fedvte training catalog - boots to...
TRANSCRIPT
Winter2017
1
WelcometotheFederalVirtualTrainingEnvironment(FedVTE)CourseCatalog!
FedVTEcoursesareonlineatfedvte.usalearning.gov.Forassistance,[email protected](202)558-2203ortoll-free(888)804-4510,Monday-Friday,8:30AMto6:00PMEastern,exceptholidays.
TheFedVTEcourseinformationincludes:• Coursedescription• Courselength• Proficiencylevel• WorkforceFrameworkcategory• WorkforceFrameworkspecialtyarea
AbouttheWorkforceFrameworkTheNationalCybersecurityWorkforceFramework(WorkforceFramework)providesablueprinttocategorize,organize,anddescribecybersecurityworkintoSpecialtyAreas,tasks,andknowledge,skills,andabilities(KSAs).TheWorkforceFrameworkprovidesacommonlexicontospeakaboutcybersecurityrolesandjobsandhelpsdefineprofessionalrequirementsincybersecurity.TheWorkforceFrameworkorganizescybersecurityprofessionalrolesintosevenhigh-levelCategories,eachcomprisedofseveralSpecialtyAreas.FedVTEcoursesaremappedtotheSpecialtyAreas(andcorrespondingCategories)oftheWorkforceFramework.Thisallowsacybersecurityprofessionaltoquicklyidentifythecoursesneededtoadvancewithinhisorhercareerortransferhisorherskillstoanothercybersecuritytrack.
2
Contents
AdvancedPCAPAnalysisandSignatureDev(APA)-1Hour...............................................................................4
AdvancedWindowsScripting-6Hours..............................................................................................................4
AnalysisPipeline-6Hours……………..……………....................................................................................................4
CDMModule1:Overview-2Hours…................................................................................................................4
CDMModule2:HardwareAssetManagement-1Hour.....................................................................................5
CDMModule3:SoftwareAssetManagement-1.5Hours.................................................................................5
CDMModule4:ConfigurationSettingsManagement-.5Hour..........................................................................6
CDMModule5:VulnerabilityManagement-.5Hour........................................................................................6
CertifiedEthicalHackerv8(CEHv8)-24Hours..................................................................................................6
CertifiedInformationSecurityManager2013Self-StudyCourse-11Hours.......................................................7
CiscoCCNETSelf-StudyPrep-13Hours.............................................................................................................7
CiscoCCNASecuritySelf-StudyPrep-15Hours.................................................................................................7
CloudComputingSecurity-1Hour……...............................................................................................................8
CMaaSOverview-.5Hour……………………...........................................................................................................8
CompTIAA+(220-801)CertificationPrep-12Hours........................................................................................8
CompTIAA+(220-802)CertificationPrep-11Hours........................................................................................9
CompTIAAdvancedSecurityPractitioner(CASP)-20Hours...............................................................................9
CompTIANetwork+(N10-005)CertificationPrep-17Hours..............................................................................9
CompTIASecurity+(SYO-401)CertificationPrep-19Hours...............................................................................9
CyberRiskManagementforManagers-6Hours.............................................................................................10
CyberRiskManagementforTechnicians-11Hours.........................................................................................10
CyberSecurityInvestigations-9Hours............................................................................................................10
CyberSecurityOverviewforManagers-6Hours.............................................................................................11
DBEvaluationsusingAppDetectiveProanddbProtect-1.5Hours...................................................................11
DemilitarizedZone(DMZ)withIDS/IPS-9Hours.............................................................................................11
DISAHBSSBriefsforNon-Administrators-2Hours..........................................................................................12
DISASIM(SecurityInformationManager)-3Hours.........................................................................................12
DISASymantecEndpointProtection-14Hours................................................................................................12
DoDIABootCamp-12Hours…………………….....................................................................................................13
DynamicTestingusingHPEWebInspect-1.5Hours.........................................................................................13
EmergingCyberSecurityThreats-12Hours.....................................................................................................14
FoundationsofIncidentManagement-10.5Hours.........................................................................................14
3
IntroductiontoInvestigationofDigitalAssets-4Hours..................................................................................14
IntroductiontoThreatHuntingTeams-1.5Hours...........................................................................................14
IntroductiontoWindowsScripting-4Hours...................................................................................................15
IPv6SecurityEssentials-5Hours……………………………………………………………………………………………………………..…...15
(ISC)2™CAP(R)CertificationPrep-11Hours...................................................................................................15
(ISC)2™CSSLP:CertificationPrep-20Hours....................................................................................................16
(ISC)2™CISSP®:ISSEPCertificationPrep-12Hours..........................................................................................16
(ISC)2™CISSP®:ISSAPCertificationPrep-15Hours.........................................................................................16
(ISC)2™CISSP®:ISSMPCertificationPrep(2014)-14Hours.............................................................................16
(ISC)2™CISSP®Prep2015-25Hours...............................................................................................................17
(ISC)2™SystemsSecurityCertifiedPractitioner-16Hours..............................................................................17
ISACACertifiedInformationSystemsAuditor(CISA)-20Hours........................................................................18
LANSecurityUsingSwitchFeatures-2Hours..................................................................................................18
LinuxOperatingSystemSecurity-9Hours.......................................................................................................18
MobileandDeviceSecurity-22Hours.............................................................................................................18
NetworkLayer1&2Troubleshooting-3Hours...............................................................................................19
NetworkMonitoringwithOpenSourceTools-5Hours...................................................................................19
OffensiveandDefensiveNetworkOperations-13Hours.................................................................................19
PenetrationTesting-14Hours……….….............................................................................................................20
RadioFrequencyIdentification(RFID)Security-1Hour...................................................................................20
RootCauseAnalysis-1Hour………………………………………………………………………………………………………………………..…20
SecuringInfrastructureDevices-1Hour..........................................................................................................20
SecuringtheNetworkPerimeter-1Hour........................................................................................................21
SecurityandDNS-1Hour………………................................................................................................................21
SILKTrafficAnalysis-7Hours…………................................................................................................................21
SoftwareAssuranceExecutiveCourse(SAE)-10Hours....................................................................................22
StaticCodeAnalysisusingHPEFortify-2Hours...............................................................................................22
StaticCodeAnalysisusingSynopsisCoverity-1.5Hours..................................................................................22
SupplyChainAssuranceusingSonatypeNexus-2.5Hours..............................................................................23
WindowsOperatingSystemSecurity-16Hours..............................................................................................23
WirelessNetworkSecurity(WNS)-9Hours.....................................................................................................23
4
AdvancedPCAPAnalysisandSignatureDev(APA) 1HourThiscoursetakesusersthroughanintroductiontorules,goesoverexamplesyntax,protocolsandexpressions.Itcontainsseveralsupportingvideodemonstrationsaswellaslabexerciseswritingandtestingbasicrules.
ProficiencyLevel:- Intermediate
FrameworkCategory:- ProtectandDefend- Analyze
SpecialtyAreas:- ComputerNetworkDefenseAnalysis- ExploitationAnalysis- IncidentResponse
AdvancedWindowsScripting 6HoursThiscoursefocusesonadvancedconceptsforwritingscriptsfortheMicrosoftWindowsoperatingsystem.ThecoursecovershowtostringmultiplecommandstogetherintraditionalBATCHscriptsaswellasleverageVisualBasicScripting(VBS)toperformmorecomplextasks,andincludesreinforcingvideodemonstrationsandfinalassessment.ProficiencyLevel- Basic
Framework- OperateandMaintain
SpecialtyAreas:- NetworkServices- SystemAdministration- SystemsSecurityAnalysis
AnalysisPipeline 6HoursThiscourseisdesignedfornetworkflowdataanalystswhouseorareconsideringusingAnalysisPipeline.Thecourseaimstohelpthestudentbetterunderstandhowtoincorporatestreamingnetworkflowanalysisintotheirtoolkitforidentifyingandalertingoneventsofinterest.ThefocuswillbeonapplyingAnalysisPipelinetooperationalusecases.ProficiencyLevel- Intermediate
Framework- ProtectandDefend
SpecialtyAreas:- NetworkDefenseAnalysis- ComputerNetworkDefense- InfrastructureSupport- VulnerabilityAssessmentandManagement
CDMModule1:Overview 2HoursThiscourseisdesignedformanagers,staffandotherstakeholderswhomaybeinvolvedinimplementationand/ordecisionmakingregardingContinuousDiagnosticsandMitigation(CDM).ThecourseaimstohelpthestudentbetterunderstandhowCDMcanhelpadepartmentoragency(D/A)bettermanageriskandprotectmissioncriticalassetsandtomoreeffectivelyevaluatetheircybersecurityposture.ThecourseprovidesahighleveloverviewoftheCDMprogram.TopicscoveredincludebasicCDMconcepts,howCDMrelatestoNIST800-53andotherNISTSPs,CDMConceptofOperations,theCDMEnvironment,andCDM’sPhasesandCapabilities.
5
ProficiencyLevel- Basic
Framework- SecurelyProvision- Oversightand
Development
SpecialtyAreas:- InformationAssuranceCompliance- InformationSystemsSecurityOperations
(InformationSystemsSecurityOfficer)- SecurityProgramManagement(Chief
InformationSecurityOfficer)
CDMModule2:HardwareAssetManagement 1HourThiscourseisdesignedformanagers,staffandotherstakeholderswhomaybeinvolvedinimplementationand/ordecisionmakingregardingContinuousDiagnosticsandMitigation(CDM).Thecourseaimstohelpthestudentbetterunderstandhowpeopleanddevicesworktogethertoprotectmissioncriticalassetsandtomoreeffectivelyevaluatetheircybersecurityposture.ThecoursebeginsbydefiningHardwareAssetManagement(HWAM)andwhyitiscriticaltotheimplementationofarobustcybersecurityprogram.ThetraininghighlightsthecriteriaformonitoringandmanaginghardwareassetsusingCDM.ItthentransitionsintoHWAMimplementationcriteriaanddiscussesthegenericCDMconceptofoperationsspecifictoHWAM.TopicscoveredincludeActualState,DesiredState,andDefects.ProficiencyLevel- Basic
Framework- SecurelyProvision- Oversightand
Development
SpecialtyAreas:- InformationAssuranceCompliance- InformationSystemsSecurityOperations
(InformationSystemsSecurityOfficer)- SecurityProgramManagement(Chief
InformationSecurityOfficer)
CDMModule3:SoftwareAssetManagement 1.5HoursThiscourseisdesignedformanagers,staffandotherstakeholderswhomaybeinvolvedinimplementationand/ordecisionmakingregardingCDM.Thecourseaimstohelpthestudentbetterunderstandhowpeopleandsoftwareworktogethertoprotectmissioncriticalassetsandtomoreeffectivelyevaluatetheircybersecurityposture.ThecoursebeginsbydefiningSoftwareAssetManagement(SWAM)andwhyitiscriticaltotheimplementationofarobustcybersecurityprogram.ItcoversnewrolesandresponsibilitieswhichtheD/Amustimplement.ItthentransitionsintoSWAMimplementationcriteria,anddiscussesthegenericCDMconceptofoperationsspecifictoSWAMActualState,DesiredState,andDefects.Itincludeshighleveldiscussionsofsoftwarelists(white,gray,black)andhowsoftwarecanbeidentifiedandtrackedinCDMthroughtheuseofCommonPlatformEnumeration(CPE)andSoftwareIdentification(SWID)tagsbysoftwarepackagedowntoexecutables.ProficiencyLevel- Basic
Framework- Securely
Provision- Oversightand
Development
SpecialtyAreas:- InformationAssuranceCompliance- InformationSystemsSecurityOperations
(InformationSystemsSecurityOfficer)- SecurityProgramManagement(Chief
InformationSecurityOfficer)
6
CDMModule4:ConfigurationSettingsManagement .5HourThiscourseisdesignedformanagers,staffandotherstakeholderswhomaybeinvolvedinimplementationand/ordecisionmakingregardingCDM.ThecourseaimstohelpthestudentbetterunderstandCSM,provideorganizationvisibilityintorisksassociatedwithimproperornon-compliantsecurity-relatedconfigurationsettingsforauthorizedhardwareandsoftware.ThecoursebeginsbyoutliningtheCyberSecurityManagerposition(CSM)andhighlightingthetypesofattacksCSMcanhelpprevent.ItthentransitionsintoCSMmethodsandcriteria,whereitreviewsActualState,DesiredState,andDefectChecksspecifictothecapabilityarea.ItexplainshowCSMbuildsupontheothercapabilitiesandhowdefectchecksdifferatthelocalandfederallevels.ProficiencyLevel- Basic
Framework- SecurelyProvision- Oversightand
Development
SpecialtyAreas:- InformationAssuranceCompliance- InformationSystemsSecurityOperations
(InformationSystemsSecurityOfficer)- SecurityProgramManagement(Chief
InformationSecurityOfficer)CDMModule5:VulnerabilityManagement .5HourThiscourseisdesignedformanagers,staffandotherstakeholderswhomaybeinvolvedinimplementationand/ordecisionmakingregardingCDM.Thecourseaimstohelpthestudentbetterunderstandhowvulnerabilitymanagement(VULN)identifiestheexistenceofvulnerablesoftwareproductsintheboundarytoallowanorganizationtomitigateandthwartcommonattacksthatexploitthosevulnerabilities.ThecoursebeginsbydefiningVULN,howitappliestothetargetenvironment,andhowafullyimplementedVULNcapabilityimpactsaDepartmentorAgency.ItthentransitionsintoVULNcriteriaandmethods,whereitreviewsActualState,DesiredState,andDefectChecksspecifictothecapabilityarea.ItexplainshowVULNbuildsupontheothercapabilitiesareas,thetypesofdefects,andhowthosedefectchecksdifferatthelocalandfederallevels.ProficiencyLevel- Basic
Framework- SecurelyProvision- Oversightand
Development
SpecialtyAreas:- InformationAssuranceCompliance- InformationSystemsSecurityOperations
(InformationSystemsSecurityOfficer)- SecurityProgramManagement(Chief
InformationSecurityOfficer)
CertifiedEthicalHackerv8(CEHv8) 24HoursTheCertifiedEthicalHacker(CEHv8)certificationprepcoursepreparesstudentstositfortheEC-CouncilCertifiedEthicalHackerversion8certificationexam.Thiscoursecontainsmaterialstoaidthestudentinbroadeningtheirknowledgeofadvancednetworkassessmenttechniquesincludingenumeration,scanningandreconnaissance.Updatestov8fromv7includeseveralnewtoolsandhowtousethemtoperformvarioustechniques.Topicsincludeactiveandpassivereconnaissance,hackinglaws,Googlehacking,socialengineering,packetcaptureandscanning.Thecoursethenmovesontoexploitationofseveraltypesandthreatsandhowtocoveryourtracks.
7
ProficiencyLevel- Advanced
Framework- ProtectandDefend- Operateand
Maintain
SpecialtyAreas:- ComputerNetworkDefenseAnalysis- SystemsSecurityAnalysis- VulnerabilityAssessmentandManagement
CertifiedInformationSecurityManager2013Self-StudyCourse 11HoursTheInformationSystemsAuditandControlAssociation(ISACA)CertifiedInformationSecurityManager(CISM)certificationprepcoursepreparesstudentstositforthemanagement-focusedCISMexamaswellasstrengthenstheirinformationsecuritymanagementexpertisethroughthein-depthcoursewareandreinforcingdemonstrations.Topicsincludeinformationsecuritygovernance,informationriskmanagementandcompliance,informationsecurityprogramdevelopmentandmanagement,andinformationsecurityincidentmanagement.
ProficiencyLevel- Intermediate
Framework- Oversightand
Development
SpecialtyAreas:- InformationSystemsSecurityOperations
(InformationSystemsSecurityOfficer)- SecurityProgramManagement(Chief
InformationSecurityOfficer)- StrategicPlanningandPolicyDevelopment
CiscoCCNETSelf-StudyPrep 13HoursTheCiscoCCENTPrepcourseisaself-studyresourceforlearnerspreparingfortheCiscoCCENTcertification,oneoftheprerequisitesfortheCiscoCCNAcertification.Installing,operating,configuring,andverifyingabasicIPv4andIPv6networkwillbediscussed.Studentswillalsobeintroducedtoconfiguringalocalareanetwork(LAN)switch,configuringaninternetprotocol(IP)router,andidentifyingbasicsecuritythreats.Thecourseincludesseveralreinforcingvideodemonstrationsofconceptsdiscussed,aswellasaquiz.
ProficiencyLevel- Intermediate
Framework- OperateandMaintain- SecurelyProvision
SpecialtyAreas:- CustomerServiceandTechnicalSupport- NetworkServices- SystemsSecurityArchitecture
CiscoCCNASecuritySelf-StudyPrep 15HoursTheCiscoCCNASecuritySelf-StudyPrepcourseisaimedatthosewhoalreadyhaveexperiencewithroutersandbasiclevelnetworkingskills,andthosewhomaybeinterestedintakingtheCiscoCCNASecurityexam.ContentcoveredintheCCNASecurityPrepcourseincludeprotocolsniffers,analyzers,TCP/IP,desktoputilities,CiscoIOS,theCiscoVPN,aCiscosimulationprogramcalledPacketTracer,andsomeweb-basedresources.Studentswillgetatheoreticalunderstandingofnetworksecurity,knowledgeandskillsdesignedtoimplementit.Thisself-studyresourcecontainsseveralreinforcingvideodemonstrationsandfinalexam.
8
ProficiencyLevel- Intermediate
Framework- OperateandMaintain
SpecialtyAreas:- CustomerServiceandTechnicalSupport- NetworkServices- SystemAdministration
CloudComputingSecurity 1HourThiscourseprovidesanin-depthlookatthestrengthsandweaknessesofcloudcomputingsecurityaswellastheconsiderationstotakeinchoosingthecloudasadatamanagementsolution.Technicalandoperationalrisksareexplained,alongwithstrategiestomitigatetheaforementionedrisks.Todemonstrateconceptslearned,thecoursecloseswithareal-worldexampleofhowagovernmentagency(DefenseInformationSystemsAgency)utilizescloudcomputingsolutions.ProficiencyLevel- Intermediate
Framework- ProtectandDefend- OperateandMaintain
SpecialtyAreas:- ComputerNetworkDefenseAnalysis- SystemsSecurityAnalysis- VulnerabilityAssessmentandManagement
CMaaSOverview .5HourThiscourseisdesignedformanagers,staffandotherstakeholderswhomaybeinvolvedinimplementationand/ordecisionmakingregardingCDM.ThecourseaimstohelpthestudentbetterunderstandhowContinuousMonitoringasaService(CMaaS)relatestotheCDMprogram.ProficiencyLevel- Basic
Framework- Oversightand
Development- ProtectandDefend
SpecialtyAreas:- InformationSystemsSecurityOperations- SecurityProgramManagement- ComputerNetworkDefenseAnalysis- ComputerNetworkDefenseInfrastructure
Support- IncidentResponse- VulnerabilityAssessmentandManagement
*CMaasOverviewCourseisavailabletoDHSemployees.CompTIAA+(220-801)CertificationPrep 12HoursTheA+220-801CertificationPrepSelf-StudyisanintroductorycoursepresentingdomainknowledgeandobjectivesforthefivedomainsfeaturedintheA+220-801portionoftheA+certificationexam.
ProficiencyLevel- Basic
Framework- OperateandMaintain
SpecialtyAreas:- CustomerServiceandTechnicalSupport- NetworkServices- SystemAdministration
9
CompTIAA+(220-802)CertificationPrep 11HoursTheA+220-802CertificationPrepSelf-Studycourseisforentry-levelITprofessionalswithatleast12monthsexperienceinthefield.KnowledgerequiredforA+candidatesincludeinstallation,configuration,andmaintenanceofdevices,PCs,andsoftwareforendusers.ThiscoursecontainsmaterialsforthefourA+802domainstoaidthecandidateinexampreparation.
ProficiencyLevel- Basic
Framework- OperateandMaintain
SpecialtyAreas:- CustomerServiceandTechnicalSupport- NetworkServices- SystemAdministration
CompTIAAdvancedSecurityPractitioner(CASP) 20HoursThiscertificationprepcoursehelpstopreparestudentstositfortheCompTIACASPCAS-001certificationexambycoveringtechnicalknowledgeandskillsrequiredindesigningandengineeringsecuresolutionsinenterpriseenvironments.Abroadspectrumofsecuritydisciplinesarediscussedtohelpwithcriticalthinkingwhenconsideringsecureenterprisesolutionsandmanagingrisk.
ProficiencyLevel- Advanced
Framework- OperateandMaintain
SpecialtyAreas:- NetworkServices- SystemAdministration- SystemsSecurityAnalysis
CompTIANetwork+(N10-005)CertificationPrep 17HoursCompTIA’sNetwork+certificationprepcoursewasdevelopedforthecurrentNetwork+examcodeN10-005.TopicscoveredontheNetwork+N10-005examaswellasinthisFedVTEprepcourseincludenetworktechnologies,installationandconfiguration,mediaandtopologies,managementandsecurity.Thiscertificationprepcourseincludesvideodemonstrations,apracticeexam,andhands-onlabs.
ProficiencyLevel- Basic
Framework- ProtectandDefend- OperateandMaintain
SpecialtyAreas:- ComputerNetworkDefenseInfrastructureSupport- CustomerServiceandTechnicalSupport- NetworkServices
CompTIASecurity+(SYO-401)CertificationPrep 19HoursThiscertificationprepcoursepreparesstudentstositfortheCompTIASecurity+(SY0-401)certificationexamaswellasteachesconceptsandtechniquesthatarevaluabletotheworkplace.Topicscoveredinthecourse,andcompetenciestestedontheexamincludenetworksecurity,complianceandoperationalsecurity,threatsandvulnerabilities,application,dataandhostsecurity,accesscontrolandidentitymanagement,andcryptography.Thiscertificationprepcourseincludesseveralreinforcingvideodemonstrationsaswellasapracticequiz.
10
ProficiencyLevel- Basic
Framework- ProtectandDefend- OperateandMaintain
SpecialtyAreas:- ComputerNetworkDefenseAnalysis- SystemsSecurityAnalysis- VulnerabilityAssessmentandManagement
CyberRiskManagementforManagers 6HoursCyberRiskManagementforManagerscoverskeyconcepts,issues,andconsiderationsformanagingriskfromamanager’sperspective.Discussionsincludeidentifyingcriticalassetsandoperations,aprimeroncyberthreatsandhowtodeterminethreatstoyourbusinessfunction,mitigationstrategies,andresponseandrecovery.
ProficiencyLevel- Basic
Framework- Oversightand
Development
SpecialtyAreas:- InformationSystemsSecurityOperations
(InformationSystemsSecurityOfficer)- LegalAdviceandAdvocacy- StrategicPlanningandPolicyDevelopment
CyberRiskManagementforTechnicians 11HoursThiscoursepresentstheconceptofmanagingcyberriskfromatechnicalperspective.Anoverviewofcyberriskmanagementopenstheclass,followedbyfoundationalmaterialonconductingariskassessmentofconsiderationssuchasthreats,vulnerabilities,impacts,andlikelihood.Varioustechnicalmethodsforconductingariskassessmentarepresented,toincludevulnerabilityassessmentsandpenetrationtests,withafocusoncontinuousmonitoringofsecuritycontrolsandhowtoassessthosesecuritycontrolsusingtheNationalInstituteofStandardsandTechnologySpecialPublication800-53and800-53aasaguide.
ProficiencyLevel- Basic
Framework- Oversightand
Development
SpecialtyAreas:- InformationSystemsSecurityOperations
(InformationSystemsSecurityOfficer)- SecurityProgramManagement(Chief
InformationSecurityOfficer)- StrategicPlanningandPolicyDevelopment
CyberSecurityInvestigations 9HoursThiscoursediscussesthebasicconceptsofcybersecurityanddigitalforensicsinvestigationpractices.Topicsincludeperformingcollectionandtriageofdigitalevidenceinresponsetoanincident,evidencecollectionmethodologies,andforensicbestpractices.Thisisanintroductorycoursereviewingtheprocesses,methods,techniquesandtoolsinsupportofcybersecurityinvestigations.
11
ProficiencyLevel- Basic
Framework- CollectandOperate- Investigate- ProtectandDefend
SpecialtyAreas:- CyberOperations- DigitalForensics- IncidentResponse
CyberSecurityOverviewforManagers 6HoursCybersecurityOverviewforManagersisdesignedformanagersandotherstakeholderswhomaybeinvolvedindecisionmakingregardingtheircyberenvironmentbutdonothaveastrongtechnicalbackground.Discussionswillnotfocusonspecifictechnologiesorimplementationtechniques,butrathercybersecuritymethodologiesandtheframeworkforprovidingaresilientcyberpresence.Thecourseaimstohelpmanagersbetterunderstandhowpeopleanddevicesworktogethertoprotectmissioncriticalassetsandmoreeffectivelyevaluatetheircyberposture.
ProficiencyLevel- Basic
Framework- Oversightand
Development
SpecialtyAreas:- InformationSystemsSecurityOperations
(InformationSystemsSecurityOfficer)- SecurityProgramManagement(Chief
InformationSecurityOfficer)- StrategicPlanningandPolicyDevelopment
DBEvaluationsusingAppDetectiveProanddbProtect 1.5HoursThiscourseintroducesstudentstobasicdatabasesecurityconceptsandmethodology.ThecoursedemonstrateshowtoolssuchasAppDetectivePROandDbProtectcanbeusedtoscandatabasesinordertouncoverconfigurationmistakes,identificationandaccesscontrolissues,missingpatches,oranytoxiccombinationofsettingswhichcouldleadtoescalation-of-privilegeordenial-of-serviceattacks,dataleakage,orunauthorizedmodificationofdata.
ProficiencyLevel- Basic
Framework- SecurelyProvision
SpecialtyAreas:- InformationAssuranceCompliance- SoftwareAssuranceandSecurityEngineering- SystemsDevelopment- TestandEvaluation
DemilitarizedZone(DMZ)withIDS/IPS 9HoursThiscourseintroducestheconceptofanetworkDemilitarizedZone(DMZ)andthesecuritybenefitsitcanprovide.BestpracticesfordesigningandimplementingaDMZisfollowedwithasectiononIDSandIPSsystemsthatincludesanin-depthlookatSNORTfornetworkmonitoring.Thecourseconcludeswithloganalysisandmanagementbestpractices.
12
ProficiencyLevel- Intermediate
Framework- ProtectandDefend- OperateandMaintain
SpecialtyAreas:- ComputerNetworkDefenseInfrastructure
Support- NetworkServices- SystemsSecurityAnalysis
DISAHBSSBriefsforNon-Administrators 2HoursThiscourseisintendedforindividualsthatdonothaveadministrativeresponsibilitiesoverHostBasedSecuritySystems(HBSS)butstillrequireknowledgeofthecapabilityanditspurpose.Thecourseismadeupofthreeindividualcomponents–ashortoverviewofthesystemforthoseinSeniorLeadershippositions,a35minuteoverviewforInformationAssuranceManagersandOfficers,anda20minutebriefforthosethatspecificallyneedtouseHBSSforComputerNetworkDefensecompliance.ProficiencyLevel- Intermediate
Framework- ProtectandDefend- OperateandMaintain
SpecialtyAreas:- SystemAdministration- CustomerServiceandTechnicalSupport- SystemsSecurityAnalysis- NetworkServices- ComputerNetworkDefenseAnalysis
*DISAcoursesareavailabletoDISAemployees.DISASIM(SecurityInformationManager) 3HoursThis3-hourcourseisintendedtoprovidestudentswithanoverviewofDISA’sSIMprogramanditsprimarytool–ArcSightESM.Itwilldescribehowtogainaccess,login,analyzeevents,createdashboardsandreports,andcreatecontent.Thecoursecontainsalabthatallowsstudentstointeractwiththesystemandaquizthatmustbepassedbeforethestudentcanobtainacompletioncertificate.ProficiencyLevel- Intermediate
Framework- CollectandOperate- ProtectandDefend
SpecialtyAreas:- CollectionOperations- CyberOperations- IncidentResponse
*DISAcoursesareavailabletoDISAemployees.DISASymantecEndpointProtection 14HoursThiscourseisintendedforindividualsestablishingandadministeringSymantecEndpointProtection12.1withintheirenvironment.Itwillpresentstudentswithinstructiononserverinstallation,clientinstallation,clientadministration,clientremoval,databaseadministration,threatconfigurations,threatidentification,threatresponses,andvariousothertopics.
13
ProficiencyLevel- Intermediate
Framework- ProtectandDefend
SpecialtyAreas:- ComputerNetworkDefenseAnalysis- ComputerNetworkDefenseInfrastructure
Support- IncidentResponse
*DISAcoursesareavailabletoDISAemployees.
DNSSECTrainingWorkshop 2HoursThiscoursecoversthebasicsofDNSSEC,howitintegratesintotheexistingglobalDNSandprovidesastep-by-stepprocesstodeployingDNSSEConexistingDNSzones.ProficiencyLevel- Advanced
Framework- SecurelyProvision- Oversightand
Development
SpecialtyAreas:- SystemsSecurityArchitecture- NetworkServices- SystemAdministrator
DoDIABootCamp 12HoursTheDepartmentofDefenseInsuranceAssurance(DoDIA)BootCampisanin-depthstudyprogramdesignedsostudentsmaysuccessfullyperformtheirdutiesasIAprofessionals,toincludeInformationAssuranceManagers,InformationAssuranceOfficers,orSystemAdministratorswithIAduties.ThiscoursewillprovidethestudentwithDoDpolicyguidanceasrelatedtolaw,policy,technicalimplementationguidance,documentationrequirements,andreferencesnecessarytosupportasuccessfulDoDIAprogram.
ProficiencyLevel- Basic
Framework- SecurelyProvision- Oversightand
Development
SpecialtyAreas:- InformationAssuranceCompliance- StrategicPlanningandPolicyDevelopment
DynamicTestingusingHPEWebInspect 1.5HoursThiscourseintroducesstudentstodynamictestingtoolsforwebapplicationsanddemonstrateshowtheycanbeusedtoidentify,evaluate,andmitigateawebapplication’spotentialsecurityvulnerabilities.ThefocusisonusingHPEWebInspect;inordertoperformandmanagedynamicsecurityvulnerabilitytestingandaddressresultsfrombothadeveloperandcybersecurityprofessionalperspective.
ProficiencyLevel- Basic
Framework- SecurelyProvision
SpecialtyAreas:- InformationAssuranceCompliance- SoftwareAssuranceandSecurityEngineering- SystemsDevelopment- TestandEvaluation
14
EmergingCyberSecurityThreats 12HoursThiscoursecoversabroadrangeofcybersecurityelementsthatposethreatstoinformationsecurityposture.Thevariousthreatsarecoveredindetail,followedbymitigationstrategiesandbestpractices.Thiscoursewillcoverwhatpolicyis,theroleitplaysincybersecurity,howitisimplemented,andcybersecuritylaws,standards,andinitiatives.Topicsincludecybersecuritypolicy,knowingyourenemy,mobiledevicesecurity,cloudcomputingsecurity,RadioFrequencyIdentification(RFID)security,LANsecurityusingswitchfeatures,securingthenetworkperimeter,securinginfrastructuredevices,securityandDNSandIPv6security.Videodemonstrationsareincludedtoreinforceconcepts.ProficiencyLevel- Intermediate
Framework- Oversightand
Development- OperateandMaintain- ProtectandDefend
SpecialtyAreas:- StrategicPlanningandPolicyDevelopment- SystemAdministration- VulnerabilityAssessmentandManagement
FoundationsofIncidentManagement 10.5HoursThiscourseprovidesanintroductiontothebasicconceptsandfunctionsofincidentmanagement.Thecourseaddresseswhereincidentmanagementactivitiesfitintheinformationassuranceorinformationsecurityecosystemandcoversthekeystepsintheincidenthandlinglifecyclewithpracticestoenablearesilientincidentmanagementcapability.
ProficiencyLevel- Basic
Framework- Protectand
Defend
SpecialtyAreas:- ComputerNetworkDefenseInfrastructure
Support- IncidentResponse
IntroductiontoInvestigationofDigitalAssets 4HoursThiscourseisdesignedfortechnicalstaffwhoarenewtotheareaofDigitalMediaAnalysisandInvestigations.Itprovidesanoverviewofthedigitalinvestigationprocessandkeyactivitiesperformedthroughouttheprocessandvarioustoolsthatcanbeusedtoperformeachactivity.
ProficiencyLevel- Basic
Framework- Collectand
Operate- Investigate
SpecialtyAreas:- CollectionOperations- DigitalForensics- Investigation
IntroductiontoThreatHuntingTeams 1.5HoursThiscourseprovidesbasicdefinitions,activities,andexamplesofteamshuntingthreatsinthecyberdomain.Thecourseaddressesthedifferencesbetweenhuntingteamactivitiesandthoseofincidentmanagementteamsorpenetrationtestingteams.Thecontentcovershowhuntingteamsestablishgoals,methodsusedbythreathuntingteams,andsourcesavailabletohelpreadandinterpretthethreatlandscape.
15
ProficiencyLevel- Basic
Framework- Protectand
Defend- Analyze
SpecialtyAreas:- ComputerNetworkDefenseAnalysis- ThreatAnalysis
IntroductiontoWindowsScripting 4HoursThiscoursefocusesonwritingscriptsfortheMicrosoftWindowsoperatingsystem.Itcoversfundamentalsandsyntaxforautomatingadministrativeandsecuritymonitoringtasks.ThecoursewillpresentthebasicsofWindowsBATCHscriptingsyntaxandstructure,alongwithseveralWindowscommandlineutilitiestoharnessthepowerfulcapabilitiesbuiltintoWindows.
ProficiencyLevel- Basic
Framework- Operateand
Maintain
SpecialtyAreas:- NetworkServices- SystemAdministration- SystemsSecurityAnalysis
IPv6SecurityEssentials 5HoursThisInternetProtocolversion6(IPv6)SecurityEssentialscoursebeginswithaprimerofIPv6addressinganditscurrentdeploymentstate,discussesInternetControlManagerProtocolversion6(ICMPv6),DynamicHostConfigurationProtocolversion6(DHCPv6),andDomainNameSystemversion6(DNSv6),andconcludeswithIPv6TransitionMechanisms,securityconcernsandmanagementstrategies.Thiscourseincludesseveralreinforcingvideodemonstrations,aswellasafinalknowledgeassessment.
ProficiencyLevel- Advanced
Framework- ProtectandDefend- Operateand
Maintain
SpecialtyAreas:- ComputerNetworkDefenseAnalysis- NetworkServices- SystemAdministration
(ISC)2™CAP(R)CertificationPrep 11HoursThiscertificationprepcourseisdesignedtohelppreparestudentsfortheInformationSecurityCertification(ISC)2CertifiedAuthorizationProfessional(CAP)certificationexamaswellasstrengthentheirknowledgeandskillsintheprocessofauthorizingandmaintaininginformationsystems.TopicsincludeunderstandingtheRiskManagementFramework(RMF),selection,implementation,andmonitoringofsecuritycontrolsaswellasthecategorizationofinformationsystems.Thecourseincludesapracticeexam.
ProficiencyLevel- Intermediate
Framework- ProtectandDefend- Operateand
Maintain
SpecialtyAreas:- ComputerNetworkDefenseAnalysis- SystemsSecurityAnalysis- VulnerabilityAssessmentandManagement
16
(ISC)2™CSSLP:CertificationPrep 20HoursThiscertificationprepcoursehelpspreparestudentstositforthe(ISC)2CSSLPcertificationexambycoveringapplicationsecurityconceptsandthesoftwaredevelopmentlifecycle(SDLC).Thiscourseisforindividualswithatleastfouryearsofexperienceinsecuresoftwareconcepts,softwarerequirements,softwaredesign,andsoftwareimplementation.
ProficiencyLevel- Advanced
Framework- SecurelyProvision- Oversightand
Development- OperateandMaintain
SpecialtyAreas:- SoftwareAssuranceandSecurity
Engineering- StrategicPlanningandPolicy
Development- SystemsSecurityAnalysis
(ISC)2™CISSP®:ISSEPCertificationPrep 12HoursTheInformationSystemsSecurityEngineeringProfessional(ISSEP)concentrationoftheCertifiedInformationSystemsSecurityProfessional(CISSP)certificationprepcoursepreparesstudentswithsystemssecurityengineeringexperiencetositforthe(ISC)2ISSEPcertificationexam.Thiscourseincludesa100-questionpracticeexamandwasdevelopedfollowingthefourdomainsoftheISSEP.
ProficiencyLevel- Advanced
Framework- OversightandDefend- OperateandMaintain- SecurelyProvision
SpecialtyAreas:- StrategicPlanningandPolicy
Development- SystemAdministration- SystemsRequirementsPlanning
(ISC)2™CISSP®:ISSAPCertificationPrep 15HoursTheInformationSystemsSecurityArchitectureProfessional(ISSAP)concentrationoftheCISSPcertificationprepcoursepreparesstudentswithsecurityarchitectandanalystexperiencetositforthe(ISC)2ISSAPcertificationexam.ThiscourseincludesapracticeexamandreinforcingvideodemonstrationsformanyofthetopicsincludedinthesixdomainsoftheISSAP.
ProficiencyLevel- Advanced
Framework- OperateandMaintain- SecurelyProvision
SpecialtyAreas:- SystemAdministration- SystemsRequirementsPlanning- SystemsSecurityArchitecture
(ISC)2™CISSP®:ISSMPCertificationPrep(2014) 14HoursTheInformationSystemsSecurityManagementProfessional(ISSMP)concentrationoftheCISSPcertificationprepcoursepreparesstudentswithmanagementexperiencetositforthe(ISC)2ISSMPcertificationexam.This
17
courseincludesa100-questionpracticeexamandincludesvideodemonstrationsreinforcingmanyofthetopicsincludedinthefivedomainsoftheISSMP.
ProficiencyLevel- Advanced
Framework- Oversightand
Development
SpecialtyAreas:- InformationSystemsSecurity
Operations(InformationSystemsSecurityOfficer)
- SecurityProgramManagement(ChiefInformationSecurityOfficer)
- StrategicPlanningandPolicyDevelopment
(ISC)2™CISSP®Prep2015 25HoursThe(ISC)2CertifiedInformationSystemsSecurityProfessional(CISSP)certificationself-studyprepcourseisaresourceforindividualspreparingfortheCISSPcertificationexamorexpandingtheirknowledgeintheinformationsecurityfield.Thecoursereflectsthe2015publishedCISSPexamobjectivesandtheeightdomainsuponwhichtheexamisbased.Thiscoursealsoincludesdomainquizzes,reinforcingvideodemonstrations,aswellasafinalpracticeexam.
ProficiencyLevel- Advanced
Framework- SecurelyProvision- Oversightand
Development
SpecialtyAreas:- InformationAssuranceCompliance- InformationSystemsSecurity
Operations(InformationSystemsSecurityOfficer)
- SecurityProgramManagement(ChiefInformationSecurityOfficer)
(ISC)2™SystemsSecurityCertifiedPractitioner 16HoursTheSystemsSecurityCertifiedPractitioner(SSCP)certificationprepcourseisaself-studyresourceforthosepreparingtotakethe(ISC)2SSCPcertificationexamaswellasthoselookingtoincreasetheirunderstandingofinformationsecurityconceptsandtechniques.Thecertificationisdescribedasbeingidealforthoseworkingtowardpositionssuchasnetworksecurityengineers,securitysystemsanalysts,orsecurityadministrators.Thiscourse,completewitha100-questionpracticeexamandvideodemonstrations,wasdevelopedbasedonthesevenSSCPdomainspriortotheApril15,2015(ISC)2™domainupdate.Anew,updatedcourseiscurrentlyindevelopment.
ProficiencyLevel- Basic
Framework- ProtectandDefend- OperateandMaintain
SpecialtyAreas:- ComputerNetworkDefenseAnalysis- NetworkServices- SystemsSecurityAnalysis
18
ISACACertifiedInformationSystemsAuditor(CISA) 20Hours TheInformationSystemsAuditingprepcourseisaself-studyresourcedesignedtohelpstudentspreparetositfortheISACACertifiedInformationSystemsAuditor(CISA)exam.ProficiencyLevel- Intermediate
Framework- ProtectandDefend- OperateandMaintain
SpecialtyAreas:- ComputerNetworkDefenseAnalysis- SystemsSecurityAnalysis- VulnerabilityAssessmentand
Management
LANSecurityUsingSwitchFeatures 2HoursInthiscourse,studentslearndifferentmethodsofhowtosecureLocalAreaNetworks(LANs)attheconnectivitylevel.Topicsinclude:monitoringmediaaccesscontrol(MAC)addressesandportsecurity,limitingMAC&IPspoofing,controllingtrafficflows,implementingandenhancingsecurityinvirtuallocalareanetwork(VLANs),enablingauthenticationonconnectionpoints,anddetermininghostsecurityhealth.Examplesareusedthroughouttoreinforceconcepts.ProficiencyLevel- Intermediate
Framework- OperateandMaintain- ProtectandDefend
SpecialtyAreas:- SystemAdministration- SystemsSecurityAnalysis- VulnerabilityAssessmentand
Management
LinuxOperatingSystemSecurity 9HoursThiscourseintroducesstudentstothesecurityfeaturesandtoolsavailableinLinuxaswellastheconsiderations,advantages,anddisadvantagesofusingthosefeatures.TheclasswillbebasedonRedHatLinuxandisdesignedforITandsecuritymanagers,andsystemadministratorswhowanttoincreasetheirknowledgeonconfiguringandhardeningLinuxfromasecurityperspective.
ProficiencyLevel- Advanced
Framework- Investigate- ProtectandDefend- OperateandMaintain
SpecialtyAreas:- DigitalForensics- IncidentResponse- SystemsSecurityAnalysis
MobileandDeviceSecurity 22HoursUpdatedin2015,theMobileandDeviceSecuritycourseintroducesstudentstomobiledevices,howtheyoperate,andtheirsecurityimplications.Thiscourseincludestopicssuchassignalingtypes,applicationstores,managingmobiledevices,andemergingtrendsandsecurityandprivacyconcernswithsocialmedia.
19
ProficiencyLevel- Basic
Framework- OperateandMaintain- Investigate- SecurelyProvision
SpecialtyAreas:- CustomerServiceandTechnical
Support- DigitalForensics- InformationAssuranceCompliance
NetworkLayer1&2Troubleshooting 3HoursThiscoursereviewstroubleshootingmethodsusedinLayer1andLayer2oftheOSIModel.Thecoursecovershowtodetect,trace,identify,andfixnetworkconnectivityissuesatthePhysicalandDataLinklayersoftheOSIstack.ThebasicsofthePhysicalandDataLinklayerswillbecoveredalongwithareviewofthedevices,signaling,andcablingwhichoperateattheselayers.Studentswillbepresentedwithmethodsfortracingconnectivityissuesbacktothesourceandidentifyingmitigationsolutions.
ProficiencyLevel- Basic
Framework- OperateandMaintain
SpecialtyAreas:- CustomerServiceandTechnical
Support- NetworkServices- SystemAdministration
NetworkMonitoringwithOpenSourceTools 5HoursTheNetworkMonitoringwithOpenSourceToolscoursewasdesignedtogivethelearnerageneralawarenessofnetworksecurityandmonitoringconcepts.Discussionsanddemonstrationsfocusonnetworkthreats,andthecapabilitiesoftools.Aftercompletionofthecourse,studentsshouldbeabletodetectattacksusingnetworkmonitoringtools.
ProficiencyLevel- Advanced
Framework- ProtectandDefend- OperateandMaintain
SpecialtyAreas:- ComputerNetworkDefenseAnalysis- IncidentResponse- SystemsSecurityAnalysis
OffensiveandDefensiveNetworkOperations 13HoursThiscoursefocusesonfundamentalconceptsforoffensiveanddefensivenetworkoperations.ItcovershowoffensiveanddefensivecyberoperationsareconductedanddetailsU.S.governmentdoctrinefornetworkoperations.Topicsincludenetworkattackplanning,methodologies,andtacticsandtechniquesusedtoplanfor,detect,anddefendagainstnetworkattacks.
ProficiencyLevel- Basic
Framework- ProtectandDefend- CollectandOperate
SpecialtyAreas:- ComputerNetworkDefenseAnalysis- CyberOperations
20
PenetrationTesting 14HoursThePenetrationTestingcoursediscussesconcepts,tools,andtechniquesforconductingapenetrationtest.Thecourselaysthegroundworkwithfamiliarethicalhackingconcepts,movesintopenetrationtestingmethods,anddeterminesthemosteffectivepenetrationtoolforthedesiredgoal.
ProficiencyLevel- Advanced
Framework- ProtectandDefend- OperateandMaintain
SpecialtyAreas:- ComputerNetworkDefenseAnalysis- SystemsSecurityAnalysis- VulnerabilityAssessmentand
Management
RadioFrequencyIdentification(RFID)Security 1HourThiscoursewillcoversecuringradiofrequencyidentification(RFID).DifferentcomponentsofRFID,howitworks,applicationsinwhichitisbeingused,benefitsandweaknesses,andthecommunicationrangeoverwhichitworkswillbereviewed.StudentswilllearnspecificconcernswithRFID,recommendationsforRFID,andsecurityissuesthathavecometolight.ProficiencyLevel- Intermediate
Framework- OperateandMaintain- ProtectandDefend
SpecialtyAreas:- SystemsSecurityAnalysis- VulnerabilityAssessmentand
Management
RootCauseAnalysis 1HourThiscourseprovidesanexplanationofrootcauseanalysisforcybersecurityincidentsandanoverviewoftwodifferentrootcauseanalysismodels(andapproachesusedinthesemodels).Thecoursealsodescribeshowrootcauseanalysiscanbenefitotherincidentmanagementprocesses(response,prevention,anddetection),anddetailsgeneralrootcauseanalysistechniquesthatcanbeadoptedasmethodsforanalysisofcyberincidents.
ProficiencyLevel- Intermediate
Framework- SecurelyProvision
SpecialtyAreas:- SoftwareAssuranceandSecurity
Engineering
SecuringInfrastructureDevices 1HourThiscoursecoversphysicalsecurity,operatingsystemsecurity,managementtrafficsecurity,deviceservicehardening,securingmanagementservicesanddeviceaccessprivileges.
21
ProficiencyLevel- Intermediate
Framework- ProtectandDefend- OperateandMaintain- SecurelyProvision
SpecialtyAreas:- ComputerNetworkDefense
InfrastructureSupport- NetworkServices- SystemsSecurityArchitecture
SecuringtheNetworkPerimeter 1HourThiscoursecoversedgesecuritytrafficdesign,blockingdenialofservice/distributeddenialofservice(DoS/DDoS)traffic,specializedaccesscontrollists,routersandfirewalls,securingroutingprotocols,securingtrafficprioritizationandsecuringagainstsinglepointoffailure(SPOF).ProficiencyLevel- Intermediate
Framework- ProtectandDefend- OperateandMaintain
SpecialtyAreas:- ComputerNetworkDefenseAnalysis- IncidentResponse- NetworkServices
SecurityandDNS 1HourThiscoursediscussesnameresolutionprinciples,nameresolutionandsecurity,DNSsecuritystandards,securingzonetransferswithtransactionsignature(TSIG),andDNSSecurityExtension(DNSSEC)principles,implementationandresources.ProficiencyLevel- Advanced
Framework- OperateandMaintain
SpecialtyAreas:- NetworkServices- SystemAdministration
SILKTrafficAnalysis 7HoursThiscourseisdesignedforanalystsinvolvedindailyresponsetopotentialcybersecurityincidents,andwhohaveaccesstotheEinsteinenvironment.ThecoursebeginswithanoverviewofnetworkflowandhowtheSiLKtoolscollectandstoredata.ThenextsessionfocusesspecificallyontheEinsteinenvironment.ThebasicSiLKtoolsarecoverednext,givingtheanalysttheabilitytocreatesimpleanalysesofnetworkflow.AdvancedSiLKtoolsfollow,andcoverhowtocreateefficientandcomplexqueries.Thecourseculminateswithalabwherestudentsusetheirnewskillstoprofileanetwork.
ProficiencyLevel- Intermediate
Framework- ProtectandDefend- Analyze
SpecialtyAreas:- ComputerNetworkDefenseAnalysis- ExploitationAnalysis- VulnerabilityAssessmentandManagement
22
SoftwareAssuranceExecutiveCourse(SAE) 10HoursThiscourseisdesignedforexecutivesandmanagerswhowishtolearnmoreaboutsoftwareassuranceasitrelatestoacquisitionanddevelopment.Thepurposeofthiscourseistoexposeparticipantstoconceptsandresourcesavailablenowfortheirusetoaddresssoftwaresecurityassuranceacrosstheacquisitionanddevelopmentlifecycles.
ProficiencyLevel- Intermediate
Framework- SecurelyProvision
SpecialtyAreas:- SoftwareAssuranceandSecurity
Engineering- SystemsRequirementsPlanning- TechnologyResearchand
Development
StaticCodeAnalysisusingHPEFortify 2HoursThiscourseintroducesstudentstotheideaofintegratingstaticcodeanalysistoolsintothesoftwaredevelopmentprocessfrombothadeveloper’sandasecurityprofessional’sperspective.ThecoursedemonstrateshowHPEFortifyisusedtoidentifyandremoveCommonWeaknessEnumeration(CWE)fromapplicationsinwhichthesourcecodeisavailable.
ProficiencyLevel- Basic
Framework- SecurelyProvision
SpecialtyAreas:- InformationAssuranceCompliance- SoftwareAssuranceandSecurity
Engineering- SystemsDevelopment
StaticCodeAnalysisusingSynopsisCoverity 1.5HoursThiscourseintroducesstudentstotheideaofintegratingstaticcodeanalysistoolsintothesoftwaredevelopmentprocess.ThefocusisonhowdeveloperscanusetoolssuchasCoveritytoidentifyandremoveCommonWeaknessEnumeration(CWE)fromapplicationsinwhichthesourcecodeisavailable,priortodeployment.
ProficiencyLevel- Basic
Framework- SecurelyProvision
SpecialtyAreas:- InformationAssuranceCompliance- SoftwareAssuranceandSecurity
Engineering- SystemsDevelopment- TestandEvaluation
23
SupplyChainAssuranceusingSonatypeNexus 2.5HoursThiscourseintroducesstudentstotheideaofintegratingstaticcodeanalysistoolsintothesoftwaredevelopmentprocessfromboth,adeveloper’sandasecurityprofessional’sperspective.ThecoursedemonstrateshowtoolssuchasSonatypeNexuscanbeusedtoevaluatethesoftwaresupplychaininordertoidentifyandremovecomponentswithknownCommonVulnerabilitiesandExposures(CVE)fromapplicationsinwhichthesourcecodeisavailable.
ProficiencyLevel- Basic
Framework- SecurelyProvision
SpecialtyAreas:- InformationAssuranceCompliance- SoftwareAssuranceandSecurity
Engineering- SystemsDevelopment- SystemsRequirementsPlanning- SystemsSecurityArchitecture- TechnologyResearchand
Development- TestandEvaluation
WindowsOperatingSystemSecurity 16HoursThiscourseintroducesstudentstothesecurityaspectsofMicrosoftWindows.TheclassbeginswithanoverviewoftheMicrosoftWindowssecuritymodelandsomekeycomponentssuchasprocesses,drivers,theWindowsregistry,andWindowskernel.AnoverviewoftheusersandgrouppermissionstructureusedinWindowsispresentedalongwithasurveyoftheattackscommonlyseeninWindowsenvironments.Patching,networking,andthebuilt-insecurityfeaturesofWindowssuchasthefirewall,anti-malware,andBitLockerareallcoveredinlightdetail.
ProficiencyLevel- Intermediate
Framework- OperateandMaintain- ProtectandDefend
SpecialtyAreas:- SystemAdministration- SystemsSecurityAnalysis- VulnerabilityAssessmentand
Management
WirelessNetworkSecurity(WNS) 9HoursThepurposeoftheWi-FiCommunicationsandSecuritycourseistoteachthetechnologiesofthe802.11familyofwirelessnetworking,includingtheprinciplesofnetworkconnectivityandnetworksecurity.Thecourseisdesignedtoprovidearelevant,high-leveloverviewofmanyelementsthatarecriticalcomponentsinWi-Finetworkingandsecurity.
24
ProficiencyLevel- Intermediate
Framework- OperateandMaintain
SpecialtyAreas:- CustomerServiceandTechnical
Support- NetworkServices- SystemAdministration