Skip to content

Latest commit

 

History

History
28 lines (21 loc) · 2.35 KB

Most essential topics.md

File metadata and controls

28 lines (21 loc) · 2.35 KB

Know These Essential Topics:

  • ISC2 Code of Ethics 4 Canons

  • CIA triad, IAAA, privacy, non-repudiation, and what attacks/controls are associated with each.

  • Know authentication types and what is associated with them. 1- Something you know, 2- Something you have, 3- Something you are. Know MFA and what authentication methods count as MFA (should be two or more distinct types of authentication)

  • Governance: Regulations, Standards, Policies, Procedures, Guidelines. Know what is mandatory and not. Know who creates what. Know PII, PHI, HIPAA, PCI-DSS, and GDPR.

  • Know ciphertext & plaintext, hashing, digital signatures, symmetric/asymmetric encryption, and public/private keys.

  • All types of cyberattacks (watch professor messer sec+ videos for this). Know which part(s) of the CIA triad is compromised in the attacks. Know social engineering (phishing, spear phishing, whaling, smishing, vishing).

  • Defense in Depth, Segregation of Duties, Least Privilege

  • Access Controls (DAC, MAC, RBAC, ABAC) and their advantages/disadvantages

  • Administrative, Technical, and especially your Physical controls.

  • Preventative, Corrective, Detective, Detterent, Recovery, and Compensating control types

  • Network Devices (Router, Switch, Firewall, IPS/IDS, NIDS/HIDS, SIEM/SOAR, CASB, VLAN, VPN, DMZ, NAC, Client, Server, etc.). Know IPV4 vs IPV6. Know to segment and isolate vulnerable IoT devices and what is microsegmentation.

  • Memorize OSI Model, how many layers, and what protocols/devices are in each layer. Know what data is called in different layers (bits, frames, packets, segments). Know TCP/IP as well.

  • IR (especially the steps), BCP, DRP what their purpose is, and what is in each of these. Know risk identification, assessment, and treatment (avoid, mitigate, transfer, accept).

  • Hardening and Configuration Management, Patch Management, Change Management, and components in each.

  • AUP, Password Policy, BYOD

  • Data Lifecycle and Destruction methods. Know classification vs labeling. Data retention.

  • Cloud models (IAAS, PAAS, SAAS), Cloud characteristics. Know what is a Public, Private, Hybrid, and Community cloud. Know what is an MSP. Know MOU/MOA and SLA.

  • Hot, Warm, Cold, Sites. Data backup types (full, differential incremental), and how to create redundancy.

  • Know the difference between environmental, natural, and manmade.

Hope this helped you out and good luck!