Author: Dale Meredith
This series provides an overview of the knowledge and skills required to prevent, detect, and mitigate information/cyber security threats and vulnerabilities. This series can be used to prepare for the CompTIA Cybersecurity Analyst (CSA+) examination (Exam CS0-001) first released in February 2017.... Read more Read less
In this series, you’ll learn how to configure and use threat detection tools, perform data analysis, and interpret the results to identify vulnerabilities, threats and risks to an organization. These courses will also help you prepare for the CompTIA Cybersecurity Analyst (CSA+) CS0-001 certification exam.
Most companies are "reactive" instead of "proactive" when it comes to securing their networks, resources, and data. In this course, Enterprise Security: Policies, Practices, and Procedures, you will learn how to get ahead of the bad guys by looking at your infrastructure in a different manner. First, you will get a better understanding of the landscape and how fast it is changing. Next, you will delve into industry standards, frameworks, policies, and how these can affect your environment. Finally, you will learn about what tools to use and the need for penetration testing. By the end of this course, you will know how to keep up with the changes and continue to maintain a high level of security in your environment.
IT networks face increasing threats from both inside and outside your organization. Traditional perimeter defenses can miss insider threats, such as password leaks and fraud due to staff complacency, as well as external online threats such as zero-day attacks. To limit the presence of these threats, many IT departments are using identity and access management (IAM) solutions. In this course, The Issues of Identity and Access Management (IAM), you'll learn to look at IAM from the perspective of the issues that it can create for your organization. First, you'll dive into Oauth/OpenID and where the weaknesses are. Next, you'll explore SSO and federations. Finally, you'll learn how to setup a hacking environment using the AutoLab. When you're finished with this course, you'll be able to look at your IAM solution and see if you're protecting yourself, as well as your users.
Most companies have a well-oiled machine with the sole purpose to create, release, and maintain functional software. Still, the growing concerns and risks related with insecure software have brought increased attention to the need to mix security into the development process. In this course, Secure Software Development, you will gain an understanding of the Software Development Life Cycle (SDLC) and the security implications that can arise to ensure that the software your organization uses is well written and secure through its lifespan. First, you will learn about the different options when it comes to following a SDLC. Next, you will delve into the 5 phases that software runs through as it is being developed. Last, you will dive into how vulnerabilities creep into your environment in ways you may have not considered. By the end of this course, you will be able to apply a proper SDLC and ensure that additional attack vectors aren't created by mistake (or on purpose) to expose your resources and networks.
You've been tasked as an "Incident Handler" and you are wondering where you start. Attackers typically start with doing a little "reconnaissance" of their target, so it only makes sense that you start there as well. In this course, Performing and Analyzing Network Reconnaissance, you will learn how to think like an attacker in order to stay a step ahead of one. First, you will learn about the two different steps of reconnaissance and scanning. Next, you will learn what to look for, how it's done, and what you can do to protect your infrastructures. Finally, you will learn about tools you can use that the attacker will use against you. By the end of this course, you'll know how to look at your infrastructure the same way attackers do, and understand the process to minimize those threats.
Networks aren't what they us to be, they're more complex than ever. Systems today are so interconnected and buried within those systems are thousands of undetected security vulnerabilities waiting to be used against you. Vulnerability Management systems are designed to recognize, rank, and remediate these vulnerabilities before an attacker gets a hold of them and exploits them to destabilize the privacy, integrity, or availability of your digital assets. In this course, Implementing and Performing Vulnerability Management, you'll learn about everything around vulnerability management. First, you'll learn about implementing a supportive vulnerability management VM program. Next, you'll explore through scanning. Finally, you'll dive into remediation steps that will help make sure attackers can't take advantage of you. By the end of this course, you’ll have enough knowledge to not only pick the VMP that’s right for you, but also how to use such applications to better the security of your network. Plus, you'll have all the information about VMP’s to help you with your CSA+ exam.
It’s not a matter of “if”, but rather “when” an attack is going to happen. No matter what you know or do, the hard truth is there's no guaranteed way to stop an attacker from penetrating your organization. Once you’ve accepted that an attack will be unavoidable, your job now becomes "How do I respond to these situations?". This is where the role of an "Incident Responder" comes into play. What do you do when a system or device has been targeted? Well, that depends on the incident itself. In this course, Performing Incident Response and Handling, you'll start by making sure that you and your organization are prepared by learning about each of the security policies that you should have in place to clarify and focus everyone on the importance of keeping your resources secure. First, you'll learn about the actual process of detecting incidents and how to respond to them. Next, you'll explore the actual workflow steps that every security professional should follow to make sure you are consistent with all incidents that are currently affecting you as well as future ones. Finally, you'll dive into some of the more common incidents that take place in your networks by looking at how to handle and respond to issues like a DoS, a Session Hijack, or even Malicious Code. By the end of this course, you'll understand what is needed to help keep your network more secure by being more proactive and aware of what's happening in your environment.
Cybersecurity investigations are used to determine what events, changes, and other actions have happened on a device, who or what performed them, and what data is stored there. In this course, Preparing for and Executing Incident Recovery, you'll leanr how to conduct an investigation, eradicate the incident and how to build out your own CSI (Cyber-Security Investigator) Jump-Bag. First you'll learn how to be ready to conduct your own forensic investigations. Next, you'll learn what computer forensic techniques are used in a variety of scenarios, including police investigations, system misuse, compromise and malware analysis, and investigations related to internal policy violations. Then, you'll learn about how to create your own forensics kit, their contents, and the use of these devices and tools. Finally, you'll be shown some forensic suites and tools that provide you what you'll need to capture and preserve forensics data and to perform forensic investigations. By the end of this course, you will have discovered and developed new skills to tackle many cyber-security scenarios.
CompTIA recommends CSA+ candidates have a minimum of 3-4 years of hands-on information/cyber security or related experience. This path does not require any prior knowledge or experience.