Table of Contents

I. SECURITY FOUNDATIONS. 1. Introduction to Information Security. a. What is Information Security? i. Understanding Security. ii. Principles of Security. iii. Cybersecurity Versus Information Security. iv. Defining Information Security. b. Threat actors and Their Motivations. i. Unskilled Attackers. ii. Shadow IT. iii. Organized Crime. iv. Insider Threats. v. Hacktivists. vi. Nation-state Actors. vii. Other Threat Actors. c. How Attacks Occur. i. Threat Vectors and Attack Surfaces. ii. Categories of Vulnerabilities. iii. Impacts of Attacks. d. Information Security Resources. i. Frameworks. ii. Regulations. iii. Legislation. iv. Standards. v. Benchmarks/Secure Configuration Guides. vi. Information Sources. 2. Pervasive Attack Surfaces and Controls. a. Social Engineering Attacks. i. Examples of Human Manipulation. ii. Types of Social Engineering Attacks. b. Physical Security Controls. i. Perimeter Defenses. ii. Preventing Data Leakage. iii. Computer Hardware Security. c. Data Controls. i. Data Classifications. ii. Types of Data. iii. Data Breach Consequences. iv. Protecting Data. II. CRYPTOGRAPHY. 3. Fundamentals of Cryptography. a. Defining Cryptography. i. Steganography: Hiding the message. ii. Cryptography: Hiding the meaning. iii. Benefits of Cryptography. b. Cryptographic Algorithms. i. Variations of Algorithms. ii. Hash Algorithms. iii. Symmetric Cryptographic Algorithms. iv. Asymmetric Cryptographic Algorithms. c. Using Cryptography. i. Encryption Through Software. ii. Hardware Encryption. iii. Blockchain. d. Cryptographic Limitations and Attacks. i. Limitations of Cryptography. ii. Attacks on Cryptography. 4. Advanced Cryptography. a. Digital Certificates. i. Defining Digital Certificates. ii. Managing Digital Certificates. iii. Types of Digital Certificates. b. Public Key Infrastructure (PKI). i. What is Public Key Infrastructure (PKI)? ii. Trust Models. iii. Managing PKI. iv. Key Management. c. Secure Communication and Transport Protocols. i. Transport Layer Security (TLS). ii. IP Security (IPSec). iii. Other Protocols. d. Implementing Cryptography. i. Key Strength. ii. Secret Algorithms. iii. Block Cipher Modes of Operation. III. DEVICE SECURITY. 5. Endpoint Vulnerabilities, Attacks, and Defenses. a. Malware Attacks. i. Kidnap. ii. Eavesdrop. iii. Masquerade. iv. Launch. v. Sidestep. vi. Indicator of Attack (IoA). b. Application Vulnerabilities and Attacks. i. Application Vulnerabilities. ii. Application Attacks. c. Securing Endpoint Devices. i. Protecting Endpoints. ii. Hardening Endpoints. 6. Mobile and Embedded Device Security. a. Securing Mobile Devices. i. Introduction to Mobile Devices. ii. Mobile Device Risks. iii. Protecting Mobile Devices. b. Embedded Systems and Specialized Devices. i. Types of Devices. ii. Security Considerations. c. Application Security. i. Application Development Concepts. ii. Secure Coding Techniques. iii. Code Testing. 7. Identity and Access Management (IAM). a. Types of Authentication Credentials. i. Something You Know: Passwords. ii. Something You Have: Tokens and Security Keys. iii. Something You Are: Biometrics. iv. Something You Do: Behavioral biometrics. b. Authentication Best Practices. i. Securing Passwords. ii. Secure Authentication Technologies. c. Access Controls. i. Access Control Schemes. ii. Access Control Lists. IV. INFRASTRUCTURE AND ARCHITECTURES. 8. Infrastructure Threats and Security Monitoring. a. Attacks on Networks. i. On-Path Attacks. ii. Domain Name System (DNS) Attacks. iii. Distributed Denial of Service (DDoS). iv. Malicious Coding and Scripting Attacks. v. Layer 2 Attacks. vi. Credential Relay Attacks. b. Security Monitoring and Alerting. i. Monitoring Methodologies. ii. Monitoring Activities. iii. Tools for Monitoring and Alerting. c. Email Monitoring and Security. i. How Email Works. ii. Email Threats. iii. Email Defenses. 9. Infrastructure Security. a. Security Appliances. i. Common Network Devices. ii. Infrastructure Security Hardware. b. Software Security Protections. i. Web Filtering. ii. DNS Filtering. iii. File Integrity Monitoring (FIM). iv. Extended Protection and Response. c. Secure Infrastructure Design. i. What is Secure Infrastructure Design? ii. Virtual LANs (VLANs). iii. Demilitarized Zone (DMZ). iv. Zero Trust. d. Access Technologies. i. Virtual Private Network (VPN). ii. Network Access Control (NAC). 10. Wireless Network Attacks and Defenses. a. Wireless Attacks. i. Cellular Networks. ii. Bluetooth Attacks. iii. Near Field Communication (NFC) Attacks. iv. Radio Frequency Identification (RFID) Attacks. v. Wireless Local Area Network Attacks. b. Vulnerabilities of WLAN Security. i. Wired Equivalent Privacy (WEP). ii. Wi-Fi Protected Setup (WPS). iii. MAC Address Filtering. iv. Wi-Fi Protected Access (WPA). c. Wireless Security Solutions. i. Wi-Fi Protected Access 2 (WPA2). ii. Wi-Fi Protected Access 3 (WPA3). iii. Additional Wireless Security Protections. 11. Cloud and Virtualization Security. a. Introduction to Cloud Computing. i. What is Cloud Computing? ii. Types of Clouds. iii. Cloud Locations. iv. Cloud Architecture. v. Cloud Models. vi. Cloud Management. vii. Cloud-native Microservices. b. Cloud Computing Security. i. Cloud-based Security. ii. Cloud Vulnerabilities. iii. Cloud Security Controls. c. Virtualization Security. i. Defining Virtualization. ii. Infrastructure as Code. iii. Security Concerns for Virtual Environments. V. OPERATIONS AND MANAGEMENT. 12. Vulnerability Management. a. Vulnerability Scanning. i. Vulnerability Scan Basics. ii. Sources of Threat Intelligence. iii. Scanning Decisions. iv. Running a Vulnerability Scan. v. Analyzing Vulnerability Scans. vi. Addressing Vulnerabilities. b. Audits and Assessments. i. Internal Audits. ii. External Assessments. iii. Penetration Testing. 13. Incident Preparation and Investigation. a. Preparatory Plans. i. Business Continuity Planning. ii. Incident Response Planning. b. Resilience Through Redundancy. i. Servers. ii. Drives. iii. Networks. iv. Power. v. Sites. vi. Clouds. vii. Data. c. Incident Investigation. i. Data Sources. ii. Digital forensics. 14. Oversight and Operations. a. Administration. i. Governance. ii. Compliance. b. Security Operations. i. Automation. ii. Orchestration. iii. Threat Hunting. iv. Artificial Intelligence. 15. Information Security Management. a. Asset Protection. i. Asset Management. ii. Change Management. b. Risk Management. i. Defining Risk. ii. Analyzing Risks. iii. Managing Risks.