You are previewing TICSA TruSecure™ ICSA Certified Security Associate Exam TU0-001.
O'Reilly logo
TICSA TruSecure™ ICSA Certified Security Associate Exam TU0-001

Book Description

TICSA (TruSecure ICSA Computer Security Associate) is a popular new entry-level computer security certification aimed at individuals with 2 or more years of computer security experience or training equivalent to 48 hours in a 24 month period. TICSA represents base level certification, and is designed for system or network administrators responsible for security administration of systems or networks in an enterprise alongside their regular responsibilities. This first-tier certification recognizes that not all security professionals need to become security wizards to perform serious and effective security work.

Que's Training Guides, which are endorsed by as Cramsession Approved Study Material, are the most effective self-study guides in the marketplace, featuring exam tips, study strategies, practice exams, and many more valuable tools for test preparation. The CD features PrepLogic™ Practice Tests, Preview Edition. This product includes one complete PrepLogic Practice Test with approximately the same number of questions found on the actual vendor exam with full, detailed explanations of correct and incorrect answers.

Table of Contents

  1. Copyright
  2. About the Authors
  3. Acknowledgments
  4. Tell Us What You Think!
  5. How to Use This Book
  6. Introduction
  7. Exam Preparation
    1. Information Security Essentials
      1. Introduction
      2. Understanding the Need for Security Controls
      3. Data Protection
      4. Basic Security Threats and Principles
      5. Where Attacks Can Come From
      6. Assessing and Valuing Security
      7. Identifying the Elements of Security
      8. Understanding Security Trade-Offs and Drawbacks
      9. Case Study: San Diego Security Company
      10. Chapter Summary
      11. Apply Your Knowledge
    2. Fundamentals of TCP/IP
      1. Introduction
      2. Basic TCP/IP Principles
      3. IP Protocols and Services
      4. How Hackers Exploit TCP/IP
      5. Network-Level Topics
      6. Case Study: Key and Tumbler Safes
      7. Chapter Summary
      8. Apply Your Knowledge
    3. Information Security Basics
      1. Introduction
      2. AAA Overview: Access Control, Authentication, and Accounting
      3. Security Administration—The Importance of a Security Policy
      4. Keeping Up with and Enforcing Security Policies
      5. Risk Assessment
      6. Why Data Classification Is Important
      7. The Importance of Change Management
      8. Performing Vulnerability Assessments
      9. Case Study: Acme Industries
      10. Chapter Summary
      11. Apply Your Knowledge
    4. Intrusion Detection and Prevention
      1. Introduction
      2. Necessary Components to Good Security
      3. Intrusion Detection Systems Fundamentals
      4. Discussion on Firewall Architectures
      5. Administration of Firewalls
      6. Understanding Incident Handling
      7. Setting Up a Honeypot to Attract the Intruder
      8. Using Vulnerability Scanners
      9. Network Sniffers
      10. Chapter Summary
      11. Apply Your Knowledge
    5. System Security Using Firewalls
      1. Introduction
      2. Introduction to Firewalls
      3. Types of Firewalls
      4. Firewall Architecture Review
      5. Introduction to VPNs
      6. Case Study: Assigning Group Membership
      7. Chapter Summary
      8. Apply Your Knowledge
    6. Disaster Planning and Recovery
      1. Introduction
      2. Assembling the Project Team
      3. Business Continuity Versus Disaster Recovery
      4. The Business Continuity Plan
      5. The Disaster Recovery Plan
      6. Step-by-Step Procedures
      7. Testing and Training
      8. Case Study: Designing a Disaster Recovery Plan
      9. Chapter Summary
      10. Apply Your Knowledge
    7. Intrusions, Attacks, and Countermeasures
      1. Introduction
      2. Attack Methods and Countermeasures
      3. Incident Basics
      4. General Incident-Handling Principles
      5. Handling Specific Incidents
      6. Computer Data Forensics
      7. Case Study: Hacker Attack!
      8. Chapter Summary
      9. Apply Your Knowledge
    8. Operating System Security
      1. Introduction
      2. General Operating System Security
      3. Windows Security Basics
      4. Unix Security Basics
      5. Case Study: Assigning Group Membership
      6. Chapter Summary
      7. Apply Your Knowledge
    9. Cryptography and Public Key Infrastructure
      1. Introduction
      2. Brief History of Cryptography
      3. Uses of Cryptography in Information Security
      4. Types of Encryption
      5. Digital Certificates
      6. Hashing and Hash Functions
      7. Digital Signatures
      8. Managing the Encryption Keys
      9. Steganography
      10. Introduction to PKI
      11. Case Study: Using Encryption Technologies to Secure a Small Network
      12. Chapter Summary
      13. Apply Your Knowledge
    10. Computer Law and Ethics
      1. Introduction
      2. Types of Computer Law
      3. Categories of Intellectual Property Law
      4. Types of Computer Crime
      5. Information Privacy Laws
      6. Basics of Computer Investigation and Forensics
      7. Technology Export and Import Issues
      8. Computer Ethics
      9. How to Protect You and Your Company
      10. Case Study: Investigating a Computer Crimes Case
      11. Chapter Summary
      12. Apply Your Knowledge
  8. Final Review
    1. Fast Facts
      1. Introductory Note: Learn Key Terms!
      2. Define, Specify, or Identify Examples of Essential Security Practices
      3. Identify or Explain Examples of Risk Management Fundamentals and the Basic Tenets of Security
      4. Describe, Recognize, or Select Basic Weaknesses in TCP/IP Networking
      5. Describe, Recognize, or Select Good Firewall Architectures, Properties, and Administration Fundamentals
      6. Describe, Recognize, or Select Good Intrusion Detection Methodologies, Applications, and Disaster Recovery and Forensic Practices
      7. Describe, Recognize, or Select Good Administrative Maintenance and Change-Control Issues and Tools
      8. Identify the Basic Security Issues Associated with System/Network Design and Configuration
      9. Identify and Explain Basic Malicious Code Threats and Common Defensive Mechanisms
      10. Identify, Specify, or Describe Common Computer and Network Ethical, Legal, and Privacy Issues
      11. Identify, Specify, or Describe Good Access Control and Authentication Processes and Techniques
      12. Identify Key Issues of Cryptography, and Be Able to Explain Basic Cryptographic Methods in Use Today
      13. Explain, Identify, or Recognize Basic Uses, Requirements, and Functions of PKI and Digital Certificates
      14. Identify, Specify, or Describe Good Host- and Network-Based Security Fundamentals
      15. Explain, Identify, or Recognize Fundamentals of Operating System Security
      16. Understanding Hacker Tools and Techniques
    2. Study and Exam Prep Tips
      1. Learning Styles
      2. Study Tips
      3. Exam Prep Tips
      4. Final Considerations
    3. Practice Exam
      1. Exam Questions
      2. Answers to Exam Questions
  9. Appendixes
    1. Key ICSA Resources Online
      1. TICSA Information and Materials
    2. General Security Resources and Bibliography
      1. Information Security Essentials
      2. Fundamentals of TCP/IP
      3. Information Security Basics
      4. Intrusion Detection and Prevention
      5. System Security Using Firewalls
      6. Disaster Planning and Recovery
      7. Intrusions, Attacks, and Countermeasures
      8. Operating System Security
      9. Cryptography and Public Key Infrastructure
      10. Computer Law
    3. Glossary of Technical Terms
      1. Glossary
    4. Overview of the Certification Process
      1. Current Elements of the TruSecure ICSA Security Practitioner Program
      2. Emerging Certification Programs and Requirements
      3. Certification Requirements
      4. How to Become a TICSA
      5. How to Become a TICSE
      6. TruSecure ICSA Security Practitioner Recertification
      7. Important TruSecure ICSA Certification Web Pages
    5. What's on the CD-ROM
      1. PrepLogic Practice Tests, Preview Edition
      2. Exclusive Electronic Version of Text
      3. Easy Access to Online Pointers and References
    6. Using the PrepLogic Practice Tests, Preview Edition Software
      1. Exam Simulation
      2. Software Requirements
      3. Using PrepLogic Practice Tests, Preview Edition
      4. Contacting PrepLogic
      5. License Agreement
  10. Index