CompTIA CySA+

This first chapter introduces the instructor, the course, and the course objectives. Chapter 1 then begins with cybersecurity and its elements starting with defining threats and vulnerabilities, then discusses how the rest of this chapter and course address identifying, mitigating and handling the risks. This chapter focuses on the knowledge of the first domain of the cyber security analyst + objectives. Chapter 1 content starts with threat data and intelligence, and how to gather and share that within the analyst community and how to use threat intelligence. This chapter then explores vulnerability management of vulnerabilities, and how to use assessment tools.

Chapter 2 looks at threats and vulnerabilities associated with more specialized technologies including cloud environments (especially enterprise level), wireless and mobile clients, and other electronic components. This chapter looks at the technologies, as well as the associated vulnerabilities, using appropriate assessment
tools for the technologies.

Chapter 3 looks at attacks, attack types, and explores ways to deal with these attacks and strategies to identify and handle software vulnerabilities. This chapter discusses the reality and scale of cyber-attacks, evolving vulnerabilities, opportunism of attackers, trends, and tools used by both attackers and cyber analysts, and proposes offensive rather than defensive reactionary approaches to protect clients, brands and
operations.

Chapter 4 shifts the focus towards infrastructure management including the architectural systems attackers target (and we conversely defend). This chapter stresses the importance of infrastructure awareness (including perimeters, limitations, and common architectures), security implications, and network security solutions. Chapter 4 also introduces technologies and policies used to identify, authenticate, and authorize users, as well as additional technologies you can use to secure your infrastructure.

Chapter 5 continues the conversation about infrastructure management expanding to discussions of hardware and software assurance best practices and mitigating the risks associated with these devices and programs. This includes strategies for securing physical devices in case of theft or compromise and additionally protecting processes and software from threats.

Chapter 6 looks at monitoring security options in diverse (and large) modern corporate environments. This is a challenge due to the amount, size, and diversity of data used and produced. Security monitoring processes and stations can collect and understand enterprise-level information. Using security data analytics, endpoint and network analysis, and email analysis cyber analysts can secure and approve this information.

Chapter 7 explores a number of things related to security changes including organizational structures that need modification in an ongoing basis to match and counter current security threats based on monitoring and information collected. The sections look at how to implement changes consistently across the enterprise; ways to “hunt” and seek out threats including the life cycle and steps; and automating security to ensure consistency and efficiency.

Chapter 8 introduces incident response and the idea that even though security teams minimize risks, mitigation plans are necessary. This chapter shares steps that need to be taken to address incidents when they occur (aka Incident Response Process/ Procedures). The sections discuss the importance if incident response; creating, documenting, and communicating Incident Response Procedures; and analyzing the
Indicators of Compromise (IOC) including the tools used for it (digital forensic techniques).

Chapter 9 covers compliance and assessment focusing on importance of privacy, data privacy, access issues (within an organization) and protection of enterprise and personal information. This chapter discusses risks of data and privacy violations, and some of the key requirements around privacy for this certification as well as positions in cyber security. The sections define the differences between privacy and security; identifies common data types; describes the laws that govern security and privacy protection; explores technical and non-technical approaches for protecting data; and additionally addresses risk management and organizational policies and procedures