New CompTIA Security+

The vendor-independent and practice-oriented training will provide professionals with a comprehensive overview of cybersecurity concepts; IT risk management; basic implementation of host, mobile, cloud and network security; authentication and access control management; encryption solutions and organizational security design.

The course provides the necessary pre-requisites for additional intermediate, security analyst (CompTIA Cyber Security Analyst), vulnerability tester (CompTIA Penetration Tester) and other cybersecurity training to enhance your cybersecurity skills.

The certification meets the US Department of Defense (DoD) approved 8570 baseline certification and the training meets DoD 8140/8570 training requirements.

The training is aimed at IT professionals with previous IT operations and networking knowledge, who have a lack of security technology and security implementation knowledge and want to gain a comprehensive understanding of cybersecurity concepts, technologies and be tasked with the development of secure IT systems and environments.

The course is also ideal for those who do not want to specialise in a particular security area later on, but who need a general IT security knowledge for their job (e.g. IT managers, IT security auditors, other future security professionals).

The training is also ideal for those who wish to prepare for the optional CompTIA Security+ certification exam. The training fee does not include the exam fee.

On completion of the training, participants will acquire the following skills:

• The concept of security roles and security controls
• Concept of security threats
• Security assessments and evaluations
• Identification of security threats, security vulnerabilities, security assessments, security threats definitions, security threats assessment, security threats definitions, security threats, security threats
• Identifying malicious software
• Basic cryptographic concepts
• Public key infrastructure implementation
• Implementing authentication controls
• Identity and account management controls
• Implementing secure network plans
• Implementing network security tools
• Implementing secure network protocols
• Developing host security solutions
• Designing secure mobile solutions
• Application security basics
• Building secure cloud solutions
• Data protection and privacy concepts
• Incident management
• Explaining digital forensics
• Summary of risk management concepts
• Implementing cybersecurity resilience
• Physical security overview

Theoretical parts

• Information protection: principles, concepts, general security guidelines, possible attacks/threats and their characteristics, risk management
• Network security: network and security tools, designing secure network topologies, protecting web browsers, virtualisation
• Remote access networks, virtual private networks (VPN) overview
• Network security monitoring, network traffic monitoring; logging, server monitoring; preventive security maintenance
• Host, data and application security options and technologies
• User and role-based security: security policies, protection of files and resources, protection of computer and user accounts; trust relationships between computers
• Application protection solutions
• Overview of security solutions for mobile and cloud systems
• Encryption: data encryption concepts, procedures, types of encryption and their use, symmetric and public key encryption (PKI) concepts, operation
• Authentication schemes: implementing security through access control and authentication
• Use of public key infrastructure (PKI): key management and key lifecycle, implementation of certificate server, web server security with PKI
• Virus and spyware management; overview of security threats/attacks and their characteristics, how to defend against them; concept of social engineering
• Access and identity security: biometric systems, physical security, peripheral and component security, storage security
• Security and vulnerability testing basics:, vulnerability testing and analysis basics, incident management basics, secure programming basics, digital forensics
• Building security in the organization: risk assessment, data protection, organizational security policies and regulations, security education, information data management
• Business continuity: redundancy planning, disaster recovery, high availability, , data/system backup and recovery, control and monitoring of IT environment

Practical parts

• Lab environment overview, operation and use
• Network node scanning and identification
• Intercepting and interpreting network traffic using packet capture tools
• Testing authentication vulnerabilities and analysing the results
• Installation, use and blocking of malicious software-based backdoors
• Perform network discovery and vulnerability scanning
• Certificate lifecycle management
• Certificate management using OpenSSL
• Password strength checking with password cracking utility
• Central authentication management
• Managing access control in Windows Server
• Create and control auditing policies
• Managing access control in Linux
• Configuring identity and access control audits
• Implementing network security planning
• Firewall configuration
• Configuring an intrusion detection system
• Implement secure network addressing services
• Virtual private network implementation
• Implement a secure SSH server
• Implement endpoint protection
• Protecting the network infrastructure
• Identifying application attack indicators
• Browser attack identification
• Implementing PowerShell security
• Identifying malicious code
• Identifying application attacks
• Managing data sources for incident response
• Configuring security controls
• Obtaining digital forensic evidence
• Data backup and recovery on Windows and Linux
• Incident management, remediation and recovery

Network and IT operations knowledge and experience in Windows or Linux systems. CompTIA Network+ training or equivalent networking knowledge is recommended.