SU Security+® CompTIA Certification Class & Exam

Lesson Plan 51 hr lecture 21 labs/quizzes
1.0 Security Governance, Risk, and Compliance (Risk Management)
4 hrs Lecture 2 hr Labs
1.1 CyberSecurity Concepts

• Confidentiality, integrity, availability
• Business drivers for cybersecurity: risk, compliance
• Roles in CyberSecurity management
• Regulatory compliance overview

1.2 CyberSecurity Risk Management Concepts and Processes

• Threat and risk assessment
• Quantitative risk analysis
• Qualitative risk analysis
• Information classification
• Risk response choices
• Change management

1.3 Comparing and Contrasting CyberSecurity Controls

• Types of security controls - administrative, technical, physical
• CyberSecurity control intent

1.4 Policies, Standards, Procedures, and Administrative Controls for CyberSecurity

• General security policies
• Business agreement types
• Continuing education
• Acceptable use policy/rules of behavior

1.5 Data Media Storage Protection, Handling, and Disposal

• Data destruction and media sanitization
• Data sensitivity labeling and handling
• Data retention and disposal policies
• Personally Identifiable Information (PII)
• Protected Health Information (PHI)
• Roles in data management

1.6 CyberSecurity Incident Response Procedures

• Incident response planning and management
• Incident response process
• After action report (AAR)

1.7 Fundamentals of CyberSecurity Forensics

• Evidence chain of custody
• Evidence acquisition, preservation, and protection
• Order of volatility
• Legal hold

1.8 Measuring Risk through Business Impact Analysis (BIA)

• Threats to business continuity
• Identification of critical systems
• Measurements of downtime/outage impact
• Privacy impact assessment (PIA)
• Privacy threshold assessment (PTA)

1.9 Business Continuity and Disaster Recovery Concepts

• Types of backup – full, incremental, differential
• Methods of backup: removable media, electronic
• Geographic considerations for backups
• Alternate/recovery sites
• Recovery testing

5 hrs Lecture 2 hr Labs
2.0 CyberSecurity Threats, Attacks and Vulnerabilities
2.1 Identifying and Characterizing Threat Actors
Types of actors

• Attributes of actors

2.2 Types of CyberSecurity Attacks

• Malware attacks
• Social engineering
• Application/service attacks
• Hijacking and related attacks
• Wireless attacks
• Cryptographic attacks
• Online vs. offline

2.3 Impact Associated with Types of Vulnerabilities

• End-of-life systems
• Embedded systems
• Lack of vendor support
• Race conditions
• Memory leaks
• System sprawl/undocumented assets
• Architecture/design weaknesses
• New threats/zero day
• Improper certificate and key management

2.4 Explaining Vulnerability Scanning and Penetration Testing Concepts

• Vulnerability and penetration testing objectives
• Active and passive reconnaissance
• Intrusive vs. non-intrusive
• Black box/White box/Gray box
• Credentialed vs. non-credentialed
• Target organization reconnaissance
• Network discovery and enumeration
• Port scanning and banner grabbing
• Vulnerability scanning
• Exploit scripts and exploit consoles
• False positives and false negatives
• Reporting results to management

3.0 Architecture and Design
4 hrs Lecture 2 hr Labs
3.1 Using CyberSecurity Frameworks and Configuration Baselines

• Benchmarks/secure configuration guides
• Defense-in-depth/layered security

3.2 Implementing Network CyberSecurity Architectures

• Zones/topologies
• Network address translation (NAT)/Port address translation (PAT)
• Segregation/segmentation/isolation
• Security device/technology placement
• Software Defined Networking (SDN)

3.3 Implementing Secure Systems Design

• Hardware/firmware security
• Operating systems
• Patch management
• System hardening
• Peripherals

3.4 Deploying Secure Staging Practices and Procedures

• Sandboxing
• Staging environments
• Secure baseline
• Integrity measurement

3.5 Addressing the Security Implications of Embedded Systems

• Supervisory control and data acquisition (SCADA)/Industrial Control System (ICS)
• Smart devices/Internet of Things (IoT)

3.6 Defining Secure Application Design, Development, and Deployment

• System development life-cycle (SDLC) models – waterfalls vs agile
• DevOps (Software Development/Software Operations)
• Secure DevOps (DevSecOps)
• Version control and change management
• Provisioning and deprovisioning
• Secure coding techniques
• Code quality and testing
• Programming model verification - Compiled vs. runtime code

3.7 Virtualization and Cloud Computing Security

• Hypervisors
• Application cells/containers
• Virtual desktop infrastructure (VDI)/Virtual desktop ethernet (VDE)
• Cloud deployment models
• Cloud service models
• Cloud access security broker (CASB)

3.8 Using Resiliency and Automation Strategies to Reduce Risk

• Automation/scripting
• Snapshots
• Savepoints
• Live boot media
• Redundant Array of Independent Disks (RAID)

3.9 Physical and Environmental Security Controls

• Fencing/gates/cages
• Barricades/bollards
• Security guards
• Lighting
• Cameras
• Motion detection
• Signs
• Alarms
• Safe and secure enclosures
• Mantrap
• Airgap
• Faraday cage
• Protected distribution/protected cabling
• Physical access control: Proximity cards, biometric factors, smart cards
• Cable locks
• Logs
• Environmental controls: HVAC, hot and cold aisles, fire suppression

4.0 Identity and Access Management
5 hrs Lecture 2 hr Labs
4.1 Identity and Access Control Management Concepts

• Access control concepts and architecture
• User authentication credentials
• Something you are
• Something you have
• Something you know
• Somewhere you are
• Multifactor authentication / Two-factor authentication (2FA)
• Two-way authentication

4.2 Installing and Configuring Authentication Protocols

• Single Sign-On (SSO): Kerberos, transitive trust,
• Federation: personal, business
• Password authentication protocol (PAP)
• Challenge handshake authentication protocol (CHAP)
• Extensible authentication protocol (EAP)
• Authentication, authorization, and accounting (AAA): RADIUS, TACACS+, Diameter
• IEEE 802.1x
• Lightweight directory access protocol (LDAP)

4.3 Implementing Access Control Management

• Discretionary access control (DAC)
• Attribute-based access control (ABAS)
• Role-based access control
• Rule-based access control
• Mandatory access control (MAC)/Trusted computing system
• File system security
• Database security

4.4 User Account and Identity Management Policies and Administration

• Account types
• Separation of duties
• Least privilege
• Privileged user account controls
• Onboarding/Offboarding
• Permission auditing and review
• Usage auditing and review
• Time-of-day restrictions
• Re-certification
• Account maintenance
• Group-based access control
• Location-based policies

5.0 Cryptography and Public Key Infrastructure (PKI)
4 hrs Lecture  2 hr Labs
5.1 Basic Concepts of Cryptography

• Cryptography concepts and terminology
• Encryption strength/work factor
• Deployment: data-in-transit/data-at-rest/data-in-use
• Session keys
• Secure key exchange
• Ephemeral key
• Perfect forward secrecy
• Digital signatures

5.2 Explaining Cryptography Algorithms and Their Basic Characteristics

• Symmetric algorithms
• Cipher modes
• Asymmetric algorithms
• Hashing algorithms
• Key stretching and salting
• Message authentication codes

5.3 Install and Configure Wireless Security Settings

• Wireless cryptographic protocols
• Network authentication protocols for wireless applications

5.4 Implement Public Key Infrastructure (PKI)

• Digital certificate components
• Types of certificates
• Certificate assignees
• Certificate formats (file types)
• Chain of trust/Trust anchors
• PKI architecture
• Root authority
• Certificate authorities (CA)
• Registration authorities (RA)
• Validation authorities (VA)
• Certificate revocation lists (CRL)
• Online certificate status protocol (OCSP)

5.5 Steganography

6.0 CyberSecurity Technologies and Tools
4 hrs Lecture  2 hr Labs
6.1 Install and Configure CyberSecurity Network Components

• Firewalls
• VPN technologies
• Routers
• Switches
• Proxy servers
• Load balancers
• Web security gateways
• Web application firewalls (WAF)
• Data loss prevention (DLP)
• E-mail guards and gateways
• Wireless access points (WAP)
• Network Intrusion Detection System (NIDS)/Network Intrusion Prevention System (NIPS)
• Security Information and Event Management (SIEM)
• Encryption devices

6.2 CyberSecurity Assessment Tools

• Protocol analyzer
• Network scanners
• Command line tools

6.3 Troubleshooting CyberSecurity Scenarios

• Unencrypted credentials/clear text
• Logs and events anomalies
• Permission issues
• Access violations
• Certificate issues
• Data exfiltration
• Misconfigured devices
• Firewalls
• Wireless access points
• Weak security configurations
• Personnel issues

6.4 Analyzing and Interpreting Output from CyberSecurity Technologies

• HIDS/HIPS
• Antivirus
• File integrity check
• Host-based firewall
• Application whitelisting/blacklisting
• Removable media control
• Advanced malware tools
• Patch management tools
• Unified Threat Management (UTM)
• Data Loss Prevention (DLP)
• Data execution prevention (DEP)
• Web application firewall

6.5 Implementing Secure Communications Protocols

• Secure protocols
• Secure Shell (SSH)
• Secure Socket Layer (SSL)/Transport Layer Security (TLS)
• Voice and video
• Time synchronization
• Email and web
• File transfer
• Directory services
• Remote access
• Domain name resolution/Domain name system (DNS)
• Routing and switching

6.6 Deploying Mobile Device Security

• Connection methods
• Mobile device management concepts
• Enforcement and monitoring
• Deployment models

Exam Version: CompTIA Security+ SY0-601
Exam Fee: $495 per exam attempt
Exam Location: You can take the exam on site last day of class - we are a mobile testing site
Time Allocated: 90 minutes per exam Exam Score Range: Scores range from 100-900 , Minimum Pass Score: 750
Number Of Questions: Not more than 90 questions per exam (usually 60-75 in recent months)
Exam format: Linear format; computer-based test (CBT) - multiple choice, multiple answer, performance-based
Prerequisites: You should have a basic understanding of operating systems and TCP/IP networking similar to that obtained from CompTIA Strata IT Fundamentals and Network+ or equivalent work experience. Network+ and A+ certifications are recommended by CompTIA, but not required Validation Period: Certification expires after 3 years, unless Continuing Professional Education (CPE) requirements and maintenance fees are met - contact www.comptia.org for more details Score Report : Delivered immediate on test completion

Lesson Plan  28hr lecture 12 hr labs/quizzes
2 hrs Access Control - Policies, standards and procedures that define who users are, what they can do, which resources they can access, and what operations they can perform on a system.
2 hrs Administration - Identification of information assets and documentation of policies, standards, procedures and guidelines that ensure confidentiality, integrity and availability.
2 hrs Audit and Monitoring - Determining system implementation and access in accordance with defined IT criteria. Collecting information for identification of and response to security breaches or events.
2 hrs Risk, Response and Recovery - The review, analysis and implementation processes essential to the identification, measurement and control of loss associated with uncertain events.
Lesson Plan   Day5  7hr lecture 1 hr labs/quizzes
2 hrs Cryptography - The protection of information using techniques that ensure its integrity, confidentiality, authenticity and non-repudiation, and the recovery of encrypted information in its original form.
2 hrs Data Communications - The network structure, transmission methods and techniques, transport formats and security measures used to operate both private and public communication networks.
2 hrs Malicious Code - Countermeasures and prevention techniques for dealing with viruses, worms, logic bombs, Trojan horses and other related forms of intentionally created deviant code.

---