Please note: This is not a course syllabus. A course syllabus is unique to a particular section of a course by instructor. This curriculum guide provides general information about a course.
What is information security?
Risk, and the personal & global impact of security
History, Terminology, and Ethics of Hacking
Think Like A Risk Analyst (or, Think Like A Hacker)
Digital hygiene for people and organizations
How big is your digital footprint?
When and what to share/the risks of sharing
Ways To Protect Yourself
The CIA Triad
The Three (Five?) Factors of Authentication/Why Passwords Fail
Ways To Protect Someone Else/Your Company
Cryptography: Securing Data
Why does secrecy matter
(Understanding when data might unknowingly be public)
A Brief History of crypto
Implement, and then crack, a basic cipher (Caesar/Vigniere/etc.)
Public key cryptography
Hashing
Securing Software
History of Malware and Exploits
When Is A Vulnerability Not A Vulnerability (When It’s A Misconfiguration)
Vulnerability & Mitigation Examples – including but not limited to:
Exploits of web apps
SQL Injection
Daemon/Server OS Exploits
Securing Networks
Wired/Media-agnostic network attacks – including but not limited to:
Man-in-the-middle/Arp spoofing
DHCP
DNS poisoning
Wireless Issues
Dealing with this added attack surface
Safe wireless configuration options
Securing Your Network
Firewalling, VLAN, Other basic network isolation techniques
IPS/IDS, Firewall & Server Logs
Preventative Maintenance Tools (vulnerability scanners, endpoint protection)
Careers in Cybersecurity
‘Hats’ and ‘Teams’ and terminology
Blue Team – Day-To-Day Defensive Security
DFIR – Blue Team’s First Responders
Penetration Testing – Hacking For Security
Non-Digital Aspects: Social Engineering, Training, Creating Good Security Policy