Programma Didattico Corso Sicurezza Informatica e Security Manager | Certificato CompTIA Security+

MODULO A: Corso Sicurezza Informatica e Security Manager | Certificato CompTIA Security+ SY-701

1)    Mastering security basic

1. Understanding core security goals
   • Security scenarios
     • Ensure confidentiality
     • Provide integrity
     • Increase availability
   • Resource availability versus security constraints
2. Introducing basic risk concepts
3. Selecting effective security controls
   • Control categories
     • Technical controls
     • Managerial controls
     • Operational controls
     • Physical controls
   • Control types
     • Preventive controls
     • Deterrent controls
     • Detective controls
     • Corrective controls
     • Directive controls
   • Combining control categories and types
4. Logging and monitoring
   • Operating system/endpoint logs
     • Windows logs
     • Linux logs
   • Network logs
     • Firewall logs
     • IDS/IPS logs
     • Packet captures
   • Application logs
     • Metadata
   • Centralized logging and monitoring
     • SIEM system
     • Syslog

Objective covered:

• Compare and contrast various types of security controls

• Categories (technical, managerial, operational, physical)
• Control types (preventive, deterrent, detective, corrective, compensating, directive)
  • Summarize fundamental security concepts
• Confidentiality, integrity, and availability (CIA)

2.5 Explain the purpose of mitigation techniques used to secure the enterprise

• Monitoring
• Least privilege

3.2 Given a scenario, apply security princi­ples to secure enterprise infrastructure

• Selection of effective controls

4.1 Given a scenario, apply common security techniques to computing resources

• Monitoring
  • Explain security alerting and monitoring concepts and tools
• Monitoring computing resources (systems, applications, infrastructure)
• Activities (log aggregation, alerting, scanning, reporting, archiving)
• Alert tuning
• Security Information and Event Management (SIEM)
  • Given a scenario, modify enterprise capabilities to enhance security
• User Behavior Analytics (UBA)

4.9 Given a scenario, use data sources to support an investigation

• Log data(firewall logs, application logs, endpoint logs, os-specific security logs, IPS/IDS logs, network logs, metadata)
• Data sources (automated reports, dashboards, packet captures)

2)    Understanding identity and access management

1. Exploring authentication management
   • Comparing identification and AAA
   • Comparing authentication factors
     • Something you know
     • Something you have
     • Something you are
     • Two-factor and multifactor authentication
     • Passwordless authentication
   • Authentication log files
2. Managing accounts
   • Credential policies and account types
   • Privileged access management
   • Requiring administrators to use two accounts
   • Prohibiting shared and generic accounts
   • Deprovisioning
   • Time-based logins
   • Account audits
3. Comparing authentication services
   • Single sign-on
   • LDAP
   • SSO and a federation
     • SAML
     • SAML and authorization
     • Oauth

4. Authorization models
   • Role-based access control
     • Using roles based on jobs and functions
     • Documenting roles with a matrix
     • Establishing access with group-based privileges
   • Role-based access control
   • Discretionary access control
     • Filesystem permissions
     • SIDs and DACLs
   • Mandatory access control
     • Labels and lattice
     • Establishing access
   • Attribute-based access control
5. Analyzing authentication indicators

Objective covered:

1.2 Summarize fundamental security concepts

• Authentication, authorization, and accounting (AAA) (Authenticating people, Authenticating systems, Authorization models)

2.4 Given a scenario, analyze indicators of malicious activity

• Indicators (account lockout, concurrent session usage, blocked content, impossible travel, resource consumption, resource inaccessibility, out-of-cycle logging, published/documented, missing logs)

2.5 Explain the purpose of mitigation tech­niques used to secure the enterprise

• Access control (Access Control List (ACL), permissions)

4.5 Given a scenario, modify enterprise capa­bilities to enhance security

• Operating system security (SElinux)
  • Given a scenario, implement and maintain identity and access management
• Provisioning/de-provisioning user accounts
• Permission assignments and implications
• Identity proofing
• Federation
• Single sign-on (SSO) (open authorization (OAuth) , Security Assertions Markup Language, (SAML) )
• Interoperability
• Attestation
• Access controls (mandatory, discretionary, role-based, rule-based, attribute-based, time-of-day restrictions, least privilege)
• Multifactor authentication (implementations, biometrics, hard/soft authentication tokens, security keys)
• Factors (something you know, something you have, something you are, somewhere you are)
• Password concepts
• Password best practices (length, complexity, reuse, expiration, age)
• Password managers
• Passwordless
• Privileged access management tools (just-in-time permissions, password vaulting, ephemeral credentials)

3)    Exploring network technologies and tools

1. Reviewing basic networking concepts
   • OSI model
   • Basic networking protocols
   • Implementing protocols for use cases
     • Data in transit use cases
     • Email and web use cases
     • Directory use cases
     • Voice and video use cases
     • Remote access use cases
     • Time synchronization use cases
     • Network address allocation use cases
     • Domain name resolution use cases

2. Understanding basic network infrastructure
   • Switches
     • Hardening switches
   • Routers
     • Hardening routers
   • Simple Network Management Protocol
   • Firewalls
     • Host-based firewalls
     • Network-based firewalls
   • Failure modes
3. Implementing network designs
   • Security zones
     • Screened subnet
     • Network address translation gateway
     • Physical isolation and air gasp
     • Logical separation and segmentation
   • Network appliances
   • Proxy servers
     • Caching content for performance
     • Content filtering
     • Reverse proxy
   • Unified threat management
   • Jump server
4. Zero trust
   • Control plane vs. Data plane
   • Secure access service edge

Objective covered:

• Summarize fundamental security concepts

• Zero trust (control plane: adaptive identity, threat scope reduction, policy-driven access control, policy administrator, policy engine; data plane: implicit trust zones, subject/system, policy enforcement point )

2.5 Explain the purpose of mitigation techniques used to secure the enterprise

• Isolation
• Hardening techniques (host-based firewall)

3.1 Compare and contrast security implications of different architecture model

• Network infrastructure (physical isolation, air-gapped, logical segmentation)

3.2 Given a scenario, apply security principles to secure enterprise infrastructure

• Device placement
• Security zones
• Attack surface
• Connectivity
• Failure modes (fall-open, fall-closed)
• Network appliances (jump server, proxy server, load balancer)
• Firewall types (web application firewall (WAF), unified threat management (UTM), next-generation firewall (NGFW), layer 4/layer 7 )
• Secure communication/access (Tunneling Transport Layer Security (TLS), Secure Access Service Edge (SASE))

3.3 Compare and contrast concepts and strategies to protect data

• Methods to secure data (segmentation)

4.1 Given a scenario, apply common security techniques to computing resources.

• Hardening targets (switches, routers)

4.4 Explain security alerting and monitoring concepts and tools

• Simple Network Management Protocol (SNMP) traps

4.5 given a scenario, modify enterprise capabilities to enhance security

• Firewall (rules, access lists, ports/protocols, screened subnets)
• Web filter (agent based, centralized proxy, universal resource locator scanning, content categorization, block rules, repuration)
• Operating system security (group policy chapter)
• Implementation of secure protocols (protocol selection, port selection, transport met-hod)
• Email security (domain-based message authentication reporting and conformance (dmarc), Domain Keys Identified Mail (dkim), Sender Policy Framework (SPF), gateway)

4) Securing your network

1. Exploring advanced security devices
   • Understanding idss and ipss
     • HIDS
     • NIDS
     • Sensor and collector placement
     • Detection methods
     • Data sources and trends
     • Reporting based on rules
     • Alert response and validation
   • IPS versus IDS in line versus passive
   • Honeypots
   • Honeynets
   • Honeyfile
   • Honeytokens
2. Securing wireless networks
   • Reviewing wireless basics
     • Band selection and channel overlaps
     • MAC filtering
   • Site surveys and heat maps
   • Access point installation considerations
   • Wireless cryptographic protocols
     • WAP2 and CCMP
     • Open, psk, and enterprise modes
     • WPA3 and simultaneous authentication of equals
   • Authentication protocols
   • IEEE 802.1x security
   • Controller and access point security
   • Captive portals
3. Understanding wireless attacks
   • Disassociation attacks
   • Wi-fi protected setup
   • Rogue access point
   • Evil twin
   • Jamming attacks
   • IV attacks
   • Near field communication attacks
   • RFID attacks
     • Wireless replay attacks
     • War driving and war flying

4. Using VPNs for remote access
   • VPNs and VPN concentrators
   • Remote access VPN
   • IPSEC as a tunneling protocol
   • SSL/TLS as a tunneling protocol
   • Split tunnel versus full tunnel
   • Site-to-site VPNs
   • Always-on SPN
   • L2TP as a tunneling protocol
   • HTML5 VPN portal
5. Network access control
   • Host health checks
   • Agent versus agentless NAC
6. Authentication and authorization methods
   • PAP
   • CHAP
   • RADIUS
   • TACACS+
   • AAA protocols

Objective covered:

1.2 Summarize fundamental security concepts

• Deception and disruption technology (honeypot, honeynet, honeyfile, honeytoken)

2.3 Explain various types of vulnerabilities

• Zero-day

2.4 Given a scenario, analyze indicators of malicious activity

• Physical attacks (radio frequency identification (RFID) cloning)
• Network attacks (wireless)

3.2 Given a scenario, apply security princi­ples to secure enterprise infrastructure

• Device attribute (active vs. Passive, inline vs. Tap/monitor)
• Intrusion prevention system (IPD)/ intrusion detection system (IDS)
• Sensors
• Port security (802.1 x , extensible authentication protocol (EAP))
• Secure communication/access (virtual private network (VPN), remote access chapter,

Tunneling (IPSEC)

4.0 given a scenario, apply common security techniques to computing resources

• Wireless device (installation consideration: site surveys, heat maps)
• Wireless security settings (WI-FI protected access 3 (WPA3), AAA/remote authentication dial-in user service (RADIUS), cryptographic protocols, authentication protocols)

4.4 Explain security alerting and monitoring concepts and tools

• Agent / agentless
• Alerting response and remediation / validation (quarantine)

4.5 Given a scenario, modify enterprise capabilities to enhance security

• IDS/IPS (trends, signature)
• Network Access Control (NAC)

5)    Securing hosts and data

1. Virtualization
   • Thin clients and virtual desktop infrastructure
   • Containerization
   • VM escape protection
   • VM sprawl avoidance
   • Resource reuse
   • Replication
   • Snapshots
2. Implementing secure system
   • Endpoint security software
   • Hardening workstations and servers
   • Configuration enforcement
   • Secure baseline and integrity measurements
   • Using master images for baseline configurations
   • Patching and patch management
   • Change management
   • Application allow and block lists
   • Disk encryption
   • Boot integrity
     • Boot security and uefi
     • Trusted platform module
     • Hardware security module
   • Decommissioning and disposal
3. Protecting data
   • Data loss prevention
   • Removable media
   • Protecting confidentiality with encryption
   • Database security
   • Protecting data in use
4. Summarizing cloud concepts
   • Cloud delivery models
     • Software as a service
     • Platform as a service
     • Infrastructure as a service
   • Cloud deployment models
     • Multi-cloud systems
   • Application programming interfaces
   • Microservices and apis
   • Managed security service provider
   • Cloud service provider responsabilities
   • Cloud security considerations
   • On-premises versus off-premises
     • On-premises
     • Off-premises
   • Hardening cloud enviroments
     • Clooud access security broker
     • Cloud-based dlp
     • Next-generation secure web gateway
     • Cloud firewall considerations
     • Infrastructure as code
     • Software-defined networking
     • Edge and fog computing
   • Deploying mobile devices securely
     • Mobile device deployment models
     • Connection methods and receivers
       • Mobile device management
     • Hardening mobile devices
       • Unauthorized software
       • Hardware control
       • Unauthorized connections
     • Exploring embedded systems
       • Understanding internet of things
       • Ics and scada systems
       • Embedded systems components
       • Hardening specialized systems
       • Embedded system constraints

Objective covered:

• Explain the importance of using appropri­ate cryptographic solutions

• Encryption (level: full-disk, partition, file, volume, database, record)
• TPM (trusted platform module)
• HSM (hardware security module)
• Key Management System
• Secure enclave

2.3 Explain various types of vulnerabilities

• Operating systems (os)-based
• Hardware (firmware, end-of-life, legacy)
• Virtualization ( Virtual Machine (VM) escape, resource reuse)
• Cloud-specific
• Misconfiguration
• Mobile device (side loading, jailbreaking)

2.5 Explain the purpose of mitigation techniques used to secure the enterprise

• Segmentation
• Application allow list
• Patching
• Encryption
• Configuration enforcement
• Decommissioning
• Hardening techniques (encryption, installation of endpoint protection, host-based intrusion prevention system (hips), disabling ports/protocols, default password, removal of unnecessary software)

3.1 Compare and contrast security implications of different architecture models

• Cloud (responsibility matrix, hybrid considerations, third-party vendors)
• Infrastructure As Code (IAC)
• Serverless
• Microservices
• Network infrastructure (Software-Defined Networking (SDN))
• On-premises
• Centralized vs. Decentralized
• Containerization
• Virtualization
• IoT (Internet of things)
• Industrial Control Systems (ICS) / Supervisory Control And Data Acquisition (SCADA)
• Real-Time Operating System (RTOS)
• Embedded systems
• Considerations (availability, resilience, cost, responsiveness, scalability, ease of deployment, risk transference, ease of recovery, patch availability, inability to patch, power, compute

3.3 Compare and contrast concepts and strategies to protect data

• Geolocation

4.1 Given a scenario, apply common security techniques to computing resources

• Secure baselines (establish, deploy, maintain)
• Hardening targets (mobile devices, workstation, cloud infrastructure, servers, ICS/SCADA, embedded systems, RTOS, IoT)
• Mobile solutions (Mobile Device Management (MDM); deployment models: Bring Your Own Device (BYOD), Corporate Owned, Personally Enabled (COPE), Choose Your Own Device (CYOD); connection methods: cellular, wi-fi, bluetooth)

4.4 Explain security alerting and monitoring concept and tools

• Antivirus
• DLP (Data Loss Prevention)

4.5 Given a scenario, modify enteprise capabilities to enhance security

• DLP
• Endpoint Detection and Response (EDR)
• eXtended Detection and Response (XDR)

6)    Comparing threats, vulnerabilities and common attacks

1. Understanding threat actors
   • Threat actor types
   • Attacker attributes
   • Threat actor motivations
   • Threat vectors and attack surfaces
   • Shadow it
2. Determining malware types
   • Viruses
   • Worms
   • Logic bombs
   • Trojans
   • Remote access trojan
   • Keyloggers
   • Spyware
   • Rootkit
   • Ransomware
   • Bloatware
   • Potential indicators of a malware attack
3. Recognizing common attacks
   • Social engineering and human vectors
     • Impersonation
     • Shoulder surfing
     • Disinformation
     • Tailgating and access control vestibules
     • Dumpster diving
     • Watering hole attacks
     • Business email compromise
     • Typosquatting
     • Brand impersonation
     • Eliciting information
     • Pretexting
   • Message-based attacks
     • Spam
     • Spam over instant messaging
     • Phishing
     • Whaling
     • Vishing
     • Smishing
   • One click lets them in
4. Blocking malware and other attacks
   • Spam filters
   • Antivirus and anti-malware software
     • Signature-based detection
     • Heuristic-based detection
     • File integrity monitors
   • Why social engineering works
     • Authority
     • Intimidation
     • Consensus
     • Scarcity
     • Urgency
     • Familiarity
     • Trust
   • Threat intelligence sources
   • Research sources

Objective covered:

2.0 Compare and contrast common threat actors and motivations

• Threat actors (nation-state, unskilled attacker, hacktivist, insider threat, organized crime, shadow it )
• Attributes of actors (internal/external, resources/funding, level of sophistication/capability)
• Motivations (data exfiltration, espionage, service disruption, blackmail, financial gain, philosophical/political beliefs, ethical revenge, disruption/chaos, war)

2.2 Explain common threat vectors and attack surfaces

• Message-based (email, short message service (SMS), instant messaging (IM))
• Image-based
• File-based
• Voice call
• Removable device
• Vulnerable software (client-based vs. Agentless)
• Unsupported systems and applications
• Unsecure networks (wireless, wired, bluetooth)
• Open service ports
• Default credentials
• Supply chain (Managed Service Providers (MSP), vendors, suppliers)
• Human vectors/social engineering (phishing, vishing, smishing, misinformation/disinformation, impersonation, business email compromise, pretexting: watering hole, brand impersonation, typosquatting )

2.4 Given a scenario, analyze indicators of malicious activity

• Malware attacks (ransomware, trojan, worm, spyware, bloatware, virus, keylogger, logic bomb, rootkit )
• Malicious code

4.2 Explain various activities associated with vulnerability management

• Threat feed (Open Source INTelligence OSINT, proprietary/third-party, information-sharing organization, dark web)

4.5 Given a scenario, modify enterprise capabilities to enhance security

• File integrity monitoring

7)    Protecting against advanced attacks

1. Identifying network attacks
   • Denial of Service attacks
     • Syn flood attacks
   • Forgery
   • On-path attacks
   • Secure Sockets Layer stripping
   • DNS attacks
     • DNS poisoning attacks
     • Pharming attacks
     • Url redirection
     • Domain hijacking
     • DNS filtering
     • DNS log files
   • Replay attacks
2. Summarizing secure coding concepts
   • Input validation
     • Client-side and server-side input validation
     • Other input validation techniques
   • Avoiding race conditions
   • Proper error handling
   • Code obfuscation
   • Software diversity
     • Outsourced code development
     • Data exposure
     • HTTP headers
     • Secure cookie
     • Code signing
   • Analyzing and reviewing code
   • Software version control
   • Secure development enviroment
   • Database concepts
     • SQL queries
   • Web server logs
3. Other application attacks
   • Memory vulnerabilities
     • Memory leak
     • Buffer overflows and buffer attacks
     • Integer overflow
   • Other injection attacks
     • DLL injection
     • LDAP injection
     • XML injection
   • Directory traversal
   • Cross-site scripting
4. Automation and orchestration for secure operations
   • Automation and scripting use cases
   • Benefits of autmations and scripting

Objective covered:

2.3 Explain various types of vulnerabilities

• Application (memory injection, buffer overflow, race conditions: Time-Of-Check (TOC), Time-Of-Use(TOU))
• Malicious update
• Web based (SQL injection, XSS)

2.4 Given a scenario, analyze indicators of malicious activity

• Network attack (distributed denial of service (DDoS): amplified, reflected; domain name system attack; on-path; credential replay)
• Application attack (injection, buffer overflow, replay, forgery, directory traversal)

4.1 Given a scenario, apply common security techniques to computing resources

• Application security (input validation, secure cookies, static code analysis, code signing)
• Sandboxing
  • Explain the importance of automation and orchestration related to secure operations
• Use cases of automation and scripting (user provisioning, resource provisioning, guard rails, security groups, ticket creation, escalation, enabling/disabling services and access, continuous integration and testing, integrations and application programming interfaces (API s) )
• Benefits (efficiency/time saving, enforcing baselines, standard infrastructure configurations, scaling in a secure manner, employee retention, reaction time, workforce multiplier)
• Other considerations (complexity, cost, single point of failure, technical debt, ongoing supportability)

8)    Using risk management tools

1. Understanding risk management
   • Threats
   • Risk identification
   • Risk types
   • Vulnerabilities
   • Risk managemnt strategies
     • Risk assessment types
     • Risk analysis
     • Supply
     • Chain risks

2. Comparing scanning and testing tools
   • Checking for vulnerabilities
     • Network scanners
     • Vulnerability scanning
     • Credentialed vs. Non-credentialed scans
     • Configuration review
   • Penetration testing
     • Rules of engagement
     • Reconnaissance
     • Footprinting versus fingerprinting
     • Initial exploitation
     • Persistence
     • Lateral movement
     • Privilege escalation
     • Pivoting
     • Known, unknown and partially known testing enviroments
     • Cleanup
   • Responsible disclosure programs
   • System and process audits
   • Intrusive versus non-intrusive testing
   • Responding to vulnerabilities
     • Remediating vulnerabilities
     • Validation of remediation

3. Capturing network traffic
   • Packet capture and replay

• TCPreplay and TCPdump
• Netflow

4. Understanding frameworks and standards
   • ISO standards
   • Industry-specific frameworks
   • NIST frameworks
     • NIST risk management framework
     • NIST cybersecurity framework
   • Reference architecture
   • Benchmarks and configuration guides
5. Audits and assessments

Objective covered:

1.2 Summarize fundamental security concepts

• Gap analysis

2.3 Explain various type of vulnerabilities

• Supply chain (service provider, hardware provider, software provider)

4.3 Eplain various activities associated with vulnerability management

• Vulnerability scan
• Penetration testing
• Responsible disclosure program
• Bug bounty program
• System/process audit
• Analysis (confirmation, false positive, false negative, prioritize, Common Vulnerability Scoring System (CVSS), Common Vulnerability Enumeration (CVE), vulnerability classification, Exposure Factor, environmental variables, industry/organizational impact, risk tolerance )
• Vulnerability response and remediation (patching, insurance, segmentation, compensating controls, exceptions and exemptions)
• Validation of remediation (rescanning, audit, verification)
• Reporting

4.4 Explain security alerting and monitoring concepts and tools

• Security Content Automation Protocol (SCAP)
• Benchmarks
• Netflow
• Vulnerability scanners

5.2 Explain elements of the risk manage­ment process

• Risk identification
• Risk assessment (ad hoc, recurring, one-time, continuous)
• Risk analysis (qualitative; quantitative; Single Loss Expectancy (SLE); Annualized Loss Expectancy (ALE); Annualized Rate of Occurrence (ARO); probability; likelihood; Exposure Factor; impact; risk register: key risk indicators, risk owners, risk threshold; risk tolerance; risk appetite: expansionary, conservative, neutral; risk management strategies: transfer, accept exemption, accept exception, avoid, mitigate)
• Risk reporting

5.5 Explain types and purposes of audits and assessments

• Attestation
• Internal (compliance, audit committee, self-assessments)
• External (regulatory, examinations, assessment, independent third-party audit)
• Penetration testing (physical, offensive, defensive, integrated, known environment, partially known environment, unknown environment)
• Reconnaissance (passive, active)

9)    Implementing controls to protect assets

1. Comparing physical security controls
   • Access badges
   • Increasing security with personnel
   • Monitoring areas with video surveillance
   • Sensors
   • Fencing, lighting and alarms
   • Securing access with barricades
   • Access control vestibules
   • Asset management
     • Hardware asset management
     • Software asset management
     • Data asset management
   • Platform diversity
   • Physical attacks
     • Card skimming and card cloning
     • Brute force attacks
     • Enviromental attacks

2. Adding redundancy and fault tolerance
   • Single Point of Failure
   • Disk redundancies
     • Raid-0
     • Raid-1
     • Raid-5 and raid-6
     • Raid-10
   • Server redundancy and high availability
     • Active/ active load balancers
     • Active/ passive load balancers
   • NIC teaming
   • Power redundancies
3. Protecting data with backups
   • Backup media
   • Online versus offline backups
     • Full backups
     • Recovering a full backup
     • Differential backups
     • Order of recovery for a full/differential backup set
     • Incremental backups
     • Order of recovery for a full/differential backup set
     • Snapshot and image backups
     • Replication and journaling
     • Backup frequency
     • Testing backups
   • Backup and geographic considerations
4. Comparing business continuity elemnts
   • Business impact analysis concepts
     • Site risk assessment
     • Impact
     • Recovery Time Objective
     • Recovery Point Objective
     • Comparing MTBF and MTTR
   • Continuity of operations planning
     • Site resiliency
     • Restoration order
   • Disaster recovery
   • Testing plans with exercises
     • Tabletop exercises
     • Simulations
     • Parallel processing
     • Fail over tests

5. Capacity planning

Objective covered:

1.2 Summarize fundamental security concepts

• Physical security (bollards, access control vestibule, fencing, video surveillance, security guard, access badge, lighting, sensors: infrared, pressure , microwave, ultrasonic)
• Physical attack (brute force, environmental)

3.3 Compare and contrast concepts and strategies to protect data

• General data considerations (data sovereignty)

3.4 Explain the importance of resilience and recovery in security architecture

• High availability (load balancing vs. clustering)
• Site considerations (hot, cold, warm, geographic dispersion)
• Platform diversity
• Continuity of operations
• Capacity planning (people, technology, infrastructure)
• Testing (tabletop exercises, fail over, simulation, parallel processing)
• Backups (onsite/offsite, frequency, encryption, snapshots, recovery, replication, journaling)
• Power (generators, uninterruptible power supply (ups))

4.2 Explain the security implications of proper hardware, software, and data asset management

• Acquisition/procurement
• Assignment/accounting (ownership, classification)
• Monitoring/asset trasking (inventory / enumeration)

5.2 Explain elements of the risk management process

• Recovery Time Objective (RTO)
• Recovery Point Objective (RPO)
• Mean Time To Repair (MTTR)
• Mean Time Between Failures (MTBF)

10) Understanding cryptography and PKI

1. Introducing cryptography concepts
2. Providing integrity with hashing
   • Hash versus checksum
   • MD5
   • Secure hash algorithms
   • Hmac
   • Hashing files
   • Hashing messages
   • Using hmac
   • Hashing passwords
   • Undertanding hash collisions
3. Understanding password attacks
   • Dictionary attacks
   • Brute force attacks
   • Password spraying attacks
     • Pass the hash attacks
   • Birthday attacks
   • Rainbow table attacks
   • Salting passwords
   • Key stretching
4. Providing confidentiality with encryption
   • Symmetric encryption
   • Block versus stream ciphers
   • Common symmetric algorithms
     • AES
     • 3DES
     • Blowfish and twofish
   • Asymmetric encryption
     • Key exchange
     • The reyburn box
   • Certificates
   • Ephemeral keys
   • Elliptic curve cryptography
   • Key lenght
   • Obfuscation
     • Steganography
     • Tokenization
     • Masking

5. Using cryptographic protocols
   • Protecting email
     • Signing email with digital signatures
     • Encrypting email
     • S/mime
   • HTTPS transport encryption
     • TLS versus SSL
     • Encrypting HTTPS traffic with TLS
     • Downgrade attacks on weak implementations
   • Blockchain
   • Identifyng limitations
     • Resource versus security constraints
     • Speed and time
     • Size and computational overhead
     • Entropy
     • Predictability
     • Weak keys
     • Reuse
     • Plaintext attack

6. Exploring PKI components
   • Certificate authority
   • Certificate trust models
   • Registration authority and CSRs
   • Online versus offline CAs
   • Updating and revoking certificates
   • Certificate revocation list
   • Validating a certificate
   • Certificate pinning
   • Key escrow
   • Key management
   • Comparing certificate types
   • Comparing certificate formats

Objective covered:

1.2 Summarize fundamental security concepts

• Non-repudation
  • Explain the importance of using appropriate cryptography solutions
• Public key infrastructure (PKI) (public key, private key, key escrow)
• Encryption (transport/communication, asymmetric, symmetric, key exchange, algorithms, key length)
• Obfuscation (steganography, tokenization, data masking)
• Hashing
• Salting
• Digital signatures
• Key stretching
• Blockchain
• Open public ledger
• Certificates (Certificate Authorities, Certificate Revocation Lists (CRLs), Online Certificate Status Protocol (OCSP), self-signed, third-party, root of trust, Certificate Signing Request (CSR) generation, wildcard )

2.3 Explain various types of vulnerabilities

• Cryptographic
• Cryptographic attacks (downgrade, collision, birthday)
• Password attacks (spraying, brute force)

3.3 Compare and contrast concepts and strategies to protect data

• General data considerations (data states: at rest, in transit, in use)
• Methods to secure data (encryption, hashing, masking, tokenization, obfuscation)

11) Implementing policies to mitigate risks

1. Change management
   • Business processes
   • Technical implications
   • Documentation and version control
2. Protecting data
   • Understanding data types
   • Classifying data types
   • Securing data
   • Data retention
   • Data sanitization
3. Incident response
   • Incident response plan
     • Communication plan
   • Incident response process
   • Incident response training and testing
   • Threat hunting
   • Understanding digital forensics
     • Acquisition and preservation
     • Legal holds and electronic discovery
     • Admissibility of documentation and evidence
     • Reporting
   • Understanding SOAR
     • Playbooks
     • Runbooks

4. Security governance
   • Governance structures
   • External considerations
   • Security policies
   • Security standards
   • Security procedures
   • Security guidelines
   • Data governance
   • Data roles
   • Monitoring and revision
5. Third-party risk management
   • Supply chain and vendors
   • Vendor assessment
   • Vendor selection
   • Vendor agreements
6. Security compliance
   • Compliance monitoring and reporting
   • Privacy
   • Data inventory and retention
7. Security awareness
   • Computer-based training
   • Phishing campaigns
   • Recognizing anomalous behavior
   • User guidance and training
   • Awareness program development and execution

Objective covered:

• Explain the importance of change management processes and the impact to security

• Business processes impacting security operation (approval process, ownership, stakeholders, impact analysis, test results, backout plan, maintenance window, standard operating procedure)
• Technical implications (allow lists/deny lists, restricted activities, downtime, service restart, application restart, legacy applications, dependencies)
• Documentation (updating diagrams,updating policies / procedures)
• Version control
  • Compare and contrast concepts and strategies to protect data
• Data types (regulated, trade secret, intellectual property, legal information, financial information, human-and non-human-readable)
• Data classifications (sensitive, confidential, public, restricted, private, critical)

4.2 explain the security implications of proper hardware, software, and data asset management

• Disposal/decommissioning (sanitization, destruction, certification, data retention)

4.3 explain various activities associated with vulnerability management

• Application security (static analysis, dynamic analysis, package monitoring)
  • Explain appropriate incident response activities
• Process (preparation, detection, analysis, containment, eradication, recovery, lesson learned)
• Training
• Testing (tabletop exercise, simulation)
• Root cause analysis
• Threat hunting
• Digital forensics (legal hold, chain of custody, acquisition, reporting, preservation, e-discovery)

5.1 summarize elements of effective security governance

• Guidelines
• Policies (Acceptable Use Policy (AUP),information security policies ,business continuity , disaster recovery, incident response , Software Development Lifecycle (SDLC), change management)
• Standards (password, access control, physical security, encryption)
• Procedures (change management, onboarding/offboarding, playbooks)
• External considerations (regulatory, legal, industry, local/regional, national, global)
• Monitoring and revision
• Types of governance structures (boards, committees, government entities, centralized/decentralized)
• Roles and responsibilities for systems and data (owners, controllers, processors, custodians/stewards)

5.3 Explain the processes associated with third-party risk assessment and management

• Vendor assessment (penetration testing, right-to-audit clause, evidence of internal audits, independent assessments, supply chain analysis)
• Vendor selection (due diligence, conflict of interest)
• Agreement types (Service-Level Agreement (SLA), Memorandum Of Agreement (MOA), Memorandum Of Understanding (MOU), Master Service Agreement (MSA), Work Order (WO)/Statement Of Work (SOW), Non-Disclosure Agreement (NDA), Business Partners Agreement (BPA)
• Vendor monitoring
• Questionnaires
• Rules of engagement

5.4 Summarize elements of effective security compliance

• Compliance reporting (internal, external)
• Consequences of non-compliance (fines, sanctions, reputational damage, loss of license, contractual impacts)
• Compliance monitoring (due diligence/care, attestation and acknowledgement, internal and external, automation)
• Privacy (legal implications, local/regional, national, global)
• Data subject
• Controller vs. Processor
• Ownership
• Data inventory and retention
• Right to be forgotten

5.6 Given a scenario, implement security awareness practices

• Phishing (campaigns, recognizing a phishing attempt, responding to reported suspicious messages)
• Anomalous behavior recognition (risky, unexpected, unintentional)
• User guidance and training (policy/handbooks, situational awareness, insider threat, password management, removable media and cables, social engineering, operational security, hybrid/remote work environment)
• Reporting and monitoring (initial, recurring)
• Development and Execution