• No results found

Security + Certification (ITSY 1076) Syllabus

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Security + Certification (ITSY 1076) Syllabus"

Copied!
10
0
0

Loading.... (view fulltext now)

Download now ( 10 Page )

Full text

(1)

Security + Certification (ITSY 1076)

Syllabus

Course: ITSY 1076 Security+ 40 hours Course Description:

This course is targeted toward an Information Technology (IT) professional who has

networking and administrative skills in Windows-based TCP/IP networks and familiarity with other operating systems, such as OS X, Unix, or Linux, and who wants to further a career in IT by acquiring a foundational knowledge of security topics; prepare for the CompTIA

Security+ Certification examination; or use Security+ as the foundation for advanced security certifications or career roles. (2011 Objectives)

Prerequisite:

CompTIA A+ and Network+ certifications, or equivalent knowledge, and six to nine months experience in networking

Course Objectives:

Upon successful completion of this course, students will be able to:

 identify the fundamental concepts of computer security.

 identify security threats and vulnerabilities.

 examine network security.

 manage application, data and host security.

 identify access control and account management security measures.

 manage public key infrastructure (PKI).

 manage certificates.

 identify compliance and operational security measures.

 manage risk.

 establish key components of the security infrastructure.

 manage security incidents.

 develop business continuity and disaster recovery plans.

Rationale:

A vendor and product neutral course which will earn the student an established industry credential that validates their network and server expertise. Will serve as a jumping off point for higher level certifications.

Evaluation:

Those who participate in class discussions, complete class labs and miss no more than three class meetings will be awarded 4.0 continuing education units. Ultimate evaluation of the student will be their successfully passing the CompTIA Security + (2011 edition) (SY0-201) examination.

(2)

CompTIA Security+ All-in-One Exam Guide, Fourth Edition (Exam SY0-401) ISBN-13: 978-0071841245

Mike Meyers’ CompTIA Security+ Certification Passport, Fourth Edition (Exam SY0-401) (Mike Meyers' Certficiation Passport) ISBN-13: 978-0071832144

Proposed Schedule

Lesson 1: Security Fundamentals

Topic 1A: Information Security Cycle What Is Information Security?

What to Protect Goals of Security Vulnerabilities Threats Attacks Intrusions Risk Controls Types of Controls

Security Management Objectives How to

Topic 1B: Information Security Controls The CIA Triad

Non-repudiation Authentication Identification The Five As

Access Control Methods Implicit Deny

Least Privilege Separation of Duties Job Rotation

Mandatory Vacation Time of Day Restrictions Privilege Management How to

Topic 1C: Authentication Methods Authentication Factors

(3)

Topic 1D: Cryptography Fundamentals Cryptography

Encryption Ciphers Cipher Types

Encryption and Security Goals Encryption Algorithms

Steganography Keys

Hashing Encryption

Hashing Encryption Algorithms Symmetric Encryption

Symmetric Encryption Algorithms Asymmetric Encryption

Asymmetric Encryption Algorithms Digital Signatures

Quantum Cryptography

Hardware-Based Encryption Devices How to

Topic 1E: Security Policy Fundamentals Security Policies

Security Policy Components Security Policy Issues

Common Security Policy Types Security Document Categories Change Management

Documentation Handling Measures How to

Lesson 2: Security Threats and Vulnerabilities

Topic 2A: Social Engineering Social Engineering Attacks Types of Social Engineering Hackers and Attackers Categories of Attackers How to

Topic 2B: Physical Threats and Vulnerabilities Physical Security

Physical Security Threats and Vulnerabilities Hardware Attacks

Environmental Threats and Vulnerabilities How to

(4)

Port Scanning Attacks Eavesdropping Attacks Replay Attacks

Social Network Attacks Man-in-the-Middle Attacks Denial of Service (DoS) Attacks

Distributed Denial of Service (DDoS) Attacks Types of DoS Attacks

Session Hijacking P2P Attacks ARP Poisoning DNS Vulnerabilities How to

Topic 2D: Wireless Threats and Vulnerabilities Wireless Security

Wireless Threats and Vulnerabilities How to

Topic 2E: Software Based Threats Software Attacks

Malicious Code Attacks

Types of Malicious Code Attacks Password Attacks

Types of Password Attacks Backdoor Attacks

Application Attacks

Types of Application Attacks How to

Lesson 3: Network Security

Topic 3A: Network Devices and Technologies Network Components

Network Devices Network Technologies

Intrusion Detection Systems (IDSs) NIDS

NIPS

Types of Network Monitoring Systems Virtual Private Networks (VPNs) VPN Concentrator

Web Security Gateways How to

Topic 3B: Network Design Elements and Components NAC

(5)

Subnetting NAT

Remote Access

Remote Access Methods Telephony Components Virtualization

Cloud Computing

Cloud Computing Service Types How to

Topic 3C: Implement Networking Protocols Internet Protocols

DNS HTTP SSL

Transport Layer Security (TLS) HTTPS

SSH SNMP ICMP IPSec

File Transfer Protocols Ports

MMC

How to How to Implement Networking Protocols

Topic 3D: Apply Network Security Administration Principles Rule-Based Management

Network Administration Security Methods

How to How to Apply Network Security Administration Principles

Topic 3E: Secure Wireless Traffic The 802.11 Protocol

802.11 Standards The WAP Protocol

Wireless Security Protocols Wireless Security Methods

How to How to Secure Wireless Traffic

Lesson 4: Managing Application, Data and Host Security

Topic 4A: Establish Device/Host Security Hardening

Operating System Security

Operating System Security Settings Security Baselines

(6)

Logging Auditing

Anti-Malware Software

Types of Anti-Malware Software Virtualization Security Techniques Hardware Security Controls

Strong Passwords

How to How to Establish Device/Host Security

Topic 4B: Application Security What is Application Security? Application Security Methods Input Validation

Input Validation Vulnerabilities Error and Exception Handling Cross-Site Scripting

Cross-Site Request Forgery (XSRF) Cross-Site Attack Prevention Methods Fuzzing

Web Browser Security How to

Topic 4C: Data Security What is Data Security? Data Security Vulnerabilities Data Encryption Methods

Hardware-Based Encryption Devices How to

Topic 4D: Mobile Security Mobile Device Types

Mobile Device Vulnerabilities Mobile Device Security Controls How to

Lesson 5: Access Control, Authentication, and Account Management

Topic 5A: Access Control and Authentication Services Directory Services

LDAP

Common Directory Services Remote Access Methods Tunneling

VPN

Layer Two Tunneling Protocol (L2TP) Point-to-Point Tunneling Protocol (PPTP) CHAP

(7)

PGP RADIUS TACACS Kerberos

The Kerberos Process How to

Topic 5B: Implement Account Management Security Controls Identity Management

Account Management Account Privileges Account Policy Multiple Accounts

Multiple User Account Issues

Account Management Security Controls Group Policy

How to Implement Account Management Security Controls

Lesson 6: Managing Public Key Infrastructure (PKI)

Topic 6A: Install a Certificate Authority (CA) Hierarchy Digital Certificates

Certificate Authentication

Single vs. Dual Sided Certificate Authentication Public Key Infrastructure (PKI)

PKI Components

CA Hierarchies (Trust Models) The Root CA

Public and Private Roots Subordinate CAs

Offline Root CAs

CA Hierarchy Design Options

How to How to Install a Certificate Authority (CA) Hierarchy

Topic 6B: Back Up a CA How to How to Back Up a CA

Topic 6C: Restore a CA How to How to Restore a CA

Lesson 7: Managing Certificates

Topic 7A: Enroll Certificates

The Certificate Enrollment Process The Certificate Life Cycle

(8)

Topic 7B: Secure Network Traffic by Using Certificates SSL Enrollment Process

How to How to Secure Network Traffic by Using Certificates

Topic 7C: Renew Certificates How to How to Renew Certificates

Topic 7D: Revoke Certificates Certificate Revocation

The Certificate Revocation List (CRL) How to How to Revoke Certificates

Topic 7E: Back Up Certificates and Private Keys Private Key Protection Methods

Key Escrow

How to How to Back Up Certificates and Private Keys

Topic 7F: Restore Certificates and Private Keys Private Key Restoration Methods

Private Key Replacement

How to How to Restore Certificates and Private Keys

Lesson 8: Compliance and Operational Security

Topic 8A: Physical Security Physical Security Controls Physical Security Control Types Environmental Exposures Environmental Controls Environmental Monitoring How to

Topic 8B: Legal Compliance Compliance Laws and Regulations Legal Requirements

Types of Legal Requirements Due Care

Due Diligence Due Process

Forensic Requirements How to

Topic 8C: Security Awareness and Training Security Policy Awareness

Employee Education

(9)

Lesson 9: Managing Risk

Topic 9A: Risk Analysis Risk Management Types of Risk

Components of Risk Analysis Phases of Risk Analysis Risk Analysis Methods Risk Calculation

Risk Response Strategies How to

Topic 9B: Implement Risk Mitigation Strategies Risk Control Types

Security Incident Management Risk Mitigation Techniques

How to Implement Risk Mitigation Strategies

Lesson 10: The Security Infrastructure

Topic 10A: Implement Vulnerability Assessment Tools and Techniques Security Assessment Types

Security Assessment Techniques Security Assessment Tools Honeypots

How to How to Implement Vulnerability Assessment Tools and Techniques

Topic 10B: Scan for Vulnerabilities The Hacking Process

Ethical Hacking

Penetration Testing and Vulnerability Scanning Types of Vulnerability Scans

Box Testing Methods Security Utilities

Vulnerable Port Ranges

How to How to Scan for Vulnerabilities

Topic 10C: Mitigation and Deterrent Techniques Security Posture

Detection vs. Prevention Controls

Types of Mitigation and Deterrent Techniques How to

Lesson 11: Managing Security Incidents

Topic 11A: Respond to Security Incidents Computer Crime

(10)

Chain of Custody

Incident Response Policies Computer Forensics

Order of Volatility

Basic Forensic Response Procedures for IT Basic Forensic Process

How to How to Respond to Security Incidents

Topic 11B: Recover from a Security Incident Damage Assessment and Loss Control Guidelines Organizational Security Reporting Structures Security Incident Reporting Options

How to How to Recover from a Security Incident

Lesson 12: Business Continuity and Disaster Recovery

Topic 12A: Business Continuity Business Continuity Plans Business Impact Analysis Continuity of Operations Plan IT Contingency Planning Succession Planning

Business Continuity Testing How to

Topic 12B: Plan for Disaster Recovery Disaster Recovery Plans

Fault Tolerance

Redundancy Measures High Availability

Alternate Sites

Disaster Recovery Testing

Disaster Recovery Evaluation and Maintenance How to How to Plan for Disaster Recovery

Topic 12C: Execute Disaster Recovery Plans and Procedures The Recovery Team

The Salvage Team

The Disaster Recovery Process Secure Recovery

Backup Types and Recovery Plans Backout Contingency Plans

Secure Backups

Backup Storage Locations

References

Download now ( PDF - 10 Page - 152.09 KB )

Related documents

DeepScores : a dataset for segmentation, detection and classification of tiny objects

In this paper, we present the DeepScores dataset with the following contributions: a) a curated dataset of a collection of hundreds of thousands of musical scores, containing tens

Water, water everywhere: dehydration in the midst of plenty - An observational study of barriers and enablers to adequate hydration in older hospitalized patients

  On  one  occasion,  a  patient  was  left  in  a  lying  position  and  was  unable 

Spain s new economic growth model. November 2013

Other measures and reforms Fiscal consolidation FLA and FFPP (regions and local gvmnts) Law on Guarantee of Market Unity Financial sector reform Labour market reform.. Modernization

NHSCHO Inspections - A Department of Care

We spoke with the doctor who said, “I really like working in this hospital, it’s like a family.” The comment cards we collected mainly had positive responses about staff and the

IT Security Management Risk Analysis and Controls

The inputs to the risk analysis, specifically a categorization of the information systems in an organisation based on their security objectives (Section 3).. The security controls

Network Detective. HIPAA Compliance Module RapidFire Tools, Inc. All rights reserved V

The Risk Assessment must identify the vulnerabilities to the security of electronic Protect Health Information (ePHI,) threats that can act on the vulnerabilities, including

Mindfulness and Implicit Political Intergroup Bias

Items 5 and 6 were asked of participants in the control (no attentional instruction) condition, and response options ranged from 1 (not at all) to 5 (very much). Items 7 and 8

International Student Perceptions of Leadership and Involvement on Campus

Results show that the two groups place significantly different value on involvement and leadership in high school, with domestic students reporting higher