端海教育集团
全国报名免费热线:4008699035 微信:shuhaipeixun
或15921673576(微信同号) QQ:1299983702
首页 课程表 在线聊 报名 讲师 品牌 QQ聊 活动 就业
 
Cybersecurity Fundamentals培训

 
   班级规模及环境--热线:4008699035 手机:15921673576( 微信同号)
       坚持小班授课,为保证培训效果,增加互动环节,每期人数限3到5人。
   上课时间和地点
开课地址:【上海】同济大学(沪西)/新城金郡商务楼(11号线白银路站)【深圳分部】:电影大厦(地铁一号线大剧院站) 【武汉分部】:佳源大厦【成都分部】:领馆区1号【沈阳分部】:沈阳理工大学【郑州分部】:锦华大厦【石家庄分部】:瑞景大厦【北京分部】:北京中山学院 【南京分部】:金港大厦
最新开班 (连续班 、周末班、晚班):2024年11月18日
   实验设备
     ☆资深工程师授课
        
        ☆注重质量 ☆边讲边练

        ☆合格学员免费推荐工作
        ★实验设备请点击这儿查看★
   质量保障

        1、培训过程中,如有部分内容理解不透或消化不好,可免费在以后培训班中重听;
        2、课程完成后,授课老师留给学员手机和Email,保障培训效果,免费提供半年的技术支持。
        3、培训合格学员可享受免费推荐就业机会。

课程大纲
 

DOMAIN 1: CYBERSECURITY CONCEPTS
1.1 Knowledge of information assurance (IA) principles used to manage risks related to the use, processing, storage and transmission of information or data.
1.2 Knowledge of security management.
1.3 Knowledge of risk management processes, including steps and methods for assessing risk.
1.4 Knowledge of the organization’s enterprise information technology (IT) goals and objectives.
1.5 Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non-nation state sponsored] and third generation [nation state sponsored]).
1.6 Knowledge of information assurance (IA) principles and organizational requirements that are relevant to confidentiality, integrity, availability, authentication and non-repudiation.
1.7 Knowledge of common adversary tactics, techniques, and procedures (TTPs) in assigned area of responsibility (e.g., historical country-specific TTPs, emerging capabilities).
1.8 Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution).
1.9 Knowledge of relevant laws, policies, procedures and governance requirements.
1.10 Knowledge of relevant laws, policies, procedures or governance as they relate to work that may impact critical infrastructure.
DOMAIN 2: CYBERSECURITY ARCHITECTURE PRINCIPLES
2.1 Knowledge of network design processes, to include understanding of security objectives, operational objectives and tradeoffs.
2.2 Knowledge of security system design methods, tools and techniques.
2.3 Knowledge of network access, identity and access management (e.g., public key infrastructure [PKI]).
2.4 Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
2.5 Knowledge of current industry methods for evaluating, implementing and disseminating information technology (IT) security assessment, monitoring, detection and remediation tools and procedures, utilizing standards-based concepts and capabilities.
2.6 Knowledge of network security architecture concepts, including topology, protocols, components and principles (e.g., application of defence in depth).
2.7 Knowledge of malware analysis concepts and methodology.
2.8 Knowledge of intrusion detection methodologies and techniques for detecting host-and network- based intrusions via intrusion detection technologies.
2.9 Knowledge of defence in depth principles and network security architecture.
2.10 Knowledge of encryption algorithms (e.g., internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE]).
2.11 Knowledge of cryptology.
2.12 Knowledge of encryption methodologies.
2.13 Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol and Internet Protocol [ITCP/IP], Open System Interconnection model [OSI]).
2.14 Knowledge of network protocols (e.g., Transmission Control Protocol and Internet Protocol
DOMAIN 3: SECURITY OF NETWORK, SYSTEM, APPLICATION AND DATA
3.1 Knowledge of computer network defence (CND) and vulnerability assessment tools, including open source tools, and their capabilities.
3.2 Knowledge of basic system administration, network and operating system hardening techniques.
3.3 Knowledge of risk associated with virtualizations.
3.4 Knowledge of penetration testing principles, tools and techniques (e.g., metasploit, neosploit).
3.5 Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring) and tools.
3.6 Knowledge of remote access technology concepts.
3.7 Knowledge of systems administration concepts.
3.8 Knowledge of Unix command line.
3.9 Knowledge of system and application security threats and vulnerabilities.
3.10 Knowledge of system lifecycle management principles, including software security and usability.
3.11 Knowledge of local specialized system requirements (e.g., critical infrastructure systems that may not use standard information technology [IT]) for safety, performance and reliability.
3.12 Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
3.13 Knowledge of social dynamics of computer attackers in a global context.
3.14 Knowledge of secure configuration management techniques.
3.15 Knowledge of capabilities and applications of network equipment including hubs, routers, switches, bridges, servers, transmission media and related hardware.
3.16 Knowledge of communication methods, principles and concepts that support the network infrastructure.
3.17 Knowledge of the common networking protocols (e.g., Transmission Control Protocol and Internet Protocol [TCP/IP]) and services (e.g., web, mail, Domain Name System [DNS]) and how they interact to provide network communications.
3.18 Knowledge of different types of network communication (e.g., Local Area Network [LAN], Wide Area Network [WAN], Metropolitan Area Network [MAN], Wireless Local Area Network [WLAN], Wireless Wide Area Network [WWAN]).
3.19 Knowledge of virtualization technologies and virtual machine development and maintenance.
3.20 Knowledge of application vulnerabilities.
3.21 Knowledge of information assurance (IA) principles and methods that apply to software development.
3.22 Knowledge of risk threat assessment.
DOMAIN 4: INCIDENT RESPONSE
4.1 Knowledge of incident categories, incident responses and timelines for responses.
4.2 Knowledge of disaster recovery and continuity of operations plans.
4.3 Knowledge of data backup, types of backups (e.g., full, incremental) and recovery concepts and tools.
4.4 Knowledge of incident response and handling methodologies.
4.5 Knowledge of security event correlation tools.
4.6 Knowledge of investigative implications of hardware, operating systems and network technologies.
4.7 Knowledge of processes for seizing and preserving digital evidence (e.g., chain of custody).
4.8 Knowledge of types of digital forensics data and how to recognize them.
4.9 Knowledge of basic concepts and practices of processing digital forensic data.
4.10 Knowledge of anti-forensics tactics, techniques, and procedures (TTPS).
4.11 Knowledge of common forensic tool configuration and support applications (e.g., VMWare, Wireshark).
4.12 Knowledge of network traffic analysis methods.
4.13 Knowledge of which system files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files.
DOMAIN 5: SECURITY OF EVOLVING TECHNOLOGY
5.1 Knowledge of new and emerging information technology (IT) and information security technologies.
5.2 Knowledge of emerging security issues, risks, and vulnerabilities.
5.3 Knowledge of risk associated with mobile computing.
5.4 Knowledge of cloud concepts around data and collaboration.
5.5 Knowledge of risk of moving applications and infrastructure to the cloud.
5.6 Knowledge of risk associated with outsourcing
5.7 Knowledge of supply chain risk management processes and practices

 
  备案号:备案号:沪ICP备08026168号-1 .(2014年7月11)...................
Cybersecurity Fundamentals培训学校