IT-Security Practitioner

IT-Security Practitioner course

Training & Exam

What will you learn?

  • Prepare for successful progression into an IT- security management role or lay the foundation for further specialization in the technical aspects of IT Security
  • Solid basis in System-, Application- and Network Security, Cryptography and Identity & Access Management
  • Most important standards, laws and regulations that have an impact on IT-security
  • Prepare for the IT Security Practitioner Exam

Information

  • 5 days of training
  • 20 hours of self study
  • Exam voucher included

About this Course

Overview

IT-Security Practitioner (ITSP) takes you deep into the pragmatics of securing an IT infrastructure. The course combines in-depth technical information security knowledge and key security management topics, preparing you for successful transition into an IT security management role. As you move along in the course, you will immerse yourself in attack trends and mitigation techniques, and you will perform hands-on assignments that ready you for accomplishing a Security Manager’s tasks. You will complete exercises in the technical domain, including security zoning, system hardening, and firewall rule construction. In addition, you will perform traditional management activities, such as developing a company-wide security framework, creating a role-based access model, and determining benchmarks for information classification. Finally, you will try your hand at penetration testing in a simulated environment.

The knowledge and skills you develop in this course ready you for the Expert level of the IT Security Certification Track, where you will develop into a competent Security Operations Centre (SOC) analyst. Those more interested in the managerial aspects and a CISO role could consider the Information Security Management Expert course as a follow up on this practitioner course.

Who should attend?

The course and the certificate are ideal for you, if you’re looking to make the transition towards an IT security management role; or if you’re planning to continue your IT security learning path all the way to becoming a Security Operations Centre (SOC) Analyst (the Expert level of the IT Security Certification Track).

What’s included?

  • 5 days of training from a senior instructor that will practice what he/ she preaches
  • Official SECO–Institute course materials
  • Practice exam
  • IT-Security Practitioner exam
  • “S-ITSP” digital Acclaim badge when you pass the exam
  • 1- year free SECO Membership

Course modules

Module 1 – Introduction to IT Security

  • Candidates are familiar with the most important IT-security concepts
  • Candidates know what components make up an IT infrastructure
  • Candidates know the most common threats associated with those components
  • Candidates are able to interpret the most common approaches to securing an IT infrastructure
  • Candidates are able to create an attack tree
  • Candidates are able to place systems/ devices in network zones

Module 2 – Laws, Regulations, Standards and Best Practises

  • Candidates demonstrate knowledge of the most important (EU and international) laws and regulations that have an impact on IT-security
  • Candidates know about the ISO 27000 series and other standards relevant to IT-security
  • Candidates are able to interpret and apply Best Practices in terms of securing IT components
  • Candidates are able to investigate what laws and regulations apply to an organization
  • Candidates can develop a (Cyber) Security Framework based on the applicable laws, regulations, standards and best practices

Module 3 – Incident Management

  • Candidates are familiar with the incident handling process and are able to reproduce an incident handling workflow
  • Candidates are familiar with the principles of incident detection and incident registration
  • Candidates are able to reproduce best practices in terms of the detection, investigation, and follow-up of security breaches
  • Candidates are able to perform triage
  • Candidates understand what steps must be taken after triage and before investigation
  • Candidates know the basics of investigating incidents (without going into the field of forensics)
  • Candidates are able to perform incident detection, incident registration and triage

Module 4 – Network Security

  • Candidates know the components of a network architecture
  • Candidates are able to make an inventory of applications and systems in the infrastructure and place services and systems in the security architecture by positioning devices (switches, routers, gateways, firewalls, etc.)
  • Candidates are familiar with intrusion detection systems and are able to perform tasks using Snort
  • Candidates are familiar with intrusion prevention systems and are able to construct firewall rules to effectuate a policy
  • Candidates are able to perform Linux and Windows hardening exercises
  • Candidates know what actions can be taken to avoid certain attacks
  • Candidates are able to perform the analysis of a Snort line

Module 5 – System Security

  • Candidates are familiar with system security planning and security planning
  • Candidates demonstrate knowledge of Linux vulnerabilities and hardening, and are able to test the security of a Linux virtual machine
  • Candidates demonstrate knowledge of the Windows security architecture, Windows vulnerabilities, and are able to test Windows security using secpol.msc

Module 6 – Application Security

  • Candidates are familiar with the most important aspects of software and software security testing
  • Candidates are able to reproduce techniques to make software more robust
  • Candidates are able to draw up statements that should be included in a patch management policy
  • Candidates are able to differentiate between bugs and design flaws
  • Candidates demonstrate knowledge of buffer overflows and the ways they can be exploited
  • Candidates are able to interpret organisational, operational and technical measures aimed at safeguarding the secure use of software, and are able to translate these measures to their own environment

Module 7 – Encryption

  • Candidates understand when and how to use crypto mechanisms to protect data in situ or in transit
  • Candidates are able to implement the encryption of both filesystems and files
  • Candidates are able to implement SSL

Module 8 – Identity & Access Management

  • Candidates demonstrate knowledge of Identity and Access Management (user identification, user authentication, access control)
  • Candidates are able to design a generic role model for applying role-based Access Control for user (groups)
  • Candidates are able to decide for what purposes they apply such open standards as OAuth, OpenID or SAML

Module 9 – Ethical Hacking

  • Candidates gain insight into the principles of (ethical) hacking
  • Candidates know how to use Burp Suite to brute-force login
  • Candidates understand how to use SQL injection to read local system files and extract data from the database
  • Candidates know how to gain a php shell through SQL injections
  • Candidates know how to create a reverse shell to gain command-line access to the server
  • Candidates know how to gain root access to the server

Mock exam

  • The last day of training you will take a test exam, followed up with an evaluation and discussion

About the exam

Exam information

  • Language: English
  • Delivered: Online via a certified proctor
  • Questions: 10 multiple choice, 5 open questions and 1 case
  • Time: 120 minutes

Why SECO-Institute?

Our courses are very hands on oriented and aimed at gaining actionable knowlegde and skills. We only work with freelance, senior instructors that spend the majority of their time as specialist in the topic. SECO- Institute instructors have gone through a scrutinous accreditation process, where they’re tested on domain expertise as well as communication- and presentation skills.

At SECO- Institute, we believe in life long learning. Once you’ve taken a training and exam you’re a member of the SECO- Community. We’ll continue to support you with invite- only webinars, templates, expert interviews and much more.

Training Schedule, Information and Registration

Find a training partner

  • Find a SECO-Institute accredited training partner in your country

Partner with us

  • Benefit from our global network, comprehensive content and certifications to increase engagement with your students

Become a trainer

  • Join the global community of SECO- Institute accredited Trainers