Seminar-Inhalte

Security+

1.0 Network Security

• Implement security configuration parameters on network devices and other technologies.
• Given a scenario, use secure network administration principles.
• Explain network design elements and components.
• Given a scenario, implement common protocols and services.
• Given a scenario, troubleshoot security issues related to wireless networking.

2.0 Compliance and Operational Security

• 1 Explain the importance of risk related concepts.
• 2 Summarise the security implications of integrating systems and data with third parties.
• 3 Given a scenario, implement appropriate risk mitigation strategies.
• 4 Given a scenario, implement basic forensic procedures.
• 5 Summarise common incident response procedures.
• 6 Explain the importance of security related awareness and training.
• 7 Compare and contrast physical security and environmental controls.
• 8 Summarise risk management best practices.
• 9 Given a scenario, select the appropriate control to meet the goals of security.

3.0 Threats and Vulnerabilities

• 1 Explain types of malware.
• 2 Summarise various types of attacks.
• 3 Summarise social engineering attacks and the associated effectiveness with each attack.
• 4 Explain types of wireless attacks.
• 5 Explain types of application attacks.
• 6 Analyse a scenario and select the appropriate type of mitigation and deterrent techniques.
• 7 Given a scenario, use appropriate tools and techniques to discover security threats and vulnerabilities.
• 8 Explain the proper use of penetration testing versus vulnerability scanning.

4.0 Application, Data and Host Security

• 1 Explain the importance of application security controls and techniques.
• 2 Summarise mobile security concepts and technologies.
• 3 Given a scenario, select the appropriate solution to establish host security.
• 4 Implement the appropriate controls to ensure data security.
• 5 Compare and contrast alternative methods to mitigate security risks in static environments.

5.0 Access Control and Identity Management

• 1 Compare and contrast the function and purpose of authentication services.
• 2 Given a scenario, select the appropriate authentication, authorisation or access control.
• 3 Install and configure security controls when performing account management, based on best practices.

6.0 Cryptography

• 1 Given a scenario, utilise general cryptography concepts.
• 2 Given a scenario, use appropriate cryptographic methods.
• 3 Given a scenario, use appropriate PKI, certificate management and associated components.

CySA+

1. Threat Management

• Given a scenario, apply environmental reconnaissance techniques using appropriate tools and processes.
• Given a scenario, analyse the results of a network reconnaissance.
• Given a network-based threat, implement or recommend the appropriate response and countermeasure.
• Explain the purpose of practices used to secure a corporate environment.

2. Vulnerability Management

• Given a scenario, implement an information security vulnerability management process.
• Given a scenario, analyse the output resulting from a vulnerability scan.
• Compare and contrast common vulnerabilities found in the following targets

3. Cyber Incident Response

• Given a scenario, distinguish threat data or behaviour to determine the impact of an incident
• Given a scenario, prepare a toolkit and use appropriate forensics tools during an investigation.
• Explain the importance of communication during the incident response process.
• Given a scenario, analyse common symptoms to select the best course of action to support incident response.
• Summarise the incident recovery and post-incident response process.

4. Security Architecture and Tool Sets

• Explain the relationship between frameworks, common policies, controls, and procedures.
• Given a scenario, use data to recommend remediation of security issues related to identity and access management.
• Given a scenario, review security architecture and make recommendations to implement compensating controls.
• Given a scenario, use application security best practices while participating in the Software Development Life Cycle (SDLC).
• Compare and contrast the general purpose and reasons for using various cybersecurity tools and technologies.

CASP+

Enterprise Security (30% of exam)

• Given a scenario, select appropriate cryptographic concepts and techniques
• Explain the security implications associated with enterprise storage
• Given a scenario, analyse network and security components, concepts and architectures
• Given a scenario, select and troubleshoot security controls for hosts
• Differentiate application vulnerabilities and select appropriate security controls

Risk Management and Incident Response (20% of exam)

• Interpret business and industry influences and explain associated security risks
• Given a scenario, execute risk mitigation planning, strategies and controls
• Compare and contrast security, privacy policies and procedures based on organisational requirements
• Given a scenario, conduct incident response and recovery procedures

Research, Analysis and Assessment (18% of exam)

• Apply research methods to determine industry trends and impact to the enterprise
• Analyse scenarios to secure the enterprise
• Given a scenario, select methods or tools appropriate to conduct an assessment and analyse results

Integration of Computing, Communications and Business Disciplines (16% of exam)

• Given a scenario, facilitate collaboration across diverse business units to achieve security goals
• Given a scenario, select the appropriate control to secure communications and collaboration solutions
• Implement security activities across the technology life cycle

Technical Integration of Enterprise Components (16% of exam)

• Given a scenario, integrate hosts, storage, networks and applications into a secure enterprise architecture
• Given a scenario, integrate advanced authentication and authorisation technologies to support enterprise objectives