RECERTIFICATION CLINIC

Coming Spring 2019

+ GNI ReCertification Clinic: CompTIA Security (Tickets Available Soon)

GNI’s CompTIA Security+ ReCert provide IT professionals with the most comprehensive, accelerated learning environment for the Security+ exam. CompTIA Security+ certification designates knowledgeable professionals in the field of security, one of the fastest growing fields in IT. CompTIA Security+ is an international, vendor-neutral certification that demonstrates competency in: Network security, compliance and operational security, threats and vulnerabilities, application, data and host security, access control and identity management, cryptography.

Students will gain an in-depth knowledge of systems security, access control, network infrastructure, assessments and audits, cryptography and organizational security across all vendor products. These skills have become increasingly important, as additional safeguards such as intrusion detection systems, physical access control and multi-factor authentication become standard methods of protection. Students are given real world scenarios to reinforce the material covered and will learn how to apply the concepts to their daily operations. This course helps prepare students for the CompTIA Security+ certification exam.

What’s Involved The most recent edition of the CompTIA Security+ exam places greater emphasis on mitigating specific security issues. In previous editions, the Security+ exam focused on merely recognizing security issues. CompTIA has also introduced Performance-Based Exam Objectives, which introduces simulator-based testing commonly found on Cisco and Microsoft exams. This zero-distraction accelerated Security+ ReCert includes daily review sessions & constantly updated practice exam review drills - representative of the actual exam questions delivered during the official certification tests. We utilize Certified CompTIA instructors who are Subject Matter Experts well-versed in accelerated learning and exam preparation. Their delivery accommodates every student's learning needs through individualized instruction, lab partner and group exercises, independent study, group-testing, and question/answer drills.

Upon completing Security+ ReCert you will gain valuable knowledge and skills including the ability to: • What risk is, and the basics of what it means to have security in an organization

• How security is implemented in a workplace environment

• The concerns that many security professionals face when dealing with security postures and network monitoring.

• Infrastructure and security configuration parameters on network devices and other technologies, as well as network desiGNIand network issues

• Access control

• Cloud computing and security issues related with it

• Host, data, and application security

• Cryptography and how it is used

• Different types of attacks that are used to try and break cryptography

• Malware, vulnerabilities, and threats to security

• Physical security, environmental controls, social engineering and other foes

• Common security administration issues, policies and procedures

• Disaster recovery and incident response policies and procedures

+ GNI ReCertification Clinic: Certified Ethical Hacker (CEH) (Tickets Available Soon)

GNI’s CEH ReCert covers the techniques used by malicious, black hat hackers with high-energy lectures and hands-on lab exercises. While these hacking skills can be used for malicious purposes, this class teaches you how to use the same hacking techniques to perform a white-hat, ethical hack, on your organization. You’ll leave with the ability to quantitatively assess and measure threats to information assets; and discover where your organization is most vulnerable to hacking in this network security training course.

What’s Involved Our ReCert will have students fully immersed in interactive sessions with hands-on labs after each topic. Without wasting anytime, you will explore your newly gained knowledge right away in our classrooms by pentesting, hacking and securing your own systems. The lab intensive environment gives you in-depth knowledge and practical experience with the current, essential security systems.

You will first begin with understanding how perimeter defenses work and then move into scanning and attacking networks, of course, no real network is harmed. You will also learn how intruders escalate privileges and what

steps can be taken to secure a system. You will gain knowledge about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows, and Virus Creation. When you leave this intensive 12-day boot camp you will have hands on understanding and experience in Ethical Hacking.

Upon completing CEH ReCert you will gain valuable knowledge and skills including the ability to:

• Key issues plaguing the information security world, incident management process, and penetration testing.

• Various types of footprinting, footprinting tools, and countermeasures.

• Network scanning techniques and scanning countermeasures.

• Enumeration techniques and enumeration countermeasures.

• System hacking methodology, steganography, steganalysis attacks, and covering tracks.

• Different types of Trojans, Trojan analysis, and Trojan countermeasures.

• Working of viruses, virus analysis, computer worms, malware analysis procedure, and countermeasures.

• Packet sniffing techniques and how to defend against sniffing.

• Social Engineering techniques, identify theft, and social engineering countermeasures.

• DoS/DDoS attack techniques, botnets, DDoS attack tools, and DoS/DDoS countermeasures.

• Session hijacking techniques and countermeasures.

• Different types of webserver attacks, attack methodology, and countermeasures.

• Different types of web application attacks, web application hacking methodology, and countermeasures.

• SQL injection attacks and injection detection tools.

• Wireless Encryption, wireless hacking methodology, wireless hacking tools, and Wi-Fi security tools.

• Mobile platform attack vector, android vulnerabilities, mobile security guidelines, and tools.

• Firewall, IDS and honeypot evasion techniques, evasion tools, and countermeasures.

• Various cloud computing concepts, threats, attacks, and security techniques and tools.

• Different types of cryptography ciphers, Public Key Infrastructure (PKI), cryptography attacks, and cryptanalysis tools.

• Various types of penetration testing, security audit, vulnerability assessment, and penetration testing roadmap.

• Perform vulnerability analysis to identify security loopholes in the target organization’s network, communication infrastructure, and end systems.

• Different threats to IoT platforms and learn how to defend IoT devices securely.

+ GNI ReCertification Clinic: Certified Authorization Professional (CAP) (Tickets Available Soon)

GNI’s CAP ReCert focuses on preparing students for the CAP exam through extensive mentoring and drill sessions, review of the entire body of all 7 CAP domains of knowledge, and practical question and answer scenarios, all through a high-energy seminar approach. This course reintroduces the Risk Management Framework (RMF) and prepares students to take the CAP Exam which consists of 125 multiple choice questions.

The Certified Authorization Professional (CAP) is an information security professional who is well versed in system security and with an organization’s mission and risk tolerance, while meeting legal and regulatory requirements. CAP confirms an individual’s knowledge, skill, and experience required for authorizing and maintaining information systems within the Risk Management Framework as outlined in NIST SP 800-37 Rev 1.

This Certified Authorization Professional (CAP) course introduces the Department of Defense (DoD) Risk Management Framework (RMF). This course prepares participants to take the CAP Exam which consists of the following domains:

• Risk management framework

• Categorization of Information Systems

• Selection of Security Controls

• Security Control Implementation

• Security Control Assessment

• Information System Authorization

• Monitoring of Security Controls

At the conclusion of this course, students will feel confident in overseeing, evaluating, and supporting the documentation, validation, assessment, and authorization processes necessary to assure that existing and new information technology (IT) systems meet the organization’s cybersecurity and risk requirements. Ensure that the appropriate treatment of risk, compliance, and assurance from internal and external perspectives.

Upon completing CAP ReCert you will gain valuable knowledge and skills including the ability to:

• Understanding the Purpose of Information Systems Security Authorization

• Defining Systems Authorization

• Describing and Decide When Systems Authorization Is Employed

• Defining Roles and Responsibilities

• Understanding the Legal and Regulatory Requirements for C&A

• Initiating the Authorization Process

• Establishing Authorization Boundaries

• Determining Security Categorization

• Performing Initial Risk Assessment

• Selecting and Refining Security Controls

• Documenting Security Control

• Performing Certification Phase

• Assessing Security Control

• Documenting Results

• Conducting Final Risk Assessment

• Generating and Presenting an Authorization Report

• Performing Continuous Monitoring

• Monitoring Security Controls

• Monitoring and Assessing Changes That Affect the Information System

• Performing Security Impact Assessment As Needed

• Documenting and Monitoring Results of Impact Assessments

• Maintaining System’s Documentation (E.G., POA&M, SSP, Interconnection Agreements)