This course explores security terms, definitions, concepts, and issues that face government and industry today. This course also examines how the concept of security, and being secure, integrates into the overall enterprise mission. The importance of user involvement, security training, ethics, trust, and informed management are explored.
- Define, distinguish among and classify examples of threats, vulnerabilities, and countermeasures.
- Identify and describe interception, interruption, modification, and fabrication
- Define, distinguish among, and classify examples of method, opportunity, and motive.
- Describe the different types of people that attack systems, and their motivations.
- Describe and give examples of the following kinds of countermeasures: encryption, software controls, hardware controls, policies and procedures, and physical.
- Compare and contrast symmetric and asymmetric cryptosystems, and provide examples of situations where one would be preferable to the other.
- Define and describe substitution and transposition as they apply to cryptography.
- Describe the concept of “defense-in-depth.”
- Explain the concept of separation as it applies to computer security and describe the following kinds of separation: physical, temporal, logical, and cryptographic.
- Define and describe Discretionary Access Control and discuss how DAC can be enforced.
- Define and describe Mandatory Access Control and explain how it differs from DAC.
- Define and describe the terms identification and authentication.
- Describe and classify examples of the basic authentication mechanisms: “something you know, something you have, and something you are.”
- Define multi-factor authentication and provide examples of its use in the real world.
- Discuss common weaknesses associated with using passwords for authentication, and be able to describe controls to mitigate these weaknesses including Biometrics.
- Describe the basic theory behind and the relative ability to intercept data on the following types of media: twisted pair, fiber optic cable, microwave, satellite, and 802.11 WLAN.
- Describe the layers of the OSI Reference Model and TCP/IP models, provide examples of how each layer can be attacked, and describe controls to mitigate the risks.
- Describe the purpose of the following types of network security devices, and describe where they tend to fit best within the network architecture: firewall, VPN, IDS.
- Discuss the DHS Essential Body of Knowledge (EBK)
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.