Skip to content

NP558565/ISC2-CC-Cybersecurity-Study-Material

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

85 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ISC2-Certified-in-Cybersecurity

This is a cybersecurity certification that proves that an individual have the fundamental knowledge, skills and ability for an entry-level or junior-level cybersecurity role. It is ANAB accredited, ISO/IEC STANDARD 17024.

MORE ABOUT ISC2 CC

ISC2 introduced the Certified in Cybersecurity (CC) credential to cater to individuals entering the cybersecurity field, acknowledging the increasing trend of newcomers without prior IT experience. Achieving the Certified in Cybersecurity designation provides employers with the assurance that you possess a solid understanding of essential technical concepts and a proven ability to learn on the job. As an ISC2 certification, those who hold the CC benefit from the support of the world's largest network of certified cybersecurity professionals, enabling them to continuously advance their professional development and attain new accomplishments and qualifications throughout their careers.

The CC exam covers various topics, including:

  1. Security Principles
  2. Incident Response, Business Continuity (BC), and Disaster Recovery (DR) Concepts
  3. Access Controls Concepts
  4. Network Security
  5. Security Operations

The duration of this exam is 2hrs, number of items is 100 and passing grade is 700 out of 1000.

DOMAINS

Domain 1: Security Principles 1.1 - Understand the security concepts of information assurance Confidentiality Integrity Availability Authentication (e.g., methods of authentication, multi-factor authentication (MFA)) Non-repudiation Privacy 1.2 - Understand the risk management process Risk management (e.g., risk priorities, risk tolerance) Risk identification, assessment and treatment 1.3 - Understand security controls Technical controls Administrative controls Physical controls 1.4 - Understand ISC2 Code of Ethics Professional code of conduct 1.5 - Understand governance processes Policies Procedures Standards Regulations and laws

Domain 2: Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts 2.1 - Understand business continuity (BC) Purpose Importance Components 2.2 - Understand disaster recovery (DR) Purpose Importance Components 2.3 - Understand incident response Purpose Importance Components

Domain 3: Access Controls Concepts 3.1 - Understand physical access controls Physical security controls (e.g., badge systems, gate entry, environmental design) Monitoring (e.g., security guards, closed-circuit television (CCTV), alarm systems, logs) Authorized versus unauthorized personnel 3.2 - Understand logical access controls Principle of least privilege Segregation of duties Discretionary access control (DAC) Mandatory access control (MAC) Role-based access control (RBAC)

Domain 4: Network Security 4.1 - Understand computer networking Networks (e.g., Open Systems Interconnection (OSI) model, Transmission Control Protocol/Internet Protocol (TCP/IP) model, Internet Protocol version 4 (IPv4), Internet Protocol version 6 (IPv6), WiFi) Ports Applications 4.2 - Understand network threats and attacks Types of threats (e.g., distributed denial-of-service (DDoS), virus, worm, Trojan, man-in-the-middle (MITM), side-channel) Identification (e.g., intrusion detection system (IDS), host-based intrusion detection system (HIDS), network intrusion detection system (NIDS)) Prevention (e.g., antivirus, scans, firewalls, intrusion prevention system (IPS)) 4.3 - Understand network security infrastructure On-premises (e.g., power, data center/closets, Heating, Ventilation, and Air Conditioning (HVAC), environmental, fire suppression, redundancy, memorandum of understanding (MOU)/memorandum of agreement (MOA)) Design (e.g., network segmentation (demilitarized zone (DMZ), virtual local area network (VLAN), virtual private network (VPN), micro-segmentation), defense in depth, Network Access Control (NAC) (segmentation for embedded systems, Internet of Things (IoT)) Cloud (e.g., service-level agreement (SLA), managed service provider (MSP), Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS), hybrid)

Domain 5: Security Operations 5.1 - Understand data security Encryption (e.g., symmetric, asymmetric, hashing) Data handling (e.g., destruction, retention, classification, labeling) Logging and monitoring security events 5.2 - Understand system hardening Configuration management (e.g., baselines, updates, patches) 5.3 - Understand best practice security policies Data handling policy Password policy Acceptable Use Policy (AUP) Bring your own device (BYOD) policy Change management policy (e.g., documentation, approval, rollback) Privacy policy 5.4 - Understand security awareness training Purpose/concepts (e.g., social engineering, password protection) Importance.

(ISC)2 Certified in Cybersecurity

Introduction

In this entry-level cybersecurity certification, the domains included are: Security Principles, Business Continuity, Disaster Recovery & Incident Response Concepts, Access Controls Concepts, Network Security and Security Operations.

This Official (ISC)² Certified in Cybersecurity (CC) self-paced course provides a comprehensive review of information systems security concepts, industry best practices and terminology. The goal of this content is to provide students with the core knowledge necessary to be a successful entry-level cybersecurity practitioner in today’s world and review concepts outlined in the Official (ISC)² Certified in Cybersecurity (CC) Exam Outline.

Course objectives

  1. Discuss the foundational concepts of cybersecurity principles.
  2. Recognize foundational security concepts of information assurance.
  3. Define risk management terminology and summarize the process.
  4. Relate risk management to personal or professional practices.
  5. Classify types of security controls.
  6. Distinguish between policies, procedures, standards, regulations and laws.
  7. Demonstrate the relationship among governance elements.
  8. Analyze appropriate outcomes according to the canons of the (ISC)² Code of Ethics when given examples.
  9. Practice the terminology of and review security policies.
  10. Explain how organizations respond to, recover from and continue to operate during unplanned disruptions.
  11. Recall the terms and components of incident response.
  12. Summarize the components of a business continuity plan.
  13. Identify the components of disaster recovery.
  14. Practice the terminology and review concepts of business continuity, disaster recovery and incident response.
  15. Select access controls that are appropriate in a given scenario.
  16. Relate access control concepts and processes to given scenarios.
  17. Compare various physical access controls.
  18. Describe logical access controls.
  19. Practice the terminology and review concepts of access controls.
  20. Explain the concepts of network security.
  21. Recognize common networking terms and models.
  22. Identify common protocols and port and their secure counterparts.
  23. Identify types of network (cyber) threats and attacks.
  24. Discuss common tools used to identify and prevent threats.
  25. Identify common data center terminology.
  26. Recognize common cloud service terminology.
  27. Identify secure network design terminology.
  28. Practice the terminology and review concepts of network security.
  29. Explain concepts of security operations.
  30. Discuss data handling best practices.
  31. Identify key concepts of logging and monitoring.
  32. Summarize the different types of encryption and their common uses.
  33. Describe the concepts of configuration management.
  34. Explain the application of common security policies.
  35. Discuss the importance of security awareness training.
  36. Practice the terminology and review concepts of network operations.

About Certified in Cybersecurity Certification

Certified in Cybersecurity (CC) will prove to employers you have the foundational knowledge, skills and abilities necessary for an entry- or junior-level cybersecurity role. It will signal your understanding of fundamental security best practices, policies and procedures, as well as your willingness and ability to learn more and grow on the job. There are five domains covered on the exam.

  1. [Security Principles]
  2. [Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts]
  3. [Access Controls Concepts]
  4. [Network Security]
  5. [Security Operations]

Certified in Cybersecurity

Exam Blueprint

  • Chapter 1 - Security Principles (~26%)
  • Chapter 2 - Incident Response, Business Continuity and Disaster Recovery Concepts (~10%)
  • Chapter 3 - Concepts of Access Control (~22%)
  • Chapter 4 - Network Security (~24%)
  • Chapter 5 - Security Operations (~18%)

Additional Resources

In order to receive the digital badge, after passing the exam, you have to pay an AMF (Annual Maitenance Fee) worth $50 dollars and earn 45 CPEs in the next three years.

=============================================================================================

Job Summary & Responsibilities: • Collaborate closely with development teams to ensure secure coding techniques are used and kept up to date. • Ongoing security testing of our applications, cloud, microservices, and mobile. • Validate security requirements against developed applications. • Challenge the technical team and engage to enforce security practices. • Maintain an understanding and working knowledge of the latest security tools and technologies. • Verify existing systems to identify security risks and noncompliance. • Produce security reports that details the level of security assurance. • Assist in the development and maintenance of application and system security.

Qualifications: • Experience in application security and information security is required. • Knowledgeable in security principles and best practices. • Knowledge of security threats and vulnerabilities. • Experienced in security testing on web applications and mobile platforms, microservices, cloud. • Run Security tests based on security abuse cases. • Excellent problem-solving abilities and a great eye for detail. • Capable of managing oneself and working in a fast-paced environment. • Excellent written and oral communication abilities.

Skills: • Experience in one or more development languages(backend/frontend). • Excellent understanding of monolithic and microservice architecture. • Understand cloud, mobile, and associated security measures. • Knowledge of agile development and the secure development lifecycle. • Experience with APIs and web authentication technologies. • Understand CICD security controls. • Knowledge of security frameworks and best practices (OWASP top 10, CIS). • Knowledge in application security tools such as DAST, SAST, SCA,VA.