COURSE OBJECTIVE:
After completing this course you should be able to:
• Increase your awareness of security • Interpret/analyze tool output for network mapping/footprinting • Reduce attack surface of systems • Review networking as it applies to security controls • Explore different data protection principles • Examine the role of PKI/certificates in building trusted relationships between devices in a network • Implement login security and other identity management solutions • Reduce attack surface of network devices • Explore current malware threats and anti-malware solutions • Explore social engineering threats, methods, and techniques • Examine software vulnerabilities and security solutions for reducing the risk of exploitation • Explain monitoring capabilities and requirements and how those may raise privacy concerns • Identify physical security controls and the relationship between physical and IT security • Explain incident response capabilities • Identify legal considerations and investigative techniques when it comes to cybersecurity • Research trends in cybersecurity
TARGET AUDIENCE:
• Network professionals looking to advance their knowledge and explore cybersecurity as a career path
• Executives and managers looking to increase their ability to communicate with security professionals and implement a robust security solution at the organizational level
• Individuals who want to improve their understanding of cybersecurity fundamentals, including threats, mitigating controls, and organizational responsbilities
COURSE PREREQUISITES:
Attendees should meet the following prerequisites:
• TCP/IP Networking or equivalent knowledge
COURSE CONTENT:
Cybersecurity Awareness • What is security? • Confidentiality, integrity, and availability • Security baselining • Security concerns: Humans • Types of threats • Security controls • What is hacking? • Risk management • Data in motion vs. data at rest • Module reviewNetwork Discovery • Networking review • Discovery, footprinting, and scanning • Common vulnerabilities and exposures • Security policies • Vulnerabilities • Module reviewSystems Hardening • What is hardening? • Types of systems that can be hardened • Security baselines • How to harden systems • Hardening systems by role • Mobile devices • Hardening on the network • Analysis tools • Authentication, authorization, and accounting • Physical security • Module reviewSecurity Architecture • Security architecture • Network devices • Network zones • Network segmentation • Network Address Translation • Network Access Control • Module reviewData Security • Cryptography • Principles of permissions • Steganography • Module reviewPublic Key Infrastructure • Public key infrastructure • Certification authorities • Enabling trust • Certificates • CA management • Module reviewIdentity Management • What is identity management? • Personally identifiable information • Authentication factors • Directory services • Kerberos • Windows NT LAN Manager • Password policies • Cracking passwords • Password assessment tools • Password managers • Group accounts • Service accounts • Federated identities • Identity as a Service • Module reviewNetwork Hardening • Limiting remote admin access • AAA: Administrative access • Simple Network Management Protocol • Network segmentation • Limiting physical access • Establishing secure access • Network devices • Fundamental device protection summary • Traffic filtering best practices • Module reviewMalware • What is malware? • Infection methods • Types of malware • Backdoors • Countermeasures • Protection tools • Module reviewSocial Engineering • What is social engineering? • Social engineering targets • Social engineering attacks • Statistical data • Information harvesting • Preventing social engineering • Cyber awareness: Policies and procedures • Social media • Module reviewSoftware Security • Software engineering • Security guidelines • Software vulnerabilities • Module reviewEnvironment Monitoring • Monitoring • Monitoring vs. logging • Monitoring/logging benefits • Logging • Metrics • Module reviewPhysical Security • What is physical security? • Defense in depth • Types of physical security controls • Device security • Human security • Security policies • Equipment tracking • Module reviewIncident Response • Disaster types • Incident investigation tips • Business continuity planning • Disaster recovery plan • Forensic incident response • Module reviewLegal Considerations • Regulatory compliance • Cybercrime • Module reviewTrends in Cybersecurity • Cybersecurity design constraints • Cyber driving forces • How connected are you? • How reliant on connectivity are you? • Identity management • Cybersecurity standards • Cybersecurity trainingCourse Look Around • Looking back • Looking forward • Planning your journey • View More View More Lab 1: Explore HR SecurityLab 2: Interpret Scanning ResultsLab 3: Harden Servers and WorkstationsLab:4 Security ArchitectureLab 5: Protect DataLab 6: Configure a PKILab 7: Manage PasswordsLab 8: Explore Hardening Recommendations and Known VulnerabilitiesLab 9: Detect MalwareLab 10: Social EngineeringLab 11: Privilege EscalationLab 12: Monitor a SystemLab 13: Implement Physical SecurityLab 14: Incident ResponseLab 15: Review Legal Considerations
FOLLOW ON COURSES:
The following courses are recommended for further study:
G013 – CompTIA Security+CEH – Certifed Ethical Hacker
CISM – Certified Information Security Manager