As attackers have learned to evade traditional signature-based solutions such as firewalls, an analytics based approach within the IT security industry is increasingly important for most organizations. The behavioral analytics skills covered by CySA+ identify and combat malware, and advanced persistent threats (APTs), resulting in enhanced threat visibility across a broad attack surface. CompTIA CySA+ is for IT professionals looking to gain the following analyst skills:
- Configure and use threat detection tools
- Perform data analysis
- Interpret the results to identify vulnerabilities, threats and risks to an organization
In this 5-day course, participants use their knowledge and skills required to configure and use threat detection tools, perform data analysis and interpret the results to identify vulnerabilities, threats and risks to an organization, with the end goal of securing and protecting applications and systems within an organization.
Course Outline
Lesson 1: Explaining the Importance of Security Controls and Security Intelligence
- Identify Security Control Types
- Explain the Importance of Threat Data and Intelligence
Lesson 2: Utilizing Threat Data and Intelligence
- Classify Threats and Threat Actor Types
- Utilize Attack Frameworks and Indicator Management
- Utilize Threat Modeling and Hunting Methodologies
Lesson 3: Analyzing Security Monitoring Data
- Analyze Network Monitoring Output
- Analyze Appliance Monitoring Output
- Analyze Endpoint Monitoring Output
- Analyze Email Monitoring Output
Lesson 4: Collecting and Querying Security Monitoring Data
- Configure Log Review and SIEM Tools
- Analyze and Query Logs and SIEM Data
Lesson 5: Utilizing Digital Forensics and Indicator Analysis Techniques
- Identify Digital Forensics Techniques
- Analyze Network-related IoCs
- Analyze Host-related IoCs
- Analyze Application-Related IoCs
- Analyze Lateral Movement and Pivot IoCs
Lesson 6: Applying Incident Response Procedures
- Explain Incident Response Processes
- Apply Detection and Containment Processes
- Apply Eradication, Recovery, and Post-Incident Processes
Lesson 7: Applying Risk Mitigation and Security Frameworks
- Apply Risk Identification, Calculation, and Prioritization Processes
- Explain Frameworks, Policies, and Procedures
Lesson 8: Performing Vulnerability Management
- Analyze Output from Enumeration Tools
- Configure Infrastructure Vulnerability Scanners
- Mitigate Vulnerability Issues
Lesson 9: Applying Security Solutions for Infrastructure Management
- Apply identity and Access Management Security Solutions
- Apply Network Architecture and Segmentation Security Solutions
- Apply Network Architecture and Segmentation Security Solutions
- Explain Hardware Assurance Best Practices
- Explain Vulnerabilities Associated with Specialized Technologies
Lesson 10: Understanding Data Privacy and Protection
- Identify Non-Technical Data and Privacy Controls
- Identify Technical Data and Privacy Controls
Lesson 11: Applying Security Solutions for Software Assurance
- Mitigate Software Vulnerabilities and Attacks
- Mitigate Web Application Vulnerabilities and Attacks
- Analyze Output from Application Assessments
Lesson 12: Applying Security Solutions for Cloud and Automation
- Identify Cloud Service and Deployment Model Vulnerabilities
- Explain Service-Oriented Architecture
- Analyze Output from Cloud Infrastructure Assessment Tools
- Compare Automation Concepts and Technologies