- Programming, Software development
- 200 (Registered)
-

Course Schedule – Topics & Activities
Cybersecurity Introduction & Overview
• Introduction to Cybersecurity
o The evolution of Cybersecurity
o Cybersecurity & situational awareness
o The Cybersecurity skills gap
• Difference between Information Security & Cybersecurity
o Protecting digital assets
• Cybersecurity objectives
o Confidentiality, integrity, & availability
o Nonrepudiation
• Cybersecurity roles
o Governance, risk management, & compliance
o What does a Cybersecurity professional do?
o Information Security roles
o Board of Directors
o Executive management
o Senior Information security management
o Cybersecurity practitioners
• Cybersecurity domains
o Cybersecurity concepts
o Security architecture principles
o Security of networks, systems, applications, & data o Incident response
o Security implications & adoption of evolving technology
Cybersecurity Concepts
• Risk
o Approaches to Cybersecurity
o Key terms & definitions
o Likelihood & impact
o Approaches to risk
o Third-party risk
o Risk management
• Common attack types & vectors o Threat agents
o Attack attributes
o Generalized attack process o Nonadversarial threat events o Malware & attack types
• Policies & procedures
o Policy life cycle
o Guidelines
o Policy frameworks
o Types of Information Security policies
o Access control policy
o Personnel Information Security policy
o Security incident response policy
• Cybersecurity controls
o Identity management
o Provisioning & de-provisioning o Authorization
o Access control lists
o Privileged user management o Change management
o Configuration management o Patch management
Security Architecture Principles
• Overview of security architecture o The security perimeter o Interdependencies
o Security architectures & frameworks o SABSA & the Zachman framework
o The open group architecture framework (TOGAF)
• The OSI model
o TCP/IP
• Defense in Depth
• Firewalls
o Firewall general features
o Network firewall types
o Packet filtering firewalls
o Stateful inspection firewalls
o Stateless vs. stateful
o Examples of firewall implementations
o Firewall issues
o Firewall platforms
• Isolation & segmentation o VLANs
o Security zones & DMZs
• Monitoring, detection, and logging
o Ingress, egress, & data loss prevention (DLP)
o Antivirus & anti-malware
o Intrusion detection systems
o IDS limitations
o IDS policy
o Intrusion prevention systems
• Cryptography Fundamentals
o Key elements of cryptographic systsms
o Key systems
• Encryption techniques
o Symmetric (private) key encryption
o Asymmetric (private) key encryption
o Elliptical curve cryptography
o Quantum cryptography
o Advanced encryption standard
o Digital signature
o Virtual private network
o Wireless network protections
o Stored data
o Public key infrastructure
• Encryption applications
o Applications of cryptographic systems
Security of Networks, Systems, Applications, & Data
• Process controls – risk assessments o Attributes of risk
o Risk response workflow o Risk analysis
o Evaluating security controls
o Risk assessment success criteria
o Managing risk
o Using the results of the risk assessment
• Process controls – vulnerability management o Vulnerability management
o Vulnerability scans
o Vulnerability assessment
o Remediation
o Reporting & metrics
• Process controls – penetration testing
o Penetration testers
o Penetration testing phases
• Network security
o Network management
o LAN/WAN security
o Network risks
o Wireless local area networks
o Wired equivalent privacy & Wi-Fi protected access (WPA/WPA2)
o Ports & protocols
o Port numbers
o Protocol numbers & assignment services
o Virtual private networks
o Remote access
• Operating system security
o System/platform hardening
o Modes of operations
o File system permissions
o Credentials & privileges
o Command line knowledge
o Logging & system monitoring
o Virtualization
o Specialized systems
• Application security
o System development life cycle (SDLC)
o Security within SDLC
o Design requirements
o Testing
o Review process
o Separation of development, testing, & production environments o OWASP top ten
o Wireless application protocol (WAP)
• Data security
o Data classification
o Data owners
o Data classification requirements
o Database security
Incident Response
• Event vs. incident
o Events vs. incident
o Types of incidents
• Security incident response
o What is incident response?
o Why do we need incident response?
o Elements of an incident response plan
o Security event management
• Investigations, legal holds, & preservation o Investigations
o Evidence preservation o Legal requirements
• Forensics
o Data protection
o Data acquisition
o Imaging
o Extraction
o Interrogation
o Ingestion/normalization
o Reporting
o Network traffic analysis
o Log file analysis
o Time lines
o Anti-forensics
• Disaster recovery & business continuity plans
o What is a disaster?
o Business continuity & disaster recovery
o Business impact analysis
o Recovery time objectives (RTO)
o Recover point objective (RPO)
o IS business continuity planning
o Recovery concepts
o Backup procedures
Security Implications & Adoption of Evolving Technology
• Current threat landscape
• Advanced persistent threats (APTs)
o Evolution of the threat landscape
o Defining APTs
o APT characteristics
o APT targets
o Stages of an APT attack
• Mobile technology – vulnerabilities, threats, & risk o Physical risk
o Organizational risk o Technical risk
o Activity monitoring & data retrieval o Unauthorized network connectivity
o Web view/user interface (UI) impersonation o Sensitive data leakage
o Unsafe sensitive data storage
o Unsafe sensitive data transmission o Drive-by vulnerabilities
• Consumerization of IT & mobile devices
o BYOD
• Cloud & digital collaboration
o Risk of cloud computing
o Web application risk
o Benefits of cloud computing
Course Content
Curriculum is empty