课程名称
|
课程大纲
|
1.0 Network
Security 网络安全
|
Implement security
configuration parameters on network devices and other technologies.
网络设备和其他设备上实施安全配置参数
|
given a
scenario,use secure network a
dministration principles. 给定一个场景,应用安全网络管理原则
|
Explaain network
design elements and components. 解释网络设计的元素和组件。
|
Given a scenario,
implement common protocols and services. 给定一个场景,实施通用的协议和服务
|
Given a
scenario,troubleshoot security issues related to wireless networking. 给定一个场景,对无线组网中的安全问题进行故障排
|
2.0 Compliance
and Operational Security 合规与运维安全
|
Explain the
importance of risk related concepts.
解释风险相关概念的重要性
|
Summarize the
security implications of integrating systems and data with third parties.
总结与第三方集成系统与数据的安全含义
|
Given a
scenario,implement appropriate risk mitigation strategies. 给定一个场景,实施正确的风险降低策略
|
Given a
scenario,implement basic forensic procedures.
给定一个场景,实施基本的取证程序
|
Summarize common
incident response procedures. 总结通用的事件响应程序
|
Explain the
importance of security related awareness and training. 解释安全相关意识和培训的重要性
|
Compare and
contrast physical secuity and environmental controls.
比较和对比物理安全环境控制
|
Summarize risk
management best practices.
总结风险管理的最佳实践
|
Given a
scenario,select the appropriate control to meet the goals of security. 给定一个场景,选择合适的控制来满足安全目标
|
3.0 Threats
and Vulnerabilities
威胁与漏洞
|
Explain types of
malware.
解释各种恶意软件
|
Summarize various
types of attacks.
总结不同类型的攻击
|
Summarize social
engineering attacks and the associated effectiveness with each attack.
总结社会工程攻击和相关每个攻击的有效性
|
Explain types of
wireless attacks.
解释无线攻击的类型
|
Explain types of
application attacks.
解释应用攻击的类型
|
Analyze a scenario
and select the appropriate type of mitigation and deterrent techniques.
|
Given a
scenario,use appropriate tools and techniques to discover security threats
and vulnerabilities.
|
Explain the proper
use of penetration testing versus vulnerability scanning.
解释如何正确使用渗透测试与漏洞扫描
|
4.0
Application,Data and Host
Security
应用、数据和主机安全
|
Explain the
importance of application security controls and techniques. 解释应用安全控制盒技术的重要性
|
Summarize mobile
security concepts and technologies. 总结移动安全的概念与技术
|
Given a
scenario,select the appropriate solution to establish host security.
给定一个场景,选择合适的方案来建立主机安全
|
Implement the
appropriate controls to ensure data security. 实施合适的控制来保障数据安全
|
Compare and
contrast alternative methods to mitigate secuity risks in static
environments.
|
5.0 Access Control
and Identity Management 访问控制与身份管理
|
Compare and
contrast the function and purpose of authentication services.
比较和对比认证服务的功能和目标
|
Given a
scenario,select the appropriate authentication,authorization or access
control.
|
Install and
configure security controls when pertorming account management,based on best
practices.
|
6.0
Cryptgraphy
密码学
|
Given a
scenario,utilize general cryptography concepts. 给定一个场景,使用通用密码学概念
|
Given a
scenario,use appropriate cryptographic methods. 给定一个场景,使用合适的密码学方法
|
Given a
scenario,use appropriate PKI,certificate management and associated
components.
|