Cybersecurity and Network Defense

Introduction

Understanding Cybersecurity Policy and Governance

• Information Security vs. Cybersecurity Policies
• Looking at Policy Through the Ages
• Cybersecurity Policy
• Cybersecurity Policy Life Cycle
• Summary

Cybersecurity Policy Organization, Format, and Styles

• Policy Hierarchy
• Writing Style and Technique
• Policy Format
• Summary

Cybersecurity Framework

• Confidentiality, Integrity, and Availability
• NIST's Cybersecurity Framework
• Summary

Governance and Risk Management

• Understanding Cybersecurity Policies
• Cybersecurity Risk
• Summary

Asset Management and Data Loss Prevention

• Information Assets and Systems
• Information Classification
• Labeling and Handling Standards
• Information Systems Inventory
• Understanding Data Loss Prevention Technologies
• Summary

Human Resources Security

• The Employee Life Cycle
• The Importance of Employee Agreements
• The Importance of Security Education and Training
• Summary

Physical and Environmental Security

• Understanding the Secure Facility Layered Defense Model
• Protecting Equipment
• Summary

Communications and Operations Security

• Standard Operating Procedures
• Operational Change Control
• Malware Protection
• Data Replication
• Secure Messaging
• Activity Monitoring and Log Analysis
• Service Provider Oversight
• Threat Intelligence and Information Sharing
• Summary

Access Control Management

• Access Control Fundamentals
• Infrastructure Access Controls
• User Access Controls
• Summary

Information Systems Acquisition, Development, and Maintenance

• System Security Requirements
• Secure Code
• Cryptography
• Summary

Cybersecurity Incident Response

• Incident Response
• What Happened? Investigation and Evidence Handling
• Data Breach Notification Requirements
• Summary

Business Continuity Management

• Emergency Preparedness
• Business Continuity Risk Management
• The Business Continuity Plan
• Plan Testing and Maintenance
• Summary

Regulatory Compliance for Financial Institutions

• The Gramm-Leach-Bliley Act
• New York's Department of Financial Services Cybersecurity Regulation (23 NYCRR Part 500)
• What Is a Regulatory Examination?
• Personal and Corporate Identity Theft
• Summary

Regulatory Compliance for the Health-Care Sector

• The HIPAA Security Rule
• The HITECH Act and the Omnibus Rule
• Understanding the HIPAA Compliance Enforcement Process
• Summary

PCI Compliance for Merchants

• Protecting Cardholder Data
• PCI Compliance
• Summary

NIST Cybersecurity Framework

• Introducing the NIST Cybersecurity Framework Components
• The Framework Core
• Framework Implementation Tiers ("Tiers")
• NIST's Recommended Steps to Establish or Improve a Cybersecurity Program
• NIST's Cybersecurity Framework Reference Tool
• Adopting the NIST Cybersecurity Framework in Real Life
• Summary

Appendix A: Cybersecurity Program Resources

Introduction to Network Security

• Introduction
• The Basics of a Network
• Basic Network Utilities
• The OSI Model
• What Does This Mean for Security?
• Assessing Likely Threats to the Network
• Classifications of Threats
• Likely Attacks
• Threat Assessment
• Understanding Security Terminology
• Choosing a Network Security Approach
• Network Security and the Law
• Using Security Resources
• Summary
• Test Your Skills

Types of Attacks

• Introduction
• Understanding Denial of Service Attacks
• Defending Against Buffer Overflow Attacks
• Defending Against IP Spoofing
• Defending Against Session Hijacking
• Blocking Virus and Trojan Horse Attacks
• Summary
• Test Your Skills

Fundamentals of Firewalls

• Introduction
• What Is a Firewall?
• Implementing Firewalls
• Selecting and Using a Firewall
• Using Proxy Servers
• Summary
• Test Your Skills

Firewall Practical Applications

• Introduction
• Using Single Machine Firewalls
• Windows 10 Firewall
• User Account Control
• Linux Firewalls
• Using Small Office/Home Office Firewalls
• Using Medium-Sized Network Firewalls
• Using Enterprise Firewalls
• Summary
• Test Your Skills

Intrusion-Detection Systems

• Introduction
• Understanding IDS Concepts
• IDS Components and Processes
• Understanding and Implementing IDSs
• Understanding and Implementing Honeypots
• Summary
• Test Your Skills

Encryption Fundamentals

• Introduction
• The History of Encryption
• Learning About Modern Encryption Methods
• Identifying Good Encryption
• Understanding Digital Signatures and Certificates
• Understanding and Using Decryption
• Cracking Passwords
• Steganography
• Steganalysis
• Quantum Computing and Quantum Cryptography
• Summary
• Test Your Skills

Virtual Private Networks

• Introduction
• Basic VPN Technology
• Using VPN Protocols for VPN Encryption
• IPSec
• SSL/TLS
• Implementing VPN Solutions
• Summary
• Test Your Skills

Operating System Hardening

• Introduction
• Configuring Windows Properly
• Configuring Linux Properly
• Patching the Operating System
• Configuring Browsers
• Summary
• Test Your Skills

Defending Against Virus Attacks

• Introduction
• Understanding Virus Attacks
• Virus Scanners
• Antivirus Policies and Procedures
• Additional Methods for Defending Your System
• What to Do If Your System Is Infected by a Virus
• Summary
• Test Your Skills

Defending against Trojan Horses, Spyware, and Adware

• Introduction
• Trojan Horses
• Spyware and Adware
• Summary
• Test Your Skills

Security Policies

• Introduction
• Defining User Policies
• Defining System Administration Policies
• Defining Access Control
• Defining Developmental Policies
• Summary
• Test Your Skills
• Projects

Assessing System Security

• Introduction
• Risk Assessment Concepts
• Evaluating the Security Risk
• Conducting the Initial Assessment
• Probing the Network
• Vulnerabilities
• McCumber Cube
• Security Documentation
• Summary
• Test Your Skills

Security Standards

• Introduction
• COBIT
• ISO Standards
• NIST Standards
• U.S. DoD Standards
• Using the Orange Book
• Using the Rainbow Series
• Using the Common Criteria
• Using Security Models
• U.S. Federal Regulations, Guidelines, and Standards
• Summary
• Test Your Skills

Physical Security and Disaster Recovery

• Introduction
• Physical Security
• Disaster Recovery
• Ensuring Fault Tolerance
• Summary
• Test Your Skills

Techniques Used by Attackers

• Introduction
• Preparing to Hack
• The Attack Phase
• Wi-Fi Hacking
• Summary
• Test Your Skills

Introduction to Forensics

• Introduction
• General Forensics Guidelines
• FBI Forensics Guidelines
• Finding Evidence on the PC
• Gathering Evidence from a Cell Phone
• Forensic Tools to Use
• Forensic Science
• To Certify or Not to Certify?
• Summary
• Test Your Skills

Cyber Terrorism

• Introduction
• Defending Against Computer-Based Espionage
• Defending Against Computer-Based Terrorism
• Choosing Defense Strategies
• Summary
• Test Your Skills