Module 01 – SUPPORTING IT GOVERNANCE AND RISK MANAGEMENT
- Workbook (Pdf)
- Overview
- So You Want To Setup A Lab
- Begin At The Beginning – Confidentiality
- Begin At The Beginning – Integrity
- Begin At The Beginning – Availability
- Governance And Risk Management: Overview
- Governance And Risk Management: Risk Vocabulary
- Governance And Risk Management: Risk Management
- Governance And Risk Management: Risk Analysis
- Assess Risks: What Is A Security Framework
- Assess Risks: ESA Framework Assessment Process
- Assess Risks: System Specific Risk Analysis
- Assess Risks: Risk Determination
- Assess Risks: Guidelines For Assessing Risk
- Risk Mitigation: What Is A Aggregate CIA Score
- Risk Mitigation: What Are The CVSS And CVE
- Risk Mitigation: Risk Responses
- Risk Management Documentation: Best Practices
- Risk Management Documentation: BCP
- Risk Management Documentation: What Is A BIA
- Risk Management Documentation: Downtime
- Risk Management Documentation: Documents
- I.T. Governance And Risk Management – Key Points
- Review Quiz (Number of attempts allowed: Unlimited)
Module 03 – USING RESEARCH AND ANALYSIS TO SECURE THE ENTERPRISE
- Workbook (Pdf)
- Research And Analysis: Industry Trends
- Research And Analysis: Artificial Intelligence
- Research And Analysis: Requirements For Contracts
- Analyze Scenarios To Secure The Enterprise
- Using Research And Analysis – Key Points
- Review Quiz (Number of attempts allowed: Unlimited)
Module 05 – IMPLEMENTING CRYPTOGRAPHIC TECHNIQUES
- Workbook (Pdf)
- Encryption
- Hashing
- Digital Signatures
- Blockchain And Bitcoin
- Hands On: Configuring A Blockchain
- Public Key Infrastructure PKI – Design
- Public Key Infrastructure PKI – Concepts
- Cryptography Concepts
- Stream Vs. Block Ciphers
- Implement Cryptography
- Implementing Cryptographic Techniques – Key Points
- Review Quiz (Number of attempts allowed: Unlimited)
Module 07 – SECURITY CONTROLS FOR MOBILE DEVICES
- Workbook (Pdf)
- Mobile Deployment Models
- MDM Concepts And Vocabulary
- MDM Concepts And Vocabulary Part 2
- Storage
- Concepts And Vocabulary
- Concepts And Vocabulary Part 2
- Security Controls For Mobile Devices – Key Points
- Review Quiz (Number of attempts allowed: Unlimited)
Module 09 – IMPLEMENTING SECURITY IN THE SYSTEMS AND SOFTWARE DEVELOPMENT LIFECYCLE
- Workbook (Pdf)
- What Is The Systems Development Life Cycle SDLC
- Development Methodologies
- What Are The SDLC Phases
- Security Requirements Traceability Matrix SRTM
- Common Software Development Approaches
- Common Software Development Methods
- What About Validation And Acceptance Testing
- SDLC Review Questions
- Secure Vs Insecure Direct Object References
- Error Exception Handling Try…Catch Statements
- What Is Privilege Escalation
- Overflows And Canaries
- Memory Leaks
- Races And Exhaustion
- What Is SQL Injection
- What Is Session…
- What Is A Cross-Site Scripting XSS Attack
- Cross-Site Request Forgery XSRF/CSRF Attack
- What About Clickjacking And Cookie Hijacking
- What Is Security By…
- Input Validation Fuzzing Application Sandboxing
- WS-Security DAM And Software Assurance Tech
- Implementing Security In The SDLC – Key Points
- Review Quiz (Number of attempts allowed: Unlimited)
Module 11 – CONDUCTING SECURITY ASSESSMENTS
- Workbook (Pdf)
- Security Assessments: Types
- Security Assessments: Application Code Review
- Going Deeper: Vulnerability Scanning
- Going Deeper: Testing Software
- Software Testing Types
- Software Testing Types Part 2
- Logs, Memory And Debugging
- Social Engineering
- OSINT, Self-Assessments And Teaming
- Security Assessments – Review Questions
- Vulnerability Scanner (Nikto)
- Port Scanner (Zenmap)
- Protocol Analyzer (Wireshark)
- Network Enumerator (Zenmap)
- Password Cracker (John The Ripper)
- Using A Fuzzer In Kali Linux
- HTTP Interceptor (Burp Suite)
- Exploitation Framework (Social-Engineer Toolkit)
- Log Analysis In Kali (Grep And Cut)
- OpenSCAP
- Reverse Engineering (Strace)
- Conducting Security Assessments – Key Points
- Review Quiz (Number of attempts allowed: Unlimited)
Module 02 – LEVERAGING COLLABORATION TO SUPPORT SECURITY
- Workbook (Pdf)
- Collaboration: GRC And Controls
- Collaboration: What Is An SCA
- Collaboration: Solutions
- Leveraging Collaboration – Key Points
- Review Quiz (Number of attempts allowed: Unlimited)
Module 04 – INTEGRATING ADVANCED AUTHENTICATION AND AUTHORIZATION TECHNIQUES
- Workbook (Pdf)
- Authentication And Access Control
- Authentication Factors And Controls
- Authentication Types
- Centralized Remote Authentication Services
- Deep Dive: RADIUS
- Deep Dive: 802.1X
- What Is Authorization/OAuth2.0
- What Is XACML
- Trusts Models And Kerberos
- Trust Models And Kerberos Part 2
- Directory Services And LDAP
- Hands On: Establishing Peer Trusts
- Authentication And Authorization Review Questions
- Advanced Identity Concepts And Vocabulary
- Identity Federation Methods
- Advanced Identity Review Questions
- Authentication And Authorization: Key Points
- Review Quiz (Number of attempts allowed: Unlimited)
Module 06 – IMPLEMENTING SECURITY CONTROLS FOR HOSTS
- Workbook (Pdf)
- Host Concepts And Vocabulary
- Product Evaluation Models – TCSEC
- Product Evaluation Models – ITSEC
- Product Evaluation Models – Common Criteria
- What Is A Trusted OS
- Types Of Security Models
- Bell-LaPadula
- Biba
- Clark-Wilson And Others
- Access Control Concepts
- Role-Based Access Control (RBAC)
- Other Access Control Models
- Endpoint Security
- Host Review Questions
- Hardening Hosts Concepts And Vocabulary
- Peripherals
- Full Disk Encryption
- Hands-On: Hardening Windows Hosts, AppLocker
- Virtualization Concepts And Vocabulary
- Common VM Vulnerabilities
- Hands-On: Creating Securing VM Using Virtualbox
- Boot Loader Concepts And Vocabulary
- Hands-On: Protecting Boot Loaders
- Implementing Security Controls Hosts Key Points
- Review Quiz (Number of attempts allowed: Unlimited)
Module 08 – IMPLEMENTING NETWORK SECURITY
- Workbook (Pdf)
- IDSs Vs IPSs Casp
- What Is A SIEM System
- Network Security Concepts And Vocabulary
- Hands-On Deploy Network Security Platform OPNsense
- SoC, BASs, ICS And SCADA
- Network-Enabled Devices Review Questions
- Remote Access And IPv6
- Network Authentication
- Network Topologies And SDN
- Optimizing Resource Placement
- Advanced Network Design Review Questions
- Network Security Controls Concepts Vocabulary
- VLANS And Network Data Flow
- DPI And HTTPS Inspection
- Network Device Configurations
- NAC And Alerting
- Hands On: Implementing Network Monitoring Ntopng
- Implementing Network Security – Key Points
- Review Quiz (Number of attempts allowed: Unlimited)
Module 10 – INTEGRATING ASSETS IN A SECURE ENTERPRISE ARCHITECTURE
- Workbook (Pdf)
- Integrate Best Practices In Enterprise Security
- Technical Deployment Models: What Is A Model
- Technical Deployment Models: What Is Cloud
- Cloud Security Services In The Enterprise
- Secure Design: Vocabulary And Concepts
- Secure Design: Vocabulary And Concepts Part 2
- Secure Design: Review Questions
- Data Security: Owners, Processors And Sovereignty
- Data Security: Data Flow Security
- Data Security: Data Remanence
- Data Security: Provisioning And Deprovisioning
- Data Security: Review Questions
- Enterprise Applications: What Are They
- Enterprise Applications: Directory Svcs, DNS
- Enterprise Applications: Directory Svsc, DNS Pt.2
- Enterprise Applications: Hands On With DNS RRs
- DNSSEC, Zone Transfers And TSIGs
- DNSSEC, Zone Transfers And TSIG Part 2
- DNSSEC, Zone Transfers And TSIG Part 3
- Hands On With DNSSEC
- Enterprise Applications: Configuration Management
- Enterprise Applications: Review Questions
- Integrating Assets – Key Points
- Review Quiz (Number of attempts allowed: Unlimited)
Module 12 – RESPONDING TO AND RECOVERING FROM INCIDENTS
- Workbook (Pdf)
- Concepts And Vocabulary
- Incident Response Facilitators
- Incident Response Facilitators Part 2
- E-Discovery
- Incident Response Review Questions
- What Is COOP
- CSIRTs And Common Tools
- Evidence Collection And Handling
- Types Of Evidence
- Five Rules Of Evidence 5 B’s
- Principles Of Criminalistics
- Investigation Process
- Forensic Analysis Of Compromised Systems
- What Is The Order Of Volatility
- Conducting Forensic Analysis With Autopsy
- Responding To Incidents – Key Points
- Review Quiz (Number of attempts allowed: Unlimited)