CITSF: Cyber and IT Security Foundation

Module 1: TCP/IP Networking
1.1 Nodes, Node Connections & TCP/IP Addressing

• What a node is.
• How nodes can be connected to each other.
• The concepts of TCP/IP addressing of both IP v4 and IP v6.

1.2 OSI Model, TCP/IP Model, Protocols

• The layers and main functionalities of the OSI and TCP/IP models.
• The main network protocols, what their functionality is and how they fit
  into the OSI and TCP/IP reference models.

Module 2: Computer Systems
2.1 Computer Architecture, Operating Systems

• The components of a computer system.
• How an operating system works.
• The main operating systems.

2.2 Computer System Vulnerabilities

• The most prevalent types of computer system vulnerabilities.

2.3 Computer System Security Measures

• The main security measures related to computer systems.

Module 3: Applications & Databases
3.1 Application Development

• The different methods and phases of the systems development life
  cycle.
• The advantages and disadvantages of each of the different methods
  of the systems development lifecycle.
• Tow to address security during the systems development life cycle.

3.2 Databases

• The different database models.
• The functionality of the database and the database management
  systems.

3.3 Security Issues & Countermeasures

• The prevalent security issues related to applications development
  and databases.
• The countermeasures against security issues related to applications
  and databases.

Module 4: Cryptography
4.1 Encryption Methodologies & Standards

• Differentiate between symmetric and asymmetric encryption.
• Identify encryption algorithms and standards.

4.2 Digital Signatures, Hashing

• How digital signatures provide for authenticity and non-repudiation.
• How hashing provides for the integrity of digital information.
• The main hashing standards.

4.3 Public Key Infrastructure (PKI)

• The components, parties and processes of a public key infrastructure.
• What digital certificates and their use cases are.

4.4 SSL/TLS, Ipsec

• The technology and use cases of SSL/TLS.
• The technology and use cases of IPSec.

Module 5: Identity & Access Management
5.1 Identification, Authentication, Biometrics, Single Sign-On (SSO), Password Management

• Differentiate between identification and authentication.
• The main technologies of authentication and two-factor authentication.
• Biometrics and their use cases.
• The concepts and different types of Single sign-on (SSO).
• Password management and its use cases.

5.2 Authorization

• The principles of Need to know, Least privilege and Separation of
  Duties (SoD) relate to authorization.
• Authorization models such as role-based access control (RBAC) and
  attribute-based access control (ABAC).
• The specifications and functionality of OpenID Connect and OAuth.

Module 6: Cloud Computing
6.1 Characteristics & Deployment Models

• Differentiate between the deployment models public cloud, private cloud and hybrid cloud.
• The service models SaaS, PaaS, IaaS, SECaaS and IDaaS.

6.2 Risks

• The risks of cloud computing.

Module 7: Exploiting Vulnerabilities
7.1 Attack Categories & Threat Types

• The main attack categories of cybercrime.

7.2 Actors & Tools

• Rcognize Black hat hackers, White hat hackers, Grey hat hackers, Script
  kiddies and Hacktivists.
• Identify which tools cybercriminals use.
• Identify the steps cybercriminals take to exploit vulnerabilities.