Aim of the course:

This course covers the knowledge and skills needed to successfully handle the tasks, duties, and responsibilities of an associate-level Cybersecurity Analyst working in a Security Operations Center (SOC). After successful completion of this course, the student will receive a digital badge. This course prepares students for the (Cisco Certified CyberOps Associate) 200-201 CBROPS Certification exam.

Target group:

The CyberOps Associate course is designed for those who are seeking career oriented, entry-level security analyst skills. Target students include individuals enrolled in technology degree programs at institutions of higher education and IT professionals who want to pursue a career in the Security Operation Center (SOC). Learners in this course are exposed to all of the foundational knowledge required to detect, analyze, and escalate basic cybersecurity threats using common open-source tools.

Prerequisites:

Kursus toimub inglise keeles

Topics:

Course Outline
Modules Objectives
1 The danger
Explain why networks and data are attacked.
2 Fighters in the War Against Cybercrime
Explain how to prepare for a career in cybersecurity operations.
3 The Windows Operating System
Explain the security features of the Windows operating system.
4 Linux Overview
Implement basic Linux security.
5 Network Protocols
Explain how protocols enable network operations.
6 Ethernet and Internet Protocol (IP)
Explain how the Ethernet and IP protocols support network Communications.
7 Principles of Network Security
Connectivity Verification
8 Address Resolution Protocol Connectivity Verification
Analyze address resolution protocol PDUs on a network.
9 The Transport Layer
Explain how transport layer protocols support network functionality.
10 Network Services
Explain how network services enable network functionality.
11 Network Communication Devices
Explain how network devices enable wired and wireless network communication.
12 Network Security Infrastructure
Explain how network devices and services are used to enhance network security.
13 Attackers and Their Tools
Explain how networks are attacked.
14 Common Threats and Attacks
Explain the various types of threats and attacks.
15 Observing Network Operation
Explain network traffic monitoring.
16 Attacking the Foundation
Explain how TCP/IP vulnerabilities enable network attacks.
17 Attacking What We Do
Explain how common network applications and services are vulnerable to attack.
18 Understanding Defense
Explain approaches to network security defense.
19 Access Control
Explain access control as a method of protecting a network.
20 Threat Intelligence Use various intelligence sources to locate current security threats.
21 Public Key Cryptography
Explain how the public key infrastructure supports network security.
22 Endpoint Protection
Explain how a malware analysis website generates a malware analysis report.
23 Endpoint Vulnerability Assessment
Explain how endpoint vulnerabilities are assessed and managed.
24 Technologies and Protocols
Explain how security technologies affect security monitoring.
25 Network Security Data
Explain the types of network security data used in security monitoring.
26 Evaluating Alerts
Explain the process of evaluating alerts. Identify the structure of alerts.
27 Working with Network Security Data
Interpret data to determine the source of an alert. Use security Onion tools to investigate network security events
28 Digital Forensics and Incident Analysis and Response
Explain how to responds to cybersecurity Incidents. Identify steps in Cyber Kill Chain.
Classify an intrusion event used Diamond model. Apply NIST 800-61r2 incident handling procedures.

Study results:

Explain the role of the Cybersecurity Operations Analyst in the enterprise.
Classify the various types of network attacks.
Use network monitoring tools to identify attacks against network protocols and services.
Explain the impacts of cryptography on network security monitoring.
Explain how to investigate endpoint vulnerabilities and attacks.
Evaluate network security alerts.
Analyze network intrusion data to identify compromised hosts and vulnerabilities.
Apply incident response models to manage network security incidents.

Assessment criteria:

51% from Final Test

Graduation document:

TalTech certificate

Language:

English

Lecturer:

Registration deadline:

07.09.2021 23:59

Comment:

Juhul, kui ilmneb koroonaviiruse vm sarnase olukorra mõju koolitusteenuste osutamisele, on TalTech Avatud ülikoolil õigus viia õpe veebipõhiseks. Koolituse vormi muutmisega ei ei teki koolitusele registreerunud isikul õigust koolitusest loobuda. TalTech Open University has the right to make training services online if the impact of a coronavirus or similar situation on the provision of training services becomes apparent. By changing the form of the training, the person registered for the course does not have the right to refuse the training.

Timetable: