IT-Security Foundation course

Comprehensive and practical introduction in IT-Security

IT Security Foundation (ITSF) provides you with a comprehensive introduction to IT-security. You will learn what components make up an IT infrastructure and what vulnerabilities each component may have. You will also understand how attackers exploit common vulnerabilities and what tools and mitigation techniques you can use to prevent exploitation. At the end of the course, you will have a global understanding of IT security without having to immerse yourself deeply in information technology.

ITSF will be if interest those with a limited technical background but must engage with technicians as part of their work; and those at the start of their IT- Security career and looking for an entry level training and certification in IT- Security or IT Security administration.

ITSF is an entry level course, no previous experience is required. If you’re looking to further specialize in the technical aspects of IT Security and lay the foundation to progress into a IT / Cyber Security Management role, we would recommend to have a look at the advanced IT Security Practitioner Training.

Lead Trainers

Arjen Verhiel
Trainer

Network & Infrastructure consultant

Jochen den Ouden
Trainer

Ethical Hacker
Cyber Security specialist

Dr. Rob van der Staaij
Trainer

IAM & IT-Infrastructure specialist

At a Glance

Entry level

IT-Security Foundation

This course is suitable for officials who have a limited technical background but should be able to engage with technicians in their work; network or system administrators with ambitions to start a career in IT security, and aspiring information security professionals that lack technical security knowledge.

Build your IT security knowledge solid and from the ground up without having to immerse yourself deeply in information technology

What’s included

  • Official SECO-Institute course materials
  • Training from passionate instructors with exceptional skills
  • Access to the SECO member portal
  • Practice exam
  • Exam voucher
  • Membership to SECO’s Alumni Network after passing the exam

Syllabus

Security in networks, systems and software

In Module 1, you will learn the most important components of computing hardware and Operating Systems, how they operate and work together, and their specific risks, security and Governance requirements to take into consideration.

1.1. Major hardware components

  • CPU and CPU security
  • Storage
  • RAID for reliability of Storage
  • Peripherals

1.2. Operating systems

  • Primary task
  • Major components
  • Running processes
  • Process -, Memory- and Device Manager
  • File systems

1.3. Modes of cooperation

  • Centralised and decentralised computing
  • Virtualisation
  • Cloud computing, governance and security

Module 2 teaches the most important types of software, how vulnerabilities in software come about and how to mitigate them. Lastly you will learn how databases operate and how they must be protected.

2.1. Types of software

  • Drivers
  • Operating systems
  • Applications
  • Databases

2.2. Source of vulnerabilities

  • Input validation
  • Data processing (pitfalls)
  • External dependencies (pitfalls)
  • Control mechanisms
  • Installation & configuration

2.3. Databases

  • Structure (field, record, table, key, data dictionary)
  • Database security and vulnerability
  • Mitigation

Module 3 evaluates the most important network devices, concepts of wired and wireless networking, and the OSI and TCP/IP network models. You will learn the concept of network architecture as a means to secure networks.

3.1. Network devices

  • Direct link
  • HUB
  • Switch
  • Gateway
  • Router
  • Firewall

3.3. Network connections

  • Wired and wireless networks
  • Wi-Fi security
  • Network models
  • OSI model
  • Encapsulation
  • TCP/IP model
  • Network addressing IP address
  • IPv4, IPv6, private addresses
  • Network architecture Topology
  • LAN, VLAN
  • Compartmentalization
  • Network security

Cryptography and access control, (ab-) use cases 

Module 4 teaches the concepts and practice of cryptography, Public Key Infrastructure, the most important cryptographic networking protocols and cryptographic applications.

4.1. Fundamentals of cryptography

  • Encryption
  • Decryption
  • Cipher
  • Plaintext and ciphertext
  • Key, keyspace, cryptanalysis, end-to-end encryption
  • Kerckhoff’s principle, one-time pad, one-way hash functions, salting, public key encryption

4.2. Public key infrastructure

  • X.509 certificates
  • Certificate Authority (CA)
  • Registration Authority (RA)
  • Validation Authority (VA)

4.3. Important cryptographic networking protocols and applications

  • Kerberos
  • TLS
  • Ipsec
  • Tor
  • Virtual Private Networking (VPN)
  • Remote access (ssh, scp, sftp, rsync)
  • Protection of data in situ (PGP, Bitlocker, Vera Crypt)
  • Password vaults (KeePass, LastPass)
  • Cryptocurrency
  • Steganography

5.1. Three Fundamental principles

  • Sun Tzu
  • Bad things will happen
  • Best practice ‘defence indepth’

5.2. Know your enemy

  • Classical categorisation (black -, grey- & white hats, script kiddies, hacktivists)
  • Suggestion for a more practical categorization
  • Disclosure models
  • Hacking as a process
  • Tools of the trade

5.3. Know yourself

  • Properties of security (confidentiality, integrity, availability)
  • Defence in-depth
  • IT security administration as a process
  • Risk management
  • Threat modelling (e.g. STRIDE model)
  • Effective mitigating measures
  • Documentation, timely action, tools of the trade

5.4. Practise exam

Collect your badge of honor

 Exam

  • Language: English
  • Delivered: Online via a certified proctor
  • Questions: 40 multiple choice
  • Time: 60 minutes
  • Pass rate: 60%

Join our Alumni Network

Organize a class dedicated for your team