CompTIA Security+

CompTIA Security+ training from New Horizons Spokane provides an excellent introduction to the security field and is typically a better entry point than jumping right into an advanced security program. With Security+, you’ll build a solid foundation of knowledge that you can build upon—helping you advance your career in the months and years to come.

Whether your goal is to become Security+ certified for your job, to prove your basic knowledge of security concepts or to gain more knowledge to secure your network, expert training from New Horizons is the perfect solution.

Security+ certification candidates must pass one exam. Although not required, it is strongly recommended that candidates possess their A+ and Network+ Certifications.

Course:	CompTIA Security+ Certification (2011 Objectives)
Exam:	SY0-401: CompTIA Security+

Target Audience

This course is intended for students wishing to prepare for the CompTIA Security+ Certification Exam. The qualification is aimed primarily at networking professionals, but because security is vital to all levels and job roles within an organization, it will also benefit PC support analysts, application developers and senior managers in accounting, sales, product development and marketing.

At Course Completion

Upon successful completion of this course, students will learn:

• Identify network attack strategies and defenses
• Understand the principles of organizational security and the elements of effective security policies
• Know the technologies and uses of encryption standards and products
• Identify network- and host-based security technologies and practices
• Describe how remote access security is enforced
• Identify strategies for ensuring business continuity, fault tolerance and disaster recovery

CompTIA Social Media Security Professional (SMSP)

Certified SMSPs are an organization's first line of defense from social media security attacks, and New Horizons Spokane offers the training needed to acquire this important new security certification.

The SMSP certification designates professionals with demonstrated knowledge of the technical composition of social networking platforms and skills to effectively mitigate risks in order to safeguard organizations' critical information from social media hackers.

SMSP professionals have the skills necessary to anticipate attacks and guard sensitive information from social media hackers, and, in the event of a breach, have tools to quickly respond to security incidents. SMSPs have proven competency to help guide organization's social media personnel security policy.

In order to receive the CompTIA Social Media Security Professional Certification (SMSP) Certification, you must past one exam:

Course:	CompTIA Social Media Security Professional (SMSP)
Exam:	CompTIA Social Media Security Professional (SMSP) Certification Exam

Target Audience

The SMSP certification is ideal for individuals who work with social media solutions and have experience in the cyber security space, or Chief Information Security Officers (CISO), Chief Information Officers (CIO) or other roles responsible for developing social media usage policies and education programs for end users.

The CompTIA Social Media Security Professional Certification course is the first step for Network technicians, Security administrators, Security architect, Security engineers and Network administrators to prepare for the certification exam.

At Course Completion

Upon successful completion of this course, students will learn:

• Social Media Theory and Principles
• Social Media Technical Composition
• Social Media Risks
• Social Media Security & Incident Response
• Social Media Management

About (ISC)2

(ISC)2 is a global non-profit organization whose primary goal is to help educate and certify Information Security professionals world-wide. Earning your (ISC)2 certifications is an excellent way to establish your knowledge and credibility.

Read descriptions of each of the (ISC)2 certifications and associated training below:

CAP - Certified Authorization Professional

The Certified Authorization Professional (CAP) certification is an objective measure of the knowledge, skills and abilities required for personnel involved in the process of authorizing and maintaining information systems. Specifically, this credential applies to those responsible for formalizing processes used to assess risk and establish security requirements and documentation. Their decisions will ensure that information systems possess security commensurate with the level of exposure to potential risk, as well as damage to assets or individuals.

Recommended Training

Course:	Certified Authorization Professional (CAP) Bootcamp
Exam:	CAP® - Certified Authorization Professional

Certified Information Systems Security Professional (CISSP)

New Horizons is proud to be able to provide training to assist you in preparation for the CISSP Information Security Certification exam. The CISSP certification is a globally recognized information security certification governed and bestowed by the International Information Systems Security Certification Consortium, also known as (ISC)2. It was the first information security credential accredited by the international ANSI ISO/IEC Standard 17024:2003.

Course:	Certified Information Systems Security Professional (CISSP)
Exam:	Certified Information Systems Security Professional (CISSP)

Information Systems Security Management Professional (ISSMP)

This concentration requires that a candidate demonstrate two years of professional experience in the area of management, considering it on a larger enterprise-wide security model. This concentration contains deeper managerial elements such as project management, risk management, setting up and delivering a security awareness program, and managing a Business Continuity Planning program. A CISSP-ISSMP establishes, presents and governs information security programs demonstrating management and leadership skills. Typically the CISSP-ISSMP certification holder or candidate will be responsible for constructing the framework of the information security department and define the means of supporting the group internally.

Course:	Information Systems Security Management Professional (ISSMP) Certification Boot Camp
Exam:	Information Systems Security Management Professional (ISSMP)

Information Systems Security Architecture Professional (ISSAP)

CISSP-ISSAP requires a candidate to demonstrate two years of professional experience in the area of architecture and is an appropriate credential for Chief Security Architects and Analysts who may typically work as independent consultants or in similar capacities. The architect plays a key role within the information security department with responsibilities that functionally fit between the C-suite and upper managerial level and the implementation of the security program. He/she would generally develop, design, or analyze the overall security plan. Although this role may typically be tied closely to technology this is not necessarily the case, and is fundamentally the consultative and analytical process of information security.

Course:	Information Systems Security Architecture Professional (ISSAP) Certification Boot Camp
Exam:	Information Systems Security Architecture Professional (ISSAP)

Information Systems Security Engineering Professional (ISSEP)

This concentration was developed in conjunction with the U.S. National Security Agency (NSA) providing an invaluable tool for any systems security engineering professional. CISSP-ISSEP is the guide for incorporating security into projects, applications, business processes, and all information systems. Security professionals are hungry for workable methodologies and best practices that can be used to integrate security into all facets of business operations. The SSE model taught in the IATF portion of the course is a guiding light in the field of information security and the incorporation of security into all information systems.

Course:	Information Systems Security Engineering Professional (ISSEP) Certification Boot Camp
Exam:	Information Systems Security Engineering Professional (ISSEP)

About EC-Council

The International Council of Electronic Commerce Consultants (EC-Council) is a long-standing professional certification organization for IT Professionsals. The EC-Council's goal is to provide support for individuals who create and maintain security and IT systems.

Read descriptions of each of the EC-Council certifications and associated training below:

Certified Ethical Hacker (CEH)

Certified Ethical Hacker training and certification at New Horizons will help you learn to stop hackers by thinking and acting like one. The CEH training immerses students in an interactive environment where they will learn how to scan, test, hack, and secure their own systems. Students then learn how intruders escalate privileges and what steps can be taken to secure a system.

Course:	Certified Ethical Hacker (CEH)
Exam:	Certified Ethical Hacker (CEH)

The CEH certification will fortify the application knowledge of security officers, auditors, security professionals, site administrators and anyone who is concerned about the integrity of the network infrastructure.

Computer Hacking Forensic Investigator (CHFI)

The CHFI certification from EC-Council is an advanced certification for forensic network security investigators. As cybercrime has increased, the need for computer forensic investigators has grown dramatically. CHFI certified candidates may investigate invasion or theft of intellectual property, misuse of IT systems and violations of corporate IT usage policies.

Course:	Computer Hacking Forensic Investigator (CHFI)
Exam:	Computer Hacking Forensic Investigator (CHFI)

The CHFI course will give participants the necessary skills to identify an intruder's footprints and to properly gather the necessary evidence to prosecute. Many of today's top tools of the forensic trade will be taught during this course, including software, hardware and specialized techniques. The need for businesses to become more efficient and integrated with one another, as well as the home user, has given way to a new type of criminal, the "cyber-criminal."

Licensed Penetration Tester (LPT)

EC-Council’s Licensed Penetration Tester (LPT) certification is a natural evolution and extended value addition to its series of security related professional certifications. The LPT standardizes the knowledge base for penetration testing professionals by incorporating best practices followed by experienced experts in the field.

Course:	Complete Penetration Testing – 10 Day
Exam:	Licensed Penetration Tester (LPT)

Gain the in-demand career skills of a professional security tester. Learn the methodologies, tools, and manual hacking techniques used by penetration testers.

EC-Council Certified Security Analyst (ECSA)

EC Council Certified Security Analyst, ECSA an advanced ethical hacking training certification that complements the Certified Ethical Hacker, CEH certification by exploring the analytical phase of ethical hacking.

While the Certified Ethical Hacker certification exposes the learner to hacking tools and technologies, the Certified Security Analyst course takes it a step further by exploring how to analyze the outcome from these tools and technologies. Through groundbreaking network penetration testing training methods and techniques, this pen testing computer security certification helps students perform the intensive assessments required to effectively identify and mitigate risks to the information security of the infrastructure.

Course:	EC-Council ECSA/LPT V8.0
Exam:	EC-Council Certified Security Analyst (ECSA)

Gain the in-demand career skills of a professional security tester. Learn the methodologies, tools, and manual hacking techniques used by penetration testers.

About IACRB

The Information Assurance Certification Review Board (IACRB) is an industry standard organization formed and organized for Information Security professionals. All IACRB certifications require not only a traditional exam but also require a hands-on practical exam to verify knowledge.

Read descriptions of each of the IACRB certifications and associated training below:

Certified Computer Forensics Examiner (CCFE)

The Certified Computer Forensics Examiner (CCFE) tests a candidate's fundamental knowledge of the computer forensics evidence recovery and analysis process. Candidates are evaluated on their relevant knowledge of both hard and soft skills. Candidates will be tested on soft skills; they must prove that they have the requisite background knowledge of the complex legal issues that relate to the computer forensics field. Candidates' hard skills are vetted via a comprehensive practical examination that is given to candidates that pass the online multiple choice exam. Only candidates that complete both the online multiple choice exam and the practical exam are granted active CCFE certification status.

Course:	Advanced Computer Forensics Boot Camp
Exam:	Certified Computer Forensics Examiner (CCFE)

This in-depth course teaches you advanced computer forensics. This course is intended for those that have either taken the InfoSec Institute Computer Forensics Boot Camp, or have experience in the computer forensic profession.

Certified Data Recovery Professional (CDRP)

The Certified Data Recovery Professional (CDRP) tests a candidate's fundamental knowledge of data recovery. Candidates must have the skills to successfully recover data from damaged or partially destroyed hard drives, sold state media and removable media. In addition to physical data recovery concepts tested, students must know how to perform logical recovery on common operating systems.

Course:	Data Recovery
Exam:	Certified Data Recovery Professional (CDRP)

Certified Reverse Engineering Analyst (CREA)

In any hands on reverse engineer training course, it is important to have the opportunity to prove to current or potential employers that you have the skills you say you do. This course prepares you for the top reverse engineering certification in the industry, the CREA.

Course:	Reverse Engineering Boot Camp
Exam:	Certified Reverse Engineering Analyst (CREA)

Certified SCADA Security Architect (CSSA)

The CSSA determines if a candidate possesses adequate knowledge to properly secure a SCADA system. It is designed to be relevant for power transmission, oil and gas and water treatment industries. The CSSA certification provides professionals with an objective measure of competence as well as a recognizable standard of achievement. The CSSA credential is ideal for industrial network administrators and their managers, as well as IT professionals and their managers.

Course:	Supervisory Control and Data Acquisition (SCADA) Security
Exam:	Certified SCADA Security Architect (CSSA)

Students will gain homeland security skills, by learning to assess and secure SCADA systems. This course covers everything from field based attacks to automated vulnerability assessments for SCADA networks.

Certified Web App Penetration Tester (CWAPT)

The CWAPT certification is designed to certify that candidates have working knowledge and skills in relation to the field of web application penetration testing.

Course:	Web Application Penetration Testing
Exam:	Certified Web App Penetration Tester (CWAPT)

From the first day to the last day, you will learn the ins and outs of Web App Pen Testing by attending thought provoking lectures led by an expert instructor.

Certified Penetration Tester (CPT)

The CPT certification is designed to certify that candidates have working knowledge and skills in relation to the field of penetration testing.

Course:	Complete Penetration Testing – 10 Day
Exam:	Certified Penetration Tester (CPT)

Gain the in-demand career skills of a professional security tester. Learn the methodologies, tools, and manual hacking techniques used by penetration testers.

Certified Expert Penetration Tester (CEPT)

The CEPT certification is designed to certify that candidates have expert level knowledge and skills in relation to penetration testing.

Course:	Complete Penetration Testing – 10 Day
Exam:	Certified Expert Penetration Tester (CEPT)

Gain the in-demand career skills of a professional security tester. Learn the methodologies, tools, and manual hacking techniques used by penetration testers.

About ISACA

ISACA is an independent, non-profit global association founded in 1969 to provide guidance and benchmarks for information systems and risk management.

Read descriptions of each of the ISACA certifications and associated training below:

Certified in Risk and Information Systems Control (CRISC)

CRISC is the only certification that prepares and enables IT professionals for the unique challenges of IT and enterprise risk management, and positions them to become strategic partners to the enterprise.

Course:	CRISC Boot Camp
Exam:	Certified in Risk and Information Systems Control (CRISC)

CRISC is designed for IT professionals who have hands-on experience with risk identification, assessment, and evaluation; risk response; risk monitoring; IS control design and implementation; and IS control monitoring and maintenance.

Certified in the Governance of Enterprise IT (CGEIT)

CGEIT recognizes a wide range of professionals for their knowledge and application of enterprise IT governance principles and practices. As a CGEIT certified professional, you demonstrate that you are capable of bringing IT governance into an organization-that you grasp the complex subject holistically, and therefore, enhance value to the enterprise.

Course:	Certified in the Governance of Enterprise IT (CGEIT) Boot Camp
Exam:	Certified in the Governance of Enterprise IT (CGEIT) Boot Camp

CGEIT is specifically developed for IT and business professionals who have a significant management, advisory, or assurance role relating to the governance of enterprise IT.

Certified Information Systems Auditor (CISA)

The CISA designation is a globally recognized certification for IS audit control, assurance and security professionals. Being CISA-certified showcases your audit experience, skills and knowledge, and demonstrates you are capable to manage vulnerabilities, ensure compliance and institute controls within the enterprise.

Course:	Certified Information Systems Auditor (CISA) Boot Camp
Exam:	Certified Information Systems Auditor (CISA) Boot Camp

In this course students will perform evaluations of organizational policies, procedures and processes to ensure that an organization's information systems align with overall business goals and objectives. This course is aligned to the objectives established by Information Systems Audit and Control Association (ISACA) for the CISA exam.

Certified Information Security Manager (CISM)

Demonstrate your information security management expertise. The uniquely management-focused CISM certification promotes international security practices and recognizes the individual who manages designs, and oversees and assesses an enterprise’s information security.

Course:	Certified Information Security Manager (CISM)
Exam:	Certified Information Security Manager (CISM)

This course is aligned with objectives established by the Information Systems Audit and Control Association (ISACA) for the CISM exam.

What is Penetration Testing?

A penetration test subjects a system or a range of systems to real life security tests. The benefit of a complete penetration suite compared to a normal vulnerability scan system is to reach beyond a vulnerability scan test and discover different weaknesses and perform a much more detailed analysis. The user can perform specified attacks in high detail depending on his specific choices and needs. This is normally done via the many advanced techniques and utilities of a security consultant.

Penetration Testing Compared to Vulnerability Scanning

The advantage of a penetration test compared with an automated vulnerability scan is the involvement of the human element versus automated systems. A human can do several attacks based on skills, creativity. and information about the target system that an automated scanning can not do.

Several techniques like social engineering can usually be done by humans alone since it requires physical techniques that have to be performed by a human and is not covered by an automated system.

Advance your Information Security knowledge and become a specialist in Penetration Testing with training from New Horizons Spokane.

Foundations and Prerequisites

The following courses are recommended or relevant experience:

• CompTIA A+ Certification
• CompTIA Network+ Certification
• CompTIA Security+

Core Classes

• Certified Ethical Hacking (CEH)
• Advanced Ethical Hacking
• Reverse Engineering

Specialization - select one

• Expert Penetration Testing
• Advanced Reverse Engineering

The Penetration Test Process

Discovery: The Penetrator performs information discovery via a wide range of techniques—that is, whois databases, scan utilities, Google data, and more—in order to gain as much information about the target system as possible. These discoveries often reveal sensitive information that can be used to perform specific attacks on a given machine.

Enumeration: Once the specific networks and systems are identified through discovery, it is important to gain as much information possible about each system. The difference between enumeration and discovery depends on the state of intrusion. Enumeration is all about actively trying to obtain usernames as well as software and hardware device version information.

Vulnerability Identification: The vulnerability identification step is a very important phase in penetration testing. This allows the user to determine the weaknesses of the target system and where to launch the attacks.

Exploitation and Launching of Attacks: After the vulnerabilities are identified on the target system, it is then possible to launch the right exploits. The goal of launching exploits is to gain full access of the target system.

Denial of Service: A DOS (Denial of Service) test can be performed to test the stability of production systems in order to show if they can be crashed or not. When performing a penetration test of a preproduction system, it is important to test its stability and how easily can it be crashed. By doing this, its stability will be ensured once it is deployed into a real environment.

It is important to perform DOS testing to ensure the safeness of certain systems. If an attacker takes down your system during busy or peak hours, both you and your customer can incur a significant financial loss.

Reporting: After the completion of the penetration test, it is important to get user-customized reporting suites for a technical and/or management overview. This includes the executive summary, detailed recommendations to solve the identified vulnerabilities, and official security ID numbers for the vulnerabilities. The reports come in different formats such as html, pdf, and xml. Furthermore, all the reports are open to be modified as of the user’s choice.