CompTIA - Security Analytics Expert (Security+/CySA+/CASP)

Curriculum

Security+

1.0 Network Security

• 1.1 Implement security configuration parameters on network devices and other technologies.
• 1.2 Given a scenario, use secure network administration principles.
• 1.3 Explain network design elements and components.
• 1.4 Given a scenario, implement common protocols and services.
• 1.5 Given a scenario, troubleshoot security issues related to wireless networking.

2.0 Compliance and Operational Security

• 2.1 Explain the importance of risk related concepts.
• 2.2 Summarise the security implications of integrating systems and data with third parties.
• 2.3 Given a scenario, implement appropriate risk mitigation strategies.
• 2.4 Given a scenario, implement basic forensic procedures.
• 2.5 Summarise common incident response procedures.
• 2.6 Explain the importance of security related awareness and training.
• 2.7 Compare and contrast physical security and environmental controls.
• 2.8 Summarise risk management best practices.
• 2.9 Given a scenario, select the appropriate control to meet the goals of security.

3.0 Threats and Vulnerabilities

• 3.1 Explain types of malware.
• 3.2 Summarise various types of attacks.
• 3.3 Summarise social engineering attacks and the associated effectiveness with each attack.
• 3.4 Explain types of wireless attacks.
• 3.5 Explain types of application attacks.
• 3.6 Analyse a scenario and select the appropriate type of mitigation and deterrent techniques.
• 3.7 Given a scenario, use appropriate tools and techniques to discover security threats and vulnerabilities.
• 3.8 Explain the proper use of penetration testing versus vulnerability scanning.

4.0 Application, Data and Host Security

• 4.1 Explain the importance of application security controls and techniques.
• 4.2 Summarise mobile security concepts and technologies.
• 4.3 Given a scenario, select the appropriate solution to establish host security.
• 4.4 Implement the appropriate controls to ensure data security.
• 4.5 Compare and contrast alternative methods to mitigate security risks in static environments.

5.0 Access Control and Identity Management

• 5.1 Compare and contrast the function and purpose of authentication services.
• 5.2 Given a scenario, select the appropriate authentication, authorisation or access control.
• 5.3 Install and configure security controls when performing account management, based on best practices.

6.0 Cryptography

• 6.1 Given a scenario, utilise general cryptography concepts.
• 6.2 Given a scenario, use appropriate cryptographic methods.
• 6.3 Given a scenario, use appropriate PKI, certificate management and associated components.

CySA+

1. Threat Management

• Given a scenario, apply environmental reconnaissance techniques using appropriate tools and processes.
• Given a scenario, analyse the results of a network reconnaissance.
• Given a network-based threat, implement or recommend the appropriate response and countermeasure.
• Explain the purpose of practices used to secure a corporate environment.

2. Vulnerability Management

• Given a scenario, implement an information security vulnerability management process.
• Given a scenario, analyse the output resulting from a vulnerability scan.
• Compare and contrast common vulnerabilities found in the following targets

3. Cyber Incident Response

• Given a scenario, distinguish threat data or behaviour to determine the impact of an incident
• Given a scenario, prepare a toolkit and use appropriate forensics tools during an investigation.
• Explain the importance of communication during the incident response process.
• Given a scenario, analyse common symptoms to select the best course of action to support incident response.
• Summarise the incident recovery and post-incident response process.

4. Security Architecture and Tool Sets

• Explain the relationship between frameworks, common policies, controls, and procedures.
• Given a scenario, use data to recommend remediation of security issues related to identity and access management.
• Given a scenario, review security architecture and make recommendations to implement compensating controls.
• Given a scenario, use application security best practices while participating in the Software Development Life Cycle (SDLC).
• Compare and contrast the general purpose and reasons for using various cybersecurity tools and technologies.

CASP+

Enterprise Security (30% of exam)

• Given a scenario, select appropriate cryptographic concepts and techniques
• Explain the security implications associated with enterprise storage
• Given a scenario, analyse network and security components, concepts and architectures
• Given a scenario, select and troubleshoot security controls for hosts
• Differentiate application vulnerabilities and select appropriate security controls

Risk Management and Incident Response (20% of exam)

• Interpret business and industry influences and explain associated security risks
• Given a scenario, execute risk mitigation planning, strategies and controls
• Compare and contrast security, privacy policies and procedures based on organisational requirements
• Given a scenario, conduct incident response and recovery procedures

Research, Analysis and Assessment (18% of exam)

• Apply research methods to determine industry trends and impact to the enterprise
• Analyse scenarios to secure the enterprise
• Given a scenario, select methods or tools appropriate to conduct an assessment and analyse results

Integration of Computing, Communications and Business Disciplines (16% of exam)

• Given a scenario, facilitate collaboration across diverse business units to achieve security goals
• Given a scenario, select the appropriate control to secure communications and collaboration solutions
• Implement security activities across the technology life cycle

Technical Integration of Enterprise Components (16% of exam)

• Given a scenario, integrate hosts, storage, networks and applications into a secure enterprise architecture
• Given a scenario, integrate advanced authentication and authorisation technologies to support enterprise objectives