Information Technology Security Specialist – 600 Hours – SOC Code 15-1122
Demonstrate an understanding of Network Security. ̶ The student will be able to:
|
Implement security configuration parameters on network devices and other technologies.
|
Given a scenario, use secure network administration principles (VLANs, Firewalls).
|
Explain various career options within the IT enterprise.
|
Given a scenario, implement common protocols and services (FTPS, DNS, Ports – 21-22-25).
|
Given a scenario, troubleshoot security issues related to wireless networking.
|
Demonstrate Compliance and Operational Security. ̶ The student will be able to:
|
Explain the importance of risk related concepts.
|
Summarize the security implications of integrating systems and data with third parties.
|
Given a scenario, implement appropriate risk mitigation strategies.
|
Given a scenario, implement basic forensic procedures.
|
Summarize common incident response procedures.
|
Explain the importance of security related awareness and training.
|
Compare and contrast physical security and environmental controls.
|
Summarize risk management best practices.
|
Given a scenario, select the appropriate control to meet the goals of security (Encryption, Hashing).
|
Demonstrate an understanding of threats and vulnerabilities. ̶ The student will be able to:
|
Explain types of malware (Viruses, Adware).
|
Summarize various types of attacks (DoS, DDoS, Smurf attack).
|
Summarize social engineering attacks and the associated effectiveness with each attack.
|
Explain types of wireless attacks.
|
Explain types of application attacks.
|
Analyze a scenario and select the appropriate type of mitigation and deterrent techniques.
|
Given a scenario, use appropriate tools and techniques to discover security threats and vulnerabilities.
|
Explain the proper use of penetration testing versus vulnerability scanning.
|
Demonstrate Use of Application, Data and Host Security. ̶ The student will be able to:
|
Explain the importance of application security controls and techniques.
|
Summarize mobile security concepts and technologies.
|
Given a scenario, select the appropriate solution to establish host security.
|
Implement the appropriate controls to ensure data security.
|
Compare and contrast alternative methods to mitigate security risks in static environments.
|
Demonstrate proficiency and understanding of Access Control and Identity Management. ̶ The student will be able to:
|
Compare and contrast the function and purpose of authentication services (RADIUS, TACACAS+, LDAP).
|
Given a scenario, select the appropriate authentication, authorization or access control.
|
Install and configure security controls when performing account management, based on best practices.
|
Demonstrate proficiency and understanding in Cryptography. ̶ The student will be able to:
|
Given a scenario, utilize general cryptography concepts.
|
Given a scenario, use appropriate cryptographic methods.
|
Given a scenario, use appropriate PKI, certificate management and associated components.
|
Demonstrate use of Ethical Hacking. ̶ The student will be able to:
|
Demonstrate security fundamentals.
|
Perform security testing.
|
Differentiate between hackers and crackers.
|
Identify ethical hackers.
|
Explain and implement testing plans.
|
Demonstrate proficiency with ethics and legality.
|
Demonstrate proficiency in Understanding the technical foundations of hacking. ̶ The student will be able to:
|
Explain the Attacker’s process.
|
Explain the ethical hacker process.
|
Compare the relationship between security and the OSI model.
|
Demonstrate an understanding of foot printing and scanning. ̶ The student will be able to:
|
Explain the seven-step information gathering process.
|
Identify active machines.
|
Demonstrate proficiency in finding open ports and access points.
|
Demonstrate use of OS fingerprinting.
|
Demonstrate proficiency in mapping the network attack surface.
|
Demonstrate proficiency and understanding of enumeration and system hacking. ̶ The student will be able to:
|
Define enumeration.
|
Demonstrate proficiency in system hacking.
|
Demonstrate proficiency Linux and automated assessment tools. ̶ The student will be able to:
|
Manage Linux OS.
|
Demonstrate proficiency in hacking Linux.
|
Demonstrate proficiency in hardening Linux.
|
Explain use of automated exploit tools.
|
Demonstrate understanding of Trojans and backdoors. ̶ The student will be able to:
|
Explain the characteristics of Trojans.
|
Demonstrate proficiency in covert communication.
|
Explain keystroke logging and spyware characteristics.
|
Demonstrate understanding and proficiency in Trojan and backdoor countermeasures.
|
Demonstrate understanding of Sniffers, session hijacking, and denial of service. ̶ The student will be able to:
|
Explain the functions and types of sniffers.
|
Explain session hijacking.
|
Demonstrate understanding of DoS, DDoS and Botnets.
|
Demonstrate understanding and proficiency in web server hacking, web application and database attack. ̶ The student will be able to:
|
Explain webserver hacks.
|
Explain web application hacking.
|
Explain database hacking.
|
Demonstrate understanding and proficiency in wireless technologies, mobile security and attacks. ̶ The student will be able to:
|
Explain different wireless technologies and attacks.
|
Understand and explain different wireless LANs technologies.
|
Demonstrate understanding and proficiency in configuring IDS, Firewalls, and Honeypots. ̶ The student will be able to:
|
Explain and configure different types of IDSs.
|
Explain and configure different types of firewalls.
|
Explain and configure different types of honeypots.
|
Explain use of buffer overflows, viruses, and worms. ̶ The student will be able to:
|
Explain buffer overflows, buffer overflows attacks, and prevention.
|
Define the use of viruses and worms.
|
Employing cryptographic attacks and defenses. ̶ The student will be able to:
|
Explain functions of cryptography.
|
Report the history of cryptography.
|
Identify different algorithms.
|
Identify digital signature.
|
Explain steganography operation.
|
Use steganographic tools.
|
Create a digital watermark.
|
Use digital certificates.
|
Explain public key infrastructure.
|
Define protocols, standards, and applications.
|
24.11 Use encryption-cracking tools.
|
Demonstrate use of physical security and social engineering. ̶ The student will be able to:
|
Apply physical security measures.
|
Define social engineering types, attacks and preventive measures.
|