KEY COURSE TOPICS

• Core Information Security Principles
• Risk Management
• Access Control
• Security Malware Threats
• Network Security
• Security Assessments and Testing
• Cryptography
• Incident Response
• Disaster Recovery and Business Continuity
• Personnel Policies
• And Much More

Introduction

Getting Started in Information Security

• The Many Areas of Information Security 
• The State of Cybersecurity 
• The Most Valuable Beginner IT Security Certifications

Core Information Security Principles

• Section Introduction The CIA Triad Authentication, Authorization, and Accounting (AAA)
• Defence in Depth Least Privilege
• Non-Repudiation
• Implicit Deny Legal and Regulatory Issues 
• Information Security Governance
• Authentication Basics 
• Identify Proofing
• General Password Rules

Risk Management 

• Section Introduction 
• Introduction to Risk Management 
• Exploring Risks and Threats
• Quantitative Risk Analysis 
• Attack Surface Analysis

Asset Management 

• Section Introduction 
• Identifying and Classifying Assets 
• Understanding the Asset Lifecycle
• Data Retention 
• Understanding Data States 

Access Control

• Section Introduction 
• Access Control 
• Physical and Logical Access Controls 
• Access Control Models 
• Student Activity: Analysing Your Organization’s Access Control

Security Malware Threats 

• Section Introduction
• Buffer Overflows 
• Viruses and Polymorphic Viruses
• Worms 
• Trojan Horses 
• Logic Bombs 
• Spyware and Adware
• Ransomware
• Rootkits
• Zero Day Attacks 
• Protecting Against Malware 

Additional Threats & Vulnerabilities 

• Section Introduction
• Social Engineering 
• Social Engineering Phone Impersonation Scenarios Overview 
• Social Engineering Phone Call Impersonation 
• Social Engineering Phone Impersonation Scenarios Discussion
• Email Spam, Spoofing, Phishing, and Pharming 
• Protocol Spoofing
• Common Attack Methods

Network Segmentation & Isolation 

• Section Introduction
• Introduction to Network Isolation 
• Demilitarized Zone (DMZ)
• Basic Network Zones 
• Virtual LANs (VLANs) 
• Routers
• Network Address Translation (NAT)
• Access Control Lists (ACLs) 

Network Security

• Section Introduction 
• Virtual Private Networks 
• Firewalls 
• Web Proxy Servers 
• Honeypots
• Intrusion Detection & Prevention Systems 

Wireless Networking Security 

• Wireless Encryption Standards 
• Wireless Equivalent Privacy (WEP)
• Wi-Fi Protected Access (WPA)
• WPA Enterprise vs. Personal Mode 
• Wireless Network Vulnerabilities & Security
• Common Wireless Security Threats 

Security Assessments and Testing 

• Section Introduction 
• Vulnerability Assessments 
• Penetration Testing 
• Interview with a Professional Ethical Hacker Blog Article 
• Security Assessments 

Security Assessment Tools 

• Section Introduction
• Wireshark Network Sniffing
• Nmap Zenmap Network Scanner 
• Tenable Nessus Vulnerability Scanner
• Ethical Hacking for Beginners (YouTube Series)

Hardening End-User Systems and Servers 

• Section Introduction 
• Hardening End-User Systems 
• Hardening Servers
• Patch and Change Management 
• Separation of Services 

Introduction to Cryptography 

• Introduction to Cryptography 
• Symmetric Encryption
• Asymmetric Encryption
• Hashing Algorithms 
• Digital Certificates and Certificate Authorities 
• Email Encryption Use Cases 
• Windows Encrypted File System Use Case 
• Revisiting VPN 
• Software versus Hardware-Based Encryption 

Incident Response, Disaster Recovery & Business Continuity

• Section Introduction
• Understanding Incidents and Disasters 
• Incident Response 
• Disaster Recovery and Business Continuity 

Application Development Security 

• Importance of IT Security in Application Development 
• Software Development Lifecycle (SDLC) 
• Static and Dynamic Testing 
• Authorization to Operate (ATO)
• Application Development Security Quiz