National Cybersecurity Institute at Excelsior College Security+ ...
2000 M Street NW, Suite 500 Washington, D.C. 20036 Phone: 202.601.1201│ Email: [email protected] Fax: 202.370.9558 WWW.NATIONALCYBERSECURITYINSTITUTE.ORG
National Cybersecurity Institute at Excelsior College Security+ Training Course Outline As per CompTIA description, Security+ exam is an internationally recognized validation of foundation-level security skills and knowledge, and is used by organizations and security professionals around the globe. The CompTIA Security+ exam will certify that the successful candidate has the knowledge and skills required to identify risk, to participate in risk mitigation activities, and to provide infrastructure, application, information, and operational security. In addition, the successful candidate will apply security controls to maintain confidentiality, integrity, and availability, identify appropriate technologies and products, troubleshoot security events and incidents, and operate with an awareness of applicable policies, laws, and regulations. Who should obtain Security+ certification? The CompTIA Security+ Certification is aimed at an IT security professional who has:
A minimum of 2 years experience in IT administration with a focus on security Day to day technical information security experience Broad knowledge of security concerns and implementation including the topics in the domain list below
Chapter 1 1. 2. 3. 4. 5. 6.
IT Security CIA Model AAA Model Security Threats Mitigating Threats Types of Hackers
Chapter 2 1. 2. 3. 4. 5.
Malware software and its types Malware delivery methods Prevention, Symptoms and Removal of Malware Security applications (Firewalls, IDS, Pop-up Blockers) Securing BIOS
Chapter 3 1. Hardening an Operation System 2. Group Policies, Security Templets and Configuration Baselines
2000 M Street NW, Suite 500 Washington, D.C. 20036 Phone: 202.601.1201│ Email: [email protected] Fax: 202.370.9558 WWW.NATIONALCYBERSECURITYINSTITUTE.ORG
3. Hardening File Systems and Hard Drives 4. Keeping a Well-Maintained Computer 5. Types of Virtualization and their Purposes Chapter 4 1. 2. 3. 4.
General Browser Security Procedures Securing Internet Explorer and Firefox Securing Applications Secure Programming
Chapter 5 1. 2. 3. 4. 5. 6. 7. 8.
Network Devices Network Address Translation and Private Versus Public IP Network ones, Interconnections and NAC Subnetting Virtual Local Area Networks (VLANs) Telephony Devices Cloud Computing and Security Server Defense
Chapter 6 1. Ports and Protocols 2. Malicious Network Attacks Chapter 7 1. 2. 3. 4. 5. 6.
Firewalls Proxy Severs Honeypots and Honeynets Data Loss Prevention NIDS Versus NIPS Unified Thread Management (UTM)
Chapter 8 1. 2. 3. 4.
Network Device Vulnerabilities Cable Media Vulnerabilities Wireless Access Point Vulnerabilities Wireless Transmission Vulnerabilities
Chapter 9 1. Identification, Authentication and Authorization 2. 802.1X and EAP
2000 M Street NW, Suite 500 Washington, D.C. 20036 Phone: 202.601.1201│ Email: [email protected] Fax: 202.370.9558 WWW.NATIONALCYBERSECURITYINSTITUTE.ORG
3. Localized Authentication Technologies 4. Remote Authentication Technologies Chapter 10 1. 2. 3. 4.
Access Control Models and Wise Practices Users, Groups, and Permissions Usernames and Passwords Way to Protect the User Account
Chapter 11 1. 2. 3. 4. 5. 6. 7.
Conducting Risk Assessment Quantitative Versus Qualitative Risk Assessment Security Analysis Methodologies Security Controls Vulnerability Management Penetration Testing Password Analysis
Chapter 12 1. 2. 3. 4. 5. 6. 7.
Monitoring Methodologies Using Tools to Monitor Systems and Networks Protocol Analyzers SNMP Analytical tools Conducting Audits Log File Maintenance and Security
Chapter 13 1. Cryptography Concepts 2. Symmetric Versus Asymmetric Algorithms 3. Public Key Cryptography 4. Stenography 5. Symmetric Key Algorithms 6. Asymmetric Key Algorithms 7. Other Encryption types 8. Hashing basics 9. Cryptographic Hash Functions 10. Using Hashing with Passwords Chapter 14 1. Public Key Infrastructure (PKI) 2. Certificate Authorities
2000 M Street NW, Suite 500 Washington, D.C. 20036 Phone: 202.601.1201│ Email: [email protected] Fax: 202.370.9558 WWW.NATIONALCYBERSECURITYINSTITUTE.ORG
3. Certificate Information 4. PPTP and L2TP Chapter 15 1. 2. 3. 4. 5. 6.
Redundancy Planning Potential Power Issues and Ways to Combat them Redundant Data More Redundancy Techniques Data Backup Disaster Recovery Planning
Chapter 16 1. Fire Suppression 2. HVAC and Shielding 3. Social Engineering 4. Data Sensitivity and Classification of Information 5. Disclosure of Data and PII 6. Personnel Security Policies 7. How to Deal with Vendors 8. How to Dispose of Computers 9. How to Remove Data from a HDD 10. Incident Response Procedures 11. Basic Forensic Procedures Chapter 17 1. Exam Preparation Checklist 2. Tips for Taking Exam
National Cybersecurity Institute at Excelsior College Security+ Training Course Outline As per CompTIA description, Security+ exam is an internationally recognized validation of foundation-level security skills and knowledge, and is used by organizations and security professionals around the globe. The CompTIA Security+ exam will certify that the successful candidate has the knowledge and skills required to identify risk, to participate in risk mitigation activities, and to provide infrastructure, application, information, and operational security. In addition, the successful candidate will apply security controls to maintain confidentiality, integrity, and availability, identify appropriate technologies and products, troubleshoot security events and incidents, and operate with an awareness of applicable policies, laws, and regulations. Who should obtain Security+ certification? The CompTIA Security+ Certification is aimed at an IT security professional who has:
A minimum of 2 years experience in IT administration with a focus on security Day to day technical information security experience Broad knowledge of security concerns and implementation including the topics in the domain list below
Chapter 1 1. 2. 3. 4. 5. 6.
IT Security CIA Model AAA Model Security Threats Mitigating Threats Types of Hackers
Chapter 2 1. 2. 3. 4. 5.
Malware software and its types Malware delivery methods Prevention, Symptoms and Removal of Malware Security applications (Firewalls, IDS, Pop-up Blockers) Securing BIOS
Chapter 3 1. Hardening an Operation System 2. Group Policies, Security Templets and Configuration Baselines
2000 M Street NW, Suite 500 Washington, D.C. 20036 Phone: 202.601.1201│ Email: [email protected] Fax: 202.370.9558 WWW.NATIONALCYBERSECURITYINSTITUTE.ORG
3. Hardening File Systems and Hard Drives 4. Keeping a Well-Maintained Computer 5. Types of Virtualization and their Purposes Chapter 4 1. 2. 3. 4.
General Browser Security Procedures Securing Internet Explorer and Firefox Securing Applications Secure Programming
Chapter 5 1. 2. 3. 4. 5. 6. 7. 8.
Network Devices Network Address Translation and Private Versus Public IP Network ones, Interconnections and NAC Subnetting Virtual Local Area Networks (VLANs) Telephony Devices Cloud Computing and Security Server Defense
Chapter 6 1. Ports and Protocols 2. Malicious Network Attacks Chapter 7 1. 2. 3. 4. 5. 6.
Firewalls Proxy Severs Honeypots and Honeynets Data Loss Prevention NIDS Versus NIPS Unified Thread Management (UTM)
Chapter 8 1. 2. 3. 4.
Network Device Vulnerabilities Cable Media Vulnerabilities Wireless Access Point Vulnerabilities Wireless Transmission Vulnerabilities
Chapter 9 1. Identification, Authentication and Authorization 2. 802.1X and EAP
2000 M Street NW, Suite 500 Washington, D.C. 20036 Phone: 202.601.1201│ Email: [email protected] Fax: 202.370.9558 WWW.NATIONALCYBERSECURITYINSTITUTE.ORG
3. Localized Authentication Technologies 4. Remote Authentication Technologies Chapter 10 1. 2. 3. 4.
Access Control Models and Wise Practices Users, Groups, and Permissions Usernames and Passwords Way to Protect the User Account
Chapter 11 1. 2. 3. 4. 5. 6. 7.
Conducting Risk Assessment Quantitative Versus Qualitative Risk Assessment Security Analysis Methodologies Security Controls Vulnerability Management Penetration Testing Password Analysis
Chapter 12 1. 2. 3. 4. 5. 6. 7.
Monitoring Methodologies Using Tools to Monitor Systems and Networks Protocol Analyzers SNMP Analytical tools Conducting Audits Log File Maintenance and Security
Chapter 13 1. Cryptography Concepts 2. Symmetric Versus Asymmetric Algorithms 3. Public Key Cryptography 4. Stenography 5. Symmetric Key Algorithms 6. Asymmetric Key Algorithms 7. Other Encryption types 8. Hashing basics 9. Cryptographic Hash Functions 10. Using Hashing with Passwords Chapter 14 1. Public Key Infrastructure (PKI) 2. Certificate Authorities
2000 M Street NW, Suite 500 Washington, D.C. 20036 Phone: 202.601.1201│ Email: [email protected] Fax: 202.370.9558 WWW.NATIONALCYBERSECURITYINSTITUTE.ORG
3. Certificate Information 4. PPTP and L2TP Chapter 15 1. 2. 3. 4. 5. 6.
Redundancy Planning Potential Power Issues and Ways to Combat them Redundant Data More Redundancy Techniques Data Backup Disaster Recovery Planning
Chapter 16 1. Fire Suppression 2. HVAC and Shielding 3. Social Engineering 4. Data Sensitivity and Classification of Information 5. Disclosure of Data and PII 6. Personnel Security Policies 7. How to Deal with Vendors 8. How to Dispose of Computers 9. How to Remove Data from a HDD 10. Incident Response Procedures 11. Basic Forensic Procedures Chapter 17 1. Exam Preparation Checklist 2. Tips for Taking Exam
