دوره سکیوریتی پلاس (+Security)

معرفی دوره سکیوریتی پلاس (+Security)

دوره سکیوریتی پلاس (+Security) بصورت آنلاین به مدت ۳۰ ساعت در ۱ ماه برگزار می شود. سرفصل های آموزشی این دوره درباره آشنایی با مبانی امنیت در شبکه های کامپیوتری است. این دوره توسط CompTIA (انجمن صنعت فناوری های کامپیوتری) معرفی شده است. گواهینامه سکیوریتی پلاس در کشور آمریکا و کانادا بسیار مورد توجه شرکت های بزرگ است. داشتن گواهینامه بین المللی این دوره به همراه سایر مدارک بین المللی موسسه کامپتیا، مانند دوره نتورک پلاس شرایط شغلی و درآمدی خوبی را به عنوان دستیار (Help Desk) در شرکت های بزرگ برایتان فراهم می کند.

کارگاه‌های عملی

دوره سکیوریتی پلاس (+Security) بصورت آنلاین به مدت ۳۰ ساعت در ۱ ماه برگزار می شود. سرفصل های آموزشی این دوره درباره آشنایی با مبانی امنیت در شبکه های کامپیوتری است. این دوره توسط CompTIA (انجمن صنعت فناوری های کامپیوتری) معرفی شده است. گواهینامه سکیوریتی پلاس در کشور آمریکا و کانادا بسیار مورد توجه شرکت های بزرگ است. داشتن گواهینامه بین المللی این دوره به همراه سایر مدارک بین المللی موسسه کامپتیا، مانند دوره نتورک پلاس شرایط شغلی و درآمدی خوبی را به عنوان دستیار (Help Desk) در شرکت های بزرگ برایتان فراهم می کند.

  • توضیحات
  • سرفصل
  • خدمات و پشتیبانی
  • نظر دانشجویان

دوره +CompTIA Security شما را با الفبای امنیت شبکه آشنا می کند. با دستگاه هایی آشنا می شوید که وظیفه محافظت از شبکه در برابر دسترسی های غیرمجاز و تشخیص ترافیک های آلوده به بدافزارها و کدهای مخرب و جلوگیری از ورود آنها به شبکه را دارند. این دستگاه های امنیتی عبارتند از Firewall و IDS/IPS. همچنین با انواع خطراتی که امنیت شبکه را تهدید می کنند آشنا می شوید؛ حملاتی مانند DoS/DDoS. برای مثال انواع حملات DoS را معرفی می کنیم:

  • TCP Syn Flood
  • Ping of Death
  •  Ping Flood
  • Fragmentation Attack

درباره باج افزارها، طرز کار و شیوه مقابله با آنها صحبت می کنیم.

Lesson 1: Compare and contrast different types of social engineering techniques

  • Phishing
  • Smishing
  • Vishing
  • Spam
  • Spam over instant messaging (SPIM)
  • Spear phishing
  • Dumpster diving
  • Shoulder surfing
  • Pharming
  • Tailgating
  • Eliciting information
  • Whaling
  • Prepending
  • Identity fraud
  • Invoice scams
  • Credential harvesting
  • Reconnaissance
  • Hoax
  • Impersonation
  • Watering hole attack
  • Typosquatting
  • Pretexting
  • Influence campaigns
    • Principles (reasons for effectiveness)

 

Lesson 2:Given a scenario, analyze potential indicators to determine the type of attack.

  • Malwares
    • Password attacks
    • Physical attacks
    • Adversarial artificial intelligence (AI)
  • Supply-chain attacks
  • Cloud-based vs. on-premises attacks
  • Cryptographic attacks

 

Lesson 3: Given a scenario, analyze potential indicators associated with application attacks.

  • Privilege escalation
  • Cross-site scripting
  • Injections
  • Pointer/object dereference
  • Directory traversal
  • Buffer overflows
  • Race conditions
  • Error handling
  • Improper input handling
  • Replay attack – Session replays
    • Integer overflow
    • Request forgeries – Server-side – Cross-site
    • Application programming interface (API) attacks
  • Resource exhaustion
  • Memory leak
  • Secure Sockets Layer (SSL) stripping
  • Driver manipulation – Shimming – Refactoring
    • Pass the hash

 

Lesson 4: Given a scenario, analyze potential indicators associated with network attacks.

  • Wireless
    • On-path attack (known as man-in-the-middle attack)
  • Layer 2 attacks
    • Domain name system (DNS)
    • Distributed denial-of-service (DDoS)

 

 Lesson 5: Explain different threat actors, vectors, and intelligence sources.

  • Actors and threats
    • Attributes of actors
    • Vectors
    • Threat intelligence sources
    • Research sources

 

Lesson 6: Explain the security concerns associated    with various types of vulnerabilities.

  • Cloud-based vs. on-premises vulnerabilities
  • Zero-day
  • Weak configurations
    • Third-party risks
    • Improper or weak patch management
    • Legacy platforms
  • Impacts

 

Lesson 7: Summarize the techniques used in security assessments

  • Penetration testing
    • Passive and active reconnaissance
    • Exercise types
    • Threat hunting
    • Vulnerability scans
  • Threat hunting
    • Vulnerability scans
    • Syslog/Security information and event management (SIEM)
    • Security orchestration, automation, and response (SOAR)

 

Lesson 8: Explain the techniques used in  penetration testing.

  • Penetration testing
    • Passive and active reconnaissance
    • Exercise types

Lesson 1:Explain the importance of security concepts in an enterprise environment.

  • Configuration management
    • Data sovereignty
  • Data protection
    • Geographical considerations
  • Response and recovery controls
  • Secure Sockets Layer (SSL)/Transport Layer Security (TLS) inspection
  • Hashing
  • API considerations
  • Site resiliency
    • Deception and disruption

 

Lesson 2: Summarize virtualization and cloud computing concepts.

  • Cloud models
    • Cloud service providers
  • Managed service provider (MSP)/ managed security service provider (MSSP)
  • On-premises vs. off-premises
  • Fog computing
  • Edge computing
  • Thin client
  • Containers
  • Microservices/API
  • Infrastructure as code
    • Serverless architecture
  • Services integration
  • Resource policies
  • Transit gateway
  • Virtualization

 

Lesson 3: Summarize secure application development, deployment, and automation concepts.

  • Environment
    • Provisioning and deprovisioning
  • Integrity measurement
  • Secure coding techniques
    • Open Web Application Security Project (OWASP)
  • Software diversity
    • Automation/scripting
    • Elasticity
  • Scalability
  • Version control

Lesson 4: Summarize authentication and authorization design concepts.

  • Authentication methods
    • Biometrics
  • Multifactor authentication (MFA) factors and attributes
    • Authentication, authorization, and accounting (AAA)
  • Cloud vs. on-premises requirements

 

Lesson 5: Given a scenario, implement cybersecurity resilience.

  • Redundancy
  • Replication
  • On-premises vs. cloud
  • Backup types
  • Non-persistence
    • High availability
    • Restoration order
  • Diversity

 

Lesson 6: Explain the security implications of embedded and specialized systems.

  • Embedded systems
  • Supervisory control and data acquisition (SCADA)/industrial control system (ICS)
  • Internet of Things (IoT)
  • Specialized
  • Voice over IP (VoIP)
  • Heating, ventilation, air conditioning (HVAC)
  • Drones
  • Multifunction printer (MFP)
  • Real-time operating system (RTOS)
  • Surveillance systems
  • System on chip (SoC)
  • Communication considerations
  • Constraints

 

Lesson 7: Explain the importance of physical security controls.

  • Bollards/barricades
  • Access control vestibules
  • Badges
  • Alarms
  • Signage
  • Cameras
  • Closed-circuit television (CCTV)
  • Industrial camouflage
  • Personnel
  • Locks
  • USB data blocker
  • Lighting
  • Fencing
  • Fire suppression
  • Sensors
  • Drones
  • Visitor logs
  • Faraday cages
  • Air gap
  • Screened subnet (previously known as demilitarized zone)
  • Protected cable distribution
  • Secure areas
  • Secure data destruction

 

Lesson 8: Explain the importance of physical security controls. Summarize the basics of cryptographic concepts.

  • Digital signatures
  • Key length
  • Key stretching
  • Salting
    • Hashing
  • Key exchange
    • Elliptic-curve cryptography
  • Perfect forward secrecy
  • Quantum – Communications – Computing
    • Post-quantum
  • Ephemeral
  • Modes of operation – Authenticated – Unauthenticated – Counter
    • Blockchain – Public ledgers
    • Cipher suites – Stream – Block
    • Symmetric vs. asymmetric
  • Lightweight cryptography
  • Steganography
    • Homomorphic encryption
  • Common use cases
    • Limitations

Lesson 1: Given a scenario, implement secure protocols.

  • Protocols
  • Use cases

 

Lesson 2: Given a scenario, implement host or application security solutions.

  • Endpoint protection
    • Boot integrity
  • Database
  • Application security
  • Hardening
  • Self-encrypting drive (SED)/ full-disk encryption (FDE)
    • Hardware root of trust
  • Trusted Platform Module (TPM)
  • Sandboxing

 

Lesson 3: Given a scenario, implement secure network designs.

  • Load balancing
    • Network segmentation
    • Virtual private network (VPN)
    • DNS• Network access control (NAC) – Agent and agentless
    • Out-of-band management
  • Port security
  • Network appliances
  • Access control list (ACL)
  • Route security
  • Quality of service (QoS)
  • Implications of IPv6
  • Port spanning/port mirroring – Port taps
    • Monitoring services
  • File integrity monitors

 

Lesson 4: Given a scenario, install and configure wireless security settings.

  • Cryptographic protocols
    • Authentication protocols
    • Authentication Methods
    • Installation considerations

 

Lesson 5: Given a scenario, implement secure mobile solutions.

  • Connection methods and receivers
    • Mobile device management (MDM)
    • Mobile devices
  • Enforcement and monitoring
  • Deployment models

 

Lesson 6:Given a scenario, implement secure mobile solutions. Given a scenario, apply cybersecurity solutions to the cloud.

  • Cloud security controls
    • Solutions
    • Cloud native controls vs. third-party solution

 

Lesson 7: Given a scenario, implement identity and account management controls.

  • Identity
    • Account types
    • Account policies

 

Lesson 8: Given a scenario, implement identity and account management controls. Given a scenario, implement authentication and authorization solutions.

  • Authentication management
    • Authentication/authorization
    • Access control schemes

 

Lesson 9:Given a scenario, implement public key infrastructure.

  • Public key infrastructure (PKI)
    • Types of certificates
    • Certificate formats
    • Concepts Online vs. offline CA – Stapling – Pinning – Trust model – Key escrow – Certificate chaining

Lesson 1:Given a scenario, use the appropriate tool to assess organizational security.

  • Network reconnaissance and discovery
    • File manipulation
    • Shell and script environments
    • Packet capture and replay
    • Forensics
    • Exploitation frameworks
  • Password crackers
  • Data sanitization

 

Lesson 2:Summarize the importance of policies, processes, and procedures for incident response.

  • Incident response plans
  • Incident response process
    • Exercises
    • Attack frameworks
    • Stakeholder management
  • Communication plan
  • Disaster recovery plan
  • Business continuity plan
  • Continuity of operations planning (COOP)
  • Incident response team
  • Retention policies

 

Lesson 3:Given an incident, utilize appropriate data sources to support an investigation.

  • Vulnerability scan output
  • SIEM dashboards
    • Log files
    • syslog/rsyslog/syslog-ng
  • journalctl
  • NXLog
  • Bandwidth monitors
  • Metadata
  • Netflow/sFlow
  • Protocol analyzer output

 

Lesson 4:Given an incident, utilize appropriate data sources to support an investigation.Given an incident, apply mitigation techniques or controls to secure an environment.

  • Configuration changes
    • Isolation
  • Containment
  • Segmentation
  • SOAR

 

Lesson 5:Given an incident, utilize appropriate data sources to support an investigation.Given an incident, apply mitigation techniques or controls to secure an environment.Explain the key aspects of digital forensics.

  • Documentation/evidence
    • Acquisition
    • Integrity
    • Preservation
  • E-discovery
  • Data recovery
  • Non-repudiation
  • Strategic intelligence/ counterintelligence

Lesson 1:Compare and contrast various types of control

  • Category
    • Control type

 

Lesson 2: Explain the importance of applicable regulations, standards, or frameworks that impact organizational security posture

  • Regulations, standards, and legislation
    • Key frameworks Reference architecture
    • Benchmarks /secure configuration guides

 

Lesson 3: Explain the importance of policies to organizational security

  • Category – Managerial – Operational – Technical
    • Control type – Preventive – Detective – Corrective – Deterrent
    • Regulations, standards, and legislation
    • Key frameworks – Center for Internet Security (CIS) – National Institute of Standards and Technology (NIST) Risk Management Framework (RMF)/ Cybersecurity Framework (CSF) – International Organization for Standardization (ISO) 27001/27002/27701/31000 – SSAE SOC 2 Type I/II – Cloud security alliance – Cloud control matrix – Reference architecture
    • Benchmarks /secure configuration guides
    • Personnel
    • Diversity of training techniques
  • Third-party risk management –
    • Data – Classification – Governance – Retention
    • Credential policies
    • Organizational policies – Change management – Change control – Asset management

 

Lesson 4: Summarize risk management processes and concepts 

  • Risk types
    • Risk management strategies
    • Risk analysis
    • Disasters – Environmental – Person-made – Internal vs. external
    • Business impact analysis – Recovery time objective (RTO) – Recovery point objective (RPO) – Mean time to repair (MTTR) – Mean time between failures (MTBF) – Functional recovery plans – Single point of failure – Disaster recovery plan (DRP) – Mission essential functions – Identification of critical systems – Site risk assessment

 

5.5:Summarize risk management processes and concepts.Explain privacy and sensitive data concepts in relation to security

  • Organizational consequences of privacy and data breaches – Reputation damage – Identity theft – Fines – IP theft
    • Notifications of breaches – Escalation – Public notifications and disclosures
    • Data types
    • Privacy enhancing technologies
    • Roles and responsibilities –
    • Information life cycle
  • Impact assessment
  • Terms of agreement
  • Privacy notice

خدمات و پشتیبانی دوره سکیوریتی پلاس از زمان برگزاری اولین جلسه آموزشی، بصورت نامحدود شروع و حتی پس از پایان دوره نیز ادامه پیدا می کند. در تمام مدت دوره، پشتیبان های فنی باشگاه با شما از طریق برنامه واتساپ و تلگرام در ارتباط هستند. اگر به جلسه فنی و رفع اشکال نیاز داشته باشید از طریق برنامه اسکایپ، دسکتاپ کامپیوترتان را برای پشتیبان فنی به اشتراک بگذارید تا به کامپیوترتان متصل شده و در برطرف کردن مشکل و پاسخ دادن به سوال کمکتان کنند.

عباس حسینی
زهرا قلی پور
فیلم و عکس
سرفصل های دوره

Lesson 1: Compare and contrast different types of social engineering techniques

  • Phishing
  • Smishing
  • Vishing
  • Spam
  • Spam over instant messaging (SPIM)
  • Spear phishing
  • Dumpster diving
  • Shoulder surfing
  • Pharming
  • Tailgating
  • Eliciting information
  • Whaling
  • Prepending
  • Identity fraud
  • Invoice scams
  • Credential harvesting
  • Reconnaissance
  • Hoax
  • Impersonation
  • Watering hole attack
  • Typosquatting
  • Pretexting
  • Influence campaigns
    • Principles (reasons for effectiveness)

Lesson 2:Given a scenario, analyze potential indicators to determine the type of attack.

  • Malwares
    • Password attacks
    • Physical attacks
    • Adversarial artificial intelligence (AI)
  • Supply-chain attacks
  • Cloud-based vs. on-premises attacks
  • Cryptographic attacks

Lesson 3: Given a scenario, analyze potential indicators associated with application attacks.

  • Privilege escalation
  • Cross-site scripting
  • Injections
  • Pointer/object dereference
  • Directory traversal
  • Buffer overflows
  • Race conditions
  • Error handling
  • Improper input handling
  • Replay attack - Session replays
    • Integer overflow
    • Request forgeries - Server-side - Cross-site
    • Application programming interface (API) attacks
  • Resource exhaustion
  • Memory leak
  • Secure Sockets Layer (SSL) stripping
  • Driver manipulation - Shimming - Refactoring
    • Pass the hash

Lesson 4: Given a scenario, analyze potential indicators associated with network attacks.

  • Wireless
    • On-path attack (known as man-in-the-middle attack)
  • Layer 2 attacks
    • Domain name system (DNS)
    • Distributed denial-of-service (DDoS)

 Lesson 5: Explain different threat actors, vectors, and intelligence sources.

  • Actors and threats
    • Attributes of actors
    • Vectors
    • Threat intelligence sources
    • Research sources

Lesson 6: Explain the security concerns associated    with various types of vulnerabilities.

  • Cloud-based vs. on-premises vulnerabilities
  • Zero-day
  • Weak configurations
    • Third-party risks
    • Improper or weak patch management
    • Legacy platforms
  • Impacts

Lesson 7: Summarize the techniques used in security assessments

  • Penetration testing
    • Passive and active reconnaissance
    • Exercise types
    • Threat hunting
    • Vulnerability scans
  • Threat hunting
    • Vulnerability scans
    • Syslog/Security information and event management (SIEM)
    • Security orchestration, automation, and response (SOAR)

Lesson 8: Explain the techniques used in  penetration testing.

  • Penetration testing
    • Passive and active reconnaissance
    • Exercise types

Lesson 1:Explain the importance of security concepts in an enterprise environment.

  • Configuration management
    • Data sovereignty
  • Data protection
    • Geographical considerations
  • Response and recovery controls
  • Secure Sockets Layer (SSL)/Transport Layer Security (TLS) inspection
  • Hashing
  • API considerations
  • Site resiliency
    • Deception and disruption

Lesson 2: Summarize virtualization and cloud computing concepts.

  • Cloud models
    • Cloud service providers
  • Managed service provider (MSP)/ managed security service provider (MSSP)
  • On-premises vs. off-premises
  • Fog computing
  • Edge computing
  • Thin client
  • Containers
  • Microservices/API
  • Infrastructure as code
    • Serverless architecture
  • Services integration
  • Resource policies
  • Transit gateway
  • Virtualization

Lesson 3: Summarize secure application development, deployment, and automation concepts.

  • Environment
    • Provisioning and deprovisioning
  • Integrity measurement
  • Secure coding techniques
    • Open Web Application Security Project (OWASP)
  • Software diversity
    • Automation/scripting
    • Elasticity
  • Scalability
  • Version control

Lesson 4: Summarize authentication and authorization design concepts.

  • Authentication methods
    • Biometrics
  • Multifactor authentication (MFA) factors and attributes
    • Authentication, authorization, and accounting (AAA)
  • Cloud vs. on-premises requirements

 

Lesson 5: Given a scenario, implement cybersecurity resilience.

  • Redundancy
  • Replication
  • On-premises vs. cloud
  • Backup types
  • Non-persistence
    • High availability
    • Restoration order
  • Diversity

Lesson 6: Explain the security implications of embedded and specialized systems.

  • Embedded systems
  • Supervisory control and data acquisition (SCADA)/industrial control system (ICS)
  • Internet of Things (IoT)
  • Specialized
  • Voice over IP (VoIP)
  • Heating, ventilation, air conditioning (HVAC)
  • Drones
  • Multifunction printer (MFP)
  • Real-time operating system (RTOS)
  • Surveillance systems
  • System on chip (SoC)
  • Communication considerations
  • Constraints

Lesson 7: Explain the importance of physical security controls.

  • Bollards/barricades
  • Access control vestibules
  • Badges
  • Alarms
  • Signage
  • Cameras
  • Closed-circuit television (CCTV)
  • Industrial camouflage
  • Personnel
  • Locks
  • USB data blocker
  • Lighting
  • Fencing
  • Fire suppression
  • Sensors
  • Drones
  • Visitor logs
  • Faraday cages
  • Air gap
  • Screened subnet (previously known as demilitarized zone)
  • Protected cable distribution
  • Secure areas
  • Secure data destruction

Lesson 8: Explain the importance of physical security controls. Summarize the basics of cryptographic concepts.

  • Digital signatures
  • Key length
  • Key stretching
  • Salting
    • Hashing
  • Key exchange
    • Elliptic-curve cryptography
  • Perfect forward secrecy
  • Quantum - Communications - Computing
    • Post-quantum
  • Ephemeral
  • Modes of operation - Authenticated - Unauthenticated - Counter
    • Blockchain - Public ledgers
    • Cipher suites - Stream - Block
    • Symmetric vs. asymmetric
  • Lightweight cryptography
  • Steganography
    • Homomorphic encryption
  • Common use cases
    • Limitations

Lesson 1: Given a scenario, implement secure protocols.

  • Protocols
  • Use cases

Lesson 2: Given a scenario, implement host or application security solutions.

  • Endpoint protection
    • Boot integrity
  • Database
  • Application security
  • Hardening
  • Self-encrypting drive (SED)/ full-disk encryption (FDE)
    • Hardware root of trust
  • Trusted Platform Module (TPM)
  • Sandboxing

Lesson 3: Given a scenario, implement secure network designs.

  • Load balancing
    • Network segmentation
    • Virtual private network (VPN)
    • DNS• Network access control (NAC) - Agent and agentless
    • Out-of-band management
  • Port security
  • Network appliances
  • Access control list (ACL)
  • Route security
  • Quality of service (QoS)
  • Implications of IPv6
  • Port spanning/port mirroring - Port taps
    • Monitoring services
  • File integrity monitors

Lesson 4: Given a scenario, install and configure wireless security settings.

  • Cryptographic protocols
    • Authentication protocols
    • Authentication Methods
    • Installation considerations

Lesson 5: Given a scenario, implement secure mobile solutions.

  • Connection methods and receivers
    • Mobile device management (MDM)
    • Mobile devices
  • Enforcement and monitoring
  • Deployment models

Lesson 6:Given a scenario, implement secure mobile solutions. Given a scenario, apply cybersecurity solutions to the cloud.

  • Cloud security controls
    • Solutions
    • Cloud native controls vs. third-party solution

Lesson 7: Given a scenario, implement identity and account management controls.

  • Identity
    • Account types
    • Account policies

Lesson 8: Given a scenario, implement identity and account management controls. Given a scenario, implement authentication and authorization solutions.

  • Authentication management
    • Authentication/authorization
    • Access control schemes

Lesson 9:Given a scenario, implement public key infrastructure.

  • Public key infrastructure (PKI)
    • Types of certificates
    • Certificate formats
    • Concepts Online vs. offline CA - Stapling - Pinning - Trust model - Key escrow - Certificate chaining

Lesson 1:Given a scenario, use the appropriate tool to assess organizational security.

  • Network reconnaissance and discovery
    • File manipulation
    • Shell and script environments
    • Packet capture and replay
    • Forensics
    • Exploitation frameworks
  • Password crackers
  • Data sanitization

Lesson 2:Summarize the importance of policies, processes, and procedures for incident response.

  • Incident response plans
  • Incident response process
    • Exercises
    • Attack frameworks
    • Stakeholder management
  • Communication plan
  • Disaster recovery plan
  • Business continuity plan
  • Continuity of operations planning (COOP)
  • Incident response team
  • Retention policies

Lesson 3:Given an incident, utilize appropriate data sources to support an investigation.

  • Vulnerability scan output
  • SIEM dashboards
    • Log files
    • syslog/rsyslog/syslog-ng
  • journalctl
  • NXLog
  • Bandwidth monitors
  • Metadata
  • Netflow/sFlow
  • Protocol analyzer output

Lesson 4:Given an incident, utilize appropriate data sources to support an investigation.Given an incident, apply mitigation techniques or controls to secure an environment.

  • Configuration changes
    • Isolation
  • Containment
  • Segmentation
  • SOAR

Lesson 5:Given an incident, utilize appropriate data sources to support an investigation.Given an incident, apply mitigation techniques or controls to secure an environment.Explain the key aspects of digital forensics.

  • Documentation/evidence
    • Acquisition
    • Integrity
    • Preservation
  • E-discovery
  • Data recovery
  • Non-repudiation
  • Strategic intelligence/ counterintelligence

Lesson 1:Compare and contrast various types of control

  • Category
    • Control type

Lesson 2: Explain the importance of applicable regulations, standards, or frameworks that impact organizational security posture

  • Regulations, standards, and legislation
    • Key frameworks Reference architecture
    • Benchmarks /secure configuration guides

Lesson 3: Explain the importance of policies to organizational security

  • Category - Managerial - Operational - Technical
    • Control type - Preventive - Detective - Corrective - Deterrent
    • Regulations, standards, and legislation
    • Key frameworks - Center for Internet Security (CIS) - National Institute of Standards and Technology (NIST) Risk Management Framework (RMF)/ Cybersecurity Framework (CSF) - International Organization for Standardization (ISO) 27001/27002/27701/31000 - SSAE SOC 2 Type I/II - Cloud security alliance - Cloud control matrix - Reference architecture
    • Benchmarks /secure configuration guides
    • Personnel
    • Diversity of training techniques
  • Third-party risk management -
    • Data - Classification - Governance - Retention
    • Credential policies
    • Organizational policies - Change management - Change control - Asset management

Lesson 4: Summarize risk management processes and concepts 

  • Risk types
    • Risk management strategies
    • Risk analysis
    • Disasters - Environmental - Person-made - Internal vs. external
    • Business impact analysis - Recovery time objective (RTO) - Recovery point objective (RPO) - Mean time to repair (MTTR) - Mean time between failures (MTBF) - Functional recovery plans - Single point of failure - Disaster recovery plan (DRP) - Mission essential functions - Identification of critical systems - Site risk assessment

5.5:Summarize risk management processes and concepts.Explain privacy and sensitive data concepts in relation to security

  • Organizational consequences of privacy and data breaches - Reputation damage - Identity theft - Fines - IP theft
    • Notifications of breaches - Escalation - Public notifications and disclosures
    • Data types
    • Privacy enhancing technologies
    • Roles and responsibilities -
    • Information life cycle
  • Impact assessment
  • Terms of agreement
  • Privacy notice
خدمات و پشتیبانی پشتیبانی دوره

خدمات و پشتیبانی دوره سکیوریتی پلاس از زمان برگزاری اولین جلسه آموزشی، بصورت نامحدود شروع و حتی پس از پایان دوره نیز ادامه پیدا می کند. در تمام مدت دوره، پشتیبان های فنی باشگاه با شما از طریق برنامه واتساپ و تلگرام در ارتباط هستند. اگر به جلسه فنی و رفع اشکال نیاز داشته باشید از طریق برنامه اسکایپ، دسکتاپ کامپیوترتان را برای پشتیبان فنی به اشتراک بگذارید تا به کامپیوترتان متصل شده و در برطرف کردن مشکل و پاسخ دادن به سوال کمکتان کنند.

تماس با مشاور آموزش 09221079940