Note 0.0.2.
This book was authored in PreTeXt.
Preface Instructional Notes
The text, labs, and review questions in this book are designed as an introduction to the applied topic of computer security. With these resources students will learn ways of preventing, identifying, understanding, and recovering from attacks against computer systems. This text also presents the evolution of computer security, the main threats, attacks and mechanisms, applied computer operation and security protocols, main data transmission and storage protection methods, cryptography, network systems availability, recovery, and business continuation procedures.
Many of the labs in this text are designed to run in Docker. Each of these can be run in a Github Codespace or in a local Docker installation. When Docker is required, instructions are given for both alternatives.
Learning Outcomes.
The chapters, labs, and review questions in this text are designed to align with the objectives CompTIA Security+ SY0-601 exam. The objectives are reproduced here for reference:
10
www.comptia.jp/pdf/CompTIA%20Security+%20SY0-601%20Exam%20Objectives%20(3.0).pdf-
1.1 Compare and contrast different types of social engineering techniques.
-
1.2 Given a scenario, analyze potential indicators to determine the type of attack.
-
1.3 Given a scenario, analyze potential indicators associated with application attacks.
-
1.4 Given a scenario, analyze potential indicators associated with network attacks.
-
1.5 Explain different threat actors, vectors, and intelligence sources.
-
1.6 Explain the security concerns associated with various types of vulnerabilities.
-
1.7 Summarize the techniques used in security assessments.
-
1.8 Explain the techniques used in penetration testing.
-
2.1 Explain the importance of security concepts in an enterprise environment.
-
2.2 Summarize virtualization and cloud computing concepts.
-
2.3 Summarize secure application development, deployment, and automation concepts.
-
2.4 Summarize authentication and authorization design concepts.
-
2.5 Given a scenario, implement cybersecurity resilience.
-
2.6 Explain the security implications of embedded and specialized systems.
-
2.7 Explain the importance of physical security controls.
-
2.8 Summarize the basics of cryptographic concepts.
-
3.1 Given a scenario, implement secure protocols.
-
3.2 Given a scenario, implement secure network architecture concepts.
-
3.3 Given a scenario, implement secure network designs.
-
3.4 Given a scenario, install and configure wireless security settings.
-
3.5 Given a scenario, implement secure mobile solutions.
-
3.6 Given a scenario, apply cybersecurity solutions to the cloud.
-
3.7 Given a scenario, implement identity and account management controls.
-
3.8 Given a scenario, implement authentication and authorization solutions.
-
3.9 Given a scenario, implement public key infrastructure.
-
4.1 Given a scenario, use the appropriate tool to assess organizational security.
-
4.2 Summarize the importance of policies, processes, and procedures for incident response.
-
4.3 Given an incident, utilize appropriate data sources to support an investigation.
-
4.4 Given an incident, apply mitigation techniques or controls to secure an environment.
-
4.5 Explain the key aspects of digital forensics.
-
5.1 Compare and contrast various types of controls.
-
5.2 Explain the importance of applicable regulations, standards, or frameworks that impact organizational security posture.
-
5.3 Explain the importance of policies to organizational security.
-
5.4 Summarize risk management processes and concepts.
-
5.5 Explain privacy and sensitive data concepts in relation to security.
Example Schedule.
A sample schedule utilizing these resources in a 15 week semester is shown below:
