IMTS Training Institute (New)

Menu
Click here to verify with ID.me
thumbnail
8140 and DoD Cyber Workforce Framework (DCWF)

Certified COMSEC Manager™ (CCM™) and Applied Micro Degree Bundle

profile
Instructor

TBD TBD

Reviews 0 (0 Reviews)

Course Overview

Courses in bundle:  Security+ (with exam), CISM, CISSP, EC-Council Certified Encryption Specialist, COMSEC Resources

8140 DCWF Work Role: COMSEC Manager (Work Role Code: 723)

NICE Work Role: Communications Security (COMSEC) Management (Nice Work Role ID: OG-WRL-001)

Combined Work Role Description: Responsible for managing the Communications Security (COMSEC) resources of an organization, including all aspects of COMSEC as outlined in CNSSI No. 4009.

High-level bundle description: This bundle was intricately designed to equip participants with the knowledge and skills necessary to develop the abilities to accomplish defined tasks (KSATs) associated with the NICE and 8140 DCWF Work Roles for Cybersecurity Policy and Strategic Planning. It Incorporates Online Self-Paced Instructor Led Training and labs, covering content for the CompTIA Security+, CISM, CISSP and EC-Council Certified Encryption Specialist (ECES) certifications.

Requirements for certification: To earn the ITI certification and be awarded the applied micro degree, the student must complete all courses and pass the exams for the CompTIA Security+, ISACA CISM or ISC2 CISSP and EC-Council ECES certifications.

Recommended prerequisites, certification validity and renewals: Visit our dedicated webpage for more information and vendor links.

Specific COMSEC Resources: The COMSEC references included in this bundle are designed to enhance understanding and implementation of Communications Security (COMSEC) protocols, primarily based on the Department of the Navy, Marine Corps and Coast Guard requirements, but applicable to most federal positions. Students will be asked to take an open book exam based on these materials.

Topics Covered (estimated 24-32 hours to review and complete final exam):

1. Introduction to COMSEC

  1. Purpose and Scope: Protect sensitive and classified information from unauthorized access.
  2. Key Elements: Transmission Security (TRANSEC), Cryptographic Security, Physical Security, Emissions Security (TEMPEST).

2. Transmission Security (TRANSEC)

  1. Modes of Transmission: Electromagnetic (radio, telephone, email) and non-electromagnetic (face-to-face, hand delivery).
  2. Protection Measures: Frequency changes, secure communications, authentication, use of authorized codes.

3. Cryptographic Security

  1. Crypto Systems: Design and use of secure cryptographic systems.
  2. Best Practices: Follow operating instructions, perform key changes, limit access, use approved key material.

4. Physical Security

  1. Storage and Handling: Use GSA-approved containers, maintain surveillance during working hours, conduct end-of-day security checks.
  2. Control Access Areas (CAA): Limit access to authorized personnel only, use identification methods like personal recognition, access lists, security badges.

5. Emissions Security (TEMPEST)

  1. Purpose: Prevent unauthorized access to information through electromagnetic emanations.
  2. Countermeasures: Implement TEMPEST standards, use appropriate physical security, apply specific countermeasures based on system vulnerability analysis.

6. Information and Classifications

  1. Types of Information: Top Secret, Secret, Confidential, For Official Use Only (FOUO), Sensitive but Unclassified (SBU).
  2. Handling: Ensure proper marking, storage, and dissemination procedures to prevent unauthorized disclosure.

7. Security Incidents

  1. Types: Personnel, physical, and cryptographic insecurities.
  2. Reporting: Immediate reporting of suspected incidents, use of secure communication channels, follow documented reporting procedures.

8. COMSEC Custodian Responsibilities

  1. Role: Handle and safeguard COMSEC materials, manage inventories, ensure proper storage.
  2. Key Tasks: Conduct regular inventories, oversee the destruction of unneeded materials, manage access control, report incidents.

9. COMSEC Incident Management

  1. Types of Incidents: Unauthorized disclosure, physical insecurities, cryptographic insecurities.
  2. Response Procedures: Notify the Responsible COMSEC Officer, document the incident, secure compromised materials, conduct investigations, implement corrective actions.

10. Common Fill Device (CFD)

  1. Purpose: Securely load cryptographic keys into communication equipment.
  2. Significance: Ensures secure exchange of encrypted information.

11. Responsible COMSEC Officer (RCO)

  1. Role: Oversee the implementation and management of the COMSEC program.
  2. Responsibilities: Ensure compliance with policies, address security incidents, manage overall COMSEC operations.

CTI CISSP Description: The Certified Information Systems Security Professional (CISSP) course is designed to provide comprehensive training in the field of cybersecurity. This course covers key concepts such as Security and Risk Management, Asset Security, Security Architecture and Engineering, Communication and Network Security, Identity and Access Management, Security Assessment and Testing, Security Operations, and Software Development Security. Each module delves deep into the principles and practices necessary for securing and managing information systems effectively. This course includes 19+ hours of ILT broken up into over 45 videos and 8 topics and provides over 250 exam preparation questions, as well as 25 hours of labs.

Topics Covered (19+ hours):

  1. Module 1: Security and Risk Management
  2. Module 2: Asset Security
  3. Module 3: Security Architecture and Engineering
  4. Module 4: Communication and Network Security
  5. Module 5: Identity and Access Management (IAM)
  6. Module 6: Security Assessment and Testing
  7. Module 7: Security Operations
  8. Module 8: Software Development Security

Labs Included (25 hours):

  1. Introduction to CISSP
  2. Security and Risk Management
  3. Encryption and Hashing
  4. SCCM Configuration Items and Baselines
  5. Implement OpenPGP
  6. Two factor Authentication with SSH
  7. Implement SSL VPN using ASA Device Manager
  8. Configure and Verify IPv4 and IPv6 Access Lists for Traffic Filtering
  9. Configuring IPtables
  10. Windows Command Line Tools
  11. Administering and Deploying Endpoint Protection
  12. Bitlocker on Portable Media
  13. Managing Remote Desktop
  14. Manage Role-based Security
  15. Configuring MBSA Scanner
  16. Compliance Patching
  17. Passive Topology Discovery
  18. Scanning and Remediating Vulnerabilities with OpenVAS
  19. Installing Kali
  20. Implement Backup and Recovery
  21. Installation and Verification of Snort
  22. Configuring and Securing IIS
  23. Upgrading and Securing SSH Connection
  24. DVWA – Manual SQL Injection and Password Cracking

CTI Custom Online Self-Paced Security+ ILT with Labs Description: Master cybersecurity with our Security+ 701 Online, Self-Paced ILT Course, designed for aspiring security specialists, network administrators, and IT auditors. This course covers essential cybersecurity principles and practices, aligning with the latest trends and techniques. Gain the core skills necessary to protect against digital threats and excel in today’s dynamic IT security landscape. Included in this course is 30 hours of content, delivered over 100+ short easily digestible videos, covering 5 topic areas, and providing more than 250 prep practice questions. Once purchased, you have 12 months’ access to the course.

  1. Certificate of Completion for CompTIA Security+ SY0-701

Topics Areas Included:

  1. Fundamental Security Concepts
  2. Threat Types Comparison
  3. Cryptographic Solutions
  4. Identity and Access Management
  5. Securing Enterprise and Cloud Network Architectures
  6. Resiliency and Site Security
  7. Vulnerability Management
  8. Network Security Capabilities
  9. Endpoint Security Capabilities
  10. Application Security Capabilities
  11. Incident Response and Monitoring
  12. Indicators of Malicious Activity
  13. Security Governance Concepts
  14. Risk Management Processes
  15. Data Protection and Compliance Concepts

Modules include (30 hours):

  1. Module 1 – SY0-701 General Security Concepts
  2. Module 2 – SY0-701 Threats, Vulnerabilities, and Mitigations
  3. Module 3 – SY0-701 Security Architecture
  4. Module 4 – SY0-701 Security Operations
  5. Module 5 – SY0-701 Security Program Management and Oversight

Labs Included (17 hours):

  1. Security Concept Fundamentals
  2. Cryptographic Solutions
  3. Threat Vectors and Attack Surfaces
  4. Identifying Security Vulnerabilities
  5. Analyze Malicious Activity
  6. Mitigation Techniques
  7. Security Architecture Models
  8. Securing Enterprise Infrastructures
  9. Data Protection Strategies
  10. Resilience in Security Architecture
  11. Securing Computing Resources
  12. Asset Management Techniques
  13. Vulnerability Management
  14. Monitoring Computing Resources
  15. Enhancing Enterprise Security
  16. Implement Identity & Access Management
  17. Implementation of Automation & Orchestration for Security Operations
  18. Investigative Data Sources

Official CompTIA CertMaster Learn with Integrated CertMaster Labs Description

Security+ CertMaster Learn is a comprehensive eLearning experience that helps learners gain the knowledge and practical skills necessary to be successful on CompTIA certification exams, and in their IT career. A Learning Plan helps learners stay on track with their studies, while robust analytics bring awareness of strengths and weaknesses.

CertMaster Labs make it easy for learners to practice and apply their skills in real workplace scenarios in preparation for the certification exam. All lab activities use real equipment and software, offer feedback and hints, and provide a score based on learner inputs, ultimately guiding learners to the most correct and efficient path through job tasks.

In the integrated experience, CertMaster Labs are integrated as Study Tasks within the CertMaster Learn Learning Plan, accessible through a single login and seamless workflow. 

  1. Lessons cover all exam objectives with integrated videos
  2. Hundreds of practice questions test your knowledge
  3. Performance-based questions apply what you’ve learned in a scenario
  4. Assisted Labs guide you step-by-step through tasks
  5. Applied Labs present goal-oriented scenarios and require critical thinking and analysis
  6. Flashcards ensure you know the terminology and acronyms required for the exam
  7. The Learning Plan keeps you on track with your studies

Topics Covered

  1. Lesson 1: Summarize Fundamental Security Concepts
  2. Lesson 2: Compare Threat Types
  3. Lesson 3: Explain Cryptographic Solutions
  4. Lesson 4: Implement Identity and Access Management
  5. Lesson 5: Secure Enterprise Network Architecture
  6. Lesson 6: Secure Cloud Network Architecture
  7. Lesson 7: Explain Resiliency and Site Security Concepts
  8. Lesson 8: Explain Vulnerability Management
  9. Lesson 9: Evaluate Network Security Capabilities
  10. Lesson 10: Assess Endpoint Security Capabilities
  11. Lesson 11: Enhance Application Security Capabilities
  12. Lesson 12: Explain Incident Response and Monitoring Concepts
  13. Lesson 13: Analyze Indicators of Malicious Activity
  14. Lesson 14: Summarize Security Governance Concepts
  15. Lesson 15: Explain Risk Management Processes
  16. Lesson 16: Summarize Data Protection and Compliance Concepts

Labs Available:

  1. Assisted Lab: Exploring the Lab Environment
  2. Assisted Lab: Perform System Configuration Gap Analysis
  3. Assisted Lab: Configuring Examples of Security Control Types
  4. Assisted Lab: Finding Open Service Ports
  5. Assisted Lab: Using SET to Perform Social Engineering
  6. Applied Lab: Using Storage Encryption
  7. Assisted Lab: Using Hashing and Salting
  8. Assisted Lab: Managing Password Security
  9. Assisted Lab: Managing Permissions
  10. Assisted Lab: Setting up Remote Access
  11. Assisted Lab: Using TLS Tunneling
  12. Assisted Lab: Using Containers
  13. Assisted Lab: Using Virtualization
  14. Assisted Lab: Implement Backups
  15. Assisted Lab: Performing Drive Sanitization
  16. Assisted Lab: Exploiting and Detecting SQLi
  17. Assisted Lab: Working with Threat Feeds
  18. Assisted Lab: Performing Vulnerability Scans
  19. Assisted Lab: Understanding Security Baselines
  20. Applied Lab: Implementing a Firewall
  21. Assisted Lab: Using Group Policy
  22. Applied Lab: Hardening
  23. Assisted Lab: Performing DNS Filtering
  24. Assisted Lab: Configuring System Monitoring
  25. Applied Lab: Incident Response: Detection
  26. Applied Lab: Performing Digital Forensics
  27. Assisted Lab: Performing Root Cause Analysis
  28. Assisted Lab: Detecting and Responding to Malware
  29. Assisted Lab: Understanding On-Path Attacks
  30. Adaptive Lab: Using a Playbook
  31. Assisted Lab: Implementing Allow Lists and Deny Lists
  32. Assisted Lab: Performing Reconnaissance
  33. Assisted Lab: Performing Penetration Testing
  34. Assisted Lab: Training and Awareness through Simulation
  35. Capstone Lab: Discovering Anomalous Behavior
  36. Assisted Lab: Use Cases of Automation and Scripting
  37. Applied Lab: Using Network Sniffers

License Information

One license provides access to CertMaster Learn for Security+ (SY0-701) with CertMaster Labs integrated throughout the course and ITU custom Security+ training and labs.

Once activated, the license is valid for 12 months

How to Access the training and labs

An access key and instructions will be sent via email after your purchase is complete.

Exam Voucher and Exam Pass Guarantee

This bundle includes an Security+ exam voucher and an exam pass guarantee: if you don’t pass the exam on the first try, we will provide a second voucher and another 12 months of access to our custom online self-paced ILT. In order to qualify for the exam pass guarantee, you have to show proof that you completed all training materials, to include course content, labs and practice prep questions prior to taking your exam.

CTI CISM Course Description: This intensive training course is tailored for professionals looking to excel in information security management. It covers essential topics such as information security governance, risk management, program development, and incident management, equipping participants with the skills to develop and enforce robust security frameworks and best practices within their organizations. Participants will engage in practical applications and in-depth studies of security architecture, risk assessment, and incident response, all aimed at preparing them for the CISM certification exam and advancing their careers in information security management. This course includes over 17 hours of ILT covered over 45+ videos and 6 topic areas and provides 100 exam preparation questions.

Course Outline (17 hours):

Module 1: Introduction

  1.    Instructor Introduction
  2.    Course Introduction
  3.    Exam Overview

Module 2: Information Security Governance

  1.    Module Overview
  2.    InfoSec Strategic Context Part 1
  3.    InfoSec Strategic Context Part 2
  4.    GRC Strategy and Assurance
  5.    Roles and Responsibilities
  6.    GMA Tasks Knowledge and Metrics
  7.    IS Strategy Overview
  8.    Strategy Implemenation
  9.    Strategy Development Support
  10.    Architecture and Controls
  11.    Considerations and Action Plan
  12.    InfoSec Prog Objectives and Wrap-Up

Module 3: Information Security Risk Management

  1.    Module Overview
  2.    Risk Identification Task and Knowledge
  3.    Risk Management Strategy
  4.    Additional Considerations
  5.    Risk Analysis and Treatment Tasks & Knowledge
  6.    Leveraging Frameworks
  7.    Assessment Tools and Analysis
  8.    Risk Scenario Development
  9.    Additional Risk Factors
  10.    Asset Classification and Risk Management
  11.    Risk Monitoring and Communication
  12.    Information Risk Management Summary

Module 4: InfoSec Prog Development and Management

  1.    Module Overview
  2.    Alignment and Resource Management – Task and Knowledge
  3.    Key Relationships
  4.    Standards Awareness and Training – Tasks and Knowledge
  5.    Awareness and Training
  6.    Building Security into Process and Practices – Tasks and Knowledge
  7.    Additional Technology Infrastructure Concerns
  8.    Security monitoring and reporting Overview Tasks and Knowledge
  9.    Metrics and Monitoring
  10.    Summary

Module 5: Information Security Incident Management

  1.    Module Overview
  2.    Planning and Integration Overview Task and Knowledge
  3.    Incident Response Concepts and Process
  4.    Forensics and Recovery
  5.    Readiness and Assessment – Overview Tasks and Knowledge
  6.    Identification and Response Overview Tasks and Knowledge
  7.    Incident Processes

Module 6: Exam Prep

  1.    Case Study – Security On a Shoestring Budget
  2.    Case Study – APT In Action
  3.    Summary
  4.    Exam Prep

Official Online Self-Paced EC-Council Certified Encryption Specialist (ECES): The EC-Council CertifiedEncryption Specialist (ECES) program introduces professionals and studentsto the field of cryptography. The participants will learn the foundations of modern symmetric and key cryptography including the detailsof algorithms such as FeistelFunctions, DES, and AES. ECES provides necessary skills to perform effective deployment of encryption technologies. It is a comprehensive course covering various algorithms and the key concepts behind those algorithms.

Course Outline (20 hours over 3 days):

Module 01: Introduction and History of Cryptography

  1. Overview: What is Cryptography?, History of Cryptography
  2. Ciphers: Mono-Alphabet Substitution (e.g., Caesar Cipher, Atbash Cipher), Multi-Alphabet Substitution (e.g., Vigenère Cipher, Playfair Cipher), Homophonic Substitution, Null and Book Ciphers, Rail Fence Ciphers
  3. Tools and Machines: The Enigma Machine, CrypTool

Module 02: Symmetric Cryptography and Hashes

  1. Fundamentals: Symmetric Cryptography, Information Theory, Kerckhoffs’s Principle, Substitution and Transposition, Binary Math
  2. Algorithms: Block vs. Stream Ciphers, Symmetric Block Ciphers (e.g., DES, AES, Blowfish, Twofish), Symmetric Stream Ciphers (e.g., RC4), Hash Functions (e.g., MD5, SHA, RIPEMD-160)
  3. Tools: CryptoBench

Module 03: Number Theory and Asymmetric Cryptography

  1. Basics: Asymmetric Encryption, Number Theory, Birthday Theorem, Random Number Generators
  2. Key Algorithms: Diffie-Hellman, RSA, Digital Signature Algorithm, Elliptic Curve, Elgamal
  3. Tools: CrypTool

Module 04: Applications of Cryptography

  1. Standards and Certificates: FIPS Standards, Digital Signatures, Public Key Infrastructure (PKI), Digital Certificate Management, Trust Models
  2. Encryption in Practice: Wi-Fi Encryption, SSL/TLS, VPNs, File and Disk Encryption (e.g., BitLocker, VeraCrypt), Steganography
  3. Common Mistakes and Best Practices: Common Cryptography Mistakes, Unbreakable Encryption, Steganalysis Tools

Module 05: Cryptanalysis

  1. Techniques: Breaking Ciphers, Frequency Analysis, Kasiski Examination, Linear and Differential Cryptanalysis, Integral Cryptanalysis
  2. Tools and Successes: Cryptanalysis Resources, Rainbow Tables, Password Cracking

License Information

One license provides access to the course.

Once activated, the license is valid for 12 months

How to Access the training and labs

An access key and instructions will be sent via email after your purchase is complete.

Exam Voucher and Exam Pass Guarantee

This bundle includes EC-Council Certified Encryption Specialist exam voucher and one retake. The exam can be taken online through the EC-Council’s remote proctoring service or at authorized testing centers.

Paid
  • Skill Intermediate
  • Last Update November 2, 2024