The audience for this course is typically an Information Technology (IT) professional who has networking and administrative skills in Windows-based TCP/IP networks and familiarity with other operating systems, such as NetWare, Macintosh, UNIX/Linux, and OS/2. The learner will want to acquire a foundational knowledge of security topics; prepare for the CompTIA Security+ Certification examination; or use Security+ as the foundation for advanced security certifications or career roles.
CompTIA Security+ validates knowledge of communication security, infrastructure security, cryptography, operational security, and general security concepts. It is an international, vendor-neutral certification that is taught at colleges, universities and commercial training centers around the world. Although not a prerequisite, it is recommended that CompTIA Security+ candidates have at least two years on-the-job networking experience, with an emphasis on security. The CompTIA Network+ certification is also recommended.
Systems Security Differentiate among various systems security threats. Explain the security risks pertaining to system hardware and peripherals. Implement OS hardening practices and procedures to achieve workstation and server security. Carry out the appropriate procedures to establish application security. Implement security applications. Explain the purpose and application of virtualization technology. Network Infrastructure Differentiate between the different ports & protocols, their respective threats and mitigation techniques. Distinguish between network design elements and components. Determine the appropriate use of network security tools to facilitate network security. Apply the appropriate network tools to facilitate network security. Explain the vulnerabilities and mitigations associated with network devices. Explain the vulnerabilities and mitigations associated with various transmission media. Explain the vulnerabilities and implement mitigations associated with wireless networking. Access Control Identify and apply industry best practices for access control methods. Explain common access control models and the differences between each. Organize users and computers into appropriate security groups and roles while distinguishing between appropriate rights and privileges. Apply appropriate security controls to file and print resources. Compare and implement logical access control methods. Summarize the various authentication models and identify the components of each. Deploy various authentication models and identify the components of each. Explain the difference between identification and authentication (identity proofing). Explain and apply physical access security methods. Assessments & Audits Conduct risk assessments and implement risk mitigation. Carry out vulnerability assessments using common tools. Within the realm of vulnerability assessments, explain the proper use of penetration testing versus vulnerability scanning. Use monitoring tools on systems and networks and detect security-related anomalies. Compare and contrast various types of monitoring methodologies. Execute proper logging procedures and evaluate the results. Conduct periodic audits of system security settings. Cryptography Explain general cryptography concepts. Explain basic hashing concepts and map various algorithms to appropriate applications. Explain basic encryption concepts and map various algorithms to appropriate applications. Explain and implement protocols. Explain core concepts of public key cryptography. Implement PKI and certificate management. Organizational Security Explain redundancy planning and its components. Implement disaster recovery procedures. Differentiate between and execute appropriate incident response procedures. Identify and explain applicable legislation and organizational policies. Explain the importance of environmental controls. Explain the concept of and how to reduce the risks of social engineering. CompTIA Acronyms Comprehensive outline of all Security+ Acronyms Discussion and review
Implement and Monitor Security on Networks and Computer Systems Respond to Security Breaches