
Course Description
To help close the workforce gap, (ISC)2 recently launched the Certified in Cybersecurity (CC) entry-level certification. With no experience required, it opens opportunities in the field to a much broader range of candidates, including recent graduates, career changers and IT professionals. CC starts newcomers on their path to advanced cybersecurity certifications like the CISSP and future leadership roles.
Official (ISC)² Certified in Cybersecurity (CC) Entry-Level Certification Training will review the content covered in the exam. It prepares candidates by building a solid foundation of knowledge they need to pass the exam and ultimately land an entry- or junior-level cybersecurity role.

Who Should Get Cybersecurity Certified?
If you’re looking to join a dynamic and rewarding workforce, get Certified in Cybersecurity and join the ranks. This certification is ideal for those who are:
- A current IT professional
- Looking to transition from another field into cybersecurity
- A college student or recent graduate
- An advanced high school student or recent graduate
Prerequisites
There are no specific prerequisites to take the exam. It is recommended that candidates have basic information technology (IT) knowledge. No work experience in cybersecurity or formal educational diploma/degree is required. If you’re a problem-solver with an analytical mindset, Certified in Cybersecurity certification is right for you.
Domain 1:
Security Principles (26%, 20 items)
1.1 Understand the security concepts of information assurance
- Confidentiality
- Integrity
- Availability
- Authentication (e.g., methods of authentication, multi-factor authentication (MFA))
- Non-repudiation
- Privacy
1.2 Understand the risk management process
- Risk management (e.g., risk priorities, risk tolerance)
- Risk identification, assessment and treatment
1.3 Understand security controls
- Technical controls
- Administrative controls
- Physical controls
1.4 Understand (ISC)² Code of Ethics
- Professional code of conduct
1.5 Understand governance processes
- Policies
- Procedures
- Standards
- Regulations and laws
Domain 2:
Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts (10%, 7 items)
2.1 Understand business continuity (BC)
- Purpose
- Importance
- Components
2.2 Understand disaster recovery (DR)
- Purpose
- Importance
- Components
2.3 Understand incident response
- Purpose
- Importance
- Components
Domain 3:
Access Controls Concepts (22%, 17 items)
3.1 Understand physical access controls
- Physical security controls (e.g., badge systems, gate entry, environmental design)
- Monitoring (e.g., security guards, closed-circuit television (CCTV), alarm systems, logs)
- Authorized versus unauthorized personnel
3.2 Understand logical access controls
- Principle of least privilege
- Segregation of duties
- Discretionary access control (DAC)
- Mandatory access control (MAC)
- Role-based access control (RBAC)
4.1 Understand computer networking
- Networks (e.g., Open Systems Interconnection (OSI) model, Transmission Control Protocol/Internet Protocol (TCP/IP) model, Internet Protocol version 4 (IPv4), Internet Protocol version 6 (IPv6), WiFi)
- Ports
- Applications
4.2 Understand network threats and attacks
- Types of threats (e.g., distributed denial-of-service (DDoS), virus, worm, Trojan, man-in-the-middle (MITM), side-channel)
- Identification (e.g., intrusion detection system (IDS), host-based intrusion detection system (HIDS), network intrusion detection system (NIDS))
- Prevention (e.g., antivirus, scans, firewalls, intrusion prevention system (IPS))
4.3 Understand network security infrastructure
- On-premises (e.g., power, data center/closets, Heating, Ventilation, and Air Conditioning (HVAC), environmental, fire suppression, redundancy, memorandum of understanding (MOU)/memorandum of agreement (MOA))
- Design (e.g., network segmentation (demilitarized zone (DMZ), virtual local area network (VLAN), virtual private network (VPN), micro-segmentation), defense in depth, Network Access Control (NAC) (segmentation for embedded systems, Internet of Things (IoT))
- Cloud (e.g., service-level agreement (SLA), managed service provider (MSP), Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS), hybrid)
Domain 5:
Security Operations (18%, 13 items)
5.1 Understand data security
- Encryption (e.g., symmetric, asymmetric, hashing)
- Data handling (e.g., destruction, retention, classification, labeling)
- Logging and monitoring security events
5.2 Understand system hardening
- Configuration management (e.g., baselines, updates, patches)
5.3 Understand best practice security policies
- Data handling policy
- Password policy
- Acceptable Use Policy (AUP)
- Bring your own device (BYOD) policy
- Change management policy (e.g., documentation, approval, rollback)
- Privacy policy
5.4 Understand security awareness training
- Purpose/concepts (e.g., social engineering, password protection)
- Importance