IT Professional Training

CompTIA Security+

The CompTIA Security+ Certification is a vendor neutral credential. The CompTIA Security+ exam is an internationally recognised validation of foundation-level security skills and knowledge, and is used by organisations and security professionals around the globe.

0 STUDENTS ENROLLED

    The CompTIA Security+ certification exam will certify that the successful candidate has the knowledge and skills required to identify risk, to participate in risk mitigation activities, and to provide infrastructure, application, information, and operational security.

     

    Prerequisites:

    There are no prerequisites for this course. However, CompTIA Network+ certification and six months to two years of technical networking experience with an emphasis on security is ideal. It is not necessary that you pass the Network+ exam before completing Security+ certification, but it is recommended.

    Irrespective of whether you have passed Network+, it is recommended that you have the following skills and knowledge before commencing this course:

    • You should know the function and basic features of the components of a PC.
    • Use Windows to create and manage files and use basic administrative features (Explorer, Control Panel and Management Consoles).
    • Know basic network terminology and functions (such as OSI Model, Topology, Ethernet, TCP/IP, switches, routers).
    • Understand TCP/IP addressing, core protocols, and troubleshooting tools.

     

    CompTIA Certified Exam:

    Exam Name: CompTIA Security +

    Exam Code = SYO – 401

     

    Course Objectives:

    In this course, candidate will apply security controls to maintain confidentiality, integrity, and availability, identify appropriate technologies and products, troubleshoot security events and incidents, and operate with an awareness of applicable policies, laws, and regulations

    You will learn how to?

    Upon successful completion of this course, students will be able to have in depth knowledge of systems security, access control, network infrastructure, assessments and audits, cryptography and organizational security across all vendor products. These skills have become increasingly important, as additional safeguards such as intrusion detection systems, physical access control and multifactor authentication become standard methods of protection.

    • Identify network attack strategies and defences.
    • Understand the principles of organizational security and the elements of effective security policies.
    • Know the technologies and uses of cryptographic standards and products.
    • Identify network- and host-based security technologies and practices.
    • Describe how wireless and remote access security is enforced.
    • Describe the standards and products used to enforce security on web and communications technologies.
    • Identify strategies for ensuring business continuity, fault tolerance, and disaster recovery.

     

    Hands On experience and Labs

    Students are given real world scenarios to reinforce the material covered and will learn how to apply the concepts to their daily operations. Labs will be conducted on real Cisco equipment’s.

     

    Job Opportunities

    http://www.indeed.co.uk/IT-Security-Analyst-jobs-in-Edinburgh

    http://www.indeed.co.uk/Network-Security-jobs-in-Edinburgh

    http://www.totaljobs.com/JobSeeking/Security_Edinburgh_l2031_t1.html

    https://www.glassdoor.co.uk/Job/edinburgh-it-security-analyst-jobs-SRCH_IL.0,9_IC3312271_KO10,29.htm

    http://www.cwjobs.co.uk/JobSeeking/(Network%20Security)_Edinburgh_l2031_t1.html

     

    Target Audience:

    This course is designed for individuals who seek a foundation in computer security fundamentals and whose goal is to prepare for the SYO – 401 CompTIA Security+ exams.

    Our Courses & Training Classes Suit the following

    The IT training classes which we are currently offering are suitable for a wide range of candidates including:

    • School leavers
    • Adult returnees to education
    • Individuals who are in employment and wish to enhance their career prospects
    • Individuals who wish to start a new career in IT
    • Individuals who wants to get promotion at work
    • Individuals who wants to upgrade in their IT skills
    • Any Age group
    • Diversity

    Job Roles

    1. IT Security Administrator
    2. IT Security Support Engineer
    3. IT Support Technician
    4. IT/Support Technician
    5. Security Specialist
    6. Network security Specialist
    7. IT Security Analyst
    8. IT Security Manager
    9. IT Security Specialist
    10. IT Security Consultant
    11. Certified Information Systems Security Professional
    12. IT Security Engineer

     

    Teaching Staff:

    ITPT has a big team of experts and passionate professional instructors whose services in IT industry are splendid, they all are very well known to the IT vendors and also certified academy instructors of CompTIA, Cisco, Oracle, Microsoft, CEH, Security and SQA. They are also certified assessors, invigilators, markers and internal verifiers.

    ITPT teaching staff has years of experience in IT Training, We always strive to deliver a unique study experience to our students. ITPT work closely with the current and updated curriculum and customised courses which meets the objectives of students and professionals.

    Since we believe that member of staff are the key to delivering top-notch services, ITPT has put in place a strict recruitment process by which only the IT qualified and master-degree holders can be considered to work for ITPT.  All of our personnel hold a master degree in IT field and they are also accredited & recognised by different IT Vendors to congregate their requirements.

    We also ensure that our staff qualification is up to date so we have a policy of equipping our staff with the latest IT technology as soon as it comes out.

     

    What ITPT will be providing?

    • Course materials.
    • Lab based experience.
    • Access to ITPT Students Website Portal
    • Volunteer work experience (provided if offer by any of our IT Support Associates)
    • In house course completion certificate will be awarded on completion.
    • Work experience letter will be given on completion if attended.
    • One to one interaction with the instructor (for special required students)
    • Disabled candidates accommodations
    • CV building help.
    • Job hunting help is aligned with our courses

     

    Modes of Course Delivery & Attendance:

    ITPT is currently providing different method of learning opportunities to our clients. Many people are looking for learning diversity to enhance their qualifications, but they don’t have the time to take on full-time instructor led study or attending courses regularly at their appropriate venues.

    Online, distance and blended learning is a popular solution helping busy people study flexibly around their needs and requirements. We want to be the first choice for those potential online and distance learners so we are introducing variety of different study channels so the people can facilitate themselves accordingly.

     

    Modes of Course Delivery

     

         Modes of Attendance

    1.    Instructor Led learning
    1. Day Release
    2.    Blended learning
    1. Weekends
    3.    Distance Blended Learning
    1. Evening
    4.    One to One Training
    1. Full time
    5.    Onsite Training
    1. Part time

    Method of Provision/ Student Support:

    We have made available diverse and flexible learning methods to accommodate a wider variety of learners:

    • Support Available for Instructor led, blended & distance learning are:
    1. Direct telephone support with allocated mentor (during working hours)
    2. Email support
    3. ITPT Student Portal that can be accessed via ITPT Website
    4. Study Materials (Hard Copy)
    5. Online materials (Soft copy)
    6. Work shop
    7. Instructor Slides available on our students portal
    8. Expert Advice
    9. Group Project (Team Work)

     

    Our Courses & Training Classes Suit the following:

    Target Audiences:

     

    The IT training classes which we are currently offering are suitable for a wide range of candidates including:

    • School leavers
    • Adult returnees to education
    • Individuals who intend to leave school and further their career path in a college or equivalent
    • Individuals who are in employment and wish to enhance their career prospects
    • Individuals who wish to start a new career in IT
    • Individuals who wants to get promotion at work
    • Individuals who wants to upgrade in their IT skills
    • Individuals who intend to progress their career after the study of either the NQ in Computing, the NQ in Information Systems
    • Individuals who intend to progress their career after the study of the PDA into further study at HN level
    • Individuals who wish to study on a part-time (day or evening) or day-release mode

     

     

    1.1 Implement security configuration parameters on network devices and other technologies.

    • Firewalls
    • Routers
    • Switches
    • Load Balancers
    • Proxies
    • Web security gateways
    • VPN concentrators
    • NIDS and NIPS
    • Behaviour based
    • Signature based
    • Anomaly based
    • Heuristic
    • Protocol analysers
    • Spam filter
    • UTM security appliances
    • URL filter
    • Content inspection
    • Malware inspection
    • Web application firewall vs. network firewall
    • Application aware devices
    • Firewalls
    • IPS
    • IDS
    • Proxies

     

    1.2 Given a scenario, use secure network administration principles.

    • Rule-based management
    • Firewall rules
    • VLAN management
    • Secure router configuration
    • Access control lists
    • Port Security
    • 1x
    • Flood guards
    • Loop protection
    • Implicit deny
    • Network separation
    • Log analysis
    • Unified Threat Management

     

    1.3 Explain network design elements and components.

    • DMZ
    • Subnetting
    • VLAN
    • NAT
    • Remote Access
    • Telephony
    • EAP

    2.0 Compliance and Operational Security

    • Peap
    • Leap
    • Mac Filter
    • Disable SSID broadcast
    • TKIP
    • CCMP
    • Antenna Placement
    • Power level Controls
    • Captive Protocols
    • Antenna Types
    • Site Survey

    VPN (over open wireless)

    2.1 Explain the importance of risk related concepts.

    • Control types
    • Technical
    • Management
    • Operational
    • False positives
    • False negatives
    • Importance of policies in reducing risk
    • Privacy policy
    • Acceptable use
    • Security policy
    • Mandatory vacations
    • Job rotation
    • Separation of duties
    • Least privilege
    • Risk calculation
    • Likelihood
    • ALE
    • Impact
    • SLE
    • ARO
    • MTTR
    • MTTF
    • MTBF
    • Quantitative vs. qualitative
    • Vulnerabilities
    • Threat vectors
    • Probability / threat likelihood
    • Risk-avoidance, transference, acceptance, mitigation, deterrence
    • Risks associated with Cloud Computing and Virtualization
    • Recovery time objective and recovery point objective

     

    2.2 Summarize the security implications of integrating systems and data with third parties.

    • On-boarding/off-boarding business partners
    • Social media networks and/or applications
    • Interoperability agreements
    • SLA
    • BPA
    • MOU
    • ISA
    • Privacy considerations
    • Risk awareness
    • Unauthorized data sharing
    • Data ownership
    • Data backups
    • Follow security policy and procedures
    • Review agreement requirements to verify compliance and performance standards

     

    2.3 Given a scenario, implement appropriate risk mitigation strategies.

    • Change management
    • Incident management
    • User rights and permissions reviews
    • Perform routine audits
    • Enforce policies and procedures to prevent data loss or theft
    • Enforce technology controls
    • Data Loss Prevention (DLP)

     

    2.4 Given a scenario, implement basic forensic procedures.

    • Order of volatility
    • Capture system image
    • Network traffic and logs
    • Capture video
    • Record time offset
    • Take hashes
    • Screenshots
    • Witnesses
    • Track man hours and expense
    • Chain of custody
    • Big Data analysis

     

    2.5 Summarize common incident response procedures.

    • Preparation
    • Incident identification
    • Escalation and notification
    • Mitigation steps
    • Lessons learned
    • Reporting
    • Recovery/reconstitution procedures
    • First responder
    • Incident isolation
    • Quarantine
    • Device removal
    • Data breach
    • Damage and loss control

     

    2.6 Explain the importance of security related awareness and training.

    • Security policy training and procedures
    • Role-based training
    • Personally identifiable information
    • Information classification
    • High
    • Medium
    • Low
    • Confidential
    • Private
    • Public
    • Data labeling, handling and disposal
    • Compliance with laws, best practices and standards
    • User habits
    • Password behaviors
    • Data handling
    • Clean desk policies
    • Prevent tailgating
    • Personally owned devices
    • New threats and new security trends/alerts
    • New viruses
    • Phishing attacks
    • Zero-day exploits
    • Use of social networking and P2P
    • Follow up and gather training metrics to validate compliance and security posture

     

    2.7 Compare and contrast physical security and environmental controls.

    • Environmental controls
    • HVAC
    • Fire suppression
    • EMI shielding
    • Hot and cold aisles
    • Environmental monitoring
    • Temperature and humidity controls
    • Physical security
    • Hardware locks
    • Mantraps
    • Video Surveillance
    • Fencing
    • Proximity readers
    • Access list
    • Proper lighting
    • Signs
    • Guards
    • Barricades
    • Biometrics
    • Protected distribution (cabling)
    • Alarms
    • Motion detection
    • Control types
    • Deterrent
    • Preventive
    • Detective
    • Compensating
    • Technical
    • Administrative

    2.8 Summarize risk management best practices.

    • Business continuity concepts
    • Business impact analysis
    • Identification of critical systems and components
    • Removing single points of failure
    • Business continuity planning and testing
    • Risk assessment
    • Continuity of operations
    • Disaster recovery
    • IT contingency planning
    • Succession planning
    • High availability
    • Redundancy
    • Tabletop exercises
    • Fault tolerance
    • Hardware
    • RAID
    • Clustering
    • Load balancing
    • Servers
    • Disaster recovery concepts
    • Backup plans/policies
    • Backup execution/frequency
    • Cold site
    • Hot site
    • Warm site

    2.9 Given a scenario, select the appropriate control to meet the goals of security.

    • Confidentiality
    • Encryption
    • Access controls
    • Steganography
    • Integrity
    • Hashing
    • Digital signatures
    • Certificates
    • Non-repudiation
    • Availability
    • Redundancy
    • Fault tolerance
    • Patching
    • Safety
    • Fencing
    • Lighting
    • Locks
    • CCTV
    • Escape plans
    • Drills
    • Escape routes
    • Testing controls

     

    3.0 Threats and Vulnerabilities

     

    Explain types of malware.

    • Adware
    • Virus
    • Spyware
    • Trojan
    • Rootkits
    • Backdoors
    • Logic bomb
    • Botnets
    • Ransomware
    • Polymorphic malware
    • Armored virus

     

    Summarize various types of attacks.

    • Man-in-the-middle
    • DDoS
    • DoS
    • Replay
    • Smurf attack
    • Spoofing
    • Spam
    • Phishing
    • Spim
    • Vishing
    • Spear phishing
    • Xmas attack
    • Pharming
    • Privilege escalation
    • Malicious insider threat
    • DNS poisoning and ARP poisoning
    • Transitive access
    • Client-side attacks
    • Password attacks
    • Brute force
    • Dictionary attacks
    • Hybrid
    • Birthday attacks
    • Rainbow tables
    • Typo squatting/URL hijacking
    • Watering hole attack

     

    Summarize social engineering attacks and the associated effectiveness with each attack.

    • Shoulder surfing
    • Dumpster diving
    • Tailgating
    • Impersonation
    • Hoaxes
    • Whaling
    • Vishing
    • Principles (reasons for effectiveness)
    • Authority
    • Intimidation
    • Consensus/Social proof
    • Scarcity
    • Urgency
    • Familiarity/liking
    • Trust

     

    3.4 Explain types of wireless attacks.

    • Rogue access points
    • Jamming/Interference
    • Evil twin
    • War driving
    • Bluejacking
    • Bluesnarfing
    • War chalking
    • IV attack
    • Packet sniffing
    • Near field communication
    • Replay attacks
    • WEP/WPA attacks
    • WPS attacks

     

    3.5 Explain types of application attacks.

    • Cross-site scripting
    • SQL injection
    • LDAP injection
    • XML injection
    • Directory traversal/command injection
    • Buffer overflow
    • Integer overflow
    • Zero-day
    • Cookies and attachments
    • LSO (Locally Shared Objects)
    • Flash Cookies
    • Malicious add-ons
    • Session hijacking
    • Header manipulation
    • Arbitrary code execution / remote code execution

     

    3.6 Analyze a scenario and select the appropriate type of mitigation and deterrent techniques.

    • Monitoring system logs
    • Event logs
    • Audit logs
    • Security logs
    • Access logs
    • Hardening
    • Disabling unnecessary services
    • Protecting management interfaces and applications
    • Password protection
    • Disabling unnecessary accounts
    • Network security
    • MAC limiting and filtering
    • 1x
    • Disabling unused interfaces and unused application service ports
    • Rogue machine detection
    • Security posture
    • Initial baseline configuration
    • Continuous security monitoring
    • Remediation
    • Reporting
    • Alarms
    • Alerts
    • Trends
    • Detection controls vs. prevention controls
    • IDS vs. IPS
    • Camera vs. guard

     

    3.7 Given a scenario, use appropriate tools and techniques to discover security threats and vulnerabilities.

    • Interpret results of security assessment tools
    • Tools
    • Protocol analyzer
    • Vulnerability scanner
    • Honeypots
    • Honeynets
    • Port scanner
    • Passive vs. active tools
    • Banner grabbing
    • Risk calculations
    • Threat vs. likelihood
    • Assessment types
    • Risk
    • Threat
    • Vulnerability
    • Assessment technique
    • Baseline reporting
    • Code review
    • Determine attack surface
    • Review architecture
    • Review designs

     

    3.8 Explain the proper use of penetration testing versus vulnerability scanning.

    • Penetration testing
    • Verify a threat exists
    • Bypass security controls
    • Actively test security controls
    • Exploiting vulnerabilities
    • Vulnerability scanning
    • Passively testing security controls
    • Identify vulnerability
    • Identify lack of security controls
    • Identify common misconfigurations
    • Intrusive vs. non-intrusive
    • Credentialed vs. non-credentialed
    • False positive
    • Black box
    • White box
    • Gray box

    4.0 Application, Data and Host Security

     

    Explain the importance of application security controls and techniques.

    • Fuzzing
    • Secure coding concepts
    • Error and exception handling
    • Input validation
    • Cross-site scripting prevention
    • Cross-site Request Forgery (XSRF) prevention
    • Application configuration baseline (proper settings)
    • Application hardening
    • Application patch management
    • NoSQL databases vs. SQL databases
    • Server-side vs. Client-side validation

     

    Summarize mobile security concepts and technologies.

    • Device security
    • Full device encryption
    • Remote wiping
    • Lockout
    • Screen-locks
    • GPS
    • Application control
    • Storage segmentation
    • Asset tracking
    • Inventory control
    • Mobile device management
    • Device access control
    • Removable storage
    • Disabling unused features
    • Application security
    • Key management
    • Credential management
    • Authentication
    • Geo-tagging
    • Encryption
    • Application whitelisting
    • Transitive trust/authentication
    • BYOD concerns
    • Data ownership
    • Support ownership
    • Patch management
    • Antivirus management
    • Forensics
    • Privacy
    • On-boarding/off-boarding
    • Adherence to corporate policies
    • User acceptance
    • Architecture/infrastructure considerations
    • Legal concerns
    • Acceptable use policy
    • On-board camera/video

    . 4.3 Given a scenario, select the appropriate solution to establish host security.

    • Operating system security and settings
    • OS hardening
    • Anti-malware
    • Antivirus
    • Anti-spam
    • Anti-spyware
    • Pop-up blockers
    • Patch management
    • White listing vs. black listing applications
    • Trusted OS
    • Host-based firewalls
    • Host-based intrusion detection
    • Hardware security
    • Cable locks
    • Safe
    • Locking cabinets
    • Host software baselining
    • Virtualization
    • Snapshots
    • Patch compatibility
    • Host availability/elasticity
    • Security control testing
    • Sandboxing

    4.4 Implement the appropriate controls to ensure data security.

    • Cloud storage
    • SAN
    • Handling Big Data
    • Data encryption
    • Full disk
    • Database
    • Individual files
    • Removable media
    • Mobile devices
    • Hardware based encryption devices
    • TPM
    • HSM
    • USB encryption
    • Hard drive
    • Data in-transit, Data at-rest, Data in-use
    • Permissions/ACL
    • Data policies
    • Wiping
    • Disposing
    • Retention
    • Storage

     

    4.5 Compare and contrast alternative methods to mitigate security risks in static environments.

    • Environments
    • SCADA
    • Embedded (Printer, Smart TV, HVAC control)
    • Android
    • iOS
    • Mainframe
    • Game consoles
    • In-vehicle computing systems
    • Methods
    • Network segmentation
    • Security layers
    • Application firewalls
    • Manual updates
    • Firmware version control
    • Wrappers
    • Control redundancy and diversity

     

    5.0 Access Control and Identity Management

    5.1 Compare and contrast the function and purpose of authentication services.

    • RADIUS
    • TACACS+
    • Kerberos
    • LDAP
    • XTACACS
    • SAML
    • Secure LDAP

     

    5.2 Given a scenario, select the appropriate authentication, authorization or access control.

    • Identification vs. authentication vs. authorization
    • Authorization
    • Least privilege
    • Separation of duties
    • ACLs
    • Mandatory access
    • Discretionary access
    • Rule-based access control
    • Role-based access control
    • Time of day restrictions
    • Authentication
    • Tokens
    • Common access card
    • Smart card
    • Multifactor authentication
    • TOTP
    • HOTP
    • CHAP
    • PAP
    • Single sign-on
    • Access control
    • Implicit deny
    • Trusted OS
    • Authentication factors
    • Something you are
    • Something you have
    • Something you know
    • Somewhere you are
    • Something you do
    • Identification
    • Biometrics
    • Personal identification verification card
    • Username
    • Federation
    • Transitive trust/authentication

     

    5.3 Install and configure security controls when performing account management, based on best practices.

    • Mitigate issues associated with users with multiple account/roles and/or shared accounts
    • Account policy enforcement
    • Credential management
    • Group policy
    • Password complexity
    • Expiration
    • Recovery
    • Disablement
    • Lockout
    • Password history
    • Password reuse
    • Password length
    • Generic account prohibition
    • Group based privileges
    • User assigned privileges
    • User access reviews
    • Continuous monitoring

     

    6.0 Cryptography

    6.1 Given a scenario, utilize general cryptography concepts.

    • Symmetric vs. asymmetric
    • Session keys
    • In-band vs. out-of-band key exchange
    • Fundamental differences and encryption methods
    • Block vs. stream
    • Transport encryption
    • Non-repudiation
    • Hashing
    • Key escrow
    • Steganography
    • Digital signatures
    • Use of proven technologies
    • Elliptic curve and quantum cryptography
    • Ephemeral key
    • Perfect forward secrecy

     

    6.2 Given a scenario, use appropriate cryptographic methods.

    • WEP vs. WPA/WPA2 and preshared key
    • MD5
    • SHA
    • RIPEMD
    • AES
    • DES
    • 3DES
    • HMAC
    • RSA
    • Diffie-Hellman
    • RC4
    • One-time pads
    • NTLM
    • NTLMv2
    • Blowfish
    • PGP/GPG
    • TwoFish
    • DHE
    • ECDHE
    • CHAP
    • PAP
    • Comparative strengths and performance of algorithms
    • Use of algorithms/protocols with transport encryption
    • SSL
    • TLS
    • IPSec
    • SSH
    • HTTPS
    • Cipher suites
    • Strong vs. weak ciphers
    • Key stretching
    • PBKDF2
    • Bcrypt

     

    6.3 Given a scenario, use appropriate PKI, certificate management and associated components.

    • Certificate authorities and digital certificates
    • CA
    • CRLs
    • OCSP
    • CSR
    • PKI
    • Recovery agent
    • Public key
    • Private key
    • Registration
    • Key escrow
    • Trust models

    Funding Available:

    This course is FREE (SAAS part-time funding) to anyone who is on benefits or earning £25,000 or less, given that they have not used SAAS/ILA funding towards any other course/training in the last 12 months.

    Those in receipt of following benefits are automatically eligible:

    • Jobseekers allowance
    • Income support
    • Incapacity Benefit/Employment Support Allowance
    • Child Tax Credit (minimum rate)
    • Pension Credit

    Apply for course funding 

    Our Courses are fully funded by SAAS: Student Awards Agency for Scotland

    Please visit the SAAS website www.saas.gov.uk to see your eligibility.

    Download: SAAS Part Time Funding Guide, Part Time Forms

    Read: Part Time Students Eligibility Criteria, Disabled students’ allowance (DSA)


    For Students who don’t qualify for the above fundings:

    How much this course will cost?

    If for any reason you do not qualify for SAAS funding our fees are as follows for students living  in UK or the European Union:

    Security+

    2016-17

    Vender Neutral (can be paid in instalments)  £400+ VAT
    SQA Accredited (PDA) (can be paid in instalments)  £400

     Fees are payable in advance at the start of course unless otherwise agreed.

    We also provide flexible fee instalments to help students in paying their fee.

    There are a number of other funding opportunities available to UK and EU students to help them to pay for their studies. Contact the college for more details.

     

    Course Reviews

    No Reviews found for this course.

    COPYRIGHT © 15-17 IT PROFESSIONAL TRAINING LTD REGISTERED IN SCOTLAND UNDER REGISTRATION NUMBER SC423952. VAT REGISTRATION NO 137653694.