On course completion, you will be able to:
- Collect and use cybersecurity intelligence and threat data.
- Identify modern cybersecurity threat actors types and tactics, techniques, and procedures.
- Analyze data collected from security and event logs and network packet captures.
- Respond to and investigate cybersecurity incidents using forensic analysis techniques.
- Assess information security risk in computing and network environments.
- Implement a vulnerability management program.
- Address security issues with an organization‘s network architecture.
- Understand the importance of data governance controls.
- Address security issues with an organization‘s software development life cycle.
- Address security issues with an organization‘s use of cloud and service-oriented architecture
This course includes FREE access for 12 months to a cloud based lab platform to assist students develop the practical information technology (IT) skills necessary to succeed in high in demand IT jobs. This cloud based lab solution uses real equipment that enables our students to execute each practical task in a safe environment that is accessible from anywhere without needing to buy their own hardware or risk damage to their own system.
Along with providing the necessary hardware in a virtual environment, students gain access to high quality practical exercises that cover many of the exam topics they will encounter on their certifying exams.
This course prepares students to take the CompTIA Cybersecurity Analyst (CySA+) CS0-002 certification exam.
Course Outline:
Lesson 1: Explaining the Importance of Security Controls and Security Intelligence
As a new or recently practicing cybersecurity analyst, you must be able to demonstrate the importance of security intelligence and threat intelligence. As understanding of threat types and actors grows, those threat actors change their tactics and procedures to escape detection. Consequently, identifying and updating robust intelligence sources and setting up effective information sharing systems is a critical part of the role of a cybersecurity analyst. Threat intelligence feeds into the selection and configuration of distinct types of security controls. It is important that you be able to classify the function and operation of different control types.
Lesson 2: Utilizing Threat Data and Intelligence
Cybersecurity is a mature discipline with well-established terminology and procedures. Part of this terminology concerns the identification of threats and threat actors, and of attack frameworks and indicators. You must be able to use threat intelligence and attack frameworks to model likely risks to your organization and perform threat hunting to proactively determine that your systems have not already been compromised. This commitment to proactive defense is at the heart of the CySA+ approach to security assurance.
Lesson 3: Analyzing Security Monitoring Data
Security information derives from network packet captures, traffic monitoring, and logs from security appliances and network application services. A monitoring tool is software that collects this data from hosts and network appliances for analysis and is the basis for an alerting system. These tools can be used to identify ongoing cybersecurity attacks and perform forensic analysis of past attacks. As a cybersecurity analyst, you must be able to analyze these data sources to identify threats and implement appropriate configuration changes in response. You should also be able to analyze email messages to detect malicious links and attachments, and to verify security properties, such as digital signatures and sender policy frameworks.
Lesson 4: Collecting and Querying Security Monitoring Data
Security monitoring depends to a great extent on the use of data captured in network traces, log files, and host-based scanners. Collecting this data into a single repository for analysis—a security information and event management (SIEM) system—will be a core part of your role as a cybersecurity analyst.
Lesson 5: Utilizing Digital Forensics and Indicator Analysis Techniques
Digital forensics is used to gather evidence to respond effectively to security incidents and to use to prosecute attackers. Forensics techniques are also used in threat hunting as a source of threat intelligence and to identify adversary tactics and procedures. As a cybersecurity analyst, you will need to be able to apply digital forensics techniques and tools to analyze indicators of compromise from data gathered from network traffic, hosts/endpoints, and applications.
Lesson 6: Applying Incident Response Procedures
CySA+ professionals are a core part of the team responsible for incident response planning and operations. You must be able to explain the importance of incident response, especially in terms of communications, coordinating response efforts, and protecting critical data assets. You must also be able to apply appropriate response procedures at each phase of the incident life cycle.
Lesson 7: Applying Risk Mitigation and Security Frameworks
Risk management supplies the context for the tools and procedures deployed for security monitoring. As a CySA+ professional, you must be able to apply security concepts to identify and prioritize risks, and use training and exercises to develop and test capabilities. You should also be able to explain the importance of policies and procedures in shaping secure organizational behaviors.
Lesson 8: Performing Vulnerability Management
Vulnerability scanning and management is a critical security task. As a CySA+ professional, you must be able to not only configure and operate vulnerability management activities, but also perform detailed analysis of the output from scans and advise on appropriate remediation and mitigation techniques. By managing vulnerabilities in the organization, you can more effectively identify where your organization is at risk and how to fix any security weaknesses that could lead to an incident.
Lesson 9: Applying Security Solutions for Infrastructure Management
Threat research, incident response, and analysis represent some of the core job functions for a cybersecurity analyst, but you will also have a role to play in applying security solutions for infrastructure management. This can involve use of identity and access management controls, network architecture and segmentation, and secure configuration of computing host hardware and specialized systems.
Lesson 10: Understanding Data Privacy and Protection
Business networks are put in place to perform processing and storage of data. As a security analyst, you must be familiar with the methods of identifying and classifying confidential and personal data. You must also understand the importance of technical and non-technical controls deployed to ensure data privacy and protection.
Lesson 11: Applying Security Solutions for Software Assurance
Few companies can operate with off-the-shelf software alone. Even if the business of a company is not software development, the use of code in websites and mobile apps, bespoke Line of Business applications, and network automation requires security oversight and monitoring. You must be able to explain software assurance best practices and implement controls to mitigate common attacks against software vulnerabilities and token-based authentication and authorization mechanisms. You must also be able to analyze the output from web application scanners and software assessment tools.
Lesson 12: Applying Security Solutions for Cloud and Automation
It is a long time since business IT operations consisted solely of server and workstation computers operating within a single local network. Web-based services and the use of mobile devices means that business networks have no easily defined edge, and that security operations extend across third-party networks and services. These facts raise complex issues that security professionals must be equipped to deal with. As a cybersecurity analyst, you must be able to explain the threats and vulnerabilities associated with operating in the cloud and analyze output from cloud infrastructure assessment tools.
All necessary course materials are included.
Certification(s):
This course prepares students to take the CompTIA Cybersecurity Analyst (CySA+) CS0-002 certification exam.