DGT 210 - ISC2 Certified in Cybersecurity

Course Description

Begin your journey towards a dynamic career in cybersecurity with our ISC2 Certified in Cybersecurity (CC) Certification course. This comprehensive entry-level program is designed to equip you with fundamental knowledge and practical skills essential for today's cybersecurity landscape. This course comprehensively covers five essential domains of cybersecurity:

1. Security Principles
2. Business Continuity, Disaster Recovery, and Incident Response Concepts
3. Access Controls Concepts
4. Network Security
5. Security Operations

These domains are crucial for developing a strong foundational understanding of cybersecurity principles and practices.

As an academic partner of ISC2, the University of Calgary offers exclusive access to ISC2's official learning materials, ensuring that you receive the most up-to-date and relevant content. Additionally, through our partnership with Coursera Career Academy, you will benefit from a curated selection of supplementary resources that enhance your learning experience.

You will have the opportunity to attempt the ISC2 CC Certification Exam for free, and upon successful completion of all assessments from Coursera, you will also be awarded the IBM and ISC2 Cybersecurity Specialist Professional Certificate.

Course Details

By the completion of this course, successful learners will be able to:

• Understand security principles, including the risk management process, security controls, governance processes and the ISC2 Code of Ethics
• Understand business continuity, disaster recovery and incident response concepts
• Understand access control concepts, including physical and logical access controls
• Understand Network Security, including network threats and attacks, and network security infrastructure
• Understand Security Operations, including data security, system hardening, security policies and security awareness training

Topics:

Domain 1: Security Principles

1.1 - Understand the security concepts of information assurance

• Confidentiality
• Integrity
• Availability
• Authentication (e.g., methods of authentication, multi-factor authentication (MFA))
• Non-repudiation
• Privacy

1.2 - Understand the risk management process

• Risk management (e.g., risk priorities, risk tolerance)
• Risk identification, assessment and treatment

1.3 - Understand security controls

• Technical controls
• Administrative controls
• Physical controls

1.4 - Understand ISC2 Code of Ethics

• Professional code of conduct

1.5 - Understand governance processes

• Policies
• Procedures
• Standards
• Regulations and laws

Domain 2: Business Continuity (BC), Disaster Recovery (DR) and Incident Response Concepts

2.1 - Understand business continuity (BC)

• Purpose
• Importance
• Components

2.2 - Understand disaster recovery (DR)

• Purpose
• Importance
• Components

2.3 - Understand incident response

• Purpose
• Importance
• Components

Domain 3: Access Controls Concepts

3.1 - Understand physical access controls

• Physical security controls (e.g., badge systems, gate entry, environmental design)
• Monitoring (e.g., security guards, closed-circuit television (CCTV), alarm systems, logs)
• Authorized versus unauthorized personnel

3.2 - Understand logical access controls

• Principle of least privilege
• Segregation of duties
• Discretionary access control (DAC)
• Mandatory access control (MAC)
• Role-based access control (RBAC)

Domain 4: Network Security

4.1 - Understand computer networking

• Networks (e.g., Open Systems Interconnection (OSI) model, Transmission Control Protocol/Internet Protocol (TCP/IP) model, Internet Protocol version 4 (IPv4), Internet Protocol version 6 (IPv6), WiFi)
• Ports
• Applications

4.2 - Understand network threats and attacks

• Types of threats (e.g., distributed denial-of-service (DDoS), virus, worm, Trojan, man-in-the-middle (MITM), side-channel)
• Identification (e.g., intrusion detection system (IDS), host-based intrusion detection system (HIDS), network intrusion detection system (NIDS))
• Prevention (e.g., antivirus, scans, firewalls, intrusion prevention system (IPS))

4.3 - Understand network security infrastructure

• On-premises (e.g., power, data center/closets, Heating, Ventilation, and Air Conditioning (HVAC), environmental, fire suppression, redundancy, memorandum of understanding (MOU)/memorandum of agreement (MOA))
• Design (e.g., network segmentation (demilitarized zone (DMZ), virtual local area network (VLAN), virtual private network (VPN), micro-segmentation), defence in depth, Network Access Control (NAC) (segmentation for embedded systems, Internet of Things (IoT))
• Cloud (e.g., service-level agreement (SLA), managed service provider (MSP), Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS), hybrid)

Domain 5: Security Operations

5.1 - Understand data security

• Encryption (e.g., symmetric, asymmetric, hashing)
• Data handling (e.g., destruction, retention, classification, labelling)
• Logging and monitoring security events

5.2 - Understand system hardening

• Configuration management (e.g., baselines, updates, patches)

5.3 - Understand best practice security policies

• Data handling policy
• Password policy
• Acceptable Use Policy (AUP)
• Bring your own device (BYOD) policy
• Change management policy (e.g., documentation, approval, rollback)
• Privacy policy

5.4 - Understand security awareness training

• Purpose/concepts (e.g., social engineering, password protection)