitive Data
3491. Administrative Security
3492. Administrative Security Policies and 
3493. Procedures
3494. Agency-Specific Security Policies
3495. Aggregation
3496. Alarms. Signals and Report
3497. Applications Security
3498. Audit
3499. Audit Trails and Logging
3500. Audit Trails and Logging Policies
3501. Auditing Tools
3502. Authentication
3503. Automated Security Tools
3504. Background Investigations
3505. Basic/Generic Management Issues
3506. Biometrics
3507. Business Aspects of Information 
3508. Security
3509. Cabling
3510. Call-Back Security
3511. Caller ID
3512. Change Control Policies
3513. Change Controls
3514. Classified Materials(e.g.. Handling 
3515. and Sh
3516. Client/Server Security
3517. Common Carrier Security
3518. Communications Center Security
3519. Communications Security Policies and 
3520. Guidelines
3521. Computer Abuse
3522. Computer Emergency Response 
3523. Team(CERT)
3524. Computer Matching Responsibilities
3525. COMSEC Accounting
3526. COMSEC Custodian
3527. COMSEC Material Destruction 
3528. Procedures
3529. COMSEC Material Identification & 
3530. Inventory
3531. COMSEC Testing
3532. Configuration Management
3533. Conformance Testing
3534. Consequences
3535. Contingency Plan Testing
3536. Contingency Planning
3537. Continuity Planning
3538. Contracting for Security Services
3539. Contracts, Agreements & Other 
3540. Obligations
3541. Coordination with Related Disciplines
3542. Copyright Protection and Licensing
3543. Corrective Actions
3544. Cost/Benefit Analysis
3545. Countermeasures
3546. Criminal Prosecution
3547. Critical Systems
3548. Cryptographic Techniques
3549. Cryptography
3550. Cryptovariable
3551. Customer IT Security Needs
3552. Customer Service Orientation
3553. Data Access Control
3554. Data Processing Center Security
3555. Dedicated Line
3556. Dedicated Mode
3557. Delegation of Authority
3558. Detective Controls
3559. Development (Life Cycle)
3560. Dial Number Indicator
3561. Dial-up Security
3562. Disaster Recovery
3563. Disaster Recovery Plan Testing
3564. Disaster Recovery Planning
3565. Discretionary Access Control
3566. Disgruntled Employees
3567. Diskless Workstations
3568. Disposition of Classified Information
3569. Distributed Systems Security
3570. Document Labeling
3571. Documentation
3572. Documentation Policies
3573. Drop-off/Add-on Protection(Piggy 
3574. Backing
3575. Due Care
3576. Education. Training and Awareness
3577. Electromagnetic Countermeasures
3578. Electronic Data Interchange
3579. Electronic Funds Transfer
3580. Electronic Key Management System
3581. Electronic Monitoring
3582. Electronic Records Management
3583. Electronic-Mail Privacy
3584. Electronic-Mail Security
3585. Emanations Security
3586. Emergency Destruction
3587. Emergency Destruction Procedures
3588. Encryption Modes
3589. End User Computing Security
3590. Entrapment
3591. Environmental Controls
3592. Error Logs
3593. Ethics
3594. Evaluated Products
3595. Evaluation Techniques
3596. Expert Security/Audit Tools
3597. Expert Systems
3598. Facilities Planning
3599. Fault Tolerance
3600. FAX Security
3601. Filtered Power
3602. Fire Prevention and Protection
3603. Firmware Security
3604. Formal Methods for Security Design
3605. Fraud
3606. Frequency Hopping
3607. Generally Accepted Systems Security 
3608. Principles
3609. Grounding
3610. Guidelines
3611. Hackers and Unauthorized users
3612. Housekeeping Procedures
3613. Human Intelligence (HUMINT)
3614. Identification & Authentication
3615. Incident Response
3616. Industrial Espionage
3617. Inference Engine
3618. Information Categorization
3619. Information Classification
3620. Information Ownership
3621. Information Resource 
3622. Owner/Custodian
3623. Information Security Policy
3624. Information Sensitivity
3625. Information State
3626. Information Systems Security Officer
3627. Information Valuation
3628. Insurance
3629. Internal Controls and Security
3630. International Security Considerations
3631. INTERNET Security
3632. Intrusion Detection
3633. Intrusion Deterrents
3634. Investigation of Security Breaches
3635. Investigative Authorities
3636. IS/IT Asset Valuation
3637. Isolation and Mediation
3638. Jamming
3639. Kernel
3640. Key Management
3641. Keystroke Monitoring
3642. Labeling
3643. Law Enforcement Interfaces
3644. Leased-line Networks
3645. Least Privilege
3646. Legal and Liability Issues
3647. Lessons Learned
3648. Line Authentication
3649. Line of sight
3650. List-based access controls
3651. Local Area Network Security
3652. Logs and Journals
3653. Low Power
3654. Malicious Code
3655. Management of the Security Function
3656. Mandatory Access Control
3657. Marking of Media
3658. Marking of Sensitive Information
3659. Memory (Non-volatile)
3660. Memory (Random)
3661. Memory (Sequential)
3662. Memory (Volatile)
3663. Message Authentication Codes
3664. Metrics
3665. Microwave/Wireless Communications 
3666. Security
3667. Mobile Workstation Security
3668. Modes of Operation
3669. Monitoring
3670. Multilevel Processing
3671. Multilevel Security
3672. Need-to-know Controls
3673. Network communications protocols
3674. Network Firewalls
3675. Network Monitoring
3676. Network Security
3677. Network Security Software
3678. Network Topology
3679. Non-inference Model
3680. Non-repudiation
3681. Object Labeling
3682. Off-site Security (Information, 
3683. Processing)
3684. Off-site Security (Information. 
3685. Processing)
3686. One-time Passwords
3687. Open Systems Interconnect (OSI) 
3688. Model
3689. Open Systems Security
3690. Operating System Integrity
3691. Operating System Security Features
3692. Operating Systems
3693. Operations Security
3694. Optical/Imaging Systems Security
3695. Oversight
3696. Password Management
3697. Peer-to-Peer Security
3698. Personnel Security Policies and 
3699. Guidance
3700. Physical Security
3701. Platform-specific Security
3702. Policy Development
3703. Policy Enforcement
3704. Position Sensitivity
3705. Power Controls (UPS. emergency 
3706. Power)
3707. Practices
3708. Preventive Controls
3709. Privacy
3710. Private Key Cryptology
3711. Privileges (Class. Nodes)
3712. Procedures
3713. Professional Interfaces
3714. Protection from Malicious Code
3715. Public Key Encryption
3716. Quality Assurance
3717. Reconciliation
3718. Redundancy
3719. Remote Terminal Protection Devices
3720. Risk Acceptance Process
3721. Risk Management
3722. Risks
3723. Role-based Access Controls
3724. Roles and Responsibilities
3725. Rules-based Access Control
3726. Safeguards
3727. Safety
3728. Satellite Communications Security
3729. Secure System Operations
3730. Security Architecture
3731. Security Awareness
3732. Security Education
3733. Security Product Integration
3734. Security Reviews
3735. Security Training
3736. Security Violations Reporting Process
3737. Sensitive System
3738. Separation of Duties
3739. Single Sign-on
3740. Smartcards/Token Authentication
3741. Social Engineering
3742. Software Asset Management
3743. Software Piracy
3744. Software Security
3745. Spoofing
3746. Standards of Conduct
3747. Storage Area Controls
3748. Storage Media Protection and Control
3749. System-high Mode
3750. Technical Surveillance 
3751. Countermeasures
3752. Technological Threats
3753. TEMPEST
3754. Threat
3755. Traffic Analysis
3756. Transportation of Media
3757. Unauthorized Disclosure of 
3758. Information
3759. Voice Communications Security
3760. Voice Mail Security
3761. Vulnerability Analysis
3762. Warranties
3763. Wide Area Network Security
3764. Witness Interviewing/Interrogation
3765. Workstation Security
3766. Zone of Control/Zoning
3767.  
3768. Responding
3769.  
3770. Access Control Policies
3771. Access Control Software
3772. Access Controls
3773. Aggregation
3774. Alarms. Signals and Report
3775. Assessments (e.g.. surveys. inspec-
3776. tions)
3777. Audit
3778. Audit Trails and Logging
3779. Audit Trails and Logging Policies
3780. Auditing Tools
3781. Automated Security Tools
3782. Backups(Data. Software. etc.)
3783. Basic/Generic Management Issues
3784. Biometrics
3785. Cabling
3786. Call-Back Security
3787. Certification
3788. Classified Materials(e.g. Handling and 
3789. Shipping)
3790. Classified Materials(e.g.. Handling 
3791. and Sh
3792. Client/Server Security
3793. Computer Abuse
3794. Computer Matching Responsibilities
3795. COMSEC Accounting
3796. COMSEC Material Destruction 
3797. Procedures
3798. COMSEC Material Identification & 
3799. Invent
3800. COMSEC Material Identification & 
3801. Inventory
3802. COMSEC Testing
3803. Conformance Testing
3804. Contingency Plan Testing
3805. Contingency Planning
3806. Continuity Planning
3807. Contracting for Security Services
3808. Contracts, Agreements & Other 
3809. Obligations
3810. Coordination with Related Disciplines
3811. Copyright Protection and Licensing
3812. Corrective Actions
3813. Cost/Benefit Analysis
3814. Countermeasures
3815. Critical Systems
3816. Customer IT Security Needs
3817. Customer Service Orientation
3818. Data Processing Center Security
3819. Dedicated Mode
3820. Delegation of Authority
3821. Dial-up Security
3822. Disaster Recovery
3823. Disaster Recovery Plan Testing
3824. Disaster Recovery Planning
3825. Disposition of Classified Information
3826. Disposition of Media & Data
3827. Distributed Systems Security
3828. Document Labeling
3829. Documentation
3830. Education. Training and Awareness
3831. Electromagnetic Countermeasures
3832. Electronic Funds Transfer
3833. Electronic Key Management System
3834. Electronic Monitoring
3835. Electronic Records Management
3836. Electronic-Mail Privacy
3837. Electronic-Mail Security
3838. Emergency Destruction
3839. Emergency Destruction Procedures
3840. End User Computing Security
3841. Error Logs
3842. Ethics
3843. Evaluated Products
3844. Evaluation Techniques
3845. Evidence Collection and Preservation
3846. Expert Security/Audit Tools
3847. Expert Systems
3848. Facilities Management
3849. Facilities Planning
3850. Facility Management
3851. Fault Tolerance
3852. FAX Security
3853. Firmware Security
3854. Fraud. Waste and Abuse
3855. Hackers and Unauthorized users
3856. Hardware Asset Management
3857. Housekeeping Procedures
3858. Identification & Authentication
3859. Implementation (Life Cycle)
3860. Incident Response
3861. Industrial Espionage
3862. Info Sys Security Program Budgeting
3863. Info Sys Security Program Planning
3864. Information Categorization
3865. Information Classification
3866. Information Ownership
3867. Information Resource 
3868. Owner/Custodian
3869. Information Sensitivity
3870. Information Systems Security Officer
3871. Information Valuation
3872. Insurance
3873. Internal Controls and Security
3874. Intrusion Detection
3875. Intrusion Deterrents
3876. Investigation of Security Breaches
3877. IS/IT Asset Valuation
3878. Keystroke Monitoring
3879. Law Enforcement Interfaces
3880. Least Privilege
3881. Legal and Liability Issues
3882. Lessons Learned
3883. Life Cycle System Security Planning
3884. List-based access controls
3885. Local Area Network Security
3886. Logs and Journals
3887. Malicious Code
3888. Management of the Security Function
3889. Marking of Media
3890. Marking of Sensitive Information
3891. Message Authentication Codes
3892. Metrics
3893. Mobile Workstation Security
3894. Monitoring (e.g.. data. line)
3895. Multilevel Processing
3896. Need-to-know Controls
3897. Network communications protocols
3898. Network Firewalls
3899. Network Monitoring
3900. Network Security
3901. Network Security Software
3902. Network Topology
3903. Off-site Security (Information, 
3904. Processing)
3905. Off-site Security (Information. 
3906. Processing)
3907. One-time Passwords
3908. Operating System Security Features
3909. Operations Security
3910. Optical/Imaging Systems Security
3911. Organizational Culture
3912. Oversight
3913. Password Management
3914. Peer-to-Peer Security
3915. Personnel Security Policies and 
3916. Guidance
3917. Physical Security
3918. Platform-specific Security
3919. Policy Development
3920. Policy Enforcement
3921. Position Sensitivity
3922. Practices
3923. Preventive Controls
3924. Privacy
3925. Private Key Cryptology
3926. Privileges (Class. Nodes)
3927. Procedures
3928. Professional Interfaces
3929. Protection from Malicious Code
3930. Public Key Encryption
3931. Quality Assurance
3932. Reconciliation
3933. Remote Terminal Protection Devices
3934. Risk Acceptance Process
3935. Risk Management
3936. Roles and Responsibilities
3937. Safeguards
3938. Safety
3939. Secure System Operations
3940. Security Awareness
3941. Security Education
3942. Security Product Integration
3943. Security Reviews
3944. Security Staffing Requirements
3945. Security Training
3946. Security Violations Reporting Process
3947. Sensitive System
3948. Separation of Duties
3949. Single Sign-on
3950. Smartcards/Token Authentication
3951. Social Engineering
3952. Software Asset Management
3953. Software Piracy
3954. Software Security
3955. Standalone Systems and Remote 
3956. Terminals
3957. Standards of Conduct
3958. Storage Area Controls
3959. Storage Media Protection and Control
3960. Technological Threats
3961. Threat
3962. Transportation of Media
3963. Unauthorized Disclosure of 
3964. Information
3965. Voice Communications Security
3966. Voice Mail Security
3967. Vulnerability Analysis
3968. Warranties
3969. Wide Area Network Security
3970. Witness Interviewing/Interrogation
3971. Workstation Security
3972. Zone of Control/Zoning
3973.  
3974. Valuing
3975.  
3976. Access Control Policies
3977. Access Control Software
3978. Access Controls
3979. Access Privileges
3980. Accountability for Sensitive Data
3981. Administrative Security
3982. Administrative Security Policies and 
3983. Procedures
3984. Agency-Specific Security Policies
3985. Alarms. Signals and Report
3986. Application Development Control
3987. Assessments (e.g.. surveys. inspec-
3988. tions)
3989. Assurance
3990. Audit
3991. Audit Trails and Logging
3992. Audit Trails and Logging Policies
3993. Auditing Tools
3994. Automated Security Tools
3995. Backups(Data. Software. etc.)
3996. Basic/Generic Management Issues
3997. Biometrics
3998. Business Aspects of Information 
3999. Security
4000. Cabling
4001. Call-Back Security
4002. Caller ID
4003. Certification
4004. Change Control Policies
4005. Classified Materials(e.g. Handling and 
4006. Shipping)
4007. Classified Materials(e.g.. Handling 
4008. and Sh
4009. Client/Server Security
4010. Communications Security Policies and 
4011. Guidelines
4012. Computer Abuse
4013. Computer Emergency Response 
4014. Team(CERT)
4015. Computer Matching Responsibilities
4016. COMSEC Accounting
4017. COMSEC Custodian
4018. COMSEC Material Destruction 
4019. Procedures
4020. COMSEC Material Identification & 
4021. Inventory
4022. COMSEC Testing
4023. Confidentiality
4024. Configuration Management
4025. Conformance Testing
4026. Contingency Plan Testing
4027. Contingency Planning
4028. Continuity Planning
4029. Contracting for Security Services
4030. Contracts, Agreements & Other 
4031. Obligations
4032. Coordination with Related Disciplines
4033. Copyright Protection and Licensing
4034. Corrective Actions
4035. Cost/Benefit Analysis
4036. Countermeasures
4037. Criminal Prosecution
4038. Critical Systems
4039. Cryptographic Techniques
4040. Cryptography
4041. Customer IT Security Needs
4042. Customer Service Orientation
4043. Data Access Control
4044. Data Processing Center Security
4045. Dedicated Line
4046. Dedicated Mode
4047. Delegation of Authority
4048. Detective Controls
4049. Development (Life Cycle)
4050. Dial Number Indicator
4051. Dial-up Security
4052. Disaster Recovery
4053. Disaster Recovery Plan Testing
4054. Disaster Recovery Planning
4055. Discretionary Access Control
4056. Disposition of Classified Information
4057. Disposition of Media & Data
4058. Distributed Systems Security
4059. Documentation
4060. Documentation Policies
4061. Drop-off/Add-on Protection(Piggy 
4062. Backing
4063. Due Care
4064. Education. Training and Awareness
4065. Electromagnetic Countermeasures
4066. Electromagnetic Interference
4067. Electronic Data Interchange
4068. Electronic Funds Transfer
4069. Electronic Key Management System
4070. Electronic Monitoring
4071. Electronic Records Management
4072. Electronic-Mail Privacy
4073. Electronic-Mail Security
4074. Emergency Destruction
4075. Emergency Destruction Procedures
4076. Encryption Modes
4077. End User Computing Security
4078. Entrapment
4079. Environmental Controls
4080. Error Logs
4081. Ethics
4082. Evaluated Products
4083. Evaluation Techniques
4084. Expert Security/Audit Tools
4085. Expert Systems
4086. Facilities Planning
4087. Fault Tolerance
4088. FAX Security
4089. Filtered Power
4090. Firmware Security
4091. Fraud
4092. Fraud. Waste and Abuse
4093. Frequency Hopping
4094. Generally Accepted Systems Security 
4095. Principles
4096. Guidelines
4097. Hackers and Unauthorized users
4098. Hardware Asset Management
4099. Incident Response
4100. Industrial Espionage
4101. Info Sys Security Program Budgeting
4102. Info Sys Security Program Planning
4103. Information Availability
4104. Information Categorization
4105. Information Classification
4106. Information Confidentiality
4107. Information Criticality
4108. Information Integrity
4109. Information Ownership
4110. Information Security Policy
4111. Information Sensitivity
4112. Information Valuation
4113. Insurance
4114. Integrity
4115. Internal Controls and Security
4116. International Security Considerations
4117. INTERNET Security
4118. Intrusion Detection
4119. Intrusion Deterrents
4120. Investigation of Security Breaches
4121. Investigative Authorities
4122. IS/IT Asset Valuation
4123. Isolation and Mediation
4124. Kernel
4125. Keystroke Monitoring
4126. Lattice Model
4127. Law Enforcement Interfaces
4128. Leased-line Networks
4129. Least Privilege
4130. Legal and Liability Issues
4131. Lessons Learned
4132. Life Cycle System Security Planning
4133. List-based access controls
4134. Local Area Network Security
4135. Logs and Journals
4136. Low Power
4137. Malicious Code
4138. Management of the Security Function
4139. Mandatory Access Control
4140. Marking of Media
4141. Marking of Sensitive Information
4142. Media Convergence
4143. Message Authentication Codes
4144. Metrics
4145. Microwave/Wireless Communications 
4146. Security
4147. Mobile Workstation Security
4148. Modes of Operation
4149. Monitoring
4150. Monitoring (e.g.. data. line)
4151. Multilevel Processing
4152. Multilevel Security
4153. Need-to-know Controls
4154. Network communications protocols
4155. Network Firewalls
4156. Network Monitoring
4157. Network Security
4158. Network Security Software
4159. Network Topology
4160. Non-repudiation
4161. Off-site Security (Information, 
4162. Processing)
4163. Off-site Security (Information. 
4164. Processing)
4165. One-time Passwords
4166. Open Systems Interconnect (OSI) 
4167. Model
4168. Open Systems Security
4169. Operating System Integrity
4170. Operating System Security Features
4171. Operating Systems
4172. Operations Security
4173. Optical/Imaging Systems Security
4174. Org.. Placement of the IS/IT Security 
4175. Function
4176. Organizational Culture
4177. Oversight
4178. Packet Filtering
4179. Password Management
4180. Peer-to-Peer Security
4181. Penetration Testing
4182. Personnel Security Policies and 
4183. Guidance
4184. Physical Security
4185. Platform-specific Security
4186. Policy Development
4187. Policy Enforcement
4188. Position Sensitivity
4189. Power Controls (UPS. emergency 
4190. Power)
4191. Practices
4192. Preventive Controls
4193. Privacy
4194. Private Key Cryptology
4195. Privileges (Class. Nodes)
4196. Procedures
4197. Professional Interfaces
4198. Protection from Malicious Code
4199. Public Key Encryption
4200. Quality Assurance
4201. Reconciliation
4202. Redundancy
4203. Remote Terminal Protection Devices
4204. Risk Acceptance Process
4205. Risk Management
4206. Role-based Access Controls
4207. Roles and Responsibilities
4208. Rules-based Access Control
4209. Safeguards
4210. Safety
4211. Satellite Communications Security
4212. Secure System Operations
4213. Security Architecture
4214. Security Awareness
4215. Security Education
4216. Security Product Integration
4217. Security Reviews
4218. Security Staffing Requirements
4219. Security Training
4220. Security Violations Reporting Process
4221. Sensitive System
4222. Separation of Duties
4223. Shielded Enclosures
4224. Single Sign-on
4225. Smartcards/Token Authentication
4226. Social Engineering
4227. Software Asset Management
4228. Software Licensing
4229. Software Piracy
4230. Software Security
4231. Spoofing
4232. Standalone Systems and Remote 
4233. Terminals
4234. Standards of Conduct
4235. Storage Area Controls
4236. Storage Media Protection and Control
4237. System-high Mode
4238. Technical Surveillance 
4239. Countermeasures
4240. Technological Threats
4241. Threat
4242. Traffic Analysis
4243. Transportation of Media
4244. Unauthorized Disclosure of 
4245. Information
4246. Voice Communications Security
4247. Voice Mail Security
4248. Vulnerability Analysis
4249. Warranties
4250. Wide Area Network Security
4251. Witness Interviewing/Interrogation
4252. Workstation Security
4253. Zone of Control/Zoning
4254.  
4255. Organization
4256.  
4257. Access Control Policies
4258. Access Control Software
4259. Access Controls
4260. Access Privileges
4261. Accountability for Sensitive Data
4262. Administrative Security Policies and 
4263. Procedures
4264. Agency-Specific Security Policies
4265. Aggregation
4266. Application Development Control
4267. Applications Security
4268. Assurance
4269. Audit Trails and Logging
4270. Audit Trails and Logging Policies
4271. Auditing Tools
4272. Automated Security Tools
4273. Basic/Generic Management Issues
4274. Business Aspects of Information 
4275. Security
4276. Cabling
4277. Certification
4278. Change Control Policies
4279. Classified Materials(e.g.. Handling 
4280. and Sh
4281. Common Carrier Security
4282. Communications Security Policies and 
4283. Guidelines
4284. Computer Abuse
4285. Computer Emergency Response 
4286. Team(CERT)
4287. Computer Matching Responsibilities
4288. COMSEC Custodian
4289. COMSEC Material Destruction 
4290. Procedures
4291. Consequences
4292. Contingency Plan Testing
4293. Contracts, Agreements & Other 
4294. Obligations
4295. Coordination with Related Disciplines
4296. Copyright Protection and Licensing
4297. Corrective Actions
4298. Cost/Benefit Analysis
4299. Countermeasures
4300. Criminal Prosecution
4301. Critical Systems
4302. Cryptographic Techniques
4303. Customer IT Security Needs
4304. Customer Service Orientation
4305. Data Access Control
4306. Data Processing Center Security
4307. Dedicated Line
4308. Dedicated Mode
4309. Delegation of Authority
4310. Development (Life Cycle)
4311. Disaster Recovery Plan Testing
4312. Disaster Recovery Planning
4313. Discretionary Access Control
4314. Disgruntled Employees
4315. Disposition of Classified Information
4316. Disposition of Media & Data
4317. Distributed Systems Security
4318. Documentation
4319. Documentation Policies
4320. Due Care
4321. Education. Training and Awareness
4322. Electromagnetic Countermeasures
4323. Electronic Data Interchange
4324. Electronic Funds Transfer
4325. Electronic Key Management System
4326. Electronic Monitoring
4327. Electronic Records Management
4328. Electronic-Mail Privacy
4329. Electronic-Mail Security
4330. Emergency Destruction Procedures
4331. End User Computing Security
4332. Environmental Controls
4333. Ethics
4334. Evaluated Products
4335. Evaluation Techniques
4336. Generally Accepted Systems Security 
4337. Principles
4338. Guidelines
4339. Hardware Asset Management
4340. Incident Response
4341. Industrial Espionage
4342. Info Sys Security Program Budgeting
4343. Info Sys Security Program Planning
4344. Information Categorization
4345. Information Classification
4346. Information Criticality
4347. Information Ownership
4348. Information Resource 
4349. Owner/Custodian
4350. Information Security Policy
4351. Information Sensitivity
4352. Information State
4353. Information Systems Security Officer
4354. Information Valuation
4355. Insurance
4356. Internal Controls and Security
4357. International Security Considerations
4358. INTERNET Security
4359. Intrusion Detection
4360. Intrusion Deterrents
4361. Investigation of Security Breaches
4362. Investigative Authorities
4363. IS/IT Asset Valuation
4364. Jamming
4365. Kernel
4366. Keystroke Monitoring
4367. Lattice Model
4368. Leased-line Networks
4369. Legal and Liability Issues
4370. Lessons Learned
4371. Life Cycle System Security Planning
4372. Local Area Network Security
4373. Logs and Journals
4374. Management of the Security Function
4375. Marking of Media
4376. Marking of Sensitive Information
4377. Media Convergence
4378. Microwave/Wireless Communications 
4379. Security
4380. Monitoring (e.g.. data. line)
4381. Multilevel Processing
4382. Need-to-know Controls
4383. Network communications protocols
4384. Network Firewalls
4385. Network Monitoring
4386. Network Security
4387. Network Security Software
4388. Network Topology
4389. Non-repudiation
4390. Object Labeling
4391. Off-site Security (Information, 
4392. Processing
4393. Off-site Security (Information. 
4394. Processing)
4395. One-time Passwords
4396. Open Systems Interconnect (OSI) 
4397. Model
4398. Open Systems Security
4399. Operating System Security Features
4400. Optical/Imaging Systems Security
4401. Org.. Placement of the IS/IT Security 
4402. Function
4403. Organizational Culture
4404. Password Management
4405. Peer-to-Peer Security
4406. Personnel Security Policies and 
4407. Guidance
4408. Platform-specific Security
4409. Policy Development
4410. Policy Enforcement
4411. Practices
4412. Preventive Controls
4413. Privileges (Class. Nodes)
4414. Procedures
4415. Professional Interfaces
4416. Protected Distributed System
4417. Protection from Malicious Code
4418. Reconciliation
4419. Redundancy
4420. Remote Terminal Protection Devices
4421. Risk Acceptance Process
4422. Risks
4423. Role-based Access Controls
4424. Roles and Responsibilities
4425. Rules-based Access Control
4426. Safeguards
4427. Safety
4428. Security Awareness
4429. Security Education
4430. Security Product Integration
4431. Security Training
4432. Security Violations Reporting Process
4433. Sensitive System
4434. Separation of Duties
4435. Social Engineering
4436. Software Asset Management
4437. Software Piracy
4438. Standalone Systems and Remote 
4439. Terminals
4440. Storage Area Controls
4441. Storage Media Protection and Control
4442. Technical Surveillance 
4443. Countermeasures
4444. Technological Threats
4445. Threat
4446. Transportation of Media
4447. Wide Area Network Security
4448.  
4449. Value Complex
4450.  
4451. Access Authorization
4452. Access Control Policies
4453. Access Control Software
4454. Access Controls
4455. Access Privileges
4456. Account Administration
4457. Accountability
4458. Accountability for Sensitive Data
4459. Acquisitions
4460. Administrative Security Policies and 
4461. Procedures
4462. Agency-Specific Security Policies
4463. Aggregation
4464. Alarms. Signals and Report
4465. Application Development Control
4466. Applications Security
4467. Assessments (e.g.. surveys. inspec-
4468. tions)
4469. Assurance
4470. Audit
4471. Audit Trails and Logging
4472. Audit Trails and Logging Policies
4473. Auditing Tools
4474. Authentication
4475. Automated Security Tools
4476. Background Investigations
4477. Backups(Data. Software. etc.)
4478. Biometrics
4479. Cabling
4480. Call-Back Security
4481. Caller ID
4482. Certification
4483. Change Control Policies
4484. Change Controls
4485. Classified Materials(e.g.. Handling 
4486. and Sh
4487. Client/Server Security
4488. Common Carrier Security
4489. Communications Center Security
4490. Communications Security Policies and 
4491. Guidelines
4492. Computer Abuse
4493. Computer Emergency Response 
4494. Team(CERT)
4495. Computer Matching Responsibilities
4496. COMSEC Accounting
4497. COMSEC Custodian
4498. COMSEC Material Destruction 
4499. Procedures
4500. COMSEC Material Identification & 
4501. Inventory
4502. COMSEC Testing
4503. Confidentiality
4504. Configuration Management
4505. Conformance Testing
4506. Contingency Plan Testing
4507. Contingency Planning
4508. Continuity Planning
4509. Contracting for Security Services
4510. Contracts, Agreements & Other 
4511. Obligations
4512. Coordination with Related Disciplines
4513. Copyright Protection and Licensing
4514. Corrective Actions
4515. Cost/Benefit Analysis
4516. Countermeasures
4517. Criminal Prosecution
4518. Critical Systems
4519. Cryptographic Techniques
4520. Cryptography
4521. Cryptovariable
4522. Customer IT Security Needs
4523. Customer Service Orientation
4524. Data Access Control
4525. Data Processing Center Security
4526. Dedicated Line
4527. Dedicated Mode
4528. Delegation of Authority
4529. Denial of Service
4530. Detective Controls
4531. Development (Life Cycle)
4532. Dial Number Indicator
4533. Dial-up Security
4534. Disaster Recovery
4535. Disaster Recovery Plan Testing
4536. Disaster Recovery Planning
4537. Discretionary Access Control
4538. Disgruntled Employees
4539. Diskless Workstations
4540. Disposition of Classified Information
4541. Disposition of Media & Data
4542. Distributed Systems Security
4543. Document Labeling
4544. Documentation
4545. Documentation Policies
4546. Drop-off/Add-on Protection(Piggy 
4547. Backing
4548. Due Care
4549. Education. Training and Awareness
4550. Electromagnetic Countermeasures
4551. Electronic Data Interchange
4552. Electronic Funds Transfer
4553. Electronic Key Management System
4554. Electronic Monitoring
4555. Electronic Records Management
4556. Electronic-Mail Privacy
4557. Electronic-Mail Security
4558. Emanations Security
4559. Emergency Destruction
4560. Emergency Destruction Procedures
4561. Encryption Modes
4562. End User Computing Security
4563. Entrapment
4564. Environmental Controls
4565. Error Logs
4566. Evaluated Products
4567. Evaluation Techniques
4568. Expert Security/Audit Tools
4569. Expert Systems
4570. Facilities Management
4571. Facilities Planning
4572. Facility Management
4573. Fault Tolerance
4574. FAX Security
4575. Filtered Power
4576. Fire Prevention and Protection
4577. Firmware Security
4578. Formal Methods for Security Design
4579. Fraud
4580. Frequency Hopping
4581. Generally Accepted Systems Security 
4582. Principles
4583. Grounding
4584. Guidelines
4585. Hardware Asset Management
4586. Housekeeping Procedures
4587. Human Intelligence (HUMINT)
4588. Identification & Authentication
4589. Identification & Authentication
4590. Incident Response
4591. Inference
4592. Inference Engine
4593. Info Sys Security Program Budgeting
4594. Info Sys Security Program Planning
4595. Information Availability
4596. Information Categorization
4597. Information Classification
4598. Information Confidentiality
4599. Information Integrity
4600. Information Ownership
4601. Information Resource Owner/ 
4602. Custodian
4603. Information Security Policy
4604. Information Sensitivity
4605. Information State
4606. Information Systems Security Officer
4607. Information Valuation
4608. Insurance
4609. Integrity
4610. Internal Controls and Security
4611. INTERNET Security
4612. Intrusion Detection
4613. Intrusion Deterrents
4614. Investigation of Security Breaches
4615. IS/IT Asset Valuation
4616. Isolation and Mediation
4617. Jamming
4618. Kernel
4619. Key Management
4620. Keystroke Monitoring
4621. Labeling
4622. Lattice Model
4623. Law Enforcement Interfaces
4624. Least Privilege
4625. Lessons Learned
4626. Line Authentication
4627. Line of sight
4628. List-based access controls
4629. Local Area Network Security
4630. Logs and Journals
4631. Low Power
4632. Management of the Security Function
4633. Mandatory Access Control
4634. Marking of Media
4635. Marking of Sensitive Information
4636. Memory (Non-volatile)
4637. Memory (Random)
4638. Memory (Sequential)
4639. Memory (Volatile)
4640. Message Authentication Codes
4641. Metrics
4642. Microwave/Wireless Communications 
4643. Security
4644. Mobile Workstation Security
4645. Modes of Operation
4646. Monitoring
4647. Monitoring (e.g.. data. line)
4648. Multilevel Processing
4649. Multilevel Security
4650. Need-to-know Controls
4651. Network communications protocols
4652. Network Firewalls
4653. Network Monitoring
4654. Network Security
4655. Network Security Software
4656. Network Topology
4657. Non-inference Model
4658. Non-repudiation
4659. Object Labeling
4660. Object Reuse
4661. Off-site Security (Information, 
4662. Processing
4663. Off-site Security (Information. 
4664. Processing)
4665. One-time Passwords
4666. Open Systems Interconnect (OSI) 
4667. Model
4668. Open Systems Security
4669. Operating System Integrity
4670. Operating System Security Features
4671. Operating Systems
4672. Operations Security
4673. Optical/Imaging Systems Security
4674. Org.. Placement of the IS/IT Security 
4675. Function
4676. Organizational Culture
4677. Oversight
4678. Packet Filtering
4679. Password Management
4680. Peer-to-Peer Security
4681. Penetration Testing
4682. Personnel Security Policies and 
4683. Guidance
4684. Physical Security
4685. Platform-specific Security
4686. Policy Development
4687. Policy Enforcement
4688. Position Sensitivity
4689. Power Controls (UPS. emergency 
4690. Power)
4691. Practices
4692. Preventive Controls
4693. Privacy
4694. Private Key Cryptology
4695. Privileges (Class. Nodes)
4696. Procedures
4697. Professional Interfaces
4698. Protected Distributed System
4699. Protection from Malicious Code
4700. Public Key Encryption
4701. Quality Assurance
4702. Redundancy
4703. Remote Terminal Protection Devices
4704. Risk Management
4705. Role-based Access Controls
4706. Roles and Responsibilities
4707. Rules-based Access Control
4708. Safeguards
4709. Safety
4710. Satellite Communications Security
4711. Secure System Operations
4712. Security Architecture
4713. Security Awareness
4714. Security Education
4715. Security Product Integration
4716. Security Reviews
4717. Security Staffing Requirements
4718. Security Training
4719. Security Violations Reporting Process
4720. Sensitive System
4721. Separation of Duties
4722. Shielded Enclosures
4723. Single Sign-on
4724. Smartcards/Token Authentication
4725. Social Engineering
4726. Software Asset Management
4727. Software Piracy
4728. Software Security
4729. Spoofing
4730. Standalone Systems and Remote 
4731. Terminals
4732. Storage Area Controls
4733. Storage Media Protection and Control
4734. System-high Mode
4735. Technical Surveillance 
4736. Countermeasures
4737. Technological Threats
4738. TEMPEST
4739. Threat
4740. Traffic Analysis
4741. Transportation of Media
4742. Voice Communications Security
4743. Voice Mail Security
4744. Vulnerability Analysis
4745. Warranties
4746. Wide Area Network Security
4747. Witness Interviewing/Interrogation
4748. Workstation Security
4749. Zone of Control/Zoning
4750.  
4751.  
4752. Cognitive Domain
4753.  
4754.  
4755. Knowledge
4756.  
4757. Access Control Software
4758. Access Controls
4759. Access Privileges
4760. Account Administration
4761. Accountability for Sensitive Data
4762. Administrative Security Policies and 
4763. Procedures
4764. Agency-Specific Security Policies
4765. Aggregation
4766. Alarms. Signals and Report
4767. Application Development Control
4768. Applications Security
4769. Assurance
4770. Audit Trails and Logging
4771. Audit Trails and Logging Policies
4772. Auditing Tools
4773. Automated Security Tools
4774. Basic/Generic Management Issues
4775. Biometrics
4776. Business Aspects of Information 
4777. Security
4778. Cabling
4779. Call-Back Security
4780. Change Control Policies
4781. Classified Materials(e.g. Handling and 
4782. Shipping)
4783. Classified Materials(e.g.. Handling 
4784. and Sh
4785. Client/Server Security
4786. Common Carrier Security
4787. Communications Security Policies and 
4788. Guidelines
4789. Computer Abuse
4790. Computer Emergency Response 
4791. Team(CERT)
4792. Computer Matching Responsibilities
4793. COMSEC Accounting
4794. COMSEC Custodian
4795. COMSEC Material Destruction 
4796. Procedures
4797. COMSEC Material Identification & 
4798. Inventory
4799. COMSEC Testing
4800. Confidentiality
4801. Configuration Management
4802. Conformance Testing
4803. Consequences
4804. Contingency Plan Testing
4805. Contingency Planning
4806. Continuity Planning
4807. Contracts, Agreements & Other 
4808. Obligations
4809. Coordination with Related Disciplines
4810. Copyright Protection and Licensing
4811. Corrective Actions
4812. Cost/Benefit Analysis
4813. Countermeasures
4814. Critical Systems
4815. Cryptography
4816. Customer IT Security Needs
4817. Data Access Control
4818. Data Processing Center Security
4819. Dedicated Mode
4820. Delegation of Authority
4821. Detective Controls
4822. Development (Life Cycle)
4823. Dial-up Security
4824. Disaster Recovery
4825. Disaster Recovery Plan Testing
4826. Disaster Recovery Planning
4827. Discretionary Access Control
4828. Disgruntled Employees
4829. Disposition of Classified Information
4830. Distributed Systems Security
4831. Documentation
4832. Documentation Policies
4833. Education. Training and Awareness
4834. Electromagnetic Countermeasures
4835. Electronic Funds Transfer
4836. Electronic Key Management System
4837. Electronic Monitoring
4838. Electronic Records Management
4839. Electronic-Mail Privacy
4840. Electronic-Mail Security
4841. End User Computing Security
4842. Entrapment
4843. Environmental Controls
4844. Evaluated Products
4845. Evaluation Techniques
4846. Expert Security/Audit Tools
4847. Expert Systems
4848. Facilities Planning
4849. Fault Tolerance
4850. FAX Security
4851. Firmware Security
4852. Fraud
4853. Fraud. Waste and Abuse
4854. Generally Accepted Systems Security 
4855. Principles
4856. Guidelines
4857. Hackers and Unauthorized users
4858. Hardware Asset Management
4859. Implementation (Life Cycle)
4860. Industrial Espionage
4861. Info Sys Security Program Planning
4862. Information Availability
4863. Information Categorization
4864. Information Classification
4865. Information Confidentiality
4866. Information Criticality
4867. Information Integrity
4868. Information Ownership
4869. Information Resource 
4870. Owner/Custodian
4871. Information Security Policy
4872. Information Sensitivity
4873. Information State
4874. Information Systems Security Officer
4875. Information Valuation
4876. Insurance
4877. Integrity
4878. Internal Controls and Security
4879. International Security Considerations
4880. INTERNET Security
4881. Intrusion Detection
4882. Intrusion Deterrents
4883. Investigation of Security Breaches
4884. Investigative Authorities
4885. IS/IT Asset Valuation
4886. Jamming
4887. Keystroke Monitoring
4888. Leased-line Networks
4889. Least Privilege
4890. Legal and Liability Issues
4891. Lessons Learned
4892. Life Cycle System Security Planning
4893. List-based access controls
4894. Logs and Journals
4895. Malicious Code
4896. Management of the Security Function
4897. Marking of Media
4898. Marking of Sensitive Information
4899. Metrics
4900. Mobile Workstation Security
4901. Multilevel Processing
4902. Need-to-know Controls
4903. Network communications protocols
4904. Network Firewalls
4905. Network Monitoring
4906. Network Security
4907. Network Security Software
4908. Network Topology
4909. Off-site Security (Information, 
4910. Processing)
4911. Off-site Security (Information. 
4912. Processing)
4913. One-time Passwords
4914. Operating System Integrity
4915. Operating System Security Features
4916. Operations Security
4917. Optical/Imaging Systems Security
4918. Org.. Placement of the IS/IT Security 
4919. Function
4920. Organizational Culture
4921. Oversight
4922. Password Management
4923. Peer-to-Peer Security
4924. Personnel Security Policies and 
4925. Guidance
4926. Physical Security
4927. Platform-specific Security
4928. Policy Development
4929. Policy Enforcement
4930. Position Sensitivity
4931. Practices
4932. Preventive Controls
4933. Privacy
4934. Private Key Cryptology
4935. Privileges (Class. Nodes)
4936. Procedures
4937. Professional Interfaces
4938. Protection from Malicious Code
4939. Public Key Encryption
4940. Quality Assurance
4941. Reconciliation
4942. Redundancy
4943. Remote Terminal Protection Devices
4944. Risk Acceptance Process
4945. Risk Management
4946. Risks
4947. Role-based Access Controls
4948. Roles and Responsibilities
4949. Rules-based Access Control
4950. Safeguards
4951. Safety
4952. Satellite Communications Security
4953. Secure System Operations
4954. Security Architecture
4955. Security Awareness
4956. Security Education
4957. Security Product Integration
4958. Security Reviews
4959. Security Staffing Requirements
4960. Security Training
4961. Security Violations Reporting Process
4962. Sensitive System
4963. Separation of Duties
4964. Single Sign-on
4965. Smartcards/Token Authentication
4966. Social Engineering
4967. Software Asset Management
4968. Software Licensing
4969. Software Piracy
4970. Software Security
4971. Spoofing
4972. Standalone Systems and Remote 
4973. Terminals
4974. Standards of Conduct
4975. Storage Area Controls
4976. Storage Media Protection and Control
4977. Technical Surveillance 
4978. Countermeasures
4979. Technological Threats
4980. Threat
4981. Transportation of Media
4982. Unauthorized Disclosure of 
4983. Information
4984. Voice Communications Security
4985. Voice Mail Security
4986. Warranties
4987. Wide Area Network Security
4988. Witness Interviewing/Interrogation
4989. Workstation Security
4990. Zone of Control/Zoning
4991.  
4992. Comprehension
4993.  
4994. Access Control Policies
4995. Access Controls
4996. Accountability for Sensitive Data
4997. Administrative Security Policies and 
4998. Procedures Agency-Specific 
4999. Security Policies
5000. Applications Security
5001. Assurance
5002. Asynchronous & Synchronous com-
5003. munication
5004. Attenuation
5005. Audit Trails and Logging
5006. Audit Trails and Logging Policies
5007. Basic/Generic Management Issues
5008. Business Aspects of Information 
5009. Security
5010. Certification
5011. Change Control Policies
5012. Communications Security Policies and 
5013. Guidelines
5014. Computer Matching Responsibilities
5015. COMSEC Material Destruction 
5016. Procedures
5017. Consequences
5018. Contingency Plan Testing
5019. Contracts. Agreements. & Other 
5020. Obligations
5021. Coordination with Related Disciplines
5022. Corrective Actions
5023. Cost/Benefit Analysis
5024. Countermeasures
5025. Criminal Prosecution
5026. Critical Systems
5027. Cryptographic Techniques
5028. Cryptovariable
5029. Customer IT Security Needs
5030. Customer Service Orientation
5031. Data Access Control
5032. Data Processing Center Security
5033. Dedicated Mode
5034. Delegation of Authority
5035. Disaster Recovery Plan Testing
5036. Disaster Recovery Planning
5037. Discretionary Access Control
5038. Diskless Workstations
5039. Disposition of Classified Information
5040. Disposition of Media & Data
5041. Documentation
5042. Documentation Policies
5043. Education. Training and Awareness
5044. Electromagnetic Interference
5045. Electronic Data Interchange
5046. Electronic Funds Transfer
5047. Electronic Monitoring
5048. Electronic Records Management
5049. Electronic-Mail Privacy
5050. Electronic-Mail Security
5051. Emanations Security
5052. Emergency Destruction Procedures
5053. Encryption Modes
5054. Ethics
5055. Evaluated Products
5056. Evaluation Techniques
5057. Expert Security/Audit Tools
5058. Expert Systems
5059. Fault Tolerance
5060. FAX Security
5061. Filtered Power
5062. Frequency Hopping
5063. Guidelines
5064. Hardware Asset Management
5065. Identification & Authentication
5066. Implementation (Life Cycle)
5067. Incident Response
5068. Industrial Espionage
5069. Inference
5070. Info Sys Security Program Budgeting
5071. Info Sys Security Program Planning
5072. Information Availability
5073. Information Categorization
5074. Information Classification
5075. Information Confidentiality
5076. Information Criticality
5077. Information Integrity
5078. Information Security Policy
5079. Information Sensitivity
5080. Information Systems Security Officer
5081. Insurance
5082. Internal Controls and Security
5083. International Security Considerations
5084. INTERNET Security
5085. Intrusion Detection
5086. Investigation of Security Breaches
5087. Investigative Authorities
5088. Jamming
5089. Kernel
5090. Keystroke Monitoring
5091. Labeling
5092. Leased-line Networks
5093. Least Privilege
5094. Legal and Liability Issues
5095. Lessons Learned
5096. Life Cycle System Security Planning
5097. Line Authentication
5098. Line of sight
5099. List-based access controls
5100. Local Area Network Security
5101. Logs and Journals
5102. Management of the Security Function
5103. Marking of Media
5104. Marking of Sensitive Information
5105. Media Convergence
5106. Microwave/Wireless Communications 
5107. Security
5108. Mobile Workstation Security
5109. Monitoring
5110. Monitoring (e.g.. data. line)
5111. Multilevel Processing
5112. Multilevel Security
5113. Network communications protocols
5114. Network Monitoring
5115. Network Security
5116. Network Security Software
5117. Network Topology
5118. Non-repudiation
5119. Object Reuse
5120. Off-site Security (Information, 
5121. Processing)
5122. Off-site Security (Information. 
5123. Processing)
5124. One-time Passwords
5125. Open Systems Security
5126. Optical/Imaging Systems Security
5127. Org.. Placement of the IS/IT Security 
5128. Function Policy Enforcement
5129. Organizational Culture
5130. Password Management
5131. Peer-to-Peer Security
5132. Policy Development
5133. Practices
5134. Preventive Controls
5135. Procedures
5136. Professional Interfaces
5137. Protected Distributed System
5138. Protection from Malicious Code
5139. Redundancy
5140. Remote Terminal Protection Devices
5141. Risk Acceptance Process
5142. Risks
5143. Roles and Responsibilities
5144. Safeguards
5145. Safety
5146. Security Awareness
5147. Security Education
5148. Security Training
5149. Security Violations Reporting Process
5150. Separation of Duties
5151. Social Engineering
5152. Software Asset Management
5153. Software Licensing
5154. Software Piracy
5155. Storage Area Controls
5156. Storage Media Protection and Control
5157. Technical Surveillance 
5158. Countermeasures
5159. Wide Area Network Security
5160.  
5161. Application
5162.  
5163. Access Authorization
5164. Access Control Policies
5165. Access Control Software
5166. Access Controls
5167. Access Privileges
5168. Account Administration
5169. Administrative Security
5170. Administrative Security Policies and 
5171. Procedures
5172. Agency-Specific Security Policies
5173. Aggregation
5174. Alarms. Signals and Report
5175. Application Development Control
5176. Applications Security
5177. Audit Trails and Logging
5178. Audit Trails and Logging Policies
5179. Auditing Tools
5180. Authentication
5181. Automated Security Tools
5182. Background Investigations
5183. Biometrics
5184. Cabling
5185. Call-Back Security
5186. Caller ID
5187. Change Control Policies
5188. Change Controls
5189. Classified Materials(e.g.. Handling 
5190. and Sh
5191. Client/Server Security
5192. Common Carrier Security
5193. Communications Center Security
5194. Communications Security Policies and 
5195. Guidelines
5196. Computer Emergency Response 
5197. Team(CERT)
5198. COMSEC Material Destruction 
5199. Procedures
5200. COMSEC Material Identification & 
5201. Invent
5202. COMSEC Material Identification & 
5203. Inventory
5204. Confidentiality
5205. Contingency Plan Testing
5206. Contingency Planning
5207. Continuity Planning
5208. Contracting for Security Services
5209. Contracts, Agreements & Other 
5210. Obligations
5211. Coordination with Related Disciplines
5212. Copyright Protection and Licensing
5213. Cost/Benefit Analysis
5214. Countermeasures
5215. Cover and Deception
5216. Criminal Prosecution
5217. Critical Systems
5218. Cryptographic Techniques
5219. Cryptography
5220. Cryptovariable
5221. Customer IT Security Needs
5222. Customer Service Orientation
5223. Data Access Control
5224. Data Processing Center Security
5225. Dedicated Line
5226. Dedicated Mode
5227. Delegation of Authority
5228. Denial of Service
5229. Detective Controls
5230. Development (Life Cycle)
5231. Dial Number Indicator
5232. Dial-up Security
5233. Disaster Recovery
5234. Disaster Recovery Plan Testing
5235. Disaster Recovery Planning
5236. Disclosure of Sensitive Data
5237. Discretionary Access Control
5238. Diskless Workstations
5239. Disposition of Classified Information
5240. Disposition of Media & Data
5241. Distributed Systems Security
5242. Document Labeling
5243. Documentation
5244. Documentation Policies
5245. Drop-off/Add-on Protection(Piggy 
5246. Backing
5247. Due Care
5248. Education. Training and Awareness
5249. Electromagnetic Countermeasures
5250. Electronic Data Interchange
5251. Electronic Funds Transfer
5252. Electronic Key Management System
5253. Electronic Monitoring
5254. Electronic Records Management
5255. Electronic-Mail Privacy
5256. Electronic-Mail Security
5257. Emanations Security
5258. Emergency Destruction
5259. Emergency Destruction Procedures
5260. Encryption Modes
5261. End User Computing Security
5262. Environmental Controls
5263. Error Logs
5264. Ethics
5265. Evaluated Products
5266. Evaluation Techniques
5267. Expert Security/Audit Tools
5268. Expert Systems
5269. Facilities Planning
5270. Fault Tolerance
5271. FAX Security
5272. Filtered Power
5273. Fire Prevention and Protection
5274. Firmware Security
5275. Formal Methods for Security Design
5276. Frequency Hopping
5277. Generally Accepted Systems Security 
5278. Principles
5279. Grounding
5280. Guidelines
5281. Hackers and Unauthorized users
5282. Hardware Asset Management
5283. Housekeeping Procedures
5284. Human Intelligence (HUMINT)
5285. Identification & Authentication
5286. Incident Response
5287. Inference Engine
5288. Info Sys Security Program Budgeting
5289. Info Sys Security Program Planning
5290. Information Categorization
5291. Information Classification
5292. Information Security Policy
5293. Information Sensitivity
5294. Information State
5295. Information Valuation
5296. Integrity
5297. Internal Controls and Security
5298. INTERNET Security
5299. Intrusion Detection
5300. Intrusion Deterrents
5301. Investigation of Security Breaches
5302. IS/IT Asset Valuation
5303. Isolation and Mediation
5304. Kernel
5305. Key Management
5306. Keystroke Monitoring
5307. Labeling
5308. Lattice Model
5309. Law Enforcement Interfaces
5310. Least Privilege
5311. Legal and Liability Issues
5312. Life Cycle System Security Planning
5313. Line Authentication
5314. Line of sight
5315. List-based access controls
5316. Local Area Network Security
5317. Logs and Journals
5318. Low Power
5319. Mandatory Access Control
5320. Marking of Media
5321. Marking of Sensitive Information
5322. Memory (Non-volatile)
5323. Memory (Random)
5324. Memory (Sequential)
5325. Memory (Volatile)
5326. Message Authentication Codes
5327. Metrics
5328. Microwave/Wireless Communications 
5329. Security
5330. Mobile Workstation Security
5331. Modes of Operation
5332. Monitoring
5333. Multilevel Processing
5334. Multilevel Security
5335. Need-to-know Controls
5336. Network communications protocols
5337. Network Firewalls
5338. Network Monitoring
5339. Network Security
5340. Network Security Software
5341. Network Topology
5342. Non-inference Model
5343. Non-repudiation
5344. Object Labeling
5345. Off-site Security (Information, 
5346. Processing) Operations Security
5347. Off-site Security (Information. 
5348. Processing)
5349. One-time Passwords
5350. Open Systems Interconnect (OSI) 
5351. Model
5352. Open Systems Security
5353. Operating System Integrity
5354. Operating System Security Features
5355. Operating Systems
5356. Optical/Imaging Systems Security
5357. Organizational Culture
5358. Oversight
5359. Packet Filtering
5360. Password Management
5361. Peer-to-Peer Security
5362. Penetration Testing
5363. Personnel Security Policies and 
5364. Guidance
5365. Physical Security
5366. Platform-specific Security
5367. Policy Enforcement
5368. Power Controls (UPS. emergency 
5369. Power)
5370. Practices
5371. Preventive Controls
5372. Privacy
5373. Private Key Cryptology
5374. Privileges (Class. Nodes)
5375. Procedures
5376. Professional Interfaces
5377. Protected Distributed System
5378. Protection from Malicious Code
5379. Public Key Encryption
5380. Quality Assurance
5381. Rainbow Series
5382. Redundancy
5383. Remanance
5384. Remote Terminal Protection Devices
5385. Role-based Access Controls
5386. Roles and Responsibilities
5387. Rules-based Access Control
5388. Safeguards
5389. Safety
5390. Satellite Communications Security
5391. Secure System Operations
5392. Security Architecture
5393. Security Awareness
5394. Security Education
5395. Security Product Integration
5396. Security Training
5397. Security Violations Reporting Process
5398. Sensitive System
5399. Separation of Duties
5400. Single Sign-on
5401. Smartcards/Token Authentication
5402. Software Asset Management
5403. Software Licensing
5404. Software Piracy
5405. Software Security
5406. Storage Area Controls
5407. Storage Media Protection and Control
5408. System-high Mode
5409. Technical Surveillance 
5410. Countermeasures
5411. Technological Threats
5412. TEMPEST
5413. Threat
5414. Traffic Analysis
5415. Voice Communications Security
5416. Voice Mail Security
5417. Vulnerability Analysis
5418. Warranties
5419. Wide Area Network Security
5420. Witness Interviewing/Interrogation
5421. Workstation Security
5422. Zone of Control/Zoning
5423.  
5424. Analysis
5425.  
5426. Access Control Policies
5427. Access Control Software
5428. Access Controls
5429. Aggregation
5430. Alarms. Signals and Report
5431. Assessments (e.g.. surveys. inspec-
5432. tions)
5433. Auditing Tools
5434. Automated Security Tools
5435. Basic/Generic Management Issues
5436. Biometrics
5437. Business Aspects of Information 
5438. Security
5439. Cabling
5440. Call-Back Security
5441. Classified Materials(e.g.. Handling 
5442. and Sh
5443. Client/Server Security
5444. Common Carrier Security
5445. Communications Center Security
5446. Computer Abuse
5447. Computer Emergency Response 
5448. Team(CERT)
5449. Computer Matching Responsibilities
5450. COMSEC Custodian
5451. COMSEC Material Destruction 
5452. Procedures
5453. COMSEC Testing
5454. Conformance Testing
5455. Consequences
5456. Contingency Plan Testing
5457. Contingency Planning
5458. Continuity Planning
5459. Coordination with Related Disciplines
5460. Corrective Actions
5461. Countermeasures
5462. Covert Channels
5463. Critical Systems
5464. Customer IT Security Needs
5465. Customer Service Orientation
5466. Data Access Control
5467. Data Processing Center Security
5468. Dedicated Mode
5469. Dial-up Security
5470. Disaster Recovery
5471. Disaster Recovery Plan Testing
5472. Disaster Recovery Planning
5473. Disclosure of Sensitive Data
5474. Disgruntled Employees
5475. Distributed Systems Security
5476. Drop-off/Add-on Protection(Piggy 
5477. Backing
5478. Education. Training and Awareness
5479. Electromagnetic Countermeasures
5480. Electromagnetic Interference
5481. Electronic Funds Transfer
5482. Electronic Key Management System
5483. Electronic Monitoring
5484. Electronic Records Management
5485. Electronic-Mail Security
5486. End User Computing Security
5487. Environmental Controls
5488. Evaluated Products
5489. Evaluation Techniques
5490. Expert Security/Audit Tools
5491. Expert Systems
5492. Facilities Planning
5493. Fault Tolerance
5494. FAX Security
5495. Firmware Security
5496. Fraud
5497. Fraud. Waste and Abuse
5498. Generally Accepted Systems Security 
5499. Principles International Security 
5500. Considerations
5501. Hackers and Unauthorized users
5502. Hostile Overseas Intelligence 
5503. Sources(HO
5504. Human Threats
5505. Identification & Authentication
5506. Implementation (Life Cycle)
5507. Industrial Espionage
5508. Inference
5509. Info Sys Security Program Budgeting
5510. Information Categorization
5511. Information Classification
5512. Information Criticality
5513. Information Ownership
5514. Information Resource 
5515. Owner/Custodian
5516. Information Sensitivity
5517. Information State
5518. Information Systems Security Officer
5519. Information Valuation
5520. Insurance
5521. Integrity
5522. Internal Controls and Security
5523. International Espionage
5524. INTERNET Security
5525. Intrusion Detection
5526. Intrusion Deterrents
5527. Investigation of Security Breaches
5528. Investigative Authorities
5529. IS/IT Asset Valuation
5530. Jamming
5531. Key Certificate Administration
5532. Keystroke Monitoring
5533. Lattice Model
5534. Leased-line Networks
5535. Least Privilege
5536. Legal and Liability Issues
5537. Lessons Learned
5538. List-based access controls
5539. Local Area Network Security
5540. Low Power
5541. Magnetic Remanance
5542. Malicious Code
5543. Management of the Security Function
5544. Mandatory Access Control
5545. Masquerading
5546. Message Authentication Codes
5547. Metrics
5548. Microwave/Wireless Communications 
5549. Security
5550. Mobile Workstation Security
5551. Monitoring
5552. Multilevel Processing
5553. Multilevel Security
5554. Need-to-know Controls
5555. Network communications protocols
5556. Network Firewalls
5557. Network Monitoring
5558. Network Security
5559. Network Security Software
5560. Network Topology
5561. Non-repudiation
5562. Object Labeling
5563. Object Reuse
5564. Off-site Security (Information. 
5565. Processing) Operating System 
5566. Security Features
5567. One-time Passwords
5568. Open Systems Interconnect (OSI) 
5569. Model
5570. Open Systems Security
5571. Operating System Integrity
5572. Operating Systems
5573. Operations Security
5574. Optical/Imaging Systems Security
5575. Packet Filtering
5576. Peer-to-Peer Security
5577. Physical Security
5578. Platform-specific Security
5579. Policy Enforcement
5580. Power Controls (UPS. emergency 
5581. Power)
5582. Practices
5583. Preventive Controls
5584. Privacy
5585. Private Key Cryptology
5586. Privileges (Class. Nodes)
5587. Procedures
5588. Professional Interfaces
5589. Protected Distributed System
5590. Protection from Malicious Code
5591. Public Key Encryption
5592. Reconciliation
5593. Redundancy
5594. Remanance
5595. Remote Terminal Protection Devices
5596. Risks
5597. Role-based Access Controls
5598. Roles and Responsibilities
5599. Rules-based Access Control
5600. Safeguards
5601. Safety
5602. Security Product Integration
5603. Security Product Testing/Evaluation
5604. Security Training
5605. Security Violations Reporting Process
5606. Sensitive System
5607. Separation of Duties
5608. Single Sign-on
5609. Smartcards/Token Authentication
5610. Social Engineering
5611. Software Piracy
5612. Software Security
5613. Spoofing
5614. Storage Area Controls
5615. Storage Media Protection and Control
5616. Technological Threats
5617. Threat
5618. Unauthorized Disclosure of 
5619. Information
5620. Validation (Testing)
5621. Value-added Networks
5622. Verification and Validation Process
5623. Voice Communications Security
5624. Voice Mail Security
5625. Wide Area Network Security
5626. Wide Area Networks
5627. Workstation Security
5628.  
5629. Synthesis
5630.  
5631. Access Authorization
5632. Access Control Policies
5633. Access Controls
5634. Access Privileges
5635. Administrative Security Policies and 
5636. Procedures Agency-Specific 
5637. Security Policies
5638. Application Development Control
5639. Assurance
5640. Audit Trails and Logging Policies
5641. Basic/Generic Management Issues
5642. Business Aspects of Information 
5643. Security
5644. Certification
5645. Change Control Policies
5646. Client/Server Security
5647. Communications Security Policies and 
5648. Guidelines
5649. Computer Matching Responsibilities
5650. COMSEC Material Destruction 
5651. Procedures
5652. Conformance Testing
5653. Contingency Plan Testing
5654. Contingency Planning
5655. Continuity Planning
5656. Contracting for Security Services
5657. Contracts, Agreements & Other 
5658. Obligations
5659. Corrective Actions
5660. Cost/Benefit Analysis
5661. Countermeasures
5662. Criminal Prosecution
5663. Cryptographic Techniques
5664. Cryptography
5665. Customer IT Security Needs
5666. Customer Service Orientation
5667. Data Access Control
5668. Data Processing Center Security
5669. Delegation of Authority
5670. Detective Controls
5671. Disaster Recovery
5672. Disaster Recovery Plan Testing
5673. Disaster Recovery Planning
5674. Discretionary Access Control
5675. Disposition of Classified Information
5676. Disposition of Media & Data
5677. Distributed Systems Security
5678. Documentation
5679. Documentation Policies
5680. Education. Training and Awareness
5681. Electromagnetic Countermeasures
5682. Electronic Data Interchange
5683. Electronic Funds Transfer
5684. Electronic Key Management System
5685. Electronic Monitoring
5686. Electronic Records Management
5687. Electronic-Mail Privacy
5688. Electronic-Mail Security
5689. Emanations Security
5690. Emergency Destruction
5691. Emergency Destruction Procedures
5692. End User Computing Security
5693. Error Logs
5694. Evaluation Techniques
5695. Expert Security/Audit Tools
5696. Fault Tolerance
5697. FAX Security
5698. Firmware Security
5699. Guidelines
5700. Hardware Asset Management
5701. Implementation (Life Cycle)
5702. Incident Response
5703. Info Sys Security Program Budgeting
5704. Info Sys Security Program Planning
5705. Information Categorization
5706. Information Classification
5707. Information Security Policy
5708. Information Sensitivity
5709. Internal Controls and Security
5710. International Security Considerations
5711. INTERNET Security
5712. Intrusion Detection
5713. Intrusion Deterrents
5714. Investigation of Security Breaches
5715. Investigative Authorities
5716. Isolation and Mediation
5717. Kernel
5718. Keystroke Monitoring
5719. Lattice Model
5720. Leased-line Networks
5721. Legal and Liability Issues
5722. Life Cycle System Security Planning
5723. Local Area Network Security
5724. Logs and Journals
5725. Management of the Security Function
5726. Mandatory Access Control
5727. Marking of Media
5728. Marking of Sensitive Information
5729. Media Convergence
5730. Microwave/Wireless Communications 
5731. Security
5732. Mobile Workstation Security
5733. Monitoring
5734. Monitoring (e.g.. data. line)
5735. Multilevel Processing
5736. Multilevel Security
5737. Network Firewalls
5738. Network Monitoring
5739. Network Security
5740. Network Security Software
5741. Network Topology
5742. Non-repudiation
5743. Object Labeling
5744. Off-site Security (Information, 
5745. Processing)
5746. Off-site Security (Information. 
5747. Processing) Operating System 
5748. Security Features
5749. One-time Passwords
5750. Open Systems Security
5751. Optical/Imaging Systems Security
5752. Org.. Placement of the IS/IT Security 
5753. Function Organizational Culture
5754. Password Management
5755. Peer-to-Peer Security
5756. Penetration Testing
5757. Platform-specific Security
5758. Policy Development
5759. Policy Enforcement
5760. Practices
5761. Preventive Controls
5762. Procedures
5763. Protected Distributed System
5764. Protection from Malicious Code
5765. Redundancy
5766. Risk Acceptance Process
5767. Risk Management
5768. Roles and Responsibilities
5769. Secure System Operations
5770. Security Awareness
5771. Security Education
5772. Security Product Integration
5773. Security Reviews
5774. Security Staffing Requirements
5775. Security Violations Reporting Process
5776. Separation of Duties
5777. Social Engineering
5778. Software Piracy
5779. Storage Area Controls
5780. Storage Media Protection and Control
5781. Transportation of Media
5782. Wide Area Network Security
5783. Workstation Security
5784. Zone of Control/Zoning
5785.  
5786. Evaluation
5787.  
5788. Access Control Policies
5789. Access Controls
5790. Accountability
5791. Acquisitions
5792. Administrative Security
5793. Administrative Security Policies and 
5794. Procedures Agency-Specific 
5795. Security Policies
5796. Assessments (e.g.. surveys. inspec-
5797. tions)
5798. Assurance
5799. Audit
5800. Audit Trails and Logging
5801. Audit Trails and Logging Policies
5802. Backups(Data. Software. etc.)
5803. Basic/Generic Management Issues
5804. Biometrics
5805. Business Aspects of Information 
5806. Security
5807. Call-Back Security
5808. Caller ID
5809. Certification
5810. Change Control Policies
5811. Communications Security Policies and 
5812. Guidelines
5813. Computer Matching Responsibilities
5814. COMSEC Custodian
5815. COMSEC Material Destruction 
5816. Procedures
5817. COMSEC Material Identification & 
5818. Invent
5819. Confidentiality
5820. Configuration Management
5821. Contingency Plan Testing
5822. Contingency Planning
5823. Continuity Planning
5824. Contracting for Security Services
5825. Coordination with Related Disciplines
5826. Copyright Protection and Licensing
5827. Corrective Actions
5828. Cost/Benefit Analysis
5829. Countermeasures
5830. Criminal Prosecution
5831. Critical Systems
5832. Cryptographic Techniques
5833. Cryptography
5834. Customer IT Security Needs
5835. Customer Service Orientation
5836. Data Access Control
5837. Dedicated Line
5838. Delegation of Authority
5839. Dial-up Security
5840. Disaster Recovery
5841. Disaster Recovery Plan Testing
5842. Disaster Recovery Planning
5843. Disposition of Classified Information
5844. Disposition of Media & Data
5845. Distributed Systems Security
5846. Documentation Policies
5847. Due Care
5848. Education. Training and Awareness
5849. Electronic Data Interchange
5850. Electronic Funds Transfer
5851. Electronic Key Management System
5852. Electronic Monitoring
5853. Electronic Records Management
5854. Electronic-Mail Privacy
5855. Emergency Destruction
5856. Emergency Destruction Procedures
5857. End User Computing Security
5858. Environmental Controls
5859. Error Logs
5860. Evaluated Products
5861. Evidence Collection and Preservation
5862. Facility Management
5863. Generally Accepted Systems Security 
5864. Principles Contracts, Agreements & 
5865. Other Obligations Data Processing 
5866. Center Security
5867. Guidelines
5868. Hardware Asset Management
5869. Housekeeping Procedures
5870. Incident Response
5871. Info Sys Security Program Budgeting
5872. Info Sys Security Program Planning
5873. Information Categorization
5874. Information Classification
5875. Information Confidentiality
5876. Information Integrity
5877. Information Security Policy
5878. Information Sensitivity
5879. Information Systems Security Officer
5880. Information Valuation
5881. Insurance
5882. Integrity
5883. Internal Controls and Security
5884. International Security Considerations
5885. INTERNET Security
5886. Intrusion Detection
5887. Intrusion Deterrents
5888. Investigation of Security Breaches
5889. Investigative Authorities
5890. IS/IT Asset Valuation
5891. Key Management
5892. Lattice Model
5893. Law Enforcement Interfaces
5894. Leased-line Networks
5895. Legal and Liability Issues
5896. Lessons Learned
5897. Life Cycle System Security Planning
5898. Line Authentication
5899. Local Area Network Security
5900. Logs and Journals
5901. Management of the Security Function
5902. Mandatory Access Control
5903. Marking of Media
5904. Marking of Sensitive Information
5905. Media Convergence
5906. Monitoring (e.g.. data. line)
5907. Multilevel Processing
5908. Need-to-know Controls
5909. Network communications protocols
5910. Network Monitoring
5911. Network Security
5912. Network Topology
5913. Non-repudiation
5914. Object Labeling
5915. Off-site Security (Information, 
5916. Processing) Preventive Controls
5917. Operating System Integrity
5918. Operating System Security Features
5919. Operations Security
5920. Org.. Placement of the IS/IT Security 
5921. Function Organizational Culture
5922. Oversight
5923. Packet Filtering
5924. Password Management
5925. Peer-to-Peer Security
5926. Penetration Testing
5927. Personnel Security Policies and 
5928. Guidance
5929. Physical Security
5930. Platform-specific Security
5931. Policy Development
5932. Policy Enforcement
5933. Position Sensitivity
5934. Practices
5935. Privacy
5936. Privileges (Class. Nodes)
5937. Procedures
5938. Professional Interfaces
5939. Protection from Malicious Code
5940. Quality Assurance
5941. Reconciliation
5942. Redundancy
5943. Risk Acceptance Process
5944. Risk Management
5945. Role-based Access Controls
5946. Roles and Responsibilities
5947. Rules-based Access Control
5948. Safety
5949. Satellite Communications Security
5950. Secure System Operations
5951. Security Architecture
5952. Security Awareness
5953. Security Education
5954. Security Product Integration
5955. Security Reviews
5956. Security Staffing Requirements
5957. Security Training
5958. Security Violations Reporting Process
5959. Sensitive System
5960. Separation of Duties
5961. Smartcards/Token Authentication
5962. Social Engineering
5963. Software Asset Management
5964. Software Security
5965. Standalone Systems and Remote 
5966. Terminals
5967. Standards of Conduct
5968. Storage Area Controls
5969. Storage Media Protection and Control
5970. System-high Mode
5971. Traffic Analysis
5972. Transportation of Media
5973. Voice Communications Security
5974. Voice Mail Security
5975. Vulnerability Analysis
5976. Wide Area Network Security
5977. Witness Interviewing/Interrogation
5978. Workstation Security
5979. Zone of Control/Zoning
5980.  
5981.  
5982. Psychomotor Domain
5983.  
5984.  
5985. Access Authorization
5986. Access Control Policies
5987. Access Control Software
5988. Access Controls
5989. Access Privileges
5990. Account Administration
5991. Administrative Security
5992. Administrative Security Policies and 
5993. Procedures Agency-Specific 
5994. Security Policies
5995. Aggregation
5996. Alarms. Signals and Report
5997. Applications Security
5998. Audit Trails and Logging
5999. Audit Trails and Logging Policies
6000. Auditing Tools
6001. Authentication
6002. Automated Security Tools
6003. Background Investigations
6004. Basic/Generic Management Issues
6005. Biometrics
6006. Business Aspects of Information 
6007. Security
6008. Cabling
6009. Call-Back Security
6010. Caller ID
6011. Certification
6012. Change Control Policies
6013. Change Controls
6014. Classified Materials(e.g.. Handling 
6015. and Sh
6016. Client/Server Security
6017. Common Carrier Security
6018. Communications Center Security
6019. Communications Security Policies and 
6020. Guidelines
6021. Computer Abuse
6022. Computer Emergency Response 
6023. Team(CERT)
6024. Computer Matching Responsibilities
6025. COMSEC Custodian
6026. COMSEC Material Destruction 
6027. Procedures
6028. COMSEC Material Identification & 
6029. Inventory
6030. Conformance Testing
6031. Consequences
6032. Contingency Plan Testing
6033. Contingency Planning
6034. Continuity Planning
6035. Contracting for Security Services
6036. Contracts, Agreements & Other 
6037. Obligations
6038. Coordination with Related Disciplines
6039. Copyright Protection and Licensing
6040. Corrective Actions
6041. Cost/Benefit Analysis
6042. Countermeasures
6043. Critical Systems
6044. Cryptographic Techniques
6045. Cryptography
6046. Cryptovariable
6047. Customer IT Security Needs
6048. Data Access Control
6049. Data Processing Center Security
6050. Dedicated Line
6051. Dedicated Mode
6052. Delegation of Authority
6053. Denial of Service
6054. Detective Controls
6055. Development (Life Cycle)
6056. Dial Number Indicator
6057. Dial-up Security
6058. Disaster Recovery
6059. Disaster Recovery Plan Testing
6060. Disaster Recovery Planning
6061. Discretionary Access Control
6062. Disgruntled Employees
6063. Diskless Workstations
6064. Disposition of Classified Information
6065. Disposition of Media & Data
6066. Distributed Systems Security
6067. Document Labeling
6068. Documentation
6069. Documentation Policies
6070. Drop-off/Add-on Protection(Piggy 
6071. Backing
6072. Due Care
6073. Education. Training and Awareness
6074. Electromagnetic Countermeasures
6075. Electromagnetic Interference
6076. Electronic Data Interchange
6077. Electronic Funds Transfer
6078. Electronic Key Management System
6079. Electronic Monitoring
6080. Electronic Records Management
6081. Electronic-Mail Privacy
6082. Electronic-Mail Security
6083. Emanations Security
6084. Emergency Destruction
6085. Emergency Destruction Procedures
6086. Encryption Modes
6087. End User Computing Security
6088. Environmental Controls
6089. Error Logs
6090. Ethics
6091. Evaluated Products
6092. Evaluation Techniques
6093. Expert Security/Audit Tools
6094. Expert Systems
6095. Facilities Planning
6096. Fault Tolerance
6097. FAX Security
6098. Filtered Power
6099. Fire Prevention and Protection
6100. Firmware Security
6101. Formal Methods for Security Design
6102. Fraud
6103. Fraud. Waste and Abuse
6104. Frequency Hopping
6105. Generally Accepted Systems Security 
6106. Principles International Security 
6107. Considerations
6108. Grounding
6109. Guidelines
6110. Hardware Asset Management
6111. Housekeeping Procedures
6112. Human Intelligence (HUMINT)
6113. Identification & Authentication
6114. Incident Response
6115. Industrial Espionage
6116. Inference Engine
6117. Info Sys Security Program Planning
6118. Information Categorization
6119. Information Classification
6120. Information Ownership
6121. Information Resource 
6122. Owner/Custodian
6123. Information Security Policy
6124. Information Sensitivity
6125. Information State
6126. Information Systems Security Officer
6127. Information Valuation
6128. Insurance
6129. Internal Controls and Security
6130. INTERNET Security
6131. Intrusion Detection
6132. Intrusion Deterrents
6133. Investigation of Security Breaches
6134. Investigative Authorities
6135. IS/IT Asset Valuation
6136. Isolation and Mediation
6137. Jamming
6138. Kernel
6139. Key Management
6140. Keystroke Monitoring
6141. Labeling
6142. Lattice Model
6143. Law Enforcement Interfaces
6144. Leased-line Networks
6145. Least Privilege
6146. Legal and Liability Issues
6147. Lessons Learned
6148. Life Cycle System Security Planning
6149. Line Authentication
6150. Line of sight
6151. List-based access controls
6152. Local Area Network Security
6153. Logs and Journals
6154. Low Power
6155. Mandatory Access Control
6156. Marking of Media
6157. Marking of Sensitive Information
6158. Memory (Non-volatile)
6159. Memory (Random)
6160. Memory (Sequential)
6161. Memory (Volatile)
6162. Message Authentication Codes
6163. Metrics
6164. Microwave/Wireless Communications 
6165. Security
6166. Mobile Workstation Security
6167. Modes of Operation
6168. Monitoring
6169. Multilevel Processing
6170. Multilevel Security
6171. Need-to-know Controls
6172. Network communications protocols
6173. Network Firewalls
6174. Network Monitoring
6175. Network Security
6176. Network Security Software
6177. Network Topology
6178. Non-inference Model
6179. Non-repudiation
6180. Object Labeling
6181. Off-site Security (Information, 
6182. Processing)
6183. Off-site Security (Information. 
6184. Processing) Procedures
6185. One-time Passwords
6186. Open Systems Interconnect (OSI) 
6187. Model
6188. Open Systems Security
6189. Operating System Integrity
6190. Operating System Security Features
6191. Operating Systems
6192. Operations Security
6193. Optical/Imaging Systems Security
6194. Oversight
6195. Password Management
6196. Peer-to-Peer Security
6197. Penetration Testing
6198. Personnel Security Policies and 
6199. Guidance
6200. Physical Security
6201. Platform-specific Security
6202. Policy Enforcement
6203. Power Controls (UPS. emergency 
6204. Power)
6205. Practices
6206. Preventive Controls
6207. Privacy
6208. Private Key Cryptology
6209. Privileges (Class. Nodes)
6210. Professional Interfaces
6211. Protected Distributed System
6212. Protection from Malicious Code
6213. Reconciliation
6214. Redundancy
6215. Remote Terminal Protection Devices
6216. Risk Management
6217. Risks
6218. Role-based Access Controls
6219. Roles and Responsibilities
6220. Rules-based Access Control
6221. Safeguards
6222. Safety
6223. Satellite Communications Security
6224. Secure System Operations
6225. Security Architecture
6226. Security Awareness
6227. Security Education
6228. Security Product Integration
6229. Security Training
6230. Security Violations Reporting Process
6231. Sensitive System
6232. Separation of Duties
6233. Single Sign-on
6234. Smartcards/Token Authentication
6235. Social Engineering
6236. Software Asset Management
6237. Software Piracy
6238. Software Security
6239. Storage Area Controls
6240. Storage Media Protection and Control
6241. System-high Mode
6242. Technical Surveillance 
6243. Countermeasures
6244. Technological Threats
6245. TEMPEST
6246. Threat
6247. Traffic Analysis
6248. Voice Communications Security
6249. Voice Mail Security
6250. Vulnerability Analysis
6251. Warranties
6252. Wide Area Network Security
6253. Witness Interviewing/Interrogation
6254. Workstation Security
6255. Zone of Control/Zoning
6256.  
6257.  
6258.  
6259.  
6260.  
6261.  
6262.  
6263. CBK Items with Maslow Categories
6264.  
6265. This section lists all items in the Common Body of Knowledge with the associated Maslow verb cat-
6266. egories. This material is currently being analyzed to aid in determining which items belong in the 
6267. professional/executive  level of the DACUM II and DACUM III model 
6268.  
6269.  
6270.  
6271.  
6272. Access Control Policies
6273. Receiving
6274. Responding
6275. Valuing
6276. Organization
6277. Value Complex
6278. Comprehension
6279. Application
6280. Analysis
6281. Synthesis
6282. Evaluation
6283. Psychomotor Domain
6284.  
6285. Administrative Security Policies and 
6286. Pro
6287. Receiving
6288. Valuing
6289. Organization
6290. Value Complex
6291. Knowledge
6292. Comprehension
6293. Application
6294. Synthesis
6295. Evaluation
6296. Psychomotor Domain
6297.  
6298. Communications Security Policies and 
6299. Guidelines
6300. Receiving
6301. Valuing
6302. Organization
6303. Value Complex
6304. Knowledge
6305. Comprehension
6306. Application
6307. Synthesis
6308. Evaluation
6309. Psychomotor Domain
6310.  
6311. Computer Matching Responsibilities
6312. Receiving
6313. Responding
6314. Valuing
6315. Organization
6316. Value Complex
6317. Knowledge
6318. Comprehension
6319. Analysis
6320. Synthesis
6321. Evaluation
6322. Psychomotor Domain
6323.  
6324. COMSEC Accounting
6325. Receiving
6326. Responding
6327. Valuing
6328. Value Complex
6329. Knowledge
6330.  
6331. COMSEC Material Destruction 
6332. Procedures
6333. Receiving
6334. Responding
6335. Valuing
6336. Organization
6337. Value Complex
6338. Knowledge
6339. Comprehension
6340. Application
6341. Analysis
6342. Synthesis
6343. Evaluation
6344. Psychomotor Domain
6345.  
6346. Contingency Planning
6347. Receiving
6348. Responding
6349. Valuing
6350. Value Complex
6351. Knowledge
6352. Application
6353. Analysis
6354. Synthesis
6355. Evaluation
6356. Psychomotor Domain
6357.  
6358. Continuity Planning
6359. Receiving
6360. Responding
6361. Valuing
6362. Value Complex
6363. Knowledge
6364. Application
6365. Analysis
6366. Synthesis
6367. Evaluation
6368. Psychomotor Domain
6369.  
6370. Copyright Protection and Licensing
6371. Receiving
6372. Responding
6373. Valuing
6374. Organization
6375. Value Complex
6376. Knowledge
6377. Application
6378. Evaluation
6379. Psychomotor Domain
6380.  
6381. Criminal Prosecution
6382. Receiving
6383. Valuing
6384. Organization
6385. Value Complex
6386. Comprehension
6387. Application
6388. Synthesis
6389. Evaluation
6390.  
6391. Delegation of Authority
6392. Receiving
6393. Responding
6394. Valuing
6395. Organization
6396. Value Complex
6397. Knowledge
6398. Comprehension
6399. Application
6400. Synthesis
6401. Evaluation
6402. Psychomotor Domain
6403.  
6404. Disaster Recovery
6405. Receiving
6406. Responding
6407. Valuing
6408. Value Complex
6409. Knowledge
6410. Application
6411. Analysis
6412. Synthesis
6413. Evaluation
6414. Psychomotor Domain
6415.  
6416. Disposition of Classified Information
6417. Receiving
6418. Responding
6419. Valuing
6420. Organization
6421. Value Complex
6422. Knowledge
6423. Comprehension
6424. Application
6425. Synthesis
6426. Evaluation
6427. Psychomotor Domain
6428.  
6429. Education. Training and Awareness
6430. Receiving
6431. Responding
6432. Valuing
6433. Organization
6434. Value Complex
6435. Knowledge
6436. Comprehension
6437. Application
6438. Analysis
6439. Synthesis
6440. Evaluation
6441. Psychomotor Domain
6442.  
6443. Electronic Funds Transfer
6444. Receiving
6445. Responding
6446. Valuing
6447. Organization
6448. Value Complex
6449. Knowledge
6450. Comprehension
6451. Application
6452. Analysis
6453. Synthesis
6454. Evaluation
6455. Psychomotor Domain
6456.  
6457. Electronic Monitoring
6458. Receiving
6459. Responding
6460. Valuing
6461. Organization
6462. Value Complex
6463. Knowledge
6464. Comprehension
6465. Application
6466. Analysis
6467. Synthesis
6468. Evaluation
6469. Psychomotor Domain
6470.  
6471. Development (Life Cycle)
6472. Receiving
6473. Valuing
6474. Organization
6475. Value Complex
6476. Knowledge
6477. Application
6478. Psychomotor Domain
6479.  
6480. Electronic Records Management
6481. Receiving
6482. Responding
6483. Valuing
6484. Organization
6485. Value Complex
6486. Knowledge
6487. Comprehension
6488. Application
6489. Analysis
6490. Synthesis
6491. Evaluation
6492. Psychomotor Domain
6493.  
6494. Access Control Models
6495.  
6496. Access Controls
6497. Receiving
6498. Responding
6499. Valuing
6500. Organization
6501. Value Complex
6502. Knowledge
6503. Comprehension
6504. Application
6505. Analysis
6506. Synthesis
6507. Evaluation
6508. Psychomotor Domain
6509.  
6510. Access Privileges
6511. Receiving
6512. Valuing
6513. Organization
6514. Value Complex
6515. Knowledge
6516. Application
6517. Synthesis
6518. Psychomotor Domain
6519.  
6520. Accountability
6521. Value Complex
6522. Evaluation
6523.  
6524. Accountability for Sensitive Data
6525. Receiving
6526. Valuing
6527. Organization
6528. Value Complex
6529. Knowledge
6530. Comprehension
6531.  
6532. Administrative Security
6533. Receiving
6534. Valuing
6535. Application
6536. Evaluation
6537. Psychomotor Domain
6538.  
6539. Administrative Security Policies and 
6540. Pro
6541.  
6542. Aggregation
6543. Receiving
6544. Responding
6545. Organization
6546. Value Complex
6547. Knowledge
6548. Application
6549. Analysis
6550. Psychomotor Domain
6551.  
6552. Applications Security
6553. Receiving
6554. Organization
6555. Value Complex
6556. Knowledge
6557. Comprehension
6558. Application
6559. Psychomotor Domain
6560.  
6561. Assessments (e.g.. surveys. inspections)
6562. Responding
6563. Valuing
6564. Value Complex
6565. Analysis
6566. Evaluation
6567.  
6568. Assurance
6569. Valuing
6570. Organization
6571. Value Complex
6572. Knowledge
6573. Comprehension
6574. Synthesis
6575. Evaluation
6576.  
6577. Audit
6578. Receiving
6579. Responding
6580. Valuing
6581. Value Complex
6582. Evaluation
6583.  
6584. Audit Trails and Logging
6585. Receiving
6586. Responding
6587. Valuing
6588. Organization
6589. Value Complex
6590. Knowledge
6591. Comprehension
6592. Application
6593. Evaluation
6594. Psychomotor Domain
6595.  
6596. Audit Trails and Logging Policies
6597. Receiving
6598. Responding
6599. Valuing
6600. Organization
6601. Value Complex
6602. Knowledge
6603. Comprehension
6604. Application
6605. Synthesis
6606. Evaluation
6607. Psychomotor Domain
6608.  
6609. Authentication
6610. Receiving
6611. Value Complex
6612. Application
6613. Psychomotor Domain
6614.  
6615. Availability
6616.  
6617. Background Investigations
6618. Receiving
6619. Value Complex
6620. Application
6621. Psychomotor Domain
6622.  
6623. Backups(Data. Software. etc.)
6624. Responding
6625. Valuing
6626. Value Complex
6627. Evaluation
6628.  
6629. Careless Employees
6630.  
6631. Change Control Policies
6632. Receiving
6633. Valuing
6634. Organization
6635. Value Complex
6636. Knowledge
6637. Comprehension
6638. Application
6639. Synthesis
6640. Evaluation
6641. Psychomotor Domain
6642.  
6643. Change Controls
6644. Receiving
6645. Value Complex
6646. Application
6647. Psychomotor Domain
6648.  
6649. Communications Center Security
6650. Receiving
6651. Value Complex
6652. Application
6653. Analysis
6654. Psychomotor Domain
6655.  
6656. Communications Security
6657.  
6658. Communications Systems Abuse
6659.  
6660. Computer Abuse
6661. Receiving
6662. Responding
6663. Valuing
6664. Organization
6665. Value Complex
6666. Knowledge
6667. Analysis
6668. Psychomotor Domain
6669.  
6670. Computers at Risk
6671.  
6672. Confidentiality
6673. Valuing
6674. Value Complex
6675. Knowledge
6676. Application
6677. Evaluation
6678.  
6679. Configuration Management
6680. Receiving
6681. Valuing
6682. Value Complex
6683. Knowledge
6684. Evaluation
6685.  
6686. Consequences
6687. Receiving
6688. Organization
6689. Knowledge
6690. Comprehension
6691. Analysis
6692. Psychomotor Domain
6693.  
6694. Contracting for Security Services
6695. Receiving
6696. Responding
6697. Valuing
6698. Value Complex
6699. Application
6700. Synthesis
6701. Evaluation
6702. Psychomotor Domain
6703.  
6704. Contracts. Agreements. & Other 
6705. Obligation
6706. Comprehension
6707.  
6708. Coordination with Related Disciplines
6709. Receiving
6710. Responding
6711. Valuing
6712. Organization
6713. Value Complex
6714. Knowledge
6715. Comprehension
6716. Application
6717. Analysis
6718. Evaluation
6719. Psychomotor Domain
6720.  
6721. Corrective Actions
6722. Receiving
6723. Responding
6724. Valuing
6725. Organization
6726. Value Complex
6727. Knowledge
6728. Comprehension
6729. Analysis
6730. Synthesis
6731. Evaluation
6732. Psychomotor Domain
6733.  
6734. Cost/Benefit Analysis
6735. Receiving
6736. Responding
6737. Valuing
6738. Organization
6739. Value Complex
6740. Knowledge
6741. Comprehension
6742. Application
6743. Synthesis
6744. Evaluation
6745. Psychomotor Domain
6746.  
6747. Countermeasures
6748. Receiving
6749. Responding
6750. Valuing
6751. Organization
6752. Value Complex
6753. Knowledge
6754. Comprehension
6755. Application
6756. Analysis
6757. Synthesis
6758. Evaluation
6759. Psychomotor Domain
6760.  
6761. Critical Systems
6762. Receiving
6763. Responding
6764. Valuing
6765. Organization
6766. Value Complex
6767. Knowledge
6768. Comprehension
6769. Application
6770. Analysis
6771. Evaluation
6772. Psychomotor Domain
6773.  
6774. Cryptography
6775. Receiving
6776. Valuing
6777. Value Complex
6778. Knowledge
6779. Application
6780. Synthesis
6781. Evaluation
6782. Psychomotor Domain
6783.  
6784. Data Access Control
6785. Receiving
6786. Valuing
6787. Organization
6788. Value Complex
6789. Knowledge
6790. Comprehension
6791. Application
6792. Analysis
6793. Synthesis
6794. Evaluation
6795. Psychomotor Domain
6796.  
6797. Data Processing Center Security
6798. Receiving
6799. Responding
6800. Valuing
6801. Organization
6802. Value Complex
6803. Knowledge
6804. Comprehension
6805. Application
6806. Analysis
6807. Synthesis
6808. Evaluation
6809. Psychomotor Domain
6810.  
6811. Database Integrity
6812.  
6813. Denial of Service
6814. Value Complex
6815. Application
6816. Psychomotor Domain
6817.  
6818. Detective Controls
6819. Receiving
6820. Valuing
6821. Value Complex
6822. Knowledge
6823. Application
6824. Synthesis
6825. Psychomotor Domain
6826.  
6827. Dial-up Security
6828. Receiving
6829. Responding
6830. Valuing
6831. Value Complex
6832. Knowledge
6833. Application
6834. Analysis
6835. Evaluation
6836. Psychomotor Domain
6837.  
6838. Disclosure of Sensitive Data
6839. Application
6840. Analysis
6841.  
6842. Disgruntled Employees
6843. Receiving
6844. Organization
6845. Value Complex
6846. Knowledge
6847. Analysis
6848. Psychomotor Domain
6849.  
6850. Disposition of Media & Data
6851. Responding
6852. Valuing
6853. Organization
6854. Value Complex
6855. Comprehension
6856. Application
6857. Synthesis
6858. Evaluation
6859. Psychomotor Domain
6860.  
6861. Document Labeling
6862. Receiving
6863. Responding
6864. Value Complex
6865. Application
6866. Psychomotor Domain
6867.  
6868. Documentation Policies
6869. Receiving
6870. Valuing
6871. Organization
6872. Value Complex
6873. Knowledge
6874. Comprehension
6875. Application
6876. Synthesis
6877. Evaluation
6878. Psychomotor Domain
6879.  
6880. Due Care
6881. Receiving
6882. Valuing
6883. Organization
6884. Value Complex
6885. Application
6886. Evaluation
6887. Psychomotor Domain
6888.  
6889. Electronic-Mail Privacy
6890. Receiving
6891. Responding
6892. Valuing
6893. Organization
6894. Value Complex
6895. Knowledge
6896. Comprehension
6897. Application
6898. Synthesis
6899. Evaluation
6900. Psychomotor Domain
6901.  
6902. Electronic-Mail Security
6903. Receiving
6904. Responding
6905. Valuing
6906. Organization
6907. Value Complex
6908. Knowledge
6909. Comprehension
6910. Application
6911. Analysis
6912. Synthesis
6913. Psychomotor Domain
6914.  
6915. Emanations Security
6916. Receiving
6917. Value Complex
6918. Comprehension
6919. Application
6920. Synthesis
6921. Psychomotor Domain
6922.  
6923. Emergency Destruction
6924. Receiving
6925. Responding
6926. Valuing
6927. Value Complex
6928. Application
6929. Synthesis
6930. Evaluation
6931. Psychomotor Domain
6932.  
6933. End User Computing Security
6934. Receiving
6935. Responding
6936. Valuing
6937. Organization
6938. Value Complex
6939. Knowledge
6940. Application
6941. Analysis
6942. Synthesis
6943. Evaluation
6944. Psychomotor Domain
6945.  
6946. Environmental Controls
6947. Receiving
6948. Valuing
6949. Organization
6950. Value Complex
6951. Knowledge
6952. Application
6953. Analysis
6954. Evaluation
6955. Psychomotor Domain
6956.  
6957. Environmental/Natural Threats
6958.  
6959. Ethics
6960. Receiving
6961. Responding
6962. Valuing
6963. Organization
6964. Comprehension
6965. Application
6966. Psychomotor Domain
6967.  
6968. Evaluated Products
6969. Receiving
6970. Responding
6971. Valuing
6972. Organization
6973. Value Complex
6974. Knowledge
6975. Comprehension
6976. Application
6977. Analysis
6978. Evaluation
6979. Psychomotor Domain
6980.  
6981. Export Controls
6982.  
6983. Facilities Planning
6984. Receiving
6985. Responding
6986. Valuing
6987. Value Complex
6988. Knowledge
6989. Application
6990. Analysis
6991. Psychomotor Domain
6992.  
6993. Facility Management
6994. Responding
6995. Value Complex
6996. Evaluation
6997.  
6998. FAX Security
6999. Receiving
7000. Responding
7001. Valuing
7002. Value Complex
7003. Knowledge
7004. Comprehension
7005. Application
7006. Analysis
7007. Synthesis
7008. Psychomotor Domain
7009.  
7010. Fire Prevention and Protection
7011. Receiving
7012. Value Complex
7013. Application
7014. Psychomotor Domain
7015.  
7016. Fraud
7017. Receiving
7018. Valuing
7019. Value Complex
7020. Knowledge
7021. Analysis
7022. Psychomotor Domain
7023.  
7024. Fraud. Waste and Abuse
7025. Responding
7026. Valuing
7027. Knowledge
7028. Analysis
7029. Psychomotor Domain
7030.  
7031. Generally Accepted Systems Security 
7032. Principles
7033. Receiving
7034. Valuing
7035. Organization
7036. Value Complex
7037. Knowledge
7038. Application
7039. Analysis
7040. Evaluation
7041. Psychomotor Domain
7042.  
7043. Hackers and Unauthorized users
7044. Receiving
7045. Responding
7046. Valuing
7047. Knowledge
7048. Application
7049. Analysis
7050.  
7051. Hardware Asset Management
7052. Responding
7053. Valuing
7054. Organization
7055. Value Complex
7056. Knowledge
7057. Comprehension
7058. Application
7059. Synthesis
7060. Evaluation
7061. Psychomotor Domain
7062.  
7063. History of Information Security
7064.  
7065. Hostile Overseas Intelligence 
7066. Sources(HO
7067. Analysis
7068.  
7069. Housekeeping Procedures
7070. Receiving
7071. Responding
7072. Value Complex
7073. Application
7074. Evaluation
7075. Psychomotor Domain
7076.  
7077. Human Threats
7078. Analysis
7079.  
7080. Identification & Authentication
7081. Receiving
7082. Responding
7083. Value Complex
7084. Application
7085. Psychomotor Domain
7086.  
7087. Implementation (Life Cycle)
7088. Responding
7089. Knowledge
7090. Comprehension
7091. Analysis
7092. Synthesis
7093.  
7094. Incident Response
7095. Receiving
7096. Responding
7097. Valuing
7098. Organization
7099. Value Complex
7100. Comprehension
7101. Application
7102. Synthesis
7103. Evaluation
7104. Psychomotor Domain
7105.  
7106. Industrial Espionage
7107. Receiving
7108. Responding
7109. Valuing
7110. Organization
7111. Knowledge
7112. Comprehension
7113. Analysis
7114. Psychomotor Domain
7115.  
7116. Industrial Security
7117.  
7118. Info Sys Security Program Budgeting
7119. Responding
7120. Valuing
7121. Organization
7122. Value Complex
7123. Comprehension
7124. Application
7125. Analysis
7126. Synthesis
7127. Evaluation
7128.  
7129. Info Sys Security Program Planning
7130. Responding
7131. Valuing
7132. Organization
7133. Value Complex
7134. Knowledge
7135. Comprehension
7136. Application
7137. Synthesis
7138. Evaluation
7139. Psychomotor Domain
7140.  
7141. Information Availability
7142. Valuing
7143. Value Complex
7144. Knowledge
7145. Comprehension
7146.  
7147. Information Categorization
7148. Receiving
7149. Responding
7150. Valuing
7151. Organization
7152. Value Complex
7153. Knowledge
7154. Comprehension
7155. Application
7156. Analysis
7157. Synthesis
7158. Evaluation
7159. Psychomotor Domain
7160.  
7161. Information Classification
7162. Receiving
7163. Responding
7164. Valuing
7165. Organization
7166. Value Complex
7167. Knowledge
7168. Comprehension
7169. Application
7170. Analysis
7171. Synthesis
7172. Evaluation
7173. Psychomotor Domain
7174.  
7175. Information Confidentiality
7176. Valuing
7177. Value Complex
7178. Knowledge
7179. Comprehension
7180. Evaluation
7181.  
7182. Information Criticality
7183. Valuing
7184. Organization
7185. Knowledge
7186. Comprehension
7187. Analysis
7188.  
7189. Information Security Policy
7190. Receiving
7191. Valuing
7192. Organization
7193. Value Complex
7194. Knowledge
7195. Comprehension
7196. Application
7197. Synthesis
7198. Evaluation
7199. Psychomotor Domain
7200.  
7201. Information State
7202. Receiving
7203. Organization
7204. Value Complex
7205. Knowledge
7206. Application
7207. Analysis
7208. Psychomotor Domain
7209.  
7210. Information Systems Security Officer
7211. Receiving
7212. Responding
7213. Organization
7214. Value Complex
7215. Knowledge
7216. Comprehension
7217. Analysis
7218. Evaluation
7219. Psychomotor Domain
7220.  
7221. Information Valuation
7222. Receiving
7223. Responding
7224. Valuing
7225. Organization
7226. Value Complex
7227. Knowledge
7228. Application
7229. Analysis
7230. Evaluation
7231. Psychomotor Domain
7232.  
7233. Insurance
7234. Receiving
7235. Responding
7236. Valuing
7237. Organization
7238. Value Complex
7239. Knowledge
7240. Comprehension
7241. Analysis
7242. Evaluation
7243. Psychomotor Domain
7244.  
7245. Integrity
7246. Valuing
7247. Value Complex
7248. Knowledge
7249. Application
7250. Analysis
7251. Evaluation
7252.  
7253. Internal Controls and Security
7254. Receiving
7255. Responding
7256. Valuing
7257. Organization
7258. Value Complex
7259. Knowledge
7260. Comprehension
7261. Application
7262. Analysis
7263. Synthesis
7264. Evaluation
7265. Psychomotor Domain
7266.  
7267. International Espionage
7268. Analysis
7269.  
7270. International Security Considerations
7271. Receiving
7272. Valuing
7273. Organization
7274. Knowledge
7275. Comprehension
7276. Analysis
7277. Synthesis
7278. Evaluation
7279. Psychomotor Domain
7280.  
7281. INTERNET Security
7282. Receiving
7283. Valuing
7284. Organization
7285. Value Complex
7286. Knowledge
7287. Comprehension
7288. Application
7289. Analysis
7290. Synthesis
7291. Evaluation
7292. Psychomotor Domain
7293.  
7294. Intrusion Detection
7295. Receiving
7296. Responding
7297. Valuing
7298. Organization
7299. Value Complex
7300. Knowledge
7301. Comprehension
7302. Application
7303. Analysis
7304. Synthesis
7305. Evaluation
7306. Psychomotor Domain
7307.  
7308. Intrusion Deterrents
7309. Receiving
7310. Responding
7311. Valuing
7312. Organization
7313. Value Complex
7314. Knowledge
7315. Application
7316. Analysis
7317. Synthesis
7318. Evaluation
7319. Psychomotor Domain
7320.  
7321. IS/IT Asset Valuation
7322. Receiving
7323. Responding
7324. Valuing
7325. Organization
7326. Value Complex
7327. Knowledge
7328. Application
7329. Analysis
7330. Evaluation
7331. Psychomotor Domain
7332.  
7333. Key Management
7334. Receiving
7335. Value Complex
7336. Application
7337. Evaluation
7338. Psychomotor Domain
7339.  
7340. Keystroke Monitoring
7341. Receiving
7342. Responding
7343. Valuing
7344. Organization
7345. Value Complex
7346. Knowledge
7347. Comprehension
7348. Application
7349. Analysis
7350. Synthesis
7351. Psychomotor Domain
7352.  
7353. Law Enforcement Interfaces
7354. Receiving
7355. Responding
7356. Valuing
7357. Value Complex
7358. Application
7359. Evaluation
7360. Psychomotor Domain
7361.  
7362. Lessons Learned
7363. Receiving
7364. Responding
7365. Valuing
7366. Organization
7367. Value Complex
7368. Knowledge
7369. Comprehension
7370. Analysis
7371. Evaluation
7372. Psychomotor Domain
7373.  
7374. Life Cycle System Security Planning
7375. Responding
7376. Valuing
7377. Organization
7378. Knowledge
7379. Comprehension
7380. Application
7381. Synthesis
7382. Evaluation
7383. Psychomotor Domain
7384.  
7385. Local Area Network Security
7386. Receiving
7387. Responding
7388. Valuing
7389. Organization
7390. Value Complex
7391. Comprehension
7392. Application
7393. Analysis
7394. Synthesis
7395. Evaluation
7396. Psychomotor Domain
7397.  
7398. Low Power
7399. Receiving
7400. Valuing
7401. Value Complex
7402. Application
7403. Analysis
7404. Psychomotor Domain
7405.  
7406. Magnetic Remanance
7407. Analysis
7408.  
7409. Malicious Code
7410. Receiving
7411. Responding
7412. Valuing
7413. Knowledge
7414. Analysis
7415.  
7416. Management of the Security Function
7417. Receiving
7418. Responding
7419. Valuing
7420. Organization
7421. Value Complex
7422. Knowledge
7423. Comprehension
7424. Analysis
7425. Synthesis
7426. Evaluation
7427.  
7428. Marking of Media
7429. Receiving
7430. Responding
7431. Valuing
7432. Organization
7433. Value Complex
7434. Knowledge
7435. Comprehension
7436. Application
7437. Synthesis
7438. Evaluation
7439. Psychomotor Domain
7440.  
7441. Marking of Sensitive Information
7442. Receiving
7443. Responding
7444. Valuing
7445. Organization
7446. Value Complex
7447. Knowledge
7448. Comprehension
7449. Application
7450. Synthesis
7451. Evaluation
7452. Psychomotor Domain
7453.  
7454. Masquerading
7455. Analysis
7456.  
7457. Media Convergence
7458. Valuing
7459. Organization
7460. Comprehension
7461. Synthesis
7462. Evaluation
7463.  
7464. Mobile Workstation Security
7465. Receiving
7466. Responding
7467. Valuing
7468. Value Complex
7469. Knowledge
7470. Comprehension
7471. Application
7472. Analysis
7473. Synthesis
7474. Psychomotor Domain
7475.  
7476. Modems
7477.  
7478. Monitoring
7479. Receiving
7480. Valuing
7481. Value Complex
7482. Comprehension
7483. Application
7484. Analysis
7485. Synthesis
7486. Psychomotor Domain
7487.  
7488. National Information Infrastructure 
7489. (NII
7490.  
7491. Need-to-know Controls
7492. Receiving
7493. Responding
7494. Valuing
7495. Organization
7496. Value Complex
7497. Knowledge
7498. Application
7499. Analysis
7500. Evaluation
7501. Psychomotor Domain
7502.  
7503. Network Security
7504. Receiving
7505. Responding
7506. Valuing
7507. Organization
7508. Value Complex
7509. Knowledge
7510. Comprehension
7511. Application
7512. Analysis
7513. Synthesis
7514. Evaluation
7515. Psychomotor Domain
7516.  
7517. Network Topology
7518. Receiving
7519. Responding
7520. Valuing
7521. Organization
7522. Value Complex
7523. Knowledge
7524. Comprehension
7525. Application
7526. Analysis
7527. Synthesis
7528. Evaluation
7529. Psychomotor Domain
7530.  
7531. Non-repudiation
7532. Receiving
7533. Valuing
7534. Organization
7535. Value Complex
7536. Comprehension
7537. Application
7538. Analysis
7539. Synthesis
7540. Evaluation
7541. Psychomotor Domain
7542.  
7543. Object Reuse
7544. Value Complex
7545. Comprehension
7546. Analysis
7547.  
7548. Off-site Security (Information. 
7549. Processing)
7550.  
7551. Operating Systems
7552. Receiving
7553. Valuing
7554. Value Complex
7555. Application
7556. Analysis
7557. Psychomotor Domain
7558.  
7559. Operations Security
7560. Receiving
7561. Responding
7562. Valuing
7563. Value Complex
7564. Knowledge
7565. Application
7566. Analysis
7567. Evaluation
7568. Psychomotor Domain
7569.  
7570. Optical/Imaging Systems Security
7571. Receiving
7572. Responding
7573. Valuing
7574. Organization
7575. Value Complex
7576. Knowledge
7577. Comprehension
7578. Application
7579. Analysis
7580. Synthesis
7581. Psychomotor Domain
7582.  
7583. Oversight
7584. Receiving
7585. Responding
7586. Valuing
7587. Value Complex
7588. Knowledge
7589. Application
7590. Evaluation
7591. Psychomotor Domain
7592.  
7593. Password Management
7594. Receiving
7595. Responding
7596. Valuing
7597. Organization
7598. Value Complex
7599. Knowledge
7600. Comprehension
7601. Application
7602. Synthesis
7603. Evaluation
7604. Psychomotor Domain
7605.  
7606. Personnel Security Policies and 
7607. Guidance
7608. Receiving
7609. Responding
7610. Valuing
7611. Organization
7612. Value Complex
7613. Knowledge
7614. Application
7615. Evaluation
7616. Psychomotor Domain
7617.  
7618. Physical Security
7619. Receiving
7620. Responding
7621. Valuing
7622. Value Complex
7623. Knowledge
7624. Application
7625. Analysis
7626. Evaluation
7627. Psychomotor Domain
7628.  
7629. Policy Development
7630. Receiving
7631. Responding
7632. Valuing
7633. Organization
7634. Value Complex
7635. Knowledge
7636. Comprehension
7637. Synthesis
7638. Evaluation
7639.  
7640. Policy Enforcement
7641. Receiving
7642. Responding
7643. Valuing
7644. Organization
7645. Value Complex
7646. Knowledge
7647. Comprehension
7648. Application
7649. Analysis
7650. Synthesis
7651. Evaluation
7652. Psychomotor Domain
7653.  
7654. Position Sensitivity
7655. Receiving
7656. Responding
7657. Valuing
7658. Value Complex
7659. Knowledge
7660. Evaluation
7661.  
7662. Power Controls (UPS. emergency 
7663. Power)
7664. Receiving
7665. Valuing
7666. Value Complex
7667. Application
7668. Analysis
7669. Psychomotor Domain
7670.  
7671. Preventive Controls
7672. Receiving
7673. Responding
7674. Valuing
7675. Organization
7676. Value Complex
7677. Knowledge
7678. Comprehension
7679. Application
7680. Analysis
7681. Synthesis
7682. Evaluation
7683. Psychomotor Domain
7684.  
7685. Principles of Control 
7686.  
7687. Privacy
7688. Receiving
7689. Responding
7690. Valuing
7691. Value Complex
7692. Knowledge
7693. Application
7694. Analysis
7695. Evaluation
7696. Psychomotor Domain
7697.  
7698. Private Branch Exchange (PBX) 
7699. Security
7700.  
7701. Professional Interfaces
7702. Receiving
7703. Responding
7704. Valuing
7705. Organization
7706. Value Complex
7707. Knowledge
7708. Comprehension
7709. Application
7710. Analysis
7711. Evaluation
7712. Psychomotor Domain
7713.  
7714. Protected Distributed System
7715. Organization
7716. Value Complex
7717. Comprehension
7718. Application
7719. Analysis
7720. Synthesis
7721. Psychomotor Domain
7722.  
7723. Protected Services
7724.  
7725. Protection from Malicious Code
7726. Receiving
7727. Responding
7728. Valuing
7729. Organization
7730. Value Complex
7731. Knowledge
7732. Comprehension
7733. Application
7734. Analysis
7735. Synthesis
7736. Evaluation
7737. Psychomotor Domain
7738.  
7739. Quality Assurance
7740. Receiving
7741. Responding
7742. Valuing
7743. Value Complex
7744. Knowledge
7745. Application
7746. Evaluation
7747.  
7748. Redundancy
7749. Receiving
7750. Valuing
7751. Organization
7752. Value Complex
7753. Knowledge
7754. Comprehension
7755. Application
7756. Analysis
7757. Synthesis
7758. Evaluation
7759. Psychomotor Domain
7760.  
7761. Reference Monitor
7762.  
7763. Remanance
7764. Application
7765. Analysis
7766.  
7767. Risk Acceptance Process
7768. Receiving
7769. Responding
7770. Valuing
7771. Organization
7772. Knowledge
7773. Comprehension
7774. Synthesis
7775. Evaluation
7776.  
7777. Risk Assessment
7778.  
7779. Risk Management
7780. Receiving
7781. Responding
7782. Valuing
7783. Value Complex
7784. Knowledge
7785. Synthesis
7786. Evaluation
7787. Psychomotor Domain
7788.  
7789. Risks
7790. Receiving
7791. Organization
7792. Knowledge
7793. Comprehension
7794. Analysis
7795. Psychomotor Domain
7796.  
7797. Safeguards
7798. Receiving
7799. Responding
7800. Valuing
7801. Organization
7802. Value Complex
7803. Knowledge
7804. Comprehension
7805. Application
7806. Analysis
7807. Psychomotor Domain
7808.  
7809. Safety
7810. Receiving
7811. Responding
7812. Valuing
7813. Organization
7814. Value Complex
7815. Knowledge
7816. Comprehension
7817. Application
7818. Analysis
7819. Evaluation
7820. Psychomotor Domain
7821.  
7822. Secure System Operations
7823. Receiving
7824. Responding
7825. Valuing
7826. Value Complex
7827. Knowledge
7828. Application
7829. Synthesis
7830. Evaluation
7831. Psychomotor Domain
7832.  
7833. Security Architecture
7834. Receiving
7835. Valuing
7836. Value Complex
7837. Knowledge
7838. Application
7839. Evaluation
7840. Psychomotor Domain
7841.  
7842. Security Awareness
7843. Receiving
7844. Responding
7845. Valuing
7846. Organization
7847. Value Complex
7848. Knowledge
7849. Comprehension
7850. Application
7851. Synthesis
7852. Evaluation
7853. Psychomotor Domain
7854.  
7855. Security Education
7856. Receiving
7857. Responding
7858. Valuing
7859. Organization
7860. Value Complex
7861. Knowledge
7862. Comprehension
7863. Application
7864. Synthesis
7865. Evaluation
7866. Psychomotor Domain
7867.  
7868. Security Products
7869.  
7870. Security Reviews
7871. Receiving
7872. Responding
7873. Valuing
7874. Value Complex
7875. Knowledge
7876. Synthesis
7877. Evaluation
7878.  
7879. Security Training
7880. Receiving
7881. Responding
7882. Valuing
7883. Organization
7884. Value Complex
7885. Knowledge
7886. Comprehension
7887. Application
7888. Analysis
7889. Evaluation
7890. Psychomotor Domain
7891.  
7892. Sensitive System
7893. Receiving
7894. Responding
7895. Valuing
7896. Organization
7897. Value Complex
7898. Knowledge
7899. Application
7900. Analysis
7901. Evaluation
7902. Psychomotor Domain
7903.  
7904. Separation of Duties
7905. Receiving
7906. Responding
7907. Valuing
7908. Organization
7909. Value Complex
7910. Knowledge
7911. Comprehension
7912. Application
7913. Analysis
7914. Synthesis
7915. Evaluation
7916. Psychomotor Domain
7917.  
7918. Social Engineering
7919. Receiving
7920. Responding
7921. Valuing
7922. Organization
7923. Value Complex
7924. Knowledge
7925. Comprehension
7926. Analysis
7927. Synthesis
7928. Evaluation
7929. Psychomotor Domain
7930.  
7931. Software Asset Management
7932. Receiving
7933. Responding
7934. Valuing
7935. Organization
7936. Value Complex
7937. Knowledge
7938. Comprehension
7939. Application
7940. Evaluation
7941. Psychomotor Domain
7942.  
7943. Software Licensing
7944. Valuing
7945. Knowledge
7946. Comprehension
7947. Application
7948.  
7949. Software Piracy
7950. Receiving
7951. Responding
7952. Valuing
7953. Organization
7954. Value Complex
7955. Knowledge
7956. Comprehension
7957. Application
7958. Analysis
7959. Synthesis
7960. Psychomotor Domain
7961.  
7962. Software Security
7963. Receiving
7964. Responding
7965. Valuing
7966. Value Complex
7967. Knowledge
7968. Application
7969. Analysis
7970. Evaluation
7971. Psychomotor Domain
7972.  
7973. Spoofing
7974. Receiving
7975. Valuing
7976. Value Complex
7977. Knowledge
7978. Analysis
7979.  
7980. Standards
7981.  
7982. Standards of Conduct
7983. Receiving
7984. Responding
7985. Valuing
7986. Knowledge
7987. Evaluation
7988.  
7989. Storage Media Protection and Control
7990. Receiving
7991. Responding
7992. Valuing
7993. Organization
7994. Value Complex
7995. Knowledge
7996. Comprehension
7997. Application
7998. Analysis
7999. Synthesis
8000. Evaluation
8001. Psychomotor Domain
8002.  
8003. Technical Surveillance 
8004. Countermeasures
8005. Receiving
8006. Valuing
8007. Organization
8008. Value Complex
8009. Knowledge
8010. Comprehension
8011. Application
8012. Psychomotor Domain
8013.  
8014. Technological Threats
8015. Receiving
8016. Responding
8017. Valuing
8018. Organization
8019. Value Complex
8020. Knowledge
8021. Application
8022. Analysis
8023. Psychomotor Domain
8024.  
8025. Technology Trends
8026.  
8027. Third-party Evaluation
8028.  
8029. Threat
8030. Receiving
8031. Responding
8032. Valuing
8033. Organization
8034. Value Complex
8035. Knowledge
8036. Application
8037. Analysis
8038. Psychomotor Domain
8039.  
8040. Transportation of Media
8041. Receiving
8042. Responding
8043. Valuing
8044. Organization
8045. Value Complex
8046. Knowledge
8047. Synthesis
8048. Evaluation
8049.  
8050. Trust
8051.  
8052. Trusted Comp Sys Eval. 
8053. Criteria(Orange Bo
8054.  
8055. Trusted Network Interpretation (Red 
8056. Book
8057.  
8058. Unauthorized Disclosure of Information
8059. Receiving
8060. Responding
8061. Valuing
8062. Knowledge
8063. Analysis
8064.  
8065. Voice Communications Security
8066. Receiving
8067. Responding
8068. Valuing
8069. Value Complex
8070. Knowledge
8071. Application
8072. Analysis
8073. Evaluation
8074. Psychomotor Domain
8075.  
8076. Voice Mail Security
8077. Receiving
8078. Responding
8079. Valuing
8080. Value Complex
8081. Knowledge
8082. Application
8083. Analysis
8084. Evaluation
8085. Psychomotor Domain
8086.  
8087. Vulnerability Analysis
8088. Receiving
8089. Responding
8090. Valuing
8091. Value Complex
8092. Application
8093. Evaluation
8094. Psychomotor Domain
8095.  
8096. Warranties
8097. Receiving
8098. Responding
8099. Valuing
8100. Value Complex
8101. Knowledge
8102. Application
8103. Psychomotor Domain
8104.  
8105. Wide Area Network Security
8106. Receiving
8107. Responding
8108. Valuing
8109. Organization
8110. Value Complex
8111. Knowledge
8112. Comprehension
8113. Application
8114. Analysis
8115. Synthesis
8116. Evaluation
8117. Psychomotor Domain
8118.  
8119. Witness Interviewing/Interrogation
8120. Receiving
8121. Responding
8122. Valuing
8123. Value Complex
8124. Knowledge
8125. Application
8126. Evaluation
8127. Psychomotor Domain
8128.  
8129. Workstation Security
8130. Receiving
8131. Responding
8132. Valuing
8133. Value Complex
8134. Knowledge
8135. Application
8136. Analysis
8137. Synthesis
8138. Evaluation
8139. Psychomotor Domain
8140.  
8141. Certification
8142. Responding
8143. Valuing
8144. Organization
8145. Value Complex
8146. Comprehension
8147. Synthesis
8148. Evaluation
8149. Psychomotor Domain
8150.  
8151. Access Authorization
8152. Value Complex
8153. Application
8154. Synthesis
8155. Psychomotor Domain
8156.  
8157. Access Control Software
8158. Receiving
8159. Responding
8160. Valuing
8161. Organization
8162. Value Complex
8163. Knowledge
8164. Application
8165. Analysis
8166. Psychomotor Domain
8167.  
8168. Alarms. Signals and Report
8169. Receiving
8170. Responding
8171. Valuing
8172. Value Complex
8173. Knowledge
8174. Application
8175. Analysis
8176. Psychomotor Domain
8177.  
8178. Acquisitions
8179. Value Complex
8180. Evaluation
8181.  
8182. Asynchronous & Synchronous commu-
8183. nication
8184. Comprehension
8185.  
8186. Attenuation
8187. Comprehension
8188.  
8189. Binding/handshaking
8190.  
8191. Biometrics
8192. Receiving
8193. Responding
8194. Valuing
8195. Value Complex
8196. Knowledge
8197. Application
8198. Analysis
8199. Evaluation
8200. Psychomotor Domain
8201.  
8202. Burst Transmission
8203.  
8204. Cabling
8205. Receiving
8206. Responding
8207. Valuing
8208. Organization
8209. Value Complex
8210. Knowledge
8211. Application
8212. Analysis
8213. Psychomotor Domain
8214.  
8215. Call-Back Security
8216. Receiving
8217. Responding
8218. Valuing
8219. Value Complex
8220. Knowledge
8221. Application
8222. Analysis
8223. Evaluation
8224. Psychomotor Domain
8225.  
8226. Caller ID
8227. Receiving
8228. Valuing
8229. Value Complex
8230. Application
8231. Evaluation
8232. Psychomotor Domain
8233.  
8234. Circuit-switched Networks
8235.  
8236. Client/Server Security
8237. Receiving
8238. Responding
8239. Valuing
8240. Value Complex
8241. Knowledge
8242. Application
8243. Analysis
8244. Synthesis
8245. Psychomotor Domain
8246.  
8247. Common Carrier Security
8248. Receiving
8249. Organization
8250. Value Complex
8251. Knowledge
8252. Application
8253. Analysis
8254. Psychomotor Domain
8255.  
8256. Compartmented/partitioned Mode
8257.  
8258. Computer Emergency Response 
8259. Team(CERT)
8260. Receiving
8261. Valuing
8262. Organization
8263. Value Complex
8264. Knowledge
8265. Application
8266. Analysis
8267. Psychomotor Domain
8268.  
8269. Computer Science & Architecture
8270.  
8271. COMSEC Custodian
8272. Receiving
8273. Valuing
8274. Organization
8275. Value Complex
8276. Knowledge
8277. Analysis
8278. Evaluation
8279. Psychomotor Domain
8280.  
8281. COMSEC Material Identification & 
8282. Invent
8283. Responding
8284. Application
8285. Evaluation
8286.  
8287. COMSEC Testing
8288. Receiving
8289. Responding
8290. Valuing
8291. Value Complex
8292. Knowledge
8293. Analysis
8294.  
8295. Conformance Testing
8296. Receiving
8297. Responding
8298. Valuing
8299. Value Complex
8300. Knowledge
8301. Analysis
8302. Synthesis
8303. Psychomotor Domain
8304.  
8305. Contingency Plan Testing
8306. Receiving
8307. Responding
8308. Valuing
8309. Organization
8310. Value Complex
8311. Knowledge
8312. Comprehension
8313. Application
8314. Analysis
8315. Synthesis
8316. Evaluation
8317. Psychomotor Domain
8318.  
8319. Covert Channels
8320. Analysis
8321.  
8322. Cryptographic Techniques
8323. Receiving
8324. Valuing
8325. Organization
8326. Value Complex
8327. Comprehension
8328. Application
8329. Synthesis
8330. Evaluation
8331. Psychomotor Domain
8332.  
8333. Cryptovariable
8334. Receiving
8335. Value Complex
8336. Comprehension
8337. Application
8338. Psychomotor Domain
8339.  
8340. Dedicated Line
8341. Receiving
8342. Valuing
8343. Organization
8344. Value Complex
8345. Application
8346. Evaluation
8347. Psychomotor Domain
8348.  
8349. Dedicated Mode
8350. Receiving
8351. Responding
8352. Valuing
8353. Organization
8354. Value Complex
8355. Knowledge
8356. Comprehension
8357. Application
8358. Analysis
8359. Psychomotor Domain
8360.  
8361. Dial Number Indicator
8362. Receiving
8363. Valuing
8364. Value Complex
8365. Application
8366. Psychomotor Domain
8367.  
8368. Digital/Analog Technology
8369.  
8370. Diskless Workstations
8371. Receiving
8372. Value Complex
8373. Comprehension
8374. Application
8375. Psychomotor Domain
8376.  
8377. Disaster Recovery Plan Testing
8378. Receiving
8379. Responding
8380. Valuing
8381. Organization
8382. Value Complex
8383. Knowledge
8384. Comprehension
8385. Application
8386. Analysis
8387. Synthesis
8388. Evaluation
8389. Psychomotor Domain
8390.  
8391. Disaster Recovery Planning
8392. Receiving
8393. Responding
8394. Valuing
8395. Organization
8396. Value Complex
8397. Knowledge
8398. Comprehension
8399. Application
8400. Analysis
8401. Synthesis
8402. Evaluation
8403. Psychomotor Domain
8404.  
8405. Discretionary Access Control
8406. Receiving
8407. Valuing
8408. Organization
8409. Value Complex
8410. Knowledge
8411. Comprehension
8412. Application
8413. Synthesis
8414. Psychomotor Domain
8415.  
8416. Distributed Systems Security
8417. Receiving
8418. Responding
8419. Valuing
8420. Organization
8421. Value Complex
8422. Knowledge
8423. Application
8424. Analysis
8425. Synthesis
8426. Evaluation
8427. Psychomotor Domain
8428.  
8429. Documentation
8430. Receiving
8431. Responding
8432. Valuing
8433. Organization
8434. Value Complex
8435. Knowledge
8436. Comprehension
8437. Application
8438. Synthesis
8439. Psychomotor Domain
8440.  
8441. Drop-off/Add-on Protection(Piggy 
8442. Backing
8443. Receiving
8444. Valuing
8445. Value Complex
8446. Application
8447. Analysis
8448. Psychomotor Domain
8449.  
8450. Electromagnetic Countermeasures
8451. Receiving
8452. Responding
8453. Valuing
8454. Organization
8455. Value Complex
8456. Knowledge
8457. Application
8458. Analysis
8459. Synthesis
8460. Psychomotor Domain
8461.  
8462. Electromagnetic Interference
8463. Valuing
8464. Comprehension
8465. Analysis
8466. Psychomotor Domain
8467.  
8468. Electronic Data Interchange
8469. Receiving
8470. Valuing
8471. Organization
8472. Value Complex
8473. Comprehension
8474. Application
8475. Synthesis
8476. Evaluation
8477. Psychomotor Domain
8478.  
8479. Electronic Key Management System
8480. Receiving
8481. Responding
8482. Valuing
8483. Organization
8484. Value Complex
8485. Knowledge
8486. Application
8487. Analysis
8488. Synthesis
8489. Evaluation
8490. Psychomotor Domain
8491.  
8492. Electronic Sources of Security 
8493. Information
8494.  
8495. Encryption Modes
8496. Receiving
8497. Valuing
8498. Value Complex
8499. Comprehension
8500. Application
8501. Psychomotor Domain
8502.  
8503. Error Logs
8504. Receiving
8505. Responding
8506. Valuing
8507. Value Complex
8508. Application
8509. Synthesis
8510. Evaluation
8511. Psychomotor Domain
8512.  
8513. Evaluation Techniques
8514. Receiving
8515. Responding
8516. Valuing
8517. Organization
8518. Value Complex
8519. Knowledge
8520. Comprehension
8521. Application
8522. Analysis
8523. Synthesis
8524. Psychomotor Domain
8525.  
8526. Expert Security/Audit Tools
8527. Receiving
8528. Responding
8529. Valuing
8530. Value Complex
8531. Knowledge
8532. Comprehension
8533. Application
8534. Analysis
8535. Synthesis
8536. Psychomotor Domain
8537.  
8538. Expert Systems
8539. Receiving
8540. Responding
8541. Valuing
8542. Value Complex
8543. Knowledge
8544. Comprehension
8545. Application
8546. Analysis
8547. Psychomotor Domain
8548.  
8549. Fault Tolerance
8550. Receiving
8551. Responding
8552. Valuing
8553. Value Complex
8554. Knowledge
8555. Comprehension
8556. Application
8557. Analysis
8558. Synthesis
8559. Psychomotor Domain
8560.  
8561. Filtered Power
8562. Receiving
8563. Valuing
8564. Value Complex
8565. Comprehension
8566. Application
8567. Psychomotor Domain
8568.  
8569. Firmware Security
8570. Receiving
8571. Responding
8572. Valuing
8573. Value Complex
8574. Knowledge
8575. Application
8576. Analysis
8577. Synthesis
8578. Psychomotor Domain
8579.  
8580. Formal Methods for Security Design
8581. Receiving
8582. Value Complex
8583. Application
8584. Psychomotor Domain
8585.  
8586. Frequency Hopping
8587. Receiving
8588. Valuing
8589. Value Complex
8590. Comprehension
8591. Application
8592. Psychomotor Domain
8593.  
8594. Grounding
8595. Receiving
8596. Value Complex
8597. Application
8598. Psychomotor Domain
8599.  
8600. Isolation and Mediation
8601. Receiving
8602. Valuing
8603. Value Complex
8604. Application
8605. Synthesis
8606. Psychomotor Domain
8607.  
8608. Jamming
8609. Receiving
8610. Organization
8611. Value Complex
8612. Knowledge
8613. Comprehension
8614. Analysis
8615. Psychomotor Domain
8616.  
8617. Kernel
8618. Receiving
8619. Valuing
8620. Organization
8621. Value Complex
8622. Comprehension
8623. Application
8624. Synthesis
8625. Psychomotor Domain
8626.  
8627. Key Certificate Administration
8628. Analysis
8629.  
8630. Labeling
8631. Receiving
8632. Value Complex
8633. Comprehension
8634. Application
8635. Psychomotor Domain
8636.  
8637. Leased-line Networks
8638. Receiving
8639. Valuing
8640. Organization
8641. Knowledge
8642. Comprehension
8643. Analysis
8644. Synthesis
8645. Evaluation
8646. Psychomotor Domain
8647.  
8648. Least Privilege
8649. Receiving
8650. Responding
8651. Valuing
8652. Value Complex
8653. Knowledge
8654. Comprehension
8655. Application
8656. Analysis
8657. Psychomotor Domain
8658.  
8659. Line Authentication
8660. Receiving
8661. Value Complex
8662. Comprehension
8663. Application
8664. Evaluation
8665. Psychomotor Domain
8666.  
8667. Line of sight
8668. Receiving
8669. Value Complex
8670. Comprehension
8671. Application
8672. Psychomotor Domain
8673.  
8674. List-based access controls
8675. Receiving
8676. Responding
8677. Valuing
8678. Value Complex
8679. Knowledge
8680. Comprehension
8681. Application
8682. Analysis
8683. Psychomotor Domain
8684.  
8685. Logs and Journals
8686. Receiving
8687. Responding
8688. Valuing
8689. Organization
8690. Value Complex
8691. Knowledge
8692. Comprehension
8693. Application
8694. Synthesis
8695. Evaluation
8696. Psychomotor Domain
8697.  
8698. Mandatory Access Control
8699. Receiving
8700. Valuing
8701. Value Complex
8702. Application
8703. Analysis
8704. Synthesis
8705. Evaluation
8706. Psychomotor Domain
8707.  
8708. Memory (Non-volatile)
8709. Receiving
8710. Value Complex
8711. Application
8712. Psychomotor Domain
8713.  
8714. Memory (Random)
8715. Receiving
8716. Value Complex
8717. Application
8718. Psychomotor Domain
8719.  
8720. Memory (Sequential)
8721. Receiving
8722. Value Complex
8723. Application
8724. Psychomotor Domain
8725.  
8726. Memory (Volatile)
8727. Receiving
8728. Value Complex
8729. Application
8730. Psychomotor Domain
8731.  
8732. Message Authentication Codes
8733. Receiving
8734. Responding
8735. Valuing
8736. Value Complex
8737. Application
8738. Analysis
8739. Psychomotor Domain
8740.  
8741. Microwave/Wireless Communications 
8742. Security
8743. Receiving
8744. Valuing
8745. Organization
8746. Value Complex
8747. Comprehension
8748. Application
8749. Analysis
8750. Synthesis
8751. Psychomotor Domain
8752.  
8753. Modes of Operation
8754. Receiving
8755. Valuing
8756. Value Complex
8757. Application
8758. Psychomotor Domain
8759.  
8760. Monitoring (e.g.. data. line)
8761. Responding
8762. Valuing
8763. Organization
8764. Value Complex
8765. Comprehension
8766. Synthesis
8767. Evaluation
8768.  
8769. Multilevel Processing
8770. Receiving
8771. Responding
8772. Valuing
8773. Organization
8774. Value Complex
8775. Knowledge
8776. Comprehension
8777. Application
8778. Analysis
8779. Synthesis
8780. Evaluation
8781. Psychomotor Domain
8782.  
8783. Multilevel Security
8784. Receiving
8785. Valuing
8786. Value Complex
8787. Comprehension
8788. Application
8789. Analysis
8790. Synthesis
8791. Psychomotor Domain
8792.  
8793. Network communications protocols
8794. Receiving
8795. Responding
8796. Valuing
8797. Organization
8798. Value Complex
8799. Knowledge
8800. Comprehension
8801. Application
8802. Analysis
8803. Evaluation
8804. Psychomotor Domain
8805.  
8806. Network Firewalls
8807. Receiving
8808. Responding
8809. Valuing
8810. Organization
8811. Value Complex
8812. Knowledge
8813. Application
8814. Analysis
8815. Synthesis
8816. Psychomotor Domain
8817.  
8818. Network Monitoring
8819. Receiving
8820. Responding
8821. Valuing
8822. Organization
8823. Value Complex
8824. Knowledge
8825. Comprehension
8826. Application
8827. Analysis
8828. Synthesis
8829. Evaluation
8830. Psychomotor Domain
8831.  
8832. Network Security Software
8833. Receiving
8834. Responding
8835. Valuing
8836. Organization
8837. Value Complex
8838. Knowledge
8839. Comprehension
8840. Application
8841. Analysis
8842. Synthesis
8843. Psychomotor Domain
8844.  
8845. Network Switching
8846.  
8847. Object Labeling
8848. Receiving
8849. Organization
8850. Value Complex
8851. Application
8852. Analysis
8853. Synthesis
8854. Evaluation
8855. Psychomotor Domain
8856.  
8857. One-time Passwords
8858. Receiving
8859. Responding
8860. Valuing
8861. Organization
8862. Value Complex
8863. Knowledge
8864. Comprehension
8865. Application
8866. Analysis
8867. Synthesis
8868. Psychomotor Domain
8869.  
8870. Open Systems Interconnect (OSI) 
8871. Model
8872. Receiving
8873. Valuing
8874. Organization
8875. Value Complex
8876. Application
8877. Analysis
8878. Psychomotor Domain
8879.  
8880. Operating System Integrity
8881. Receiving
8882. Valuing
8883. Value Complex
8884. Knowledge
8885. Application
8886. Analysis
8887. Evaluation
8888. Psychomotor Domain
8889.  
8890. Operating System Security Features
8891. Receiving
8892. Responding
8893. Valuing
8894. Organization
8895. Value Complex
8896. Knowledge
8897. Application
8898. Analysis
8899. Synthesis
8900. Evaluation
8901. Psychomotor Domain
8902.  
8903. Packet Filtering
8904. Valuing
8905. Value Complex
8906. Application
8907. Analysis
8908. Evaluation
8909.  
8910. Packet-switched Networks
8911.  
8912. Peer-to-Peer Security
8913. Receiving
8914. Responding
8915. Valuing
8916. Organization
8917. Value Complex
8918. Knowledge
8919. Comprehension
8920. Application
8921. Analysis
8922. Synthesis
8923. Evaluation
8924. Psychomotor Domain
8925.  
8926. Penetration Testing
8927. Valuing
8928. Value Complex
8929. Application
8930. Synthesis
8931. Evaluation
8932. Psychomotor Domain
8933.  
8934. Platform-specific Security
8935. Receiving
8936. Responding
8937. Valuing
8938. Organization
8939. Value Complex
8940. Knowledge
8941. Application
8942. Analysis
8943. Synthesis
8944. Evaluation
8945. Psychomotor Domain
8946.  
8947. Private Key Cryptology
8948. Receiving
8949. Responding
8950. Valuing
8951. Value Complex
8952. Knowledge
8953. Application
8954. Analysis
8955. Psychomotor Domain
8956.  
8957. Private Networks
8958.  
8959. Privileges (Class. Nodes)
8960. Receiving
8961. Responding
8962. Valuing
8963. Organization
8964. Value Complex
8965. Knowledge
8966. Application
8967. Analysis
8968. Evaluation
8969. Psychomotor Domain
8970.  
8971. Protective Technology
8972.  
8973. Public Key Encryption
8974. Receiving
8975. Responding
8976. Valuing
8977. Value Complex
8978. Knowledge
8979. Application
8980. Analysis
8981.  
8982. Remote Terminal Protection Devices
8983. Receiving
8984. Responding
8985. Valuing
8986. Organization
8987. Value Complex
8988. Knowledge
8989. Comprehension
8990. Application
8991. Analysis
8992. Psychomotor Domain
8993.  
8994. Role-based Access Controls
8995. Receiving
8996. Valuing
8997. Organization
8998. Value Complex
8999. Knowledge
9000. Application
9001. Analysis
9002. Evaluation
9003. Psychomotor Domain
9004.  
9005. Rules-based Access Control
9006. Receiving
9007. Valuing
9008. Organization
9009. Value Complex
9010. Knowledge
9011. Application
9012. Analysis
9013. Evaluation
9014. Psychomotor Domain
9015.  
9016. Satellite Communications Security
9017. Receiving
9018. Valuing
9019. Value Complex
9020. Knowledge
9021. Application
9022. Evaluation
9023. Psychomotor Domain
9024.  
9025. Security Domains
9026.  
9027. Security Product Integration
9028. Receiving
9029. Responding
9030. Valuing
9031. Organization
9032. Value Complex
9033. Knowledge
9034. Application
9035. Analysis
9036. Synthesis
9037. Evaluation
9038. Psychomotor Domain
9039.  
9040. Security Product Testing/Evaluation
9041. Analysis
9042.  
9043. Shielded Enclosures
9044. Valuing
9045. Value Complex
9046.  
9047. Single Sign-on
9048. Receiving
9049. Responding
9050. Valuing
9051. Value Complex
9052. Knowledge
9053. Application
9054. Analysis
9055. Psychomotor Domain
9056.  
9057. Smartcards/Token Authentication
9058. Receiving
9059. Responding
9060. Valuing
9061. Value Complex
9062. Knowledge
9063. Application
9064. Analysis
9065. Evaluation
9066. Psychomotor Domain
9067.  
9068. Software Engineering
9069.  
9070. Space Systems Security
9071.  
9072. Spread Spectrum Analysis
9073.  
9074. Standalone Systems and Remote 
9075. Terminals
9076. Responding
9077. Valuing
9078. Organization
9079. Value Complex
9080. Knowledge
9081. Evaluation
9082.  
9083. System Software Controls
9084.  
9085. System Testing and Evaluation Process
9086.  
9087. System-high Mode
9088. Receiving
9089. Valuing
9090. Value Complex
9091. Application
9092. Evaluation
9093. Psychomotor Domain
9094.  
9095. Systems Security Engineering
9096.  
9097. TEMPEST
9098. Receiving
9099. Value Complex
9100. Application
9101. Psychomotor Domain
9102.  
9103. Validation (Testing)
9104. Analysis
9105.  
9106. Value-added Networks
9107. Analysis
9108.  
9109. Verification and Validation Process
9110. Analysis
9111.  
9112. Wide Area Networks
9113. Analysis
9114.  
9115. Account Administration
9116. Receiving
9117. Value Complex
9118. Knowledge
9119. Application
9120. Psychomotor Domain
9121.  
9122. Agency-Specific Security Policies
9123. Receiving
9124. Valuing
9125. Organization
9126. Value Complex
9127. Knowledge
9128. Comprehension
9129. Application
9130. Synthesis
9131. Evaluation
9132. Psychomotor Domain
9133.  
9134. Basic/Generic Management Issues
9135. Receiving
9136. Responding
9137. Valuing
9138. Organization
9139. Knowledge
9140. Comprehension
9141. Analysis
9142. Synthesis
9143. Evaluation
9144. Psychomotor Domain
9145.  
9146. Business Aspects of Information 
9147. Security
9148. Receiving
9149. Valuing
9150. Organization
9151. Knowledge
9152. Comprehension
9153. Analysis
9154. Synthesis
9155. Evaluation
9156. Psychomotor Domain
9157.  
9158. Classified Materials(e.g. Handling and 
9159. Security)
9160. Responding
9161. Valuing
9162. Knowledge
9163.  
9164. COMSEC Material Identification & 
9165. Inventory
9166. Receiving
9167. Responding
9168. Valuing
9169. Value Complex
9170. Knowledge
9171. Application
9172. Psychomotor Domain
9173.  
9174. Contracts, Agreements & Other 
9175. Obligation
9176. Receiving
9177. Responding
9178. Valuing
9179. Organization
9180. Value Complex
9181. Knowledge
9182. Application
9183. Synthesis
9184. Evaluation
9185. Psychomotor Domain
9186.  
9187. Customer IT Security Needs
9188. Receiving
9189. Responding
9190. Valuing
9191. Organization
9192. Value Complex
9193. Knowledge
9194. Comprehension
9195. Application
9196. Analysis
9197. Synthesis
9198. Evaluation
9199. Psychomotor Domain
9200.  
9201. Customer Service Orientation
9202. Receiving
9203. Responding
9204. Valuing
9205. Organization
9206. Value Complex
9207. Comprehension
9208. Application
9209. Analysis
9210. Synthesis
9211. Evaluation
9212.  
9213. Emergency Destruction Procedures
9214. Receiving
9215. Responding
9216. Valuing
9217. Organization
9218. Value Complex
9219. Comprehension
9220. Application
9221. Synthesis
9222. Evaluation
9223. Psychomotor Domain
9224.  
9225. Evidence Collection and Preservation
9226. Responding
9227. Evaluation
9228.  
9229. Facilities Management
9230. Responding
9231. Value Complex
9232.  
9233. Guidelines
9234. Receiving
9235. Valuing
9236. Organization
9237. Value Complex
9238. Knowledge
9239. Comprehension
9240. Application
9241. Synthesis
9242. Evaluation
9243. Psychomotor Domain
9244.  
9245. Information Ownership
9246. Receiving
9247. Responding
9248. Valuing
9249. Organization
9250. Value Complex
9251. Knowledge
9252. Analysis
9253. Psychomotor Domain
9254.  
9255. Information Resource Owner/Custodian
9256. Receiving
9257. Responding
9258. Organization
9259. Value Complex
9260. Knowledge
9261. Analysis
9262. Psychomotor Domain
9263.  
9264. Information Sensitivity
9265. Receiving
9266. Responding
9267. Valuing
9268. Organization
9269. Value Complex
9270. Knowledge
9271. Comprehension
9272. Application
9273. Analysis
9274. Synthesis
9275. Evaluation
9276. Psychomotor Domain
9277.  
9278. Investigation of Security Breaches
9279. Receiving
9280. Responding
9281. Valuing
9282. Organization
9283. Value Complex
9284. Knowledge
9285. Comprehension
9286. Application
9287. Analysis
9288. Synthesis
9289. Evaluation
9290. Psychomotor Domain
9291.  
9292. Investigative Authorities
9293. Receiving
9294. Valuing
9295. Organization
9296. Knowledge
9297. Comprehension
9298. Analysis
9299. Synthesis
9300. Evaluation
9301. Psychomotor Domain
9302.  
9303. Legal and Liability Issues
9304. Receiving
9305. Responding
9306. Valuing
9307. Organization
9308. Knowledge
9309. Comprehension
9310. Application
9311. Analysis
9312. Synthesis
9313. Evaluation
9314. Psychomotor Domain
9315.  
9316. Off-site Security (Information. 
9317. Processing)
9318. Receiving
9319. Responding
9320. Valuing
9321. Organization
9322. Value Complex
9323. Knowledge
9324. Comprehension
9325. Application
9326. Analysis
9327. Synthesis
9328. Psychomotor Domain
9329.  
9330. Org.. Placement of the IS/IT Security 
9331. Functions
9332. Valuing
9333. Organization
9334. Value Complex
9335. Knowledge
9336. Comprehension
9337. Synthesis
9338. Evaluation
9339.  
9340. Organizational Culture
9341. Responding
9342. Valuing
9343. Organization
9344. Value Complex
9345. Knowledge
9346. Comprehension
9347. Application
9348. Synthesis
9349. Evaluation
9350.  
9351. Practices
9352. Receiving
9353. Responding
9354. Valuing
9355. Organization
9356. Value Complex
9357. Knowledge
9358. Comprehension
9359. Application
9360. Analysis
9361. Synthesis
9362. Evaluation
9363. Psychomotor Domain
9364.  
9365. Procedures
9366. Receiving
9367. Responding
9368. Valuing
9369. Organization
9370. Value Complex
9371. Knowledge
9372. Comprehension
9373. Application
9374. Analysis
9375. Synthesis
9376. Evaluation
9377. Psychomotor Domain
9378.  
9379. Roles and Responsibilities
9380. Receiving
9381. Responding
9382. Valuing
9383. Organization
9384. Value Complex
9385. Knowledge
9386. Comprehension
9387. Application
9388. Analysis
9389. Synthesis
9390. Evaluation
9391. Psychomotor Domain
9392.  
9393. Security Staffing Requirements
9394. Responding
9395. Valuing
9396. Value Complex
9397. Knowledge
9398. Synthesis
9399. Evaluation
9400.  
9401. Security Violations Reporting Process
9402. Receiving
9403. Responding
9404. Valuing
9405. Organization
9406. Value Complex
9407. Knowledge
9408. Comprehension
9409. Application
9410. Analysis
9411. Synthesis
9412. Evaluation
9413. Psychomotor Domain
9414.  
9415. Storage Area Controls
9416. Receiving
9417. Responding
9418. Valuing
9419. Organization
9420. Value Complex
9421. Knowledge
9422. Comprehension
9423. Application
9424. Analysis
9425. Synthesis
9426. Evaluation
9427. Psychomotor Domain
9428.  
9429. Zone of Control/Zoning
9430. Receiving
9431. Responding
9432. Valuing
9433. Value Complex
9434. Knowledge
9435. Application
9436. Synthesis
9437. Evaluation
9438. Psychomotor Domain
9439.  
9440. Application Development Control
9441. Valuing
9442. Organization
9443. Value Complex
9444. Knowledge
9445. Application
9446. Synthesis
9447.  
9448. Cover and Deception
9449. Application
9450.  
9451. Identification & Authentication
9452. Value Complex
9453. Comprehension
9454. Analysis
9455.  
9456. Inference
9457. Value Complex
9458. Comprehension
9459. Analysis
9460.  
9461. Inference Engine
9462. Receiving
9463. Value Complex
9464. Application
9465. Psychomotor Domain
9466.  
9467. Information Integrity
9468. Valuing
9469. Value Complex
9470. Knowledge
9471. Comprehension
9472. Evaluation
9473.  
9474. Lattice Model
9475. Valuing
9476. Organization
9477. Value Complex
9478. Application
9479. Analysis
9480. Synthesis
9481. Evaluation
9482. Psychomotor Domain
9483.  
9484. Non-inference Model
9485. Receiving
9486. Value Complex
9487. Application
9488. Psychomotor Domain
9489.  
9490. Open Systems Security
9491. Receiving
9492. Valuing
9493. Organization
9494. Value Complex
9495. Comprehension
9496. Application
9497. Analysis
9498. Synthesis
9499. Psychomotor Domain
9500.  
9501. Rainbow Series
9502. Application
9503.  
9504. TCSEC/ITSEC/Common Criteria
9505.  
9506. Auditing Tools
9507. Receiving
9508. Responding
9509. Valuing
9510. Organization
9511. Value Complex
9512. Knowledge
9513. Application
9514. Analysis
9515. Psychomotor Domain
9516.  
9517. Automated Security Tools
9518. Receiving
9519. Responding
9520. Valuing
9521. Organization
9522. Value Complex
9523. Knowledge
9524. Application
9525. Analysis
9526. Psychomotor Domain
9527.  
9528. Classified Materials(e.g.. Handling and 
9529. Sh
9530. Receiving
9531. Responding
9532. Valuing
9533. Organization
9534. Value Complex
9535. Knowledge
9536. Application
9537. Analysis
9538. Psychomotor Domain
9539.  
9540. Entrapment
9541. Receiving
9542. Valuing
9543. Value Complex
9544. Knowledge
9545.  
9546. Evidence Acceptability
9547.  
9548. Human Intelligence (HUMINT)
9549. Receiving
9550. Value Complex
9551. Application
9552. Psychomotor Domain
9553.  
9554. Metrics
9555. Receiving
9556. Responding
9557. Valuing
9558. Value Complex
9559. Knowledge
9560. Application
9561. Analysis
9562. Psychomotor Domain
9563.  
9564. Off-site Security (Information, 
9565. Processing)
9566. Receiving
9567. Responding
9568. Valuing
9569. Organization
9570. Value Complex
9571. Knowledge
9572. Comprehension
9573. Application
9574. Synthesis
9575. Evaluation
9576. Psychomotor Domain
9577.  
9578. Traffic Analysis
9579. Receiving
9580. Valuing
9581. Value Complex
9582. Application
9583. Evaluation
9584. Psychomotor Domain
9585.  
9586. Reconciliation
9587. Receiving
9588. Responding
9589. Valuing
9590. Organization
9591. Knowledge
9592. Analysis
9593. Evaluation
9594. Psychomotor Domain
9595.  
9596. Contractor Security Standards
9597.       P.L. 100-235
9598.       Under U.S. Code 5 CFR Part 930 subpart C.
9599.      FISSEAÑFederal Information Systems Security EducatorsO Association
9600.      Both DACUM I and DACUM II teams had problems with the End User category since it represents another view of the same 
9601. individuals Ñ everyone is an Oend user.O
9602.      Note that the Todd model mixed functions and level in the Audience Category.
9603.      Held at Baltimore, May 1993.
9604.      The OOtherO category was often referred to as the unknown god . This is from the Classic Greek tradition of offering the first 
9605. toast at the party to the unknown gods. The theory here was that if there were a god they had not yet identified, they would not 
9606. insult him/her.  Several others have been proposed and may be added in the future.
9607.      One characteristic of ETCORP DACUM exercises is that they are open-ended. We expect to have suggestions made to this 
9608. living document.
9609.      Schou, Corey D., Integrating Information Security, Center for Decision Support, Report 162, Idaho State University, Pocatello, 
9610. ID 83205-4043
9611.      From five known attempts to date
9612.      A benchmark
9613.      July, 1993, DACUM II project conducted at the Center for Decision Support at  Idaho State University, under the auspices of 
9614. the Federal Information Systems Security EducatorsO Association.
9615.      Schou, Corey D., Maconachy,  W.V., and Frost, J. OOrganizational Information Security: Awareness, Training and Education 
9616. to Maintain Systems Integrity,O Proceedings of the Ninth International Computer Security Symposium,  Toronto, Canada. May, 
9617. 1993.
9618.      A special note of appreciation is extended to Mr. John Tressler, U.S. Department of Education who shared the results of his re-
9619. search and compilation of existing INFOSEC KSAs and CBKs.
9620.      This is from the Classic Greek tradition of offering the first toast at the party to the unknown gods. The theory here was that if 
9621. there were a god they had not yet identified, they would not insult him/her.  
9622. DACUM III THE UNIFIED CURRICULUM
9623.  
9624. 67
9625.  
9626.  
9627.  
9628.  
9629.  
9630.  
9631. DACUM III THE UNIFIED CURRICULUM
9632.  
9633.  
9634.