Cybersecurity Operations Fundamentals

If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you explore data type categories in context to network security analytics. By the end of the course, you will be able to: • Explain the data that is available to the network security analysis •Describe the various types of data used in monitoring network security • Describe the deployment and use of SIEMs to collect, sort, process, prioritize, store, and report alarms • Describe the functions of SOAR platforms and features of Cisco SecureX •Describe the Security Onion Open Source security monitoring tool • Explain how packet capture data is stored in the PCAP format and the storage requirements for full packet capture. • Describe packet capture usage and benefits for investigating security incidents • Describe packet captures using tools such as Tcpdump • Describe session data content and provide an example of session data •Describe transaction data content and provide an example of transaction data z • Describe alert data content and provide an example of alert data •Describe other types of NSM data (extracted content, statistical data, and metadata) •Explain the need to correlate NSM data and provide an example •Describe the Information Security CIA triad • Understand PII as it relates to information security • Describe compliance regulations and their effects on an organization • Describe intellectual property and the importance of protecting it • Use various tool capabilities of the Security Onion Linux distribution To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will provide introduction to network infrastructure and network security monitoring tools. By the end of the course, you will be able to: •Describe ACL operation when using the established option • Describe the purpose of Access List Control lists •Describe network address translation (NAT) fundamental concepts • Explain the NSM tools that are available to the network security analyst • Describe the three types of NSM tools used within the SOC (commercial, Open Source, or homegrown) • Describe network-based malware protection • Describe the benefits of load balancing and web application firewalls. • Describe AAA • Describe basic models for implementing access controls over network resources. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

The three most used endpoint operating systems are Windows, Linux, and Mac. When investigating security incidents, security analysts often encounter these operating systems running on servers or user end hosts. If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand basic Windows operations principles. By the end of the course, you will be able to: •By the end of the course, you will be able to: • Describe the history of the Windows operating system and vulnerabilities. • Describe the Windows OS architecture and components. • Describe Windows processes, threads, and handles. • Describe virtual memory allocation in the Windows OS.• Describe Windows services and how they are used. • Describe the functionality of Windows NTFS. • Describe the Windows NTFS structure. • Describe Windows domains and local user accounts. • Describe the Windows graphical user interface and its use. • Describe how to perform tasks in Windows which may require administrator privileges.• Describe the Windows command line interface use and features. • Describe the features of the Windows PowerShell. • Describe how the net command is used for Windows administration and maintenance. •Describe how to control Windows startup services and execute a system shutdown. • Describe how to control Windows services and processes that are operating on a host. • Describe how to monitor Windows system resources with the use of Windows Task Manager. • Describe the Windows boot process, starting services, and registry entries. • Describe how to configure Windows networking properties. •Use the netstat command to view running networking functions. •Access Windows network resources and perform remote functions. •Describe the use of the Windows registry. •Describe how the Windows Event Viewer is used to browse and manage event logs. • Use the Windows Management Instrumentation to manage data and operations on Windows-based operating systems.• Understand common Windows server functions and features. • Describe commonly used third-party tools to manage to manage Windows operating systems. • Explore the Windows operating system and services. The knowledge and skills that students are expected to have before attending this course are: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.