Cyber Security Foundation Professional Certificate CSFPC™

Тази сертификационна програма е част от портфолиото на CertiProf® (САЩ) - водеща организация за професионално сертифициране, с над 800 000 сертифицирани професионалисти от 88 държави и повече от 1,1 милиона дигитални баджа, издадени чрез Credly. 

 

CertiProf® е член на ANSI (American National Standards Institute), Agile Alliance и IT Certification Council (ITCC).

 

CertiProf® предлага програмата Cyber Security Foundation Professional Certificate CSFPC™ за валидиране на вашите знания по основи на киберсигурността. Изпитът представлява онлайн тест с възможни отговори и можете да го направите през Вашия личен компютър от всяка точка на света.

 

 

С преминаване на сертификационната програма Cyber Security Foundation Professional Certificate CSFPC™ ще научите основните концепции на киберсигурността. Ще разберете техниките за защита на личната информация, включително комуникации, приложения и изводи от бази данни и обработка на данни. Ще се запознаете и с други системи, поддържащи онлайн права, засягащи цензурата, тайната, електронните избори и поверителността в системите за плащане и идентификация.

 

 

За кого е програмата Cyber Security Foundation Professional Certificate CSFPC™:

 

• Всички
• Крайни потребители
• Мениджъри

 

 

 

 

 

Какво ще получите, когато поръчате тази сертификационна програма:

 

• Богато илюстровани материали за подготовка в PDF
• Ваучер за онлайн изпит с право на 2 опита
• Сертификат и дигитален бадж на Credly при успешен изпит

 

 

Цели на програмата:

 

• Да разберете значението на киберсигурността
• Да се запознаете с ключовите понятия, свързани с киберсигурността
• Да разберете понятията, свързани с човешки, организационни и регулаторни аспекти
• Да се запознаете с концепциите, свързани със защитата от атаки

 

 

Формат и продължителност на изпита

 

• Формат: въпроси с възможни отговори
• Брой въпроси: 40
• Език: английски (свържете се с нас, ако желаете да държите изпита на испански, немски или португалски)
• Необходим брой верни отговори: 24/40 или 60%
• Продължителност: 60 минути
• Ползване на помощни материали: не
• Начин на провеждане: онлайн
• Право на безплатен втори изпит в рамките на 6 месеца от издаване на изпитния ваучер

 

 

Предварителни изисквания 

 

Няма официални предварителни изисквания.

 

 

 

Съдържание на учебните материали

 

Module 0: NIST - Cybersecurity for Small Business

 

Cybersecurity for Small Business

Cybersecurity Objectives

Confidentiality

Integrity

Availability

Small Business, Big Impact

Cybersecurity Basics Resources

Cybersecurity Threats

Phishing Attacks

Ransomware

Hacking

Imposter Scams

Environmental Threats

Elements of Risk

Impact of an Incident

What are you protecting?

1. Identify Your Business Assets

2. Identify the Values of the Assets

3. Document the Impact to your Business of Loss/Damage to the Assets

4. Identify Likelihood of Loss or Damage to the Asset

5. Identify Priorities and Potential Solutions

NIST Cybersecurity Framework

Cybersecurity Framework Functions

Learning Objectives

The Framework Core

An Excerpt from the Framework Core

Identify

Sample Identify Activities

Protect

Sample Protect Activities

Detect

Sample Detect Activities

Respond

Sample Respond Activities

Recover

Sample Recover Activities

Framework

Everyday Tips

 

Module 1: CyBOK – Cyber Security Fundamentals

 

Cyber Security Definition

CyBOK Knowledge Areas

Deploying CyBOK Knowledge To Address Security Issues

Functions Within A Security Management System

Principles

Crosscutting Themes

Cyberspace

 

Module 2: Risk Management & Governance

 

What is Risk?

Why is risk assessment and management important?

What is cyber risk assessment and management?

Risk Governance

The Human Factor and Risk Communication

Security Culture and Awareness

Enacting Security Policy

Risk Assessment and Management Principles

Element of Risk

Risk Assessment and Management Methods

Component-driven Cyber Risk Management Frameworks

System-driven Cyber Risk Management Methods

Risk Assessment and Management In Cyber-physical Systems and Operational Technology

Security Metrics

What constitutes Good and Bad metrics?

Business Continuity

ISO/IEC 27035-1:2016

NCSC- ISO/IEC 27035

 

Module 3: Law and Regulation

 

Introduction

Challenges

Response

Out of Scope

Introductory Principles of Law and Legal Research

“To Prove” Something

“Standards” of Proofs

Applying Law to Cyberspace and Information Technologies

Distinguishing Criminal and Civil Law

Jurisdiction

A Taxonomy of Jurisdiction

Prescriptive Jurisdiction

Enforcement Jurisdiction

The Data Sovereignty Problem

Privacy Laws in General and Electronic Interception

State Interception (Lawful Access)

Non-state Interception

Data Protection

The “Players”

What is regulated?

“Personal Data” vs “PII”

Data Protection Highlights

Computer Crime

Crimes Against Information Systems

Recurring Challenges

Contract

Contract as Means to Encourage Security Behaviours

Limits of Influence

Relative Influence of Contract Over Security Behaviours

Breach of Contract & Remedies

Tort

Tort Examples

Negligence (Fault Based Liability)

Product Liability (Strict Liability)

Quantum of Loss (QQ)

Attributing and Apportioning Liability

Intellectual Property

Reverse Engineering

Internet Intermediaries Shields from Liability and Take-down Procedures

Dematerialization of Documents and Electronic Trust Services

Legal Challenges Emerge

Other Regulatory Matters

Public International Law

State Attribution

Limiting Operations

Ethics

Codes of Conduct

Vulnerability Testing and Disclosure

Legal Risk Management

 

Module 4: Human Factors

 

Human Factors

Security Has to be Usable

Fitting the Task to the Human

Human Capabilities and Limitations

STM and One-time password (OTPs)

General Human Capabilities and Limitations

CAPTCHA

Goals and Tasks

Capabilities and Limitations of the Device

Human Error

Latent Design Conditions

Awareness and Education

What usability issues do developers face?

Developers are not the Enemy! The Need for Usable Security APIs

Usability Smells: An Analysis of Developers’ Struggle With Crypto Libraries

 

Module 5: Privacy & Online Rights

 

Introduction

Overview

Privacy as Confidentiality

What is the problem?

What is privacy?

Defining Privacy

Privacy as…

Privacy as Transparency

Privacy as Control

Limits of Control and Transparency

Privacy as Confidentiality

Privacy Threat Landscape

Formal Approach to Inference Control

Privacy as Confidentiality

Data Confidentiality

Metadata Confidentiality

Privacy as Control

Privacy as Transparency

Privacy Technologies

Privacy Engineering

Privacy Evaluation

 

Module 6: Malware & Attack Technologies

 

Introduction

Malware

A Taxonomy of Malware

Malware Taxonomy: Dimensions

Taxonomy: Examples

Potentially Unwanted Programs (PUPs)

Malicious Activities by Malware

The Cyber Kill Chain

The Cyber Kill Chain Model

Underground Eco-system

Action Objectives

Malware Analysis

Acquiring Malware Data

Static Analysis

Other Analysis Techniques

Analysis Environments

Common Environments

Safety and Live-Environments

Anti-Analysis and Evasion Techniques

Malware Detection

Evasion and Countermeasures

Detection of Malware Attacks

ML-based Security Analytics

ML-based Malware Detection

Evasion of ML-based Malware Detection

Concept Drift

Malware Response

Disrupt Malware Operations

Attribution

Evasion and Countermeasures

 

Module 7: Adversarial Behaviour

 

Introduction

A Characterization of Adversaries

Interpersonal Offenders

Cyber-enabled Organized Criminals

Cyber-dependent Organized Criminals

Hacktivists

State Actors

The Elements of a Malicious Operation

Specialized Services

Human Services

Payment Methods

Models to Understand Malicious Operations

Attack Trees : Example of an Attack

Cyber Kill Chain

Environmental Criminology

Attack Attribution

 

Module 8: Security Operations & Incident Management

 

Introduction

What is it about?

Timeline and Scope

Overall MAPE-K loop

Components of MAPE-K Monitor-Analyse-Plan-Execute

Deployment of SOIM Technologies

Architectural Principles Typical Architecture

Intrusion Detection and Prevention Systems

MONITOR: Data sources

Network Data Sources: Possible Detections

Application Data Sources

System Data Sources

Syslog

Frequent Data Sources Issues

Analysis of Traces

From Event to Incident

Misuse Detection

Anomaly Detection

General Intrusion Detection Issues

Typical Architecture Security Information and Event Managementures

Data Collection in SIEMs

Alert Correlation

Mitigations and Countermeasures Tools and Techniques

Intelligence and Analytics

Incident Management Lifecycle

 

 

CERTIPROF® is a registered trademark of CertiProf, LLC in the United States and/or other countries.