Course Content

Lesson 1: Security Fundamentals

Topic 1A: Information Security Cycle
What Is Information Security?
What to Protect
Goals of Security
Vulnerabilities
Threats
Attacks
Intrusions
Risk
Controls
Types of Controls
Security Management Objectives
How to

Topic 1B: Information Security Controls
The CIA Triad
Non-repudiation
Authentication
Identification
The Five As
Access Control Methods
Implicit Deny
Least Privilege
Separation of Duties
Job Rotation
Mandatory Vacation
Time of Day Restrictions
Privilege Management
How to

Topic 1C: Authentication Methods
Authentication Factors
User Name/Password Authentication
Tokens
Trusted OS
Biometrics
Multi-Factor Authentication
Mutual Authentication
How to

Topic 1D: Cryptography Fundamentals
Cryptography
Encryption
Ciphers
Cipher Types
Encryption and Security Goals
Encryption Algorithms
Steganography
Keys
Hashing Encryption
Hashing Encryption Algorithms
Symmetric Encryption
Symmetric Encryption Algorithms
Asymmetric Encryption
Asymmetric Encryption Algorithms
Digital Signatures
Quantum Cryptography
Hardware-Based Encryption Devices
How to

Topic 1E: Security Policy Fundamentals
Security Policies
Security Policy Components
Security Policy Issues
Common Security Policy Types
Security Document Categories
Change Management
Documentation Handling Measures
How to

Lesson 2: Security Threats and Vulnerabilities

Topic 2A: Social Engineering
Social Engineering Attacks
Types of Social Engineering
Hackers and Attackers
Categories of Attackers
How to

Topic 2B: Physical Threats and Vulnerabilities
Physical Security
Physical Security Threats and Vulnerabilities
Hardware Attacks
Environmental Threats and Vulnerabilities
How to

Topic 2C: Network-Based Threats
TCP/IP Basics
Port Scanning Attacks
Eavesdropping Attacks
Replay Attacks
Social Network Attacks
Man-in-the-Middle Attacks
Denial of Service (DoS) Attacks
Distributed Denial of Service (DDoS) Attacks
Types of DoS Attacks
Session Hijacking
P2P Attacks
ARP Poisoning
DNS Vulnerabilities
How to

Topic 2D: Wireless Threats and Vulnerabilities
Wireless Security
Wireless Threats and Vulnerabilities
How to

Topic 2E: Software Based Threats
Software Attacks
Malicious Code Attacks
Types of Malicious Code Attacks
Password Attacks
Types of Password Attacks
Backdoor Attacks
Application Attacks
Types of Application Attacks
How to

Lesson 3: Network Security

Topic 3A: Network Devices and Technologies
Network Components
Network Devices
Network Technologies
Intrusion Detection Systems (IDSs)
NIDS
NIPS
Types of Network Monitoring Systems
Virtual Private Networks (VPNs)
VPN Concentrator
Web Security Gateways
How to

Topic 3B: Network Design Elements and Components
NAC
VLANs
Subnetting
NAT
Remote Access
Remote Access Methods
Telephony Components
Virtualization
Cloud Computing
Cloud Computing Service Types
How to

Topic 3C: Implement Networking Protocols
Internet Protocols
DNS
HTTP
SSL
Transport Layer Security (TLS)
HTTPS
SSH
SNMP
ICMP
IPSec
File Transfer Protocols
Ports
MMC
How to How to Implement Networking Protocols

Topic 3D: Apply Network Security Administration Principles
Rule-Based Management
Network Administration Security Methods
How to How to Apply Network Security Administration Principles

Topic 3E: Secure Wireless Traffic
The 802.11 Protocol
802.11 Standards
The WAP Protocol
Wireless Security Protocols
Wireless Security Methods
How to How to Secure Wireless Traffic

Lesson 4: Managing Application, Data and Host Security

Topic 4A: Establish Device/Host Security
Hardening
Operating System Security
Operating System Security Settings
Security Baselines
Software Updates
Patch Management
Logging
Auditing
Anti-Malware Software
Types of Anti-Malware Software
Virtualization Security Techniques
Hardware Security Controls
Strong Passwords
How to How to Establish Device/Host Security

Topic 4B: Application Security
What is Application Security?
Application Security Methods
Input Validation
Input Validation Vulnerabilities
Error and Exception Handling
Cross-Site Scripting
Cross-Site Request Forgery (XSRF)
Cross-Site Attack Prevention Methods
Fuzzing
Web Browser Security
How to

Topic 4C: Data Security
What is Data Security?
Data Security Vulnerabilities
Data Encryption Methods
Hardware-Based Encryption Devices
How to

Topic 4D: Mobile Security
Mobile Device Types
Mobile Device Vulnerabilities
Mobile Device Security Controls
How to

Lesson 5: Access Control, Authentication, and Account Management

Topic 5A: Access Control and Authentication Services
Directory Services
LDAP
Common Directory Services
Remote Access Methods
Tunneling
VPN
Layer Two Tunneling Protocol (L2TP)
Point-to-Point Tunneling Protocol (PPTP)
CHAP
PAP
PGP
RADIUS
TACACS
Kerberos
The Kerberos Process
How to

Topic 5B: Implement Account Management Security Controls
Identity Management
Account Management
Account Privileges
Account Policy
Multiple Accounts
Multiple User Account Issues
Account Management Security Controls
Group Policy
How to Implement Account Management Security Controls

Lesson 6: Managing Public Key Infrastructure (PKI)

Topic 6A: Install a Certificate Authority (CA) Hierarchy
Digital Certificates
Certificate Authentication
Single vs. Dual Sided Certificate Authentication
Public Key Infrastructure (PKI)
PKI Components
CA Hierarchies (Trust Models)
The Root CA
Public and Private Roots
Subordinate CAs
Offline Root CAs
CA Hierarchy Design Options
How to How to Install a Certificate Authority (CA) Hierarchy

Topic 6B: Back Up a CA
How to How to Back Up a CA

Topic 6C: Restore a CA
How to How to Restore a CA

Lesson 7: Managing Certificates

Topic 7A: Enroll Certificates
The Certificate Enrollment Process
The Certificate Life Cycle
Certificate Life Cycle Management
How to How to Enroll Certificates

Topic 7B: Secure Network Traffic by Using Certificates
SSL Enrollment Process
How to How to Secure Network Traffic by Using Certificates

Topic 7C: Renew Certificates
How to How to Renew Certificates

Topic 7D: Revoke Certificates
Certificate Revocation
The Certificate Revocation List (CRL)
How to How to Revoke Certificates

Topic 7E: Back Up Certificates and Private Keys
Private Key Protection Methods
Key Escrow
How to How to Back Up Certificates and Private Keys

Topic 7F: Restore Certificates and Private Keys
Private Key Restoration Methods
Private Key Replacement
How to How to Restore Certificates and Private Keys

Lesson 8: Compliance and Operational Security

Topic 8A: Physical Security
Physical Security Controls
Physical Security Control Types
Environmental Exposures
Environmental Controls
Environmental Monitoring
How to

Topic 8B: Legal Compliance
Compliance Laws and Regulations
Legal Requirements
Types of Legal Requirements
Due Care
Due Diligence
Due Process
Forensic Requirements
How to

Topic 8C: Security Awareness and Training
Security Policy Awareness
Employee Education
User Security Responsibilities
How to

Lesson 9: Managing Risk

Topic 9A: Risk Analysis
Risk Management
Types of Risk
Components of Risk Analysis
Phases of Risk Analysis
Risk Analysis Methods
Risk Calculation
Risk Response Strategies
How to

Topic 9B: Implement Risk Mitigation Strategies
Risk Control Types
Security Incident Management
Risk Mitigation Techniques
How to Implement Risk Mitigation Strategies

Lesson 10: The Security Infrastructure

Topic 10A: Implement Vulnerability Assessment Tools and Techniques
Security Assessment Types
Security Assessment Techniques
Security Assessment Tools
Honeypots
How to How to Implement Vulnerability Assessment Tools and Techniques

Topic 10B: Scan for Vulnerabilities
The Hacking Process
Ethical Hacking
Penetration Testing and Vulnerability Scanning
Types of Vulnerability Scans
Box Testing Methods
Security Utilities
Vulnerable Port Ranges
How to How to Scan for Vulnerabilities

Topic 10C: Mitigation and Deterrent Techniques
Security Posture
Detection vs. Prevention Controls
Types of Mitigation and Deterrent Techniques
How to

Lesson 11: Managing Security Incidents

Topic 11A: Respond to Security Incidents
Computer Crime
First Responders
Chain of Custody
Incident Response Policies
Computer Forensics
Order of Volatility
Basic Forensic Response Procedures for IT
Basic Forensic Process
How to How to Respond to Security Incidents

Topic 11B: Recover from a Security Incident
Damage Assessment and Loss Control Guidelines
Organizational Security Reporting Structures
Security Incident Reporting Options
How to How to Recover from a Security Incident

Lesson 12: Business Continuity and Disaster Recovery

Topic 12A: Business Continuity
Business Continuity Plans
Business Impact Analysis
Continuity of Operations Plan
IT Contingency Planning
Succession Planning
Business Continuity Testing
How to

Topic 12B: Plan for Disaster Recovery
Disaster Recovery Plans
Fault Tolerance
Redundancy Measures
High Availability
Alternate Sites
Disaster Recovery Testing
Disaster Recovery Evaluation and Maintenance
How to How to Plan for Disaster Recovery

Topic 12C: Execute Disaster Recovery Plans and Procedures
The Recovery Team
The Salvage Team
The Disaster Recovery Process
Secure Recovery
Backup Types and Recovery Plans
Backout Contingency Plans
Secure Backups
Backup Storage Locations
How to How to Execute Disaster Recovery Plans and Procedures