CIT 4020 - IT Security Foundations

Successful Completion of IT Network Support Specialist Certificate objectives and competencies

Industry Certifications This class fully maps to CompTIA’s (SY0-601) Security+ Certification Exam objectives.

Course Description:
The security of the data and information contained on computers and digital devices today is threatened more than ever before, and attacks are escalating every day. The need to identify and defend against these attacks has created an essential workforce that is now at the very core of the Information Technology (IT) industry. This class provides an introduction to the foundational concepts and strategies of network security, including compliance and operational security; threats and vulnerabilities; application, data, and host security; access control and identity management; and cryptography. The course covers new topics in network security as well, including psychological approaches to social engineering attacks, Web application attacks, penetration testing, data loss prevention, cloud computing security, and application programming development security.

Student Learning Outcomes:

Upon successful completion of this class, and obtaining Mastery Level of assessment with the objectives and skills, the student is expected to be able to:

1. Compare and contrast different types of social engineering techniques (A)
2. Given a scenario, analyze potential indicators to determine the type of attack (A)
3. Given a scenario, analyze potential indicators associated with application attacks (A)
4. Given a scenario, analyze potential indicators associated with network attacks (A)
5. Explain different threat actors, vectors, and intelligence sources (A)
6. Explain the security concerns associated with various types of vulnerabilities (A)
7. Summarize the techniques used in security assessments (A)
8. Explain the techniques used in penetration testing (A)
9. Explain the importance of security concepts in a enterprise environment (B)
10. Summarize virtualization and cloud computing concepts (B)
11. Summarize secure application development, deployment, and automation concepts (B)
12. Summarize authentication and authorization design concepts (B)
13. Given a scenario, implement cybersecurity resilience (B)
14. Explain the security implications of embedded and specialized systems (B)
15. Explain the importance of physical security controls (B)
16. Summarize the basics of cryptographic concepts (B)
17. Given a scenario, implement secure protocols (C)
18. Given a scenario, implement host or application security solutions (C)
19. Given a scenario, implement secure network designs (C)
20. Given a scenario, install and configure wireless security settings (C)
21. Given a scenario, implement secure mobile solutions (C)
22. Given a scenario, apply cybersecurity solutions to the cloud (C)
23. Given a scenario, implement identity and account management controls (C)
24. Given a scenario, implement authentication and authorization solutions (C)
25. Given a scenario, implement public key infrastructure (C)
26. Given a scenario, use the appropriate tool to assess organizational security (D)
27. Summarize the importance of policies, processes, and procedures for incident response (D)
28. Given an incident, utilize appropriate data sources to support an investigation (D)
29. Given an incident, apply mitigation techniques or controls to secure an environment (D)
30. Explain the key aspects of digital forensics (D)
31. Compare and contrast various types of controls (E)
32. Explain the importance of applicable regulations, standards, or frameworks that impact organizational security posture (E)
33. Explain the importance of policies to organizational security (E)
34. Summarize risk management processes and concepts (E)
35. Explain privacy and sensitive data concepts in relation to security (E)