TICSA Training Guide

Ed Tittel is a principal at LANWrights, Inc. and a VP of IT Certifications at LANWrights' parent company, iLearning.com. Ed has more than 20 years of computer industry experience in a variety of roles. He taught on security subjects at Interop, the Internet Security Conference (tisc.mactivity.com), and Austin Community College since 1996, and specializes in Windows and Internet security topics. Ed has also written extensively on a broad range of certification topics, and follows certification for numerous Web sites and publications including Certification magazine, to which he is a contributing editor. Ed has contributed to 100-plus computer trade books, developed the Exam Cram series for Coriolis, and has penned 100s of Web and magazine articles including many on computer and network security. He serves as the series editor for the Training Guide series and Que's Exam Cram2 series. Mike Chapple serves as Chief Information Officer of the Brand Institute, a brand identity consultancy based out of Miami, Florida. He previously served as a computer security researcher with the U.S. National Security Agency, participating in the development of advanced network intrusion detection systems. Mike holds both BS and MS degrees in Computer Science and is a proud alum of the University of Notre Dame. His professional credentials include the MCP, MCSE, MCDBA, CCNA and CCSA certifications. He¿s also pursuing CISSP and other advanced security certifications. Mike has contributed to numerous Microsoft certification titles for Course Technology, including topics in the Microsoft and other security curricula. Debra Littlejohn Shinder is an MCSE who trains and writes in many areas of computer and network security. Her background in law enforcement makes her unusually well suited to tackle and explain legal and circumstantial requirements for confidentiality, privacy, and gathering of evidence. She writes regularly for Windows technical resources that include Brainbuzz, Swynk, and TechRepublic. She has worked on more than 15 books, including numerous titles on networking, computer, and systems security.

I. EXAM PREPARATION.

1. Information Security Essentials.


Introduction. Understanding the Need for Security Controls. Data Protection. Basic Security Threats and Principles. Where Attacks Can Come From. Assessing and Valuing Security. Identifying the Elements of Security. Understanding Security Trade-Offs and Drawbacks.

2. Fundamentals of TCP/IP.


Introduction. Basic TCP/IP Principles. IP Protocols and Services. How Hackers Exploit TCP/IP. Network-Level Topics.

3. Information Security Basics.


Introduction. AAA Overview: Access Control, Authentication, and Accounting. Security Administration—The Importance of a Security Policy. Keeping Up with and Enforcing Security Policies. Risk Assessment. Why Data Classification Is Important. The Importance of Change Management. Performing Vulnerability Assessments.

4. Intrusion Detection and Prevention.


Introduction. Necessary Components to Good Security. Intrusion Detection Systems Fundamentals. Discussion on Firewall Architectures. Administration of Firewalls. Understanding Incident Handling. Setting Up a Honeypot to Attract the Intruder. Using Vulnerability Scanners. Network Sniffers.

5. System Security Using Firewalls.


Introduction. Introduction to Firewalls. Types of Firewalls. Firewall Architecture Review. Introduction to VPNs.

6. Disaster Planning and Recovery.


Introduction. Assembling the Project Team. Business Continuity Versus Disaster Recovery. The Business Continuity Plan. The Disaster Recovery Plan. Step-by-Step Procedures. Testing and Training.

7. Intrusions, Attacks, and Countermeasures.


Introduction. Attack Methods and Countermeasures. Incident Basics. General Incident-Handling Principles. Handling Specific Incidents. Computer Data Forensics.

8. Operating System Security.


Introduction. General Operating System Security. Windows Security Basics. Unix Security Basics.

9. Cryptography and Public Key Infrastructure.


Introduction. Brief History of Cryptography. Uses of Cryptography in Information Security. Types of Encryption. Digital Certificates. Hashing and Hash Functions. Digital Signatures. Managing the Encryption Keys. Steganography. Introduction to PKI.

10. Computer Law and Ethics.


Introduction. Types of Computer Law. Categories of Intellectual Property Law. Types of Computer Crime. Information Privacy Laws. Basics of Computer Investigation and Forensics. Technology Export and Import Issues. Computer Ethics. How to Protect You and Your Company.

II. FINAL REVIEW.

Fast Facts.


Introductory Note: Learn Key Terms! Define, Specify, or Identify Examples of Essential Security Practices. Identify or Explain Examples of Risk Management Fundamentals and the Basic Tenets of Security. Describe, Recognize, or Select Basic Weaknesses in TCP/IP Networking. Describe, Recognize, or Select Good Firewall Architectures, Properties, and Administration Fundamentals. Describe, Recognize, or Select Good Intrusion Detection Methodologies, Applications, and Disaster Recovery and Forensic Practices. Describe, Recognize, or Select Good Administrative Maintenance and Change-Control Issues and Tools. Identify the Basic Security Issues Associated with System/Network Design and Configuration. Identify and Explain Basic Malicious Code Threats and Common Defensive Mechanisms. Identify, Specify, or Describe Common Computer and Network Ethical, Legal, and Privacy Issues. Identify, Specify, or Describe Good Access Control and Authentication Processes and Techniques. Identify Key Issues of Cryptography, and Be Able to Explain Basic Cryptographic Methods in Use Today. Explain, Identify, or Recognize Basic Uses, Requirements, and Functions of PKI and Digital Certificates. Identify, Specify, or Describe Good Host- and Network-Based Security Fundamentals. Explain, Identify, or Recognize Fundamentals of Operating System Security. Understanding Hacker Tools and Techniques.

Study and Exam Prep Tips.


Learning Styles. Study Tips. Exam Prep Tips. Final Considerations.

Practice Exam.


Exam Questions. Answers to Exam Questions.

III. APPENDIXES.

Appendix A. Key ICSA Resources Online.


TICSA Information and Materials.

Appendix B. General Security Resources and Bibliography.


1. Information Security Essentials. 2. Fundamentals of TCP/IP. 3. Information Security Basics. 4. Intrusion Detection and Prevention. 5. System Security Using Firewalls. 6. Disaster Planning and Recovery. 7. Intrusions, Attacks, and Countermeasures. 8. Operating System Security. 9. Cryptography and Public Key Infrastructure. 10. Computer Law.

Appendix C. Glossary of Technical Terms.
Appendix D. Overview of the Certification Process.


Current Elements of the TruSecure ICSA Security Practitioner Program. Emerging Certification Programs and Requirements. Certification Requirements. How to Become a TICSA. How to Become a TICSE. TruSecure ICSA Security Practitioner Recertification. Important TruSecure ICSA Certification Web Pages.

Appendix E. What's on the CD-ROM.


PrepLogic Practice Tests, Preview Edition. Exclusive Electronic Version of Text. Easy Access to Online Pointers and References.

Appendix F. Using the PrepLogic Practice Tests, Preview Edition Software.


Exam Simulation. Software Requirements. Using PrepLogic Practice Tests, Preview Edition. Contacting PrepLogic. License Agreement.

Index.