CompTIA

BTM440: Information Systems Risks, Security and Audit

(CCR-BTM440.AI1.E1)
Lessons
Lab
TestPrep
Get A Free Trial

Skills You’ll Get

Download Course Outline

1

Introduction

2

Security fundamentals

  • Module A: Security concepts
  • Module B: Enterprise security strategy
  • Module C: Security program components
  • Summary
3

Risk management

  • Module A: Understanding threats
  • Module B: Risk management programs
  • Module C: Security assessments
  • Summary
4

Cryptography

  • Module A: Cryptography concepts
  • Module B: Public key infrastructure
  • Summary
5

Network connectivity

  • Module A: Network attacks
  • Module B: Packet flow
  • Summary
6

Network security technologies

  • Module A: Network security components
  • Module B: Monitoring tools
  • Summary
7

Secure network configuration

  • Module A: Secure network protocols
  • Module B: Hardening networks
  • Summary
8

Access control

  • Module A: Access control principles
  • Module B: Account management
  • Summary
9

Secrets of a Successful Auditor

  • Understanding the Demand for IS Audits
  • Understanding Policies, Standards, Guidelines, and Procedures
  • Understanding Professional Ethics
  • Understanding the Purpose of an Audit
  • Differentiating Between Auditor and Auditee Roles
  • Implementing Audit Standards
  • Auditor Is an Executive Position
  • Understanding the Corporate Organizational Structure
  • Summary
  • Exam Essentials
  • Review Questions
10

Managing IT Governance

  • Strategy Planning for Organizational Control
  • Overview of Tactical Management
  • Planning and Performance
  • Overview of Business Process Reengineering
  • Operations Management
  • Summary
  • Exam Essentials
  • Review Questions
11

Audit Process

  • Understanding the Audit Program
  • Establishing and Approving an Audit Charter
  • Preplanning Specific Audits
  • Performing an Audit Risk Assessment
  • Determining Whether an Audit Is Possible
  • Performing the Audit
  • Gathering Audit Evidence
  • Conducting Audit Evidence Testing
  • Report Findings
  • Conducting Follow-Up (Closing Meeting)
  • Summary
  • Exam Essentials
  • Review Questions
12

Networking Technology Basics

  • Understanding the Differences in Computer Architecture
  • Selecting the Best System
  • Introducing the Open Systems Interconnect Model
  • Understanding Physical Network Design
  • Understanding Network Topologies
  • Differentiating Network Cable Types
  • Connecting Network Devices
  • Using Network Services
  • Expanding the Network
  • Using Software as a Service (SaaS)
  • Managing Your Network
  • Summary
  • Exam Essentials
  • Review Questions
13

Protecting Information Assets

  • Understanding the Threat
  • Using Technical Protection
  • Summary
  • Exam Essentials
  • Review Questions
14

Business Continuity and Disaster Recovery

  • Debunking the Myths
  • Understanding the Five Conflicting Disciplines Called Business Continuity
  • Defining Disaster Recovery
  • Defining the Purpose of Business Continuity
  • Uniting Other Plans with Business Continuity
  • Understanding the Five Phases of a Business Continuity Program
  • Understanding the Auditor Interests in BC/DR Plans
  • Summary
  • Exam Essentials
  • Review Questions

1

Introduction

  • Security+ sandbox
2

Risk management

  • Using Reconnaissance Tools
  • Gathering Site Information
  • Performing Session Hijacking Using Burp Suite
  • Footprinting a Website
  • Cracking a Linux Password Using John the Ripper
  • Using the hping Program
  • Using the theHarvester Tool to Gather Information about a Victim
  • Conducting Vulnerability Scanning Using Nessus
3

Cryptography

  • Observing an MD5-Generated Hash Value
  • Observing an SHA-Generated Hash Value
  • Examining Asymmetric Encryption
  • Performing Symmetric Encryption
  • Hiding Text Using Steganography
  • Examining PKI Certificates
4

Network connectivity

  • Simulating a DoS Attack
  • Using Rainbow Tables to Crack Passwords
  • Performing ARP Spoofing
  • Defending against IP Spoofing
  • Simulating an Eavesdropping Attack
  • Cracking Passwords
  • Using Windows Firewall
  • Configuring the Network-based Firewall
  • Configuring a BPDU Guard on a Switch Port
  • Implementing Port Security
  • Configuring a Standard ACL
  • Configuring Network Address Translation
5

Network security technologies

  • Setting up a Honeypot on Kali Linux
  • Examining File Manipulation Commands
  • Making Syslog Entries Readable
  • Capturing the TCP Header with Wireshark
  • Using Event Viewer
  • Viewing Linux event logs
6

Secure network configuration

  • Setting Up a VPN Server with Windows Server 2016
  • Creating PGP Certification
  • Securing a Wi-Fi Hotspot
  • Performing a Scan in Zenmap
  • Configuring VLANs
7

Access control

  • Creating Active Directory Groups
  • Delegating Control in Active Directory
  • Creating a Domain User
  • Enforcing Password Policies

Related Courses

All Courses