Standards in this Framework
Standards Mapped
Mapped to Course
Standard | Lessons |
---|---|
1.12.2.
Differentiate between appropriate and inappropriate information. |
|
1.12.3.
Interpret security policies through job specific training and training updates. |
|
1.12.4.
Apply secure password behavior. |
|
1.12.5.
Apply physical and virtual situational awareness (e.g., clean desk policies, shoulder surfing, social engineering, tailgating). |
|
2.1.2.
Describe authentication, authorization, and auditing. |
|
2.1.4.
Identify security risks and describe associated safeguards and methodologies (e.g., auditing). |
|
2.1.5.
Describe major threats to computer systems (e.g., insider threats, viruses, worms, spyware, ransomware, spoofing, hacking, social engineering, phishing). |
|
2.1.10.
Describe computer forensics, its importance in information security and cybersecurity, and its relevance to law enforcement. |
|
2.1.11.
Identify the need for personal security in digital information and describe how personal information can be safeguarded. |
|
2.1.12.
Practice information security per job requirements. |
|
2.1.13.
Describe privacy security compliance on systems (e.g., Health Insurance Portability and Accountability Act [HIPAA], Payment Card Industry [PCI], Sarbanes Oxley Act [SOX], Americans with Disabilities Act [ADA], General Data Protection Regulation [GDPR], European Union Data Protection Regulation [EUDPR]). |
|
3.1.1.
Differentiate between authentication and authorization. |
|
3.1.2.
Compare authentication techniques (e.g. single factor, multifactor, passwords, biometrics, certificates, Radio Frequency Identification [RFID] cards). |
|
3.2.1.
Identify and implement data and application security. |
|
3.2.4
Provide user authentication (e.g., assign and reset user accounts and passwords). |
|
3.2.5
Install, test, implement, and update virus and malware detection and protection software. |
|
3.2.6
Identify sources of virus and malware infection and remove viruses and malware. |
|
3.2.7
Provide documentation, training, and support to users on established security procedures. |
|
3.3.1.
Describe network security policies (e.g., acceptable use policy). |
|
3.3.5.
Assess risks based on vulnerability of the organization, likelihood of risk, and impact on the organization. |
|
3.3.7
Train users in network security procedures |
|
3.4.2
Analyze system log files to identify security risks. |
|
3.4.4.
Identify the components of human security (e.g., social engineering) and techniques to mitigate human security threats (e.g., policies, procedures, training). |
|
3.5.1.
Describe wireless security risks (e.g., unauthorized access) and how to mitigate them. |
|
3.5.2
Compare methods of increasing the security of wireless networks and devices (e.g., Media Access Control [MAC] address filtering, Wi-Fi Protected Access [WPA], 802.1x, Remote Authentication Dial In User Service [RADIUS]). |
|
3.5.3
Research security enhancements provided by Institute of Electrical and Electronics Engineers (IEEE). |
|
3.5.4
Describe practices and policies for preventing and detecting installation of rogue networks. |
|
3.5.5.
Describe security practices and policies for personal devices. |
|
3.5.6.
Implement and test the security of a wireless network. |
|
4.5.6.
Secure the wireless network. |
|
4.6.2
Identify the advantages of protocols (e.g., Domain Name System [DNS], File Transfer Protocol [FTP], Hypertext Transfer Protocol [HTTP], Telecommunications Network [Telnet], Remote Desktop Protocol [RDP]], Secure Shell [SSH] ) and associated port numbers. |
|
4.6.7.
Describe a Virtual Private Network (VPN) and identify associated protocols (e.g., Layer 2 Tunneling Protocol [L2TP], Point-to-Point Tunneling Protocol [PPTP]). |
|
4.11.2
Provision cloud services (e.g., Software as a Service [SaaS], Platform as a Service [PaaS], Infrastructure as a Service [IaaS], Security as a Service). |
|
4.13.1.
Differentiate between disaster recovery and business continuity. |
|
4.13.2.
Identify common backup devices. |
|
4.13.3.
Identify the criteria for selecting a backup system. |
|
4.13.4.
Establish a process for archiving files. |
|
4.13.5.
Develop a disaster recovery plan |
|
9.1.1.
Identify the goals, objectives and purposes of cybersecurity. |
|
9.1.2.
Describe the concepts of malware attack vectors. |
|
9.1.3
Maintain data security using data labeling, handling and, disposal as prescribed by policy and law. |
|
9.1.4
Mitigate threats by remaining abreast of industry information. |
|
9.1.5.
Identify types of controls (e.g., Deterrent, Preventive, Detective, Compensating, Technical, and Administrative). |
|
9.2.1
Perform authorization control (e.g., least privilege, separation of duties, mandatory access, discretionary access, rule-based access control, role-based access control, time of day restrictions, location distractions). |
|
9.2.2
Implement authentication techniques (e.g., Tokens, Common access card, Smart card, Multifactor authentication, Single sign-on, Biometrics, Personal identification verification card, Username, Federation, Transitive trust/authentication). |
|
9.2.3
Use authentication factors (e.g., Something you are, Something you have, Something you know). |
|
9.2.4
Mitigate security implications of third party connectivity and access. |
|
9.2.5
Implement Data Loss Prevention (DLP). |
|
9.2.6
Implement perimeter security (e.g., Fencing, Proximity readers, Access list, Proper lighting, Mantraps, Video Surveillance, Signs, Guards, Barricades, Biometrics, Protected distribution (cabling), Alarms, Motion detection). |
|
9.2.7
Inventory devices. |
|
9.3.1.
Identify application vulnerabilities (e.g., Cross-site scripting, SQL injection, LDAP injection, XML injection, Directory traversal/command injection, Buffer overflow, Integer overflow, Zero-day, Cookies and attachments, Locally Shared Objects (LSOs), Flash cookies, Malicious add-ons, Session hijacking, Header manipulation, Arbitrary code execution/remote code execution). |
|
9.3.2
Mitigate application attacks (e.g., SANS, OWASP). |
|
9.3.3
Implement secure coding concepts (e.g., Error and exception handling, Input validation, Cross-site scripting prevention, Cross-site Request Forgery, (XSRF) prevention, OWASP). |
|
9.3.4
Implement secure application configuration (e.g., Application hardening, Application patch management). |
|
9.3.5
Discover and mitigate common database vulnerabilities and attacks. |
|
9.3.6.
Differentiate between Server-side vs. client-side validation. |
|
9.4.1
Setup and maintain secure roles and system management techniques (e.g., password, group, and user privilege policies and monitoring). |
|
9.4.2
Secure use of network Protocols (e.g., IPSec, SNMP, SSH, DNS, TLS, SSL, TCP/IP, FTPS, HTTPS, SCP, ICMP). |
|
9.4.3
Apply principles of IPv4 and IPv6 securely. |
|
9.4.4
Apply wireless security configurations (e.g., Disable SSID broadcast, TKIP, CCMP, Antenna placement, Power level controls). |
|
9.4.5
Manage PKI and certificates (Transport encryption, Non-repudiation, Hashing, Key escrow, Steganography, Digital signatures). |
|
9.4.6
Use of algorithms/protocols with transport encryption (e.g., SSL, TLS, IPSec, SSH, HTTPS). |
|
9.4.7
Install and configure network devices (firewalls, switches, load balancers, proxies, web security gateways, VPN concentrators). |
|
9.4.8
Install and configure network security devices. (Protocol analyzers, Spam filter, UTM security appliances, URL filter, Content inspection, Malware inspection). |
|
9.4.9
Implement port security. |
|
9.4.10
Monitor and manage network Unified Threat Management. |
|
9.4.11
Mitigate network threats (e.g., Flood guards, Loop protection, Implicit deny, Network separation, Log analysis, Unified threat management, peripheral and removable media). |
|
9.4.12
Apply the principles of secure Network Design (e.g., DMZ, Subnetting, NAT/PAT, Remote access, Telephony, Virtualization). |
|
9.5.1.
Describe, locate, and mitigate security threats (e.g., Adware, Viruses, Spyware, Trojan, Rootkits, Logic bomb, Botnets, Ransomware, Polymorphic malware). |
|
9.5.2.
Describe and discover vulnerabilities to and mitigate network attacks. (e.g., Man-in-the-middle, DDoS, DoS, Replay, Smurf attack, Spoofing, Spam, Phishing, Spim, Spit and other attacks). |
|
9.5.3
Configure defenses for Password attacks (e.g., Brute Force, Dictionary attacks, Hybrid, Birthday attacks, Rainbow tables). |
|
9.5.4.
Describe, appraise for, and mitigate Social Engineering attacks (e.g., Shoulder surfing, Dumpster diving, Tailgating, Impersonation, Hoaxes, Phishing, Spear Phishing, Whaling, Vishing, Principles, URL hijacking, Watering Hole). |
|
9.6.1
Adhere to licensing and intellectual property laws (e.g., copyright, trademark, digital-rights management). |
|
9.6.2
Adhere to regulatory and industry standards (e.g., PCIDSS, PADSS). |
|
9.7.1.
Recognize digital reconnaissance techniques (e.g., packet capture, OS fingerprinting, topology discovery, DNS harvesting). |
|
9.7.4.
Collect digital evidence according to established policies and protocols (e.g., system image, packet captures). |
|
9.8.1
Design and implement network segmentation. |
|
9.8.2.
Differentiate between detection controls and prevention controls (e.g., IDS vs. IPS, Camera vs. guard). |
|
9.8.3.
Use discovery tools and utilities to identify threats (e.g., Protocol analyzer, Vulnerability scanner, Honeypots, Honeynets, Port scanner). |
|
9.8.4
Create, edit and use roles and system management tools. |
|
9.8.5
Implement endpoint security. |
|
9.8.6
Implement Access Control Lists (ACL). |
|
9.8.7
Deploy a server hardening plan. |
|
9.8.8
Implement a Network Access Control (NAC) plan. |
|
9.8.9
Interpret alarms and alert trends. |
|
9.8.10
Apply Incident response procedures (e.g., Preparation, Incident identification, Escalation and notification, Mitigation steps, Lessons learned, Reporting, Recovery procedures, First responder, Incident isolation, Quarantine, Device removal, Data breach). |
|
9.8.11
Differentiate between types of Penetration testing (e.g., Black box, White box, Gray box). |
|
9.9.1
Describe the concepts of Risk Management (e.g., Business continuity concepts, Business impact analysis, Identification of critical systems and components, Removing single points of failure). |
|
9.9.2
Describe the concepts of Risk assessment (e.g., Disaster recovery plan, IT contingency planning - Succession planning, Redundancy). |
|
9.9.3
Describe and plan Fault tolerance (e.g., Hardware, RAID, Clustering, Load balancing, Disaster recovery concepts, Backup plans/policies, Backup execution/frequency). |
|
9.10.1
Enforce concepts related to threat vectors and probability/threat likelihood. |
|
9.10.2
Identify concepts of risk calculation (Likelihood, ALE, Impact, SLE, ARO, MTTR, MTTF, MTBF). |
|
9.10.3
Implement Governance, risk management and Compliance Management processes (risk mitigation, govern compliance). |
|