Certified Security Leadership Officer

The Certified Security Leadership Officer 5 day instructor-led course is designed to give management an essential understanding of current security issues, best practices, and technology. Because a C)SLO understands security, he or she is prepared to manage the security component of a business and its information technology security projects. A C)SLO can be seen as the bridge between those who understand security and those who don`t. These skills can be put to use the day the a C)SLO returns to work.

Essentials topics covered in this management track include:

Network Fundamentals and Applications, Hardware Architecture, Information Assurance Foundations, Computer Security Policies, Contingency and Continuity Planning, Business Impact Analysis, Incident Handling, Architectural Approaches to Defense in Depth, Cyber Attacks, Vulnerability Assessment and Management, Security Policies, Web Security, Offensive and Defensive Information Warfare, culminating with Management Practicum.

The National Security Agency has validated the C)SLO for the following security standard:

CNSSI-4014: Information Assurance Training Standard for Information Systems Security Officers.

Upon Completion

Students will:

• Have knowledge to understand current security issues
• Have knowledge to manage security component of projects
• Be ready to sit for the C)SLO Exam

With 30 up-to-date Modules, the Certified Security Leadership Officer will teach you security best practices applicable to keeping the information you are entrusted secure and how to respond in the toughest situations.

Module 1: Wireless Networks 802.11

• Overview
• Airborne Viruses
• Types of Wireless
• Standards Comparison
• Wireless Network Topologies
• SSID (Service Set Identity)
• Wireless Technologies: Service Set ID
• Securing and Protecting Wireless Best Practices
• Typical Wired/Wireless Network
• 802.1X: EAP Types
• EAP Advantages/Disadvantages
• EAP/TLS Deployment
• New Age Protection
• New Age Protection
• Wireless Security Technologies
• MAC Filtering
• Wired Equivalent Privacy
• Wireless Technologies: WEP
• XOR: Basics
• How WPA improves on WEP
• How WPA improves on WEP
• TKIP
• 802.11i: WPA2
• WPA and WPA2 Mode Types
• WPA-PSK Encryption
• LEAP
• Wireless Security Weaknesses
• Weak IV Packets
• WEP Weaknesses
• The WPA MIC Vulnerability
• LEAP Weaknesses
• Wireless Threats
• NetStumbler
• Tool: Kismet
• Analysis Tool: OmniPeek Personal
• Omni Peek Console
• Tool: Aircrack-ng Suite
• Tool: Airodump-ng
• Tool: Aireplay
• DOS: Deauth/disassociate attack
• Tool: Aircrack
• Aircrack for Windows
• Attacking WEP
• Attacking WPA
• coWPAtty
• Exploiting Cisco LEAP
• asleap
• WiFiZoo
• Wesside-ng
• Review

Module 2: Access Control

• Role of Access Control
• Layers of Access Control
• Access Control Mechanism Examples
• Access Control Characteristics
• Preventive Control Types
• Control Combinations
• Models for Access
• Discretionary Access Control Model
• Enforcing a DAC Policy
• Mandatory Access Control Model
• MAC Enforcement Mechanism: Labels
• Where Are They Used?
• MAC Versus DAC
• Role-Based Access Control (RBAC)
• Acquiring Rights and Permissions
• Rule-Based Access Control
• Access Control Matrix
• Access Control Administration
• Access Control Mechanisms in Use Today
• Strong Authentication
• Memory Cards
• Smart Card
• Administrating Access Control
• Accountability and Access Control
• Trusted Path
• Access Criteria
• Fraud Controls
• Thin Clients
• Administrative Controls
• Controlling Access to Sensitive Data
• Other Ways of Controlling Access
• Technical Access Controls
• Physical Access Controls
• Accountability
• IDS
• Network IDS Sensors
• Types of IDSs
• Behavior-Based IDS
• IDS Response Mechanisms
• Trapping an Intruder
• Access Control Methods
• Remote Centralized Administration
• RADIUS Characteristics
• RADIUS
• TACACS+ Characteristics
• Diameter Characteristics
• Decentralized Access Control Administration
• Biometrics Technology
• Biometrics Enrolment Process
• Downfalls to Biometric Use
• Biometrics Error Types
• Crossover Error Rate (CER)
• Biometric System Types
• Passwords
• Password “Shoulds”
• Password Attacks
• Countermeasures for Password Cracking
• Cognitive Passwords
• One-Time Password Authentication
• Synchronous Token
• Asynchronous Token Device
• Cryptographic Keys
• Passphrase Authentication
• Definitions
• More Definitions
• Single Sign-on Technology
• Different Technologies
• Scripts as a Single Sign-on Technology
• Directory Services as a Single Sign-on Technology
• Kerberos as a Single Sign-on Technology
• Kerberos Components Working Together
• More Components of Kerberos
• Kerberos Authentication Steps
• Tickets
• Why Go Through All of this Trouble?
• Issues Pertaining to Kerberos
• SESAME as a Single Sign-on Technology
• SESAME Steps for Authentication

Module 3: Computer Forensics and Legalities

• Lesson Objectives
• The Legal System
• State Law & Criminal Incidents
• Federal of laws
• US Title 18: Fraud Criminal Codes
• Case study: Criminal Incidents
• Case Study: Criminal Incidents
• Case study: Criminal Incidents
• Criminal Incidents
• International Legal Treaties and Orgs
• Civil Incidents
• Criminal Incidents

Module 4: Cryptography Applications

• Digital Certificates
• What Do You Do with a Certificate?
• Components of PKI: Repository and CRLs
• PGP
• Digital Signatures: PGP
• IPSEC
• IPSec Network Layer Protection
• IPSec Key Management
• IPSec Handshaking Process
• IPSec Is a Suite of Protocols
• IPSec Modes of Operation
• IPSec
• PKI
• Public Key Infrastructure
• Why Do We Need a PKI?
• PKI and Its Components
• Let`s Walk Through an Example
• Public Key Infrastructure
• Asymmetric Encryption
• Public Key Cryptography Advantages
• Symmetric versus Asymmetric
• SSL/TLS
• PPP
• VPN
• Site-to-Site VPN
• www.facebook.com
• Others From Around the World
• Identity Theft and Social Media

Module 5: Cryptography Algorithms and Concepts

• Symmetric Cipher: AES
• Crack Times
• Crypto and Password Recovery Concepts
• Crypto Attacks
• Caesar Cipher Example
• Polyalphabetic Substitution
• Ways of Breaking Cryptosystems—Brute Force
• Attacks on Cryptosystems
• Encryption
• Cryptographic Definitions
• SSH
• Attack Vectors
• More Attacks (Cryptanalysis)
• Type of Symmetric Cipher: Stream Cipher
• Characteristics of Strong Algorithms
• Block Cipher Modes: CBC
• Implementation
• Block Cipher Modes: CFB and OFB
• DES
• Symmetric Ciphers We Will Dive Into
• Symmetric Algorithm Examples
• Symmetric Algorithms: DES
• Evolution of DES
• Different Modes of Block Ciphers: ECB
• Other Symmetric Algorithms
• Symmetric Encryption
• Symmetric Encryption
• Symmetric Downfalls
• Symmetric Algorithms
• SSL/TLS
• ECC
• Quantum Cryptography
• Asymmetric Algorithm Examples
• Asymmetric Algorithms We Will Dive Into
• Asymmetric Algorithm: RSA
• U.S. Government Standard
• Asymmetric Encryption

Module 6: Key Management

• Using the Algorithm Types Together
• Hybrid Encryption
• Strength of a Cryptosystem
• Symmetric Key Management Issue
• Now What?
• Key Management
• IPSec Key Management
• Key Issues Within IPSec
• OPSEC
• OPSEC
• Types of Ciphers Used Today
• Type of Symmetric Cipher: Block Cipher
• S-Boxes Used in Block Ciphers
• Type of Symmetric Cipher: Stream Cipher
• Encryption Process
• Symmetric Characteristics
• Strength of a Stream Cipher
• Let`s Dive in Deeper
• Block Cipher Modes: CFB and OFB
• Implementation
• Attack Vectors
• More Attacks (Cryptanalysis)
• ROT: 13
• ROT: 13
• MD5 Collision Creates Rogue Certificate Authority
• SSL/TLS
• SSL Connection Setup
• SSL Hybrid Encryption
• SSH
• XOR

Module 7: Cryptosystems

• Introduction
• Encryption
• Cryptographic Definitions
• Encryption Algorithm
• Implementation
• Hashing
• Common Hash Algorithms
• Birthday Attack
• Example of a Birthday Attack
• Generic Hash Demo
• Instructor Demonstration
• Security Issues in Hashing
• Hash Collisions
• MD5 Collision Creates Rogue Certificate Authority
• Digital Signatures
• Asymmetric Encryption
• Public Key Cryptography Advantages
• Asymmetric Algorithm Disadvantages
• Asymmetric Algorithm Examples
• Symmetric Encryption
• Symmetric Encryption
• Symmetric Downfalls
• Symmetric Algorithms
• Crack Times

Module 8: Digital Acquisition

• Digital Acquisition Copy: Original
• Digital Acquisition: Duplication
• Digital Acquisition Procedures
• DC3 Operations
• DCFL Terabytes, Time, & Totals
• Digital Forensic Analysis Tools
• Forensic Toolkit (FTK)™
• EnCase™
• I-Look Investigator™
• ProDiscover DFT™

Module 9: Domain Name Registration

• DNR Overview
• Network Service: DNS
• Countermeasure: DNS Zone Transfers
• Cache Poisoning
• What is DNS spoofing?
• Tools: DNS Spoofing
• Active Sniffing Methods
• ARP Cache Poisoning
• ARP Normal Operation
• ARP Cache Poisoning
• ARP Cache Poisoning (Linux)
• Countermeasures
• Cybersquatting
• Domain Hijacking
• Host Names
• Hierarchy
• Host Table
• Nslookup
• DNS Databases
• Using Nslookup
• Dig for Unix / Linux
• Protecting Domain Names
• (Mis)Uses of Host Tables

Module 10: Disaster Recovery and Business Continuity Planning

• Business Continuity Objectives
• Pieces of the BCP
• Where Do We Start?
• Why Is BCP a Hard Sell to Management?
• Agenda
• Plan Development Delegated to a Committee
• BCP Risk Analysis
• How to Identify the Most Critical Company Functions
• Interdependencies
• Identifying Functions` Resources
• How Long Can the Company Be Without These
• Resources?
• Preventative Measures
• What Items Need to Be Considered?
• Proper Planning
• Executive Succession Planning
• Identify Vulnerabilities and Threats
• Categories
• Loss Criteria
• Agenda
• Disk Shadowing
• Backing Up Over Telecommunication
• Serial Lines
• HSM
• SAN
• Co-Location
• Agenda
• Facility Backups: Hot Site
• Facility Backups: Warm Site
• Facility Backups: Cold Site
• Compatibility Issues with Offsite Facility
• Which Do We Use?
• Choosing Offsite Services
• Subscription Costs
• Choosing Site Location
• Other Offsite Approaches
• Agenda
• Results from the BIA
• Now What?
• Priorities
• Plan Objectives
• Defining Roles
• Environment
• Operational Planning
• Preventive Measures
• Emergency Response
• Recovery
• Return to Normal Operations
• Reviewing Insurance
• When Is the Danger Over?
• Now What?
• Testing and Drills
• Types of Tests to Choose From
• What Is Success?
• BCP Plans Commonly and Quickly
• Become Out of Date
• Phases of Plan
• Who Is Ready?
• Review

Module 11: Endpoint Security

• 3rd Party Applications
• Anti-Virus Limitations
• Browser Defense
• SSL/TLS
• SSL Connection Setup
• SSL Hybrid Encryption
• SSH
• IPSec: Network Layer Protection
• IPSec
• IPSec
• Public Key Infrastructure
• Quantum Cryptography
• Endpoint Whitelist
• Firewalls, IDS and IPS
• Firewall: First line of defense
• IDS: Second line of defense
• IPS: Last line of defense?
• Firewalls
• Firewall Types: (1) Packet Filtering
• Firewall Types: (2) Proxy Firewalls
• Firewall Types: Circuit-Level Proxy Firewall
• Type of Circuit-Level Proxy: SOCKS
• Firewall Types: Application-Layer Proxy
• Firewall Types: (3) Stateful
• Firewall Types: (4) Dynamic Packet-Filtering
• Firewall Types: (5) Kernel Proxies
• Firewall Placement
• Firewall Architecture Types: Screened Host
• Risks of Portable Devices

Module 12: Honeypots, Honeynets, Honeytokens, Tarpits, oh my

• Benefits and Drawbacks
• Honeypots Defined
• Legal Issues
• Trying to Trap the Bad Guy
• Companies Can Be Found Liable
• Technologies
• Incident Handling and the Legal System
• Chain of Custody
• Digital Evidence Collection Objectives
• Evidence Collection & Incident Assessment
• Identifying an Incident
• Steps to handling an Incident
• Digital Incident Assessment
• Incident Response Checklist
• Responding to An Incident
• Suggested Guidelines for Securing Digital Evidence
• Secure Digital Evidence
• Common Incident Handling Mistakes
• Securing Digital Evidence Procedure
• Chain of Custody
• Potential Digital Evidence
• Search and Seizure
• Incident/Equipment Location
• Available Response Resources
• Securing Digital Evidence
• Digital Evidence Presentation
• The Best Evidence Rule
• Duplication and Recordings, Evidence Law

Module 13: IP Terms and Concepts

• OSI: Application Layer
• Devices Work at Different Layers
• Network Devices: Gateway
• Data Encapsulation
• Protocols: ICMP
• Dial-Up Protocol: SLIP
• Dial-Up Protocol: PPP
• WAN Technologies Are Circuit
• or Packet Switched
• Packets
• Frame
• Protocols: ICMP
• Port and Protocol Relationship
• Example Packet Sniffers
• Tool: Wireshark
• Tool: OmniPeek
• Sniffer Detection using Cain & Abel
• Network Protocol
• Network Protocol
• Protocols
• UDP versus TCP
• Port and Protocol Relationship
• An Older Model
• TCP/IP Suite
• Traceroute Operation
• Traceroute (cont.)
• Other Traceroute Tools
• IP
• Method: Ping

Module 14: Logging

• syslog
• Events

Module 15: Malicious Software

• Malware
• Types of Malware
• Distributing Malware
• Malware Capabilities
• Auto Starting Malware
• Countermeasure: Monitoring Auto-start Methods
• Malicious Browser Content
• Malware Defense Techniques
• Spy Sweeper Enterprise
• CM Tool: Port Monitoring Software
• CM Tools: File Protection Software
• CM Tool: Windows File Protection
• CM Tool: Windows Software
• Restriction Policies
• Company Surveillance Software
• CM Tool: Hardware-based Malware
• Detectors
• Countermeasure: User Education
• Propagation Techniques
• Trojan Horse Characteristics
• Trojan Horses
• Executable Wrappers
• Benign EXE`s Historically Wrapped with Trojans
• The Infectious CD-Rom Technique
• Trojan: Backdoor.Zombam.B
• Trojan: JPEG GDI+
• All in One Remote Exploit
• Advanced Trojans: Avoiding Detection
• BPMTK
• Virus Types
• Types of Malware Cont...
• Types of Viruses
• Worm Characteristics

Module 16: Managing Security Policy

• Approach to Security Management
• Policy Types
• Policies with Different Goals
• Industry Best Practice Standards
• Components that Support the Security Policy
• Senior Management`s Role in Security
• Security Roles
• Information Classification
• Information Classification Criteria
• Declassifying Information
• Types of Classification Levels
• Information Classification
• Issue Specific Policy
• Policy Assessment
• Policy Benefits
• Policy Development Tools
• Security Posture and Culture

Module 17: Methods of Attack

• Enumeration Overview
• DNS Enumeration
• Backtrack DNS Enumeration
• SNMP Enumeration Tools
• SNMP Enumeration Countermeasures
• Active Directory Enumeration
• AD Enumeration countermeasures
• Hacking Tool: RootKit
• Windows RootKit Countermeasures
• Advanced Trojans: Avoiding Detection
• Benign EXE`s Historically Wrapped with Trojans
• Google and Query Operators
• Google (cont.)
• SPUD: Google API Utility Tool
• Goolag
• Denial of Service
• Denial of Service
• Threat Methodologies (STRIDE)
• DDoS Issues
• DDoS
• Buffer Overflow Definition
• Overflow Illustration
• Buffer OverFlows
• Phishing
• Spear Phishing
• E-Mail Links
• Logic Bomb
• Duronio Case
• Attacks
• Man-in-the Middle
• Replay Attack
• SPAM and e-mail Flooding

Module 18: Mitnick-Shimomura

• IP Address Spoofing
• TCP
• DoS

Module 19: Physical Security

• Physical Security
• Physical Security Checklist
• Physical Security Checklist
• Items of Interest
• Physical Controls
• Physical Access
• Tool Kit: Picks
• Tool Kit: Snap Gun
• Tool Kit: Electric Pick
• Bump Keying
• Lock Picking Countermeasures
• Controlling Access
• Agenda
• Facility Attributes
• Electrical Power
• Problems with Steady Power Current
• Power Interference
• Power Preventive Measures
• Fire Prevention
• Automatic Detector Mechanisms
• Fire Detection
• Fire Types
• Suppression Methods
• Fire Suppression
• Fire Extinguishers

Module 20: Risk Management & Security Frameworks

• Overview
• IT Governance Best Practices
• IT Risk Management
• Types of Risks
• Risk Management
• Information Security Risk Evaluation
• Information Security Risk Evaluation
• Improving Security Posture
• Risk Evaluation Activities
• Risk Assessment
• Information Gathering
• Information Gathering
• Data Classification
• Threats and Vulnerabilities
• Analytical Methods
• Evaluate Controls
• Evaluate Controls
• Risk Ratings
• Important Risk Assessment Practices
• Review
• Security Incentives & Motivations
• Security Incentives & Attack Motivations
• Risk Management II
• What is Your Weakest Link?
• What Is the Value of an Asset?
• Examples of Some Vulnerabilities that Are
• Not Always Obvious
• Categorizing Risks
• Some Examples of Types of Losses
• Different Approaches to Analyzing Risks
• Who Uses What Analysis Type?
• Qualitative Analysis Steps
• Quantitative Analysis
• Can a Purely Quantitative Analysis Be Accomplished?
• Comparing Cost and Benefit
• Cost of a Countermeasure
• Security Frameworks & Compliance
• ISO 27002
• ISO 27002: Control Components
• Review

Module 21: Security and Organizational Structure

• Capacity Analysis
• Employee Discipline and Termination
• Employee Performance
• Employee Retention
• Filling Positions
• Conflicts of Interest

Module 22: Security Awareness

• Security Awareness Program
• 4 steps
• 3 Common Training Models
• Security Awareness Goals
• Role of metrics
• Steps to develop a metrics program

Module 23: Steganography

• Crypto and Password Recovery Background
• Steganalysis
• Steganography Methods
• Injection
• Substitution
• File Generation

Module 24: The Intelligent Network: Unified Threat Management (UTM)

• UTM product criteria}Firewalls, IDS and IPSFirewall: First line of defense
• IDS: Second line of defense
• IPS: Last line of defense?
• Firewalls
• Firewall Types: (1) Packet Filtering
• Firewall Types: (2) Proxy Firewalls
• Firewall Types: Circuit-Level Proxy Firewall
• DDoS Issues
• HIPS
• HIPS
• Unified Threat Management
• Unified Threat Management
• Virtualization: Type 1
• Type 1 Examples
• Virtualization: Type 2
• Type 2 Examples

Module 25: Network Infrastructure

• Wikto Web Assessment Tool
• Agenda
• Network Topologies: Physical Layer
• Network Topologies: Mesh
• Summary of Topologies
• Wireless Technologies: War Driving
• TCP Model
• TCP/IP Suite
• OSI Model
• OSI: Application Layer
• OSI: Presentation Layer
• OSI: Session Layer
• OSI: Transport Layer
• OSI: Network Layer
• OSI: Data Link
• OSI: Physical Layer
• Wide Area Network Technologies
• Voice Over IP
• VLAN
• Network Segmentation

Module 26: Vulnerability Assessment: Outside View

• Basic Hacker Process
• Potential Threats, Vulnerabilities, & Risks
• What is a Penetration Test
• Types of Penetration Testing
• Vulnerability Assessment vs Pentest
• “Hacking-life-cycle”: a Methodology
• Methodology for Penetration
• Testing / Ethical Hacking
• Hacker vs. Penetration Tester
• Not Just Tools
• Exploitation Tools vs. Vulnerability Scanners
• Vulnerability Scanners
• Nessus
• Nessus Report
• SAINT
• SAINT: Sample Report
• Tool: Retina
• Qualys Guard
• Tool: LANguard
• Number of Exploitable Vulnerabilities from NVD Detected
• Scan Process Best Practices
• Inside, outside and user view
• Manager`s Role in Remediation
• Risks of non-Remediation
• Pentesting in Vulnerability Management
• Scanning Techniques
• Threat Concerns
• Threat Vectors
• War Dialing

Module 27: Vulnerability Management: Inside view

• Inside view, tools, approach
• cisecurity.org
• SP 800-40 Version 2.0

Module 28: Vulnerability Management: User View

• Peer to Peer Networks
• P2P Cautions
• Instant Messaging
• IM issues
• Social engineering

Module 29: Web Communications

• CGI
• Wikto Web Assessment Tool
• OWASP Top 10 for 2010
• Reflected Cross Site Scripting Illustrated
• IIS Directory Traversal
• Injection Flaws
• SQL Injection
• Cookies
• HTTP
• HTTPS
• FTP

Module 30: Wireless and Bluetooth Contrast

• Bluetooth Attacks
• Cabir Infection
• Bluetooth Defenses
• Bluetooth & Wireless Comparison
• Bluetooth & Wireless Comparison

• One year of IT Employment
• OR C)ISSO: Information Systems Security Officer

The C)SLO is a course on cyber security designed for those who want to lead. If you are currently in charge of a company's security or are preparing to be a leader in the near future, the Certified Security Leadership Officer course and certification will prepare you to excel in your responsibilities.

After you complete the C)SLO course and get certified, we recommend you to further develop your security skillset by being certified as a C)IHE: Certified Incident Handling Engineer, which will prepare you to handle the toughest security situations effectively.

Who should attend:

• IT Employees
• IT Management