Cyber Security Technologist

The Cyber Security Concepts course consists of three associated BCS Syllabus modules, known as Knowledge Modules (KMs):

• KM1 Cyber Security Introduction
• KM3 Security Case Development and Design Good Practice
• KM4 Security Technology Building Blocks

The content of each module is summarised below. You can review the full syllabus for each module by following the link at the end of the summary.

KM1 - Cyber Security Introduction

Objective: Demonstrate an understanding of the foundations of cyber security.

1. Describe and explain why information and cyber security are important to business and to society.
2. Recall, describe and explain the terminology and basic concepts of cyber security.
3. Demonstrate and explain the concept of information assurance and how it can be delivered.
4. Describe and explain how security objectives can be developed and used to build a security case.
5. Demonstrate and explain how the basic security concepts can be applied to typical information and communications technology (ICT) cyber infrastructures.
6. Describe and explain common attack techniques and sources of threat.
7. Illustrate and explain ways to defend against the main attack techniques.
8. Recall, describe and explain legal, regulatory, information security and ethical standards relevant to the cyber-community.
9. Discover and explain the concept and practice of keeping up with the threat landscape (horizon scanning).
10. Describe and explain future trends in cyber security.

The full syllabus can be found at https://www.bcs.org/media/1705/cyber-security-cyber-security-introduction-syllabus.pdf.

KM3 - Security Case Development and Design Good Practice

Objective: Demonstrate an understanding of modern cyber security design practice and how to devise a security case for a given system.

1. Describe what good practice in design is and how this may contribute to security.
2. Compare and contrast the features of reputable security architectures, which incorporate security hardware and software components.
3. Describe the features of the Common Criteria Protection Profile.
4. Understand how to design and develop a ‘security case’, recognising that threats evolve and respond to a security design.

The full syllabus can be found at https://www.bcs.org/media/1720/cyber-security-security-case-development-and-design-good-practice-syllabus.pdf.

KM4 - Security Technology Building Blocks

Objective: Demonstrate an understanding of tools and methods required to implement security within computers and networks.

1. The ability to demonstrate a thorough knowledge of tools and methods employed to implement host based security for a range of threats.
2. A comprehensive knowledge of the technologies and techniques necessary for the defence and maintenance of networks and their hosts.
3. Understand the functionality and operation of security techniques as they apply to software and data.
4. A thorough understanding of the application, deployment and management of the security of networked systems and methods available to identify and reduce risk.

The full syllabus can be found at https://www.bcs.org/media/1723/cyber-security-technology-building-blocks-syllabus.pdf.

• Cyber Security Overview (29minutes)
• Building your Cyber Security Vocabulary (57 minutes)
• Network Security (3h 48 minutes) *
• Compliance and Operational Security (5h 48 minutes) *
• Threats and Vulnerabilities (3h 44 minutes)
• Application, Data and Host Security (2h 16 minutes)
• Identity and Access Management (1h 37 minutes)
• Cryptography (1h 32 minutes)
• Risk Management (3h 21 minutes)*
• Understanding Ethical Hacking (7 hours)
• Architecture and Design (4h 13minutes)
• Enterprise Security: Policies, Practices and Procedures (2h 38minutes)
• Ethical Hacking; Malware Threats (4h)*
• Security Standards; Common Criteria
• PCI DSS; The big picture (1h 23 minutes)
• FIPS 140-2
• CAPS
• COBIT (Course on FB site)
• Computer Misuse Act
• Data Protection Act
• Human Rights Act
• Digital Millennium Copyright Act
• General Data Protection Regulation
• Network and Information Security Directive

Total time: 42 hours 46 minutes

• The Information Security Big Picture (2h 17minutes)*
• Designing and Implementing Security Policies (2h 6 minutes)
• Architecture and Design for Security (4h 13 minutes)
• Enterprise Security (2h 55 minutes)
• Risk Management and Incident Response (1 h 49 minutes)
• Research and Analysis (1h 43 minutes)
• Computing, Communication and Business Integration (1h 58 minutes)
• Technical Integration of Enterprise Components (1h 11 minutes)
• TOGAF Overview (4h 7 minutes)
• SABSA Overview (10 minutes)

Total time: 22 hours 29 minutes

• Networking Security (5h 6 minutes)
• Network Security (3h 48 minutes)

Total time: 8 hours 54 minutes

Networking Concepts

• Explain the purposes and uses of ports and protocols.
• Explain devices, applications, protocols and services at their appropriate OSI layers
• Explain the concepts and characteristics of routing and switching.
• Given a scenario, configure the appropriate IP addressing components.
• Compare and contrast the characteristics of network topologies, types and technologies.
• Given a scenario, implement the appropriate wireless technologies and configurations.
• Summarize cloud concepts and their purposes
• Explain the functions of network services.

Infrastructure

• Given a scenario, deploy the appropriate cabling solution.
• Given a scenario, determine the appropriate placement of networking devices on a network and install/configure them.
• Explain the purposes and use cases for advanced networking devices.
• Explain the purposes of virtualization and network storage technologies.
• Compare and contrast WAN technologies.

Network Operations

• Given a scenario, use appropriate documentation and diagrams to manage the network.
• Compare and contrast business continuity and disaster recovery concepts.
• Explain common scanning, monitoring and patching processes and summarize their expected outputs.
• Given a scenario, use remote access methods.
• Identify policies and best practices.

Network Security

• Summarize the purposes of physical security devices.
• Explain authentication and access controls.
• Given a scenario, secure a basic wireless network.
• Summarize common networking attacks.
• Given a scenario, implement network device hardening
• Explain common mitigation techniques and their purposes.

Network Troubleshooting and Tools

• Explain the network troubleshooting methodology.
• Given a scenario, use the appropriate tool.
• Given a scenario, troubleshoot common wired connectivity and performance issues.
• Given a scenario, troubleshoot common wireless connectivity and performance issues.
• Given a scenario, troubleshoot common network service issues.

• Networking Fundamentals Part 1 (4h 18 minutes)*
• Networking Fundamentals Part 2 (3h 47 minutes)*
• Network Architecture (7h 25 minutes)*
• Networking Operations (4h 33minutes)*
• Networking Security (5h 6 minutes)*
• Troubleshooting (4h 5 minutes)*
• Industrial Standards, Practices and Network Theory (4h 9 minutes)*

Total time: 33 hours 23 minutes

Theory of cryptographic techniques

In this key topic, the apprentice will describe the technology of cryptography and name the available techniques, limitations and problems commonly encountered. Outcomes should include an ability to:

• Describe cryptographic techniques and state their limitations
• Describe the main features of symmetric cryptosystems, PK cryptosystems and key exchange
• Show where the various cryptographic techniques may be employed to secure data and systems
• Show how poorly applied cryptography can become a threat vector
• Explain the significance and role of entropy in cryptography and discuss security problems associated with entropy

Deployment of cryptography

In this key topic, the apprentice will explain the deployment of cryptographic systems in a range of common public technologies; in the protection of data and networked systems and discuss issues faced in their deployment and updating. Outcomes should include an ability to:

• Explain the significance of key management as it relates to controls, lifecycle and governance
• Describe the role of cryptography in a range of common public systems
• Describe the role of cryptography as it applies to data on hard disks or in transit
• List some of the practical issues encountered in implementing cryptography
• Explain the practical issues faced when updating cryptographic techniques

Cryptography across jurisdictions

In this key topic, the apprentice will discuss legal issues relevant to cryptography (particularly when crossing national borders) and describe UK, EU and US export control of cryptography and the Wassenaar Arrangement. Outcomes should include an ability to:

• List the regulatory frameworks in place in different jurisdictions
• Describe some of the legal issues related to cryptography with respect to national borders
• List a range of resources available to obtain advice concerning cryptography and security

• Cryptography: The Big Picture (1h 24 minutes)
• Cryptography Fundamentals for Developers and Security Professionals (4h 14minutes)
• Enterprise Library Security and Cryptography Application Blocks (1h 8minutes)
• Cryptography (1h 32minutes)
• Laws and standards (13 minutes)
• International Traffic in Arms Regulations
• Data Protection Act
• Cyber Security Awareness: Digital Data Protection (49minutes)
• Regulation of Investigatory Powers Act 2000
• Sarbanes Oxley
• International Data Encryption Algorithm

Total time: 09 hours 20 minutes