- Programming, Software development
- 200 (Registered)
-
(0 Review)
Cybersecurity Fundamentals
Course Schedule – Topics & Activities
Cybersecurity Introduction & Overview
- Introduction to Cybersecurity
- The evolution of Cybersecurity
- Cybersecurity & situational awareness
- The Cybersecurity skills gap
- Difference between Information Security & Cybersecurity
- Protecting digital assets
- Cybersecurity objectives
- Confidentiality, integrity, & availability
- Nonrepudiation
- Cybersecurity roles
- Governance, risk management, & compliance
- What does a Cybersecurity professional do?
- Information Security roles
- Board of Directors
- Executive management
- Senior Information security management
- Cybersecurity practitioners
- Cybersecurity domains
- Cybersecurity concepts
- Security architecture principles
- Security of networks, systems, applications, & data o Incident response
o Security implications & adoption of evolving technology
Cybersecurity Concepts
- Risk
o Approaches to Cybersecurity
o Key terms & definitions
o Likelihood & impact
o Approaches to risk
o Third-party risk
o Risk management
- Common attack types & vectors o Threat agents
o Attack attributes
o Generalized attack process o Nonadversarial threat events o Malware & attack types
- Policies & procedures
o Policy life cycle
- Guidelines
o Policy frameworks
o Types of Information Security policies
o Access control policy
o Personnel Information Security policy
o Security incident response policy
- Cybersecurity controls
o Identity management
- Provisioning & de-provisioning o Authorization
o Access control lists
o Privileged user management o Change management
o Configuration management o Patch management
Security Architecture Principles
- Overview of security architecture o The security perimeter o Interdependencies
o Security architectures & frameworks o SABSA & the Zachman framework
o The open group architecture framework (TOGAF)
- The OSI model
- TCP/IP
- Defense in Depth
- Firewalls
- Firewall general features
- Network firewall types
- Packet filtering firewalls
o Stateful inspection firewalls
o Stateless vs. stateful
o Examples of firewall implementations
o Firewall issues
o Firewall platforms
- Isolation & segmentation o VLANs
o Security zones & DMZs
- Monitoring, detection, and logging
o Ingress, egress, & data loss prevention (DLP)
- Antivirus & anti-malware
- Intrusion detection systems
- IDS limitations
- IDS policy
- Intrusion prevention systems
- Cryptography Fundamentals
- Key elements of cryptographic systsms
- Key systems
- Encryption techniques
- Symmetric (private) key encryption
o Asymmetric (private) key encryption
o Elliptical curve cryptography
o Quantum cryptography
o Advanced encryption standard
o Digital signature
o Virtual private network
o Wireless network protections
o Stored data
o Public key infrastructure
- Encryption applications
o Applications of cryptographic systems
Security of Networks, Systems, Applications, & Data
- Process controls – risk assessments o Attributes of risk
o Risk response workflow o Risk analysis
o Evaluating security controls
o Risk assessment success criteria
o Managing risk
o Using the results of the risk assessment
- Process controls – vulnerability management o Vulnerability management
o Vulnerability scans
o Vulnerability assessment
o Remediation
o Reporting & metrics
- Process controls – penetration testing
o Penetration testers
o Penetration testing phases
- Network security
o Network management
o LAN/WAN security
o Network risks
o Wireless local area networks
o Wired equivalent privacy & Wi-Fi protected access (WPA/WPA2)
o Ports & protocols
o Port numbers
o Protocol numbers & assignment services
o Virtual private networks
o Remote access
- Operating system security
o System/platform hardening
o Modes of operations
o File system permissions
o Credentials & privileges
o Command line knowledge
o Logging & system monitoring
- Virtualization
o Specialized systems
- Application security
o System development life cycle (SDLC)
o Security within SDLC
o Design requirements
- Testing
o Review process
o Separation of development, testing, & production environments o OWASP top ten
o Wireless application protocol (WAP)
- Data security
o Data classification
o Data owners
o Data classification requirements
o Database security
Incident Response
- Event vs. incident
o Events vs. incident
o Types of incidents
- Security incident response
o What is incident response?
o Why do we need incident response?
o Elements of an incident response plan
o Security event management
- Investigations, legal holds, & preservation o Investigations
o Evidence preservation o Legal requirements
- Forensics
o Data protection
o Data acquisition
- Imaging
- Extraction
- Interrogation
- Ingestion/normalization
- Reporting
- Network traffic analysis
- Log file analysis
- Time lines
- Anti-forensics
- Disaster recovery & business continuity plans
- What is a disaster?
o Business continuity & disaster recovery
o Business impact analysis
o Recovery time objectives (RTO)
o Recover point objective (RPO)
o IS business continuity planning
o Recovery concepts
o Backup procedures
Security Implications & Adoption of Evolving Technology
- Current threat landscape
- Advanced persistent threats (APTs)
o Evolution of the threat landscape
o Defining APTs
o APT characteristics
o APT targets
o Stages of an APT attack
- Mobile technology – vulnerabilities, threats, & risk o Physical risk
o Organizational risk o Technical risk
o Activity monitoring & data retrieval o Unauthorized network connectivity
o Web view/user interface (UI) impersonation o Sensitive data leakage
o Unsafe sensitive data storage
o Unsafe sensitive data transmission o Drive-by vulnerabilities
- Consumerization of IT & mobile devices
- BYOD
- Cloud & digital collaboration
- Risk of cloud computing
- Web application risk
- Benefits of cloud computing
Course Content
Curriculum is empty
Instructor
Related Courses
