CMGT430v9: Enterprise Security

Cryptographic Tools and Techniques, and Security Solutions

• The History of Cryptography
• Cryptographic Services
• Symmetric Encryption
• Asymmetric Encryption
• Hybrid Encryption
• Hashing
• Digital Signatures
• Public Key Infrastructure
• Implementation of Cryptographic Solutions
• Cryptographic Attacks
• Advanced Network Design
• TCP/IP
• Secure Communication Solutions
• Secure Facility Solutions
• Secure Network Infrastructure Design

Host Security and Securing Virtualized, Distributed, and Shared Computing

• Enterprise Security
• Cloud Computing
• Virtualization
• Virtual LANs
• Virtual Networking and Security Components
• Enterprise Storage
• Firewalls and Network Access Control
• Host-Based Firewalls
• Persistent Agent
• Non-Persistent Agent
• Agent-Based Technology
• Agentless-Based Technology
• Trusted Operating Systems
• Endpoint Security Solutions
• Anti-Malware
• Host Hardening
• Asset Management
• Data Exfiltration
• Intrusion Detection and Prevention
• Network Management, Monitoring, and Security Tools

Application Security, Penetration Testing and Risk Management

• Application Security Design Considerations
• Specific Application Issues
• Application Sandboxing
• Application Security Frameworks
• Software Assurance
• Development Approaches
• Secure Coding Standards
• Documentation
• Validation and Acceptance Testing
• Application Exploits
• Privilege Escalation
• Improper Storage of Sensitive Data
• Secure Cookie Storage and Transmission
• Context-Aware Management
• Malware Sandboxing
• Pivoting
• Open-Source Intelligence
• Memory Dumping
• Client-Side Processing vs. Server-Side Processing
• Security Assessments and Penetration Testing
• Red, Blue, and White Teaming
• Vulnerability Assessment Areas
• Security Assessment and Penetration Test Tools
• Risk Terminology
• Identifying Vulnerabilities
• Operational Risks
• The Risk Assessment Process
• Best Practices for Risk Assessments
• Summary

Policies, Procedures, and Incident Response, Security Research and Analysis

• A High-Level View of Documentation
• Business Documents Used to Support Security
• Documents and Controls Used for Sensitive Information
• Training and Awareness for Users
• Auditing Requirements and Frequency
• The Incident Response Framework
• Incident and Emergency Response
• Applying Research Methods to Determine Industry Trends and Their Impact on the Enterprise
• Analyze Scenarios to Secure the Enterprise

Enterprise Security Integration and Security Controls for Communication and Collaboration

• Integrate Enterprise Disciplines to Achieve Secure Solutions
• Integrate Hosts, Storage, Networks, and Applications into a Secure Enterprise Architecture
• Integrate Mobility Management
• Selecting the Appropriate Control to Secure Communications and Collaboration Solutions
• Integrate Advanced Authentication and Authorization Technologies to Support Enterprise Objectives
• Implement Security Activities across the Technology Life Cycle
• Physical Security Tools for Security Assessment

Appendix: 3D Avatar-based Simulation