It covers the theoretical background, detailed information about security infrastructure and goes into the vulnerabilities, risks, and required measures.
Security in IT is not only becoming more important but also more sophisticated. In light of this, organizations are dedicating roles to the safeguarding of their data and systems
- Network Administrator
- Application Developer
- Security Officer
- Quality Manager
- Operational Manager
1. TCP/IP Networking
- Describe what a node is.
- Describe how nodes can be connected to each other.
- Explain the concepts of TCP/IP addressing of both IP v4 and IP v6.
- Describe the layers and main functionalities of the OSI and TCP/IP models.
- Explain the main network protocols, what their functionality is and how they fit into the OSI and TCP/IP reference models.
2. Computer Systems
- Explain the components of a computer system.
- Describe how an operating system works.
- List the main operating systems.
- Identify the most prevalent types of computer system vulnerabilities.
- Identify the main security measures related to computer systems.
3. Applications & Databases
- Explain the different methods and phases of the systems development life cycle.
- Describe the advantages and disadvantages of each of the different methods of the systems development lifecycle.
- Explain how to address security during the systems development life cycle.
- Describe the different database models.
- Explain the functionality of the database and the database management systems.
- Describe the prevalent security issues related to applications development and databases.
- Explain the countermeasures against security issues related to applications and databases.
- Differentiate between symmetric and asymmetric encryption.
- Identify encryption algorithms and standards.
- Digital Signatures, Hashing
- Explain how hashing provides for the integrity of digital information.
- Describe the main hashing standards.
- Describe the components, parties and processes of a public key infrastructure.
- Explain what digital certificates and their use cases are.
- Explain the technology and use cases of SSL/TLS.
- Explain the technology and use cases of IPSec.
5. Identity & Access Management
- Differentiate between identification and authentication.
- Describe the main technologies of authentication and two-factor authentication.
- Explain biometrics and their use cases.
- Explain the concepts and different types of Single sign-on (SSO).
- Explain password management and its use cases.
- Describe how the principles of Need to know, Least privilege and Separation of Duties (SoD) relate to authorization.
- Describe authorization models such as role-based access control (RBAC) and attribute-based access control (ABAC).
- Describe the specifications and functionality of OpenID Connect and OAuth.
6. Cloud Computing
- Differentiate between the deployment models public cloud, private cloud and hybrid cloud.
- Explain the service models SaaS, PaaS, IaaS, SECaaS and IDaaS.
- Identify the risks of cloud computing.
7. Exploiting Vulnerabilities
- Identify the main attack categories of cybercrime.
- Recognize Black hat hackers, White hat hackers, Grey hat hackers, Script kiddies and Hacktivists.
- Identify which tools cybercriminals use.
- Identify the steps cybercriminals take to exploit vulnerabilities