1.12.3. |
Interpret security policies through job specific training and training updates. |
Lessons
|
1.12.4. |
Apply secure password behavior. |
Lessons
|
1.12.5. |
Apply physical and virtual situational awareness (e.g., clean desk policies, shoulder surfing, social engineering, tailgating). |
Lessons
|
2.1.1. |
Explain the need for confidentiality, integrity, and availability (CIA) of information. |
Lessons
|
2.1.2. |
Describe authentication, authorization, and auditing. |
Lessons
|
2.1.3. |
Describe multilevel security. |
Lessons
|
2.1.5. |
Describe major threats to computer systems (e.g., insider threats, viruses, worms, spyware, ransomware, spoofing, hacking, social engineering, phishing). |
Lessons
|
2.1.10. |
Describe computer forensics, its importance in information security and cybersecurity, and its relevance to law enforcement. |
Lessons
|
2.1.11. |
Identify the need for personal security in digital information and describe how personal information can be safeguarded. |
Lessons
|
2.4.1. |
Investigate the scope and the impact of mobile computing environments on society. |
Lessons
|
2.4.2. |
Describe the differences, advantages, and limitations of cloud computing (e.g., public cloud, private cloud, hybrid cloud) and on-premises computing. |
Lessons
|
2.4.4. |
Describe emerging technologies (e.g., Bring your Own Device [BYOD], Services Virtualization, Augmented Reality [AR], SMART Devices, Additive Manufacturing [3D Printing]). |
Lessons
|
3.1.1. |
Differentiate between authentication and authorization. |
Lessons
|
3.1.2. |
Compare authentication techniques (e.g. single factor, multifactor, passwords, biometrics, certificates, Radio Frequency Identification [RFID] cards). |
Lessons
|
3.1.4. |
Describe Virtual Private Networks (VPNs) using tunneling protocols (e.g., Layer 2 Tunneling Protocol [L2TP], Secure Socket Tunneling Protocol [SSTP], Point-to-Point Tunneling Protocol [PPTP] and encrypting techniques). |
Lessons
|
3.2.1. |
Identify and implement data and application security. |
Lessons
|
3.2.8. |
Identify the need for disaster recovery policies and procedures. |
Lessons
|
3.3.1. |
Describe network security policies (e.g., acceptable use policy). |
Lessons
|
3.3.5. |
Assess risks based on vulnerability of the organization, likelihood of risk, and impact on the organization. |
Lessons
|
3.3.6. |
Describe the functions and uses of patch management. |
Lessons
|
3.4.4. |
Identify the components of human security (e.g., social engineering) and techniques to mitigate human security threats (e.g., policies, procedures, training). |
Lessons
|
3.5.1. |
Describe wireless security risks (e.g., unauthorized access) and how to mitigate them. |
Lessons
|
3.5.5. |
Describe security practices and policies for personal devices. |
Lessons
|
3.5.6. |
Implement and test the security of a wireless network. |
Lessons
|
4.1.1. |
Determine the basic point-to-point (PTP) and point-to-multipoint (PTMP) network topologies (e.g., star, ring, tree, mesh, hybrid) and identify broadband and baseband (e.g., Ethernet) transmission methods and standards. |
Lessons
|
4.1.4. |
Identify standard and emerging network technologies (e.g., broadband, satellite, optic, cellular, Local-Area Network (LAN) and WiFi). |
Lessons
|
4.1.6. |
Configure and build a network. (e.g., server, switch, router) |
Lessons
|
4.2.3. |
Compare the seven layers of the Open Systems Interconnection stack to the four layers of the Transmission Control Protocol/Internet Protocol (TCP/IP) stack. |
Lessons
|
4.2.5. |
Describe actions to be performed at each of the Open Systems Interconnection physical layers. |
Lessons
|
4.3.1. |
Identify the criteria used in selecting media (e.g., physical properties, transmission technologies, transmission span, bandwidth, topology, security, noise immunity, installation considerations, cost). |
Lessons
|
4.3.2. |
Differentiate between media types (e.g., coaxial, twisted pair, fiber optic) and interfaces. |
Lessons
|
4.3.3. |
Compare media categories (e.g., single mode, multimode, CAT5, CAT5E, CAT6+). |
Lessons
|
4.3.4. |
Describe types of media connectors (e.g., Bayonet Neill-Concelman [BNC], Registered Jack [RJ]-45, LC, ST) and grounding techniques. |
Lessons
|
4.3.6. |
Identify the advantages and disadvantages of cabling systems. |
Lessons
|
4.4.1. |
Compare wireless standards in common use (e.g., Institute of Electrical and Electronics Engineers [IEEE] 802.11, Cellular, Bluetooth, Worldwide Interoperability for Microwave Access [WiMAX], Radio Frequency Identification [RFID], Near Field Communication [NFC]). |
Lessons
|
4.5.3. |
Describe the Service Set Identifier (SSID) as used in wireless communications. |
Lessons
|
4.5.4. |
Select and install access points, wireless Network Interface Cards (NICs), antennas, and other hardware and software components to provide a wireless networking solution as determined by a site and customer survey. |
Lessons
|
4.5.6. |
Secure the wireless network. |
Lessons
|
4.7.1. |
Explain Fully Qualified Domain Names (FQDNs) and how they are used. |
Lessons
|
4.7.2. |
Explain the IP addressing scheme and how it is used. |
Lessons
|
4.7.3. |
Identify Class A, B, and C reserved (i.e., private) address ranges and why they are used. |
Lessons
|
4.7.4. |
Identify the class of network to which a given address belongs. |
Lessons
|
9.1.1. |
Identify the goals, objectives and purposes of cybersecurity. |
Lessons
|
9.1.2. |
Describe the concepts of malware attack vectors. |
Lessons
|
9.1.5. |
Identify types of controls (e.g., Deterrent, Preventive, Detective, Compensating, Technical, and Administrative). |
Lessons
|
9.3.1. |
Identify application vulnerabilities (e.g., Cross-site scripting, SQL injection, LDAP injection, XML injection, Directory traversal/command injection, Buffer overflow, Integer overflow, Zero-day, Cookies and attachments, Locally Shared Objects (LSOs), Flash cookies, Malicious add-ons, Session hijacking, Header manipulation, Arbitrary code execution/remote code execution). |
Lessons
|
9.3.6. |
Differentiate between Server-side vs. client-side validation. |
Lessons
|
9.5.1. |
Describe, locate, and mitigate security threats (e.g., Adware, Viruses, Spyware, Trojan, Rootkits, Logic bomb, Botnets, Ransomware, Polymorphic malware). |
Lessons
|
9.5.2. |
Describe and discover vulnerabilities to and mitigate network attacks. (e.g., Man-in-the-middle, DDoS, DoS, Replay, Smurf attack, Spoofing, Spam, Phishing, Spim, Spit and other attacks). |
Lessons
|
9.5.4. |
Describe, appraise for, and mitigate Social Engineering attacks (e.g., Shoulder surfing, Dumpster diving, Tailgating, Impersonation, Hoaxes, Phishing, Spear Phishing, Whaling, Vishing, Principles, URL hijacking, Watering Hole). |
Lessons
|
9.7.1. |
Recognize digital reconnaissance techniques (e.g., packet capture, OS fingerprinting, topology discovery, DNS harvesting). |
Lessons
|
9.7.4. |
Collect digital evidence according to established policies and protocols (e.g., system image, packet captures). |
Lessons
|
9.7.5. |
Maintain chain of custody on evidence. |
Lessons
|
9.8.2. |
Differentiate between detection controls and prevention controls (e.g., IDS vs. IPS, Camera vs. guard). |
Lessons
|
9.8.3. |
Use discovery tools and utilities to identify threats (e.g., Protocol analyzer, Vulnerability scanner, Honeypots, Honeynets, Port scanner). |
Lessons
|
9.8.9. |
Interpret alarms and alert trends. |
Lessons
|
9.8.10 |
Apply Incident response procedures (e.g., Preparation, Incident identification, Escalation and notification, Mitigation steps, Lessons learned, Reporting, Recovery procedures, First responder, Incident isolation, Quarantine, Device removal, Data breach). |
Lessons
|
9.8.11. |
Differentiate between types of Penetration testing (e.g., Black box, White box, Gray box). |
Lessons
|