Skip To Content
NICF - Cisco CCNA Cyber Ops Part 2: Implementing Cisco Cybersecurity Operations (SECOPS) is a Program

NICF - Cisco CCNA Cyber Ops Part 2: Implementing Cisco Cybersecurity Operations (SECOPS)

Self-paced

Sorry! The enrollment period is currently closed. Please check back soon.

Full program description

NICF - Cisco CCNA Cyber Ops Part 2: Implementing Cisco Cybersecurity Operations (SECOPS)

What's In It For Me

  • Begin a career in the rapidly growing area of cybersecurity operations at the Associate level, working in or with a security operations center (SOC).
  • Gain the foundational knowledge and skills to prepare for more advanced job roles in Cybersecurity Operations, working with Security Operations team.
  • Gain a basic understanding of how a SOC team detects and responds to security incidents, and how they protect their organizations information from modern threats.
  • Understand further how modern organizations are dealing with detecting and responding to cybercrime, cyberespionage, insider threats, advanced persistent threats, regulatory requirements, and other cybersecurity issues facing their organizations and their customers.

Course Overview

This course is scheduled for launch in Q2 2018 Q3 2018. To express your interest in this course, please fill up our form at https://www.surveymonkey.com/r/6MBPSFV. We will contact you when we get closer to course launch date.

Cybersecurity operations jobs play a key part of securing information systems through the monitoring, detecting, investigating, analyzing, and responding to security events, thus protecting systems from cybersecurity risks, threats, and vulnerabilities.

Cybersecurity operations jobs are also among the fastest-growing roles in IT, as organizations set up security operations centers (SOCs), and establish teams to monitor and respond to security incidents.

Industry studies show that the average time to detect a cybersecurity breach is measured in months, even as the number and cost of security breaches continue to rise, as do regulatory penalties for organizations suffering a data breach. Facing mounting challenges from cybercrime, cyberespionage, insider threats, and advanced persistent threats, organizations are establishing SOC teams of security professionals who can monitor, detect, and respond rapidly to security incidents before they cause damage.

The CCNA Cyber Ops certification program provides a valuable first step in acquiring the knowledge and skills needed to work with a SOC team, and can be a valuable part of beginning a career in the exciting and growing field of cybersecurity operations.

Because static/fixed security controls cannot catch 100 percent of cybersecurity threats and issues, SOC teams provide a critical part of an organization’s protection—investigating information security threats, and detecting and responding to incidents in real-time. Due to the increased number of cybersecurity related jobs, organizations continue to struggle with finding or developing cybersecurity talent, and are paying a premium for qualified individuals who can fill those roles.

The Cisco CCNA Cyber Ops certification program provides practical, relevant, and job-ready certification curricula aligned closely with the specific tasks expected of these in-demand professionals. Cisco realizes that Security Operations Center (SOC) Analyst increasingly must focus on design, configuration, and support responsibilities as the technical consultant and device specialist or expert on a security team. Therefore, the Cisco Security curriculum is specific to the best practices of network security administrators, engineers, and experts using the latest Cisco equipment, devices, and appliances.

Earn the CCNA Cyber Ops certification to gain the skills and knowledge needed to begin a career in cybersecurity operations, addressing cybersecurity threats that enterprises are faced with on a daily basis. Candidates will learn how to detect and respond to security threats using the latest technology.

How you benefit?

  • Begin a career in the rapidly growing area of cybersecurity operations at the Associate level, working in or with a security operations center (SOC)
  • Gain the foundational knowledge and skills to prepare for more advanced job roles in Cybersecurity Operations, working with Security Operations team
  • Gain a basic understanding of how a SOC team detects and responds to security incidents, and how they protect their organization’s information from modern threats
  • Understand further how modern organizations are dealing with detecting and responding to cybercrime, cyberespionage, insider threats, advanced persistent threats, regulatory requirements, and other cybersecurity issues facing their organizations and their customers

Course Duration

5 Days

Course Outline

Threat Analysis and Computer Forensics

Threat Analysis

  • What Is the CIA Triad: Confidentiality, Integrity, and Availability?
    • Confidentiality
    • Integrity
    • Availability
  • Threat Modeling
  • Defining and Analyzing the Attack Vector
  • Understanding the Attack Complexity
  • Privileges and User Interaction
  • The Attack Scope

Forensics

  • Introduction to Cybersecurity Forensics
  • The Role of Attribution in a Cybersecurity Investigation
  • The Use of Digital Evidence
    • Defining Digital Forensic Evidence
    • Understanding Best, Corroborating, and Indirect or Circumstantial Evidence
    • Collecting Evidence from Endpoints and Servers
    • Collecting Evidence from Mobile Devices
    • Collecting Evidence from Network Infrastructure Devices
    • Chain of Custody
  • Fundamentals of Microsoft Windows Forensics
    • Processes, Threads, and Services
    • Memory Management
  • Windows Registry
    • The Windows File System
    • FAT
    • NTFS
  • Fundamentals of Linux Forensics
    • Linux Processes
    • Ext4
    • Journaling
    • Linux MBR and Swap File System

Network Intrusion Analysis

Fundamentals of Intrusion Analysis

  • Common Artifact Elements and Sources of Security Events
    • False Positives, False Negatives, True Positives, and True Negatives
  • Understanding Regular Expressions
  • Protocols, Protocol Headers, and Intrusion Analysis
  • Using Packet Captures for Intrusion Analysis
    • Mapping Security Event Types to Source Technologies

NetFlow for Cybersecurity

  • Introduction to NetFlow
    • What Is a Flow in NetFlow?
    • The NetFlow Cache
  • NetFlow Versions
    • Cisco Flexible NetFlow
    • Flexible NetFlow Records
    • Flow Monitors
    • Flow Exporters
    • Flow Samplers
    • Flexible NetFlow Configuration
    • Configure a Flow Record
    • Configuring a Flow Monitor for IPv4 or IPv6
    • Configuring a Flow Exporter for the Flow Monitor
    • Applying a Flow Monitor to an Interface
  • IPFIX
    • IPFIX Architecture
    • IPFIX Mediators
    • IPFIX Templates
    • Option Templates
    • Introduction to the Stream Control Transmission Protocol (SCTP)
    • NetFlow and IPFIX Comparison
  • NetFlow for Cybersecurity and Incident Response
    • NetFlow as an Anomaly Detection Tool
    • Incident Response and Network Security Forensics
    • Using NetFlow for Data Leak Detection and Prevention
  • NetFlow Analysis Tools
    • Commercial NetFlow Analysis Tools
    • Cisco’s Lancope StealthWatch Solution
    • Plixer’s Scrutinizer
    • Open Source NetFlow Monitoring and Analysis Software Packages

Incident Response

Introduction to Incident Response and the Incident Handling Process

  • Introduction to Incident Response
    • What Are Events and Incidents?
  • The Incident Response Plan
  • The Incident Response Process
    • The Preparation Phase
    • The Detection and Analysis Phase
    • Containment, Eradication, and Recovery
    • Post-Incident Activity (Postmortem)
  • Information Sharing and Coordination
  • Incident Response Team Structure
  • The Vocabulary for Event Recording and Incident Sharing (VERIS)

Incident Response Teams

  • Computer Security Incident Response Teams (CSIRTs)
  • Product Security Incident Response Teams (PSIRTs)
    • Security Vulnerabilities and Their Severity
    • Vulnerability Chaining Role in Fixing Prioritization
    • Fixing Theoretical Vulnerabilities
    • Internally Versus Externally Found Vulnerabilities
  • National CSIRTs and Computer Emergency Response Teams (CERTs)
  • Coordination Centers
  • Incident Response Providers and Managed Security Service Providers (MSSPs)

Compliance Frameworks

  • Payment Card Industry Data Security Standard (PCI DSS)
    • PCI DSS Data
  • Health Insurance Portability and Accountability Act (HIPAA)
    • HIPAA Security Rule
    • HIPAA Safeguards
  • Sarbanes-Oxley (SOX)
    • Section 302
    • Section 404
    • Section 409

Network and Host Profiling

  • Network Profiling
    • Throughput
    • Used Ports
    • Session Duration
    • Critical Asset Address Space
  • Host Profiling
    • Listening Ports
    • Logged-in Users/Service Accounts
    • Running Processes
    • Applications

Data and Event Analysis

The Art of Data and Event Analysis

  • Normalizing Data
    • Interpreting Common Data Values into a Universal Format
  • Using the 5-Tuple Correlation to Respond to Security Incidents
  • Retrospective Analysis and Identifying Malicious Files
    • Identifying a Malicious File
  • Mapping Threat Intelligence with DNS and Other Artifacts
  • Deterministic Versus Probabilistic Analysis

Incident Handling

Intrusion Event Categories

  • Diamond Model of Intrusion
  • Cyber Kill Chain Model
    • Reconnaissance
    • Weaponization
    • Delivery
    • Exploitation
    • Installation
    • Command and Control
    • Action and Objectives

Additional Note

Job Roles:

  • Security Operations Center (SOC) Analyst (Associate/Beginning Level)
  • Job roles requiring knowledge of basic cybersecurity technologies and principles

Price

NICF106