---

In this cybersecurity course, you will gain a global perspective of the challenges of designing a secure system, touching on all the cyber roles needed to provide a cohesive security solution. Through lecture, labs, and breakout discussion groups, you will learn about current threat trends across the Internet and their impact on organizational security. You will review standard cybersecurity terminology and compliance requirements, examine sample exploits, and gain hands-on experience mitigating controls. In a contained lab environment, you will work with live viruses, including botnets, worms, and Trojans.

In addition to technical cybersecurity components, you will learn and explore the non-technical aspects of cybersecurity necessary to mitigate risk and lessen exposure, including risk management, threat determination, disaster recovery, security policy management, and business continuity planning. This course provides an excellent foundation for those proceeding to CISSP, CEH, CISA, or CISM training.

Highlights

• Current cyber threats and cybersecurity site references
• Government-mandated directives and compliance requirements
• Cyber roles required to successfully design secure systems
• The attack cycle perpetrated by malicious hackers
• Enterprise policy requirements
• Best strategies for securing the enterprise with layered defenses
• How security zones and detailed logging augment information assurance
• Forensic challenges and incident response planning
• Risk management process
• Goals achievable with auditing, scanning, and testing systems
• Industry recommendations for maintaining secure access control
• Standards-based cryptographic solutions for securing communications

Course Outline

1. Cybersecurity Introduction, Job Roles, and Functions

• Security Fundamentals
  • Security Importance
  • Human Influence
• Vulnerabilities
  • Typical Attack Sequence
  • Social Engineering
  • Footprinting
  • Well-Known Parts
  • Port Scanning
  • Password/Passphrase Vulnerabilities
  • Track Covering

2. Social Media Concerns

• Social Media
  • Types
  • Vulnerabilities
  • Social Networking Sites
  • Social Engineering
• Phishing
  • Phishing via E-mail
• Online Attacks
  • Statistical Data
  • Security Breach Sources

3. Cyber Awareness

• CNCI
  • Definition and Purpose of CNCI
  • CNCI Initiative Details
• Legalities
  • Laws and Rules
  • Legal Compliance
• Cyber Attacks
  • Malware
  • Viruses
  • Worms
  • Logic Bombs
  • Botnet
  • Trojan Horse
  • OSI Model
  • DNS

4. Cyber Services

• Cyber Threats
  • Denial of Service Vulnerabilities
• Server Hardening
  • Web Server Hardening
  • Mail Server Hardening
  • FTP Server Hardening
  • DNS Server Hardening
  • Other Servers
  • Workstation Considerations
  • Network Appliances
  • Wireless Access Hardening
  • VLAN Security
  • Software Attacks

5. Risk Management and Assessment

• Risk Management
• Risk Management Process
  • Steps
  • ALE Formula
  • CRAMM Process
  • Risk Management Lifecycle
  • Protected Assets
  • CIA Triad
• Threat Determination Process
• Risk Assessment
  • Scenarios
  • Criticality
  • Prioritization
• Risk Management Lifecycle
  • Steps
  • Policy
  • Assessment
  • Baselines and ePolicy
• Vulnerabilities
  • Vulnerability Categories
  • Self-Assessment
  • Weak Links in Security
  • Technical Controls
  • Due Care
  • Insurance against Losses

6. Security Policy Management

• Security Policies
  • Security Policy Definition
  • Security Policy Use
  • Security Policy Importance
  • Legal Issues
  • Policy Example
  • Policy References
  • Policies, Guides, Standards, Procedures, and Controls
• Coverage Matrix
  • Preparing a Coverage Matrix
  • Example Security Coverage Matrix
  • Granular View of a Security Matrix
• Basic Policies

7. Vulnerability Assessment and Tools

• Vulnerability Testing
• Penetration Testing
  • Risks of Penetration Testing
  • Methodologies
  • Testing
  • Technology Testing Tools

8. Business Continuity Planning

• Disaster Types
• Disaster Recovery Plan
  • Goals
  • Steps for Creation
  • Contents
  • Design Requirements
  • Priorities
  • Recovery Strategies
  • High Availability Considerations
  • Data Collection
  • Written Plan Documentation
  • Plan Testing Sequence
• Business Continuity Planning
• Business Continuity Planning Process
  • BCP Process Steps
  • Controls

9. Host Security

• Types of Hosts
  • General Configuration Guidelines
• Clean Systems
• Unnecessary Services
  • Rules to Follow
  • Warning Banners
• Limiting Access
  • Administrators
  • Users
  • Configuring and Logging
  • Security Patches
• Security Baselines
  • Traffic Filtering
• Monitoring

10. Architectural Integration

• General Security Integration
• Services
  • Needs
• Security Zones
  • Filtering
  • Screened Subnets
  • Trusted Zones
• Devices
  • Routers
  • Firewalls
  • DMZ Hosts
• Extenuating Circumstances
  • Business-to-Business
  • Exceptions to Policy
  • Special Services and Protocols
  • Configuration Management
• Development
  • Certification and Accreditation
  • Common Criteria

11. Authentication and Cryptography

• Authentication
  • Identification
  • Issues
• Cryptosystems
  • Elements
  • Password Protocols
  • Hashes
  • Kerberos
  • Symmetric Encryption
  • Asymmetric Encryption
  • Digital Signatures
• Certificate Services
  • Certificate Authorities
  • Registration Authorities
  • Models
  • Policies
  • Lifecycle
  • Distribution

12. Securing Communications

• Terminology
  • Tunnels
  • Applying Cryptography to OSI Model
• Securing Services
  • E-Mail
  • FTP and Telnet
• Transport
  • SSL and TLS
  • Gateway-to-Gateway VPN
  • IPSec
• Wireless
  • Wireless Weakness
  • Wireless Security
• Steganography and NTFS Data Streams
  • Steganography
  • NTFS Alternate Data Streams

13. Intrusion Detection and Prevention Systems

• Intrusion
  • Definition
• Defense in Depth
  • Perimeter Router
  • Firewall Monitoring
  • Network Device Logging
  • Host Monitoring
  • Events Correlation
• IDS/IPS
  • Placement of IDS Monitors and Sensors
  • Monitoring
  • Host-Based and Network-Based Differences
  • Policy Management
  • Behavioral Signatures
• IDS/IPS Weakness
  • Encryption
  • Coverage
  • Overwhelmed
  • False Positives
  • Incorrect Configuration

14. Cyber Challenge Activities

• Network Analysis Review

15. Forensic Analysis

• Incident Handling
  • Response
  • Time and Reaction Sensitivity
  • Issues for Consideration
  • Response Procedures
  • Evidence
• Logging
  • Process
  • Log Analysis Tools

16. Cyber Evolution

• Cyber Organization
  • Cyber Forces
  • Internet Leadership
  • Internet Defenders
• Cyber Future
  • Future Challenges
  • Evolving Needs
  • Cyber Maturity Barriers
  • Einstein 2 and Future
  • Goals

Space is limited. Register today to save your space!