Course Objectives
Upon completing this course, participants will be prepared with the knowledge and abilities to sit for an external exam by ISACA. The certificate is aligned with the National Institute of Standards and Technology (NIST) National Initiative for Cybersecurity Education (NICE), which is compatible with global cybersecurity issues, activities and job roles. The certificate also is aligned with the Skills Framework for the Information Age (SFIA).
The five domains of the entry-level cybersecurity certification exam outline are:
- Cybersecurity concepts
- Cybersecurity architecture principles
- Cybersecurity of networks, systems, applications, and data
- Incident response
Security of evolving technology
Pre-requisites
Learners are assumed to have:
- No pre-requisites
- Recommended CompTIA A+
Course Outline
Session 1 – Introduction to Cybersecurity
Learning Objectives:
- Identify and explain cybersecurity concepts.
- Identify main components of telecommunications technologies.
- Differentiate types of security.
Session topics:
- 1.1 Overview
- 1.2 What is Security?
- 1.3 Types of Security
Session 2 – Cybersecurity and Privacy
Learning Objectives:
- Identify differences between information technology systems and specialized systems.
- Discuss enterprise cybersecurity roles and responsibilities.
- Define governance, risk management and compliance (GRC).
- Distinguish between privacy and security
Session topics:
- 1.4 Specialized Systems
- 1.5 Roles and Responsibilities
- 1.6 Governance, Risk Management and Compliance
- 1.7 Cybersecurity Governance
- 1.13 Privacy
- 1.14 Privacy vs. Security
Session 3 – Service Disruption and Cybersecurity
Learning Objectives:
- Identify and discuss common causes of enterprise service disruption.
- Explain business continuity planning.
- Describe the relationship between business continuity planning (BCP) and disaster recovery (DR).
Session topics:
- 1.8 Resilience
- 1.9 Business Continuity and Disaster Recovery
- 1.10 Business Impact Analysis
- 1.11 Recovery Concepts
Session 4 – Threat Landscape
Learning Objectives:
- Identify and discuss common causes of enterprise service disruption.
- Explain business continuity planning.
- Describe the relationship between business continuity planning (BCP) and disaster recovery (DR).
Session topics:
- 1.4 Specialized Systems
- 1.5 Roles and Responsibilities
- 1.6 Governance, Risk Management and Compliance
- 1.7 Cybersecurity Governance
- 1.13 Privacy
- 1.14 Privacy vs. Security
Session 5 – Cyberattacks
Learning Objectives:
- Identify and explain cybersecurity concepts.
- Identify main components of telecommunications technologies.
- Differentiate types of security.
Session topics:
- 2.5 Attack Attributes
- 2.6 Attack Process
- 2.7 Malware and Attacks
Session 6 – Risk Management
Learning Objectives:
- Identify differences between information technology systems and specialized systems.
- Discuss enterprise cybersecurity roles and responsibilities.
- Define governance, risk management and compliance (GRC).
- Distinguish between privacy and security
Session topics:
- 2.8 Risk Assessment
- 2.9 Supply Chain Considerations
- 2.10 Risk Management Life Cycle
- 2.11 Managing Risk
- 2.12 Using the Results of Risk Assessments
Session 7 – Securing Assets
Learning Objectives:
- Identify differences between information technology systems and specialized systems.
- Discuss enterprise cybersecurity roles and responsibilities.
- Define governance, risk management and compliance (GRC).
- Distinguish between privacy and security.
Session topics:
- 3.1 Risk Identification, Standards, Frameworks and Industry Guidance
- 3.3.8 Endpoint Security
- 3.3.9 System Hardening
- 3.3.10 Logging, Monitoring and Detection
- 3.3.13 Data Security
Session 8 – Security Architecture
Learning Objectives:
- Identify components of a security architecture.
- Compare security models.
- Session topics:
- 3.2 Architecture, Models, and Frameworks
Session 9 – Security Controls
Learning Objectives:
- Explain defense in depth.
- Compare traditional security and assume-breach philosophies.
- Identify three main types of security controls.
- Distinguish types of logical access controls.
- Identify and explain types of administrative controls.
- Explain each component of authentication, authorization and accounting (AAA).
- Session topics:
- 3.3 Security Controls (3.3.1 to 3.3.6)
Session 10 – Network Security
Learning Objectives:
- Explain methods to achieve isolation and segmentation.
- Identify network security hardware.
- Distinguish types of firewalls.
Session topics:
- 3.3.7 Network Security
Enrichment:
- Learning Aid – Application Firewall Systems
- Learning Aid – Common Attacks Against Packet Filter
- Learning Aid – Examples of Firewall Implementations
- Learning Aid – Next Generation Firewalls
Session 11 – Application and Cloud Security
Learning Objectives:
- Recognize system life cycle management principles, including software security and usability.
- Identify and analyze cloud service models.
- Discuss risk associated with cloud computing.
Session topics:
- 3.3.11 Application Security
- 3.3.12 Cloud Security
Session 12 - Software Management and Encryption
Learning Objectives:
- Identify elements of cryptographic systems.
- Identify and discuss key systems.
Session topics:
- 3.3.14 Configuration Management
- 3.3.15 Change Management
- 3.3.16 Patch Management
- 3.3.17 Encryption Fundamentals, Techniques and Applications
Session 13 – Introducing Security Operations
Learning Objectives:
- Discuss security operations center (SOC) deployment models.
- Identify common SOC functions, roles and responsibilities.
- Identify vulnerability assessment tools, including open source tools and their capabilities.
- Session topics:
- 4.1 Security Operations
Session 14 - Testing Technologies and Security Tools
Learning Objectives:
- Differentiate vulnerability scanning and penetration testing.
- Discuss common phases of penetration testing.
- Identify and use common cybersecurity tools.
- Discuss components that aid cybersecurity monitoring and detection.
- Session Topics:
- 4.2 Tool and Technologies (Monitoring, Detection, Correlation)
- 4.4 Forensics
Session 15 – Handling Security Incidents
Learning Objectives:
- Understand incident response and handling methodologies.
- Distinguish between an event and an incident.
- Discuss the elements of an incident response plan (IRP).
Session Topics:
- 4.3 Incident Handling
Practice Labs:
- SQL Injection
- Windows Event Monitoring & Defender
- Threat Removal
- Threat Detection
- File Permissions on Windows and Linux
- Forensics: File Recovery, Baselining with Lynis
- Scanning Ports and Utilizing SSH
- Windows and Linux OS Firewalls
Certificate Obtained and Conferred by
Upon completion of the course, you can register for the official exam, which is online, remotely proctored 2-hour exam. You will be notified of the results of your exam. If you’ve passed, you will be able to download the certificate from your MyISACA portal as proof. For more information on the exam, go to https://www.isaca.org/credentialing/itca/cybersecurity-fundamentals-certificate
Categories
More Information
- NTUC LearningHub
Add a review