WELCOME AND INTRODUCTION
DOMAIN 1 THREAT MANAGEMENT (27%)
-
1. Domain 1 Threat Management (1:05)
-
1.1 Domain 1 - Threat Management
-
2. CIA Triad (7:59)
-
2.1 05 - CIA Triad
-
3. Risk Consideration (5:31)
-
3.1 06 - Risk Considerations
-
4. Risk Assessment (3:16)
-
4.1 07 - Risk Assessment.pdf
-
5. Identify Threats (6:27)
-
5.1 08 - Identify Threats
-
6.1 09 - Identify Vulnerabilities
-
7. Likelihood_ Impact_ and Risk (2:47)
-
7.1 10 - Likelihood_ Impact_ and Risk
-
8. Qualitative and Quantitative Assessments (5:19)
-
8.1 11 - Qualitative and Quantitative Assessments
-
9. Reviewing Controls (6:54)
-
9.1 12 - Revieiwing Controls
-
10. Network Perimeter Security (7:37)
-
10.1 13 - Network Perimeter Security
-
11. Network Segmentation (2:37)
-
11.1 14 - Network Segmentation
-
12. Network Access Control (5:49)
-
12.1 15 - Network Access Control
-
13. Defense Deception Methods (3:26)
-
13.1 16 - Defense Deception Methods
-
14. Secure Endpoint Management (7:00)
-
14.1 17 - Secure Endpoint Management
-
15. Penetration Testing (7:29)
-
15.1 18 - Penetration Testing
-
16. Security Exercises and Training (2:55)
-
16.1 19 - Security Exercises and Training
-
17. Reverse Engineering (6:03)
-
17.1 20 - Reverse Engineering
-
19. Reconnaissance and Intelligence (1:06)
-
19.1 21 - Reconnaissance and Intelligence
-
20. Footprinting the Network (2:54)
-
20.1 22 - Footprinting the Network
-
21. Network Mapping (3:53)
-
21.1 23 - Network Mapping
-
22. Port Scanning (5:17)
-
22.1 24 - Port Scanning
-
23. Other Port Scanners (2:00)
-
23.1 25 - Other Port Scanners
-
24. NMAP - Demonstration of the world_s most popular port scanning tool (6:06)
-
25. Passive Reconnaissance (2:40)
-
25.1 27 - Passive Reconnaissance
-
26. Passive Recon - Network Devices (7:47)
-
26.1 28 - Passive Recon - Network Devices
-
27. Passive Recon - Netstat (4:29)
-
27.1 29 - Passive Recon - Netstat
-
28. DHCP Logs and Configs (3:00)
-
28.1 30 - DHCP Logs and Configs
-
29. Firewall Logs and Configs (3:42)
-
29.2 31 - Firewall Logs and Configs
-
30. System and Host Log Files (2:24)
-
30.1 32 - System and Host Log Files
-
31. DNS Harvesting (3:22)
-
31.1 33 - DNS Harvesting
-
32. Domain Names and IP Ranges (2:37)
-
32.1 34 - Domain Names and IP Ranges
-
33. DNS Zone Transfers (3:25)
-
33.1 35 - DNS Zone Transfers
-
34. Whois and Host Commands (3:01)
-
34.1 36 - Whois and Host Commands
-
35. Information Gathering and Aggregation (4:09)
-
35.1 37 - Information Gathering and Aggregation
-
36. Organizational Intelligence (7:46)
-
36.1 38 - Organizational Intelligence
-
37. Detecting_ Preventing_ and Responding to Reconnaissance (6:46)
-
37.1 39 - Detecting_ Preventing_ and Responding to Reconnaissance
DOMAIN 2 VULNERABILITY MANAGEMENT (26%)
-
1. Domain 2 Vulnerability Management (2:32)
-
1.2 40 - Domain 2 - Vulnerability Management
-
2. Regulatory Requirements (7:05)
-
2.1 41 - Regulatory Requirements
-
3. Corporate Requirements (7:00)
-
3.1 42 - Corporate Requirements
-
4. Scanning Tools (3:33)
-
4.1 43 - Scanning Tools
-
5. Scoping Scans (3:29)
-
5.1 44 - Scoping Scans
-
6. Configuring Scans (0:34)
-
6.1 45 - Configuring Scans
-
7. Scanning Sensitivity (3:16)
-
7.1 46 - Scanning Sensitivity
-
8. Scanning Perspective (1:23)
-
8.1 47 - Scanning Perspective
-
9. Authenticated Scanning (3:41)
-
9.1 48 - Authenticated Scanning
-
10. Maintaining Scanners (3:20)
-
10.1 49 - Maintaining Scanners
-
11. Standardizing Vulnerabilities (3:21)
-
11.1 50 - Standardizing Vulnerabilities
-
12. Workflow for Remediation (2:46)
-
12.1 51 - Workflow for Remediation
-
13. Vulnerability Reporting (4:13)
-
13.1 52 - Vulnerability Reporting
-
14. Remediation Priority (4:13)
-
14.1 53 - Remediation Reporting
-
15. Implementing and Testing (5:30)
-
15.1 54 - Implementing and Testing
-
16. Nessus Vulnerability Scanner A Walkthrough (9:45)
-
16.1 55 - Nessus-Scan-Report-Example
-
18. Interpreting Scan Results (8:18)
-
18.1 56 - Interpreting Scan Results
-
19. Interpreting CVSS (6:13)
-
19.1 57 - Interpeting CVSS
-
20. Calculating the CVSS Score (4:02)
-
20.1 58 - Calculating the CVSS Score
-
21. CVSS Temporal Score (3:34)
-
21.1 59 - CVSS Temporal Score
-
22. Validation of Results (6:21)
-
22.1 60 - Validation of Results
-
23. Common Vulnerabilities (2:42)
-
23.1 61 - Common Vulnerabilities
-
24. Server and Host Vulnerabilities (6:32)
-
24.1 62 - Server and Host Vulnerabilities
-
25. Network Vulnerabilities (6:02)
-
25.1 63 - Network Vulnerabilities
-
26. Virtualization Vulnerabilities (4:18)
-
26.1 64 - Virtualization Vulnerabilities
-
27. Web Application Vulnerabilities (5:10)
-
27.1 65 - Web Application Vulnerabilities
-
28. Internet of Things _IoT_ Vulnerabilities (3:28)
-
28.1 66 - Internet of Things _IoT_ Vulnerabilities
DOMAIN 3 CYBER INCIDENT RESPONSE (23%)
-
1. Domain 3 Cyber Incident Response (1:39)
-
1.1 67 - Domain 3 - Cyber Incident Response
-
1.2 Domain 3 - Cyber Incident Response
-
2. Security Incidents (3:43)
-
2.1 68 - Security Incidents
-
3. Incident Response Teams (8:33)
-
3.1 69 - Incident Response Teams
-
4. Incident Response Phases (10:56)
-
4.1 70 - Incident Response Phases
-
5. Incident Response Policy and Procedures (4:36)
-
5.1 71 - Incident Response Policy _ Procedures
-
6. Communication and Info Sharing (4:25)
-
6.1 72 - Communication and Information Sharing
-
7. Incident Classification (8:13)
-
7.1 73 - Incident Classification
-
9. Network Event Monitoring (7:37)
-
9.1 74 - Network Event Monitoring
-
10. Network Monitoring Tools (4:41)
-
10.1 75 - Network Monitoring Tools
-
11. Detecting Network Events (6:12)
-
11.1 76 - Detecting Network Events
-
12. Network Probes and Attacks (5:52)
-
12.1 77 - Network Probes and Attacks
-
13. Server and Host Events (5:18)
-
13.1 78 - Server and Host Events
-
14. Service and Application Events (5:05)
-
14.1 79 - Service and Application Events
-
16. Digital Forensics (2:38)
-
16.1 80 - Digital Forensics
-
17. Forensic Toolkit Components (8:16)
-
17.1 81 - Forensic Toolkit Components
-
18. Mobile Forensic Toolkits (2:56)
-
18.1 82 - Mobile Forensic Toolkits
-
19. Forensic Software (6:50)
-
19.1 83 - Forensic Software
-
20. Training and Certification (2:22)
-
20.1 84 - Training and Certification
-
21. Forensic Investigation Process (5:01)
-
21.1 85 - Forensic Investigation Process
-
22. Disk Imaging (4:50)
-
22.1 86 - Disk Imaging
-
23. Disk Imaging Using dd (2:58)
-
24. Disk Imaging Using FTK Imager (6:32)
-
26. Incident Containment (6:55)
-
26.1 89 - Incident Containment
-
27. Eradication and Recovery (6:36)
-
27.1 90 - Eradication and Recovery
-
28. Finishing the Response (5:00)
-
28.1 91 - Finishing the Response
DOMAIN 4 SECURITY ARCHITECTURE AND TOOLSETS (24%)
-
1. Domain 4 Security Architecture and Tool Sets (0:39)
-
1.1 Domain 4 - Security Architecture _ Tool Sets
-
1.2 92 - Domain 4 - Security Architecture _ Tool Sets
-
2. Policy Documents (7:05)
-
2.1 93 - Policy Documents
-
3. Standard Frameworks (7:49)
-
3.1 94 - Standard Frameworks
-
4. Policy-based Controls (3:32)
-
4.1 95 - Policy-Based Controls
-
5. Audits and Assessments (2:10)
-
5.1 96 - Audits and Assessments
-
6. Laws and Regulations (5:04)
-
6.1 97 - Laws and Regulations
-
8. Defense in Depth (5:19)
-
8.1 98 - Defense in Depth
-
9. Types of Controls (4:42)
-
9.1 99 - Types of Controls
-
10. Layered Network Defense (4:36)
-
10.1 100 - Layered Network Design
-
11. Layered Host Security (3:07)
-
11.1 101 - Layered Host Security
-
12. Data Analytics (4:05)
-
12.1 102 - Data Analytics
-
13. Personnel Security (5:59)
-
13.1 103 - Personnel Security
-
14. Outsourcing Concerns (3:03)
-
14.1 104 - Outsourcing Concerns
-
15. User Awareness Training (3:50)
-
15.1 105 - User Awareness Training
-
16. Analyzing Secure Architectures (8:09)
-
16.1 106 - Analyzing Secure Architectures
-
18. What Is Identity (4:56)
-
18.1 107 - What is Identity
-
19. Identity Systems (11:32)
-
19.1 108 - Identity Systems
-
20. Threats to Identity Systems (3:13)
-
20.1 109 - Threats to Identity Systems
-
21. Attacking AAA Protocols and Systems (9:05)
-
21.1 110 - Attacking AAA Protocols and Systems
-
22. Targeting Account Lifecycle (3:31)
-
22.1 111 - Targeting Account Lifecycle
-
23. Identity Exploits (3:01)
-
23.1 112 - Identity Exploits
-
24. Credential Theft (3:22)
-
24.1 113 - Credential Theft
-
25. Securing Authentication and Authorization System (6:06)
-
25.1 114 - Securing Authentication and Authorization
-
26. Identity as a Service _IDaaS_ (2:17)
-
26.1 115 - Identity as a Service _IDaaS_
-
27. Detecting Identity Attacks (1:37)
-
27.1 116 - Detecting Identity Attacks
-
28.1 117 - Federated Identity Systems
-
28. Federated Identity Systems (10:35)
-
30. Software Development Life Cycle _SDLC_ (8:16)
-
30.1 118 - Software Development Life Cycle _SDLC_
-
31. Software Development Models (10:43)
-
31.1 119 - Software Development Models
-
32. Coding for Security (7:12)
-
32.1 120 - Coding for Security
-
33. Testing Application Security (5:34)
-
33.1 121 - Testing Application Code
-
34. Finding Security Flaws (6:41)
-
34.1 122 - Finding Security Flaws
-
35. Web Application Vulnerability Scanners (5:46)
-
35.1 123 - Web Application Vulnerability Scanning
CONCLUSION
