The ISSPCS Subject Matrix provides a life-cycle approach to security within an organisation, covering the full range of security related activities from strategic security management to security administration and is based on:

• Security processes - that represents a core area of knowledge, upon which larger concepts are developed and security implementations are created.
  • Strategic Security Management
  • Compliance (Standards/Legal)
  • Asset Identification, Classification and Valuation
  • Security Risk Analysis and Assessment
  • Security Risk Treatment (Management of the Risk)
  • Operational Security Management
  • Security Operations: Normal Conditions
  • Security Operations: Abnormal Conditions
• Functional disciplines - that represent realistic applications of knowledge in a specific situation or circumstance.
  • Fundamental Theory
  • Environmental and Infrastructure Security
  • Systems Security
  • Communications and Network Security
  • Physical Security
  • Personnel Security

ISSPCS creates a "module" where each security process and functional discipline intersect to produce a specific, real-world application of security knowledge as shown in the following diagram:

For example, ISSPCS lets you study "Communications and Network Security" under the Process Areas of "Strategic Security Management", "Compliance", "Asset Identification, Classification and Valuation", "Security Risk Analysis & Assessment", "Security Risk Treatment", "Security Mechanisms: Normal Operations", "Security Mechanisms: Abnormal Operations", and "Operational Security Management". Each Process Area contains specific knowledge concerning the application of a Functional Discipline to that Process.

The modules also form the basis of all ISSPCS certification resources.