Certificate in Information Assurance
- Fundamentals of System Security
- Incident Response and Computer Forensics
- Ethical Hacking and Countermeasures
- Network Monitoring, Security & Forensics
(not required for certificate)
Click Here to view the Cyber Security Brochure
This course introduces the basics of systems security. Emphasis is placed on access controls, networking, auditing, security operations, and malicious code activity. This course is aligned to the Systems Security Certified Practitioner (SSCP) exam.
Certification: ISC2 SSCP Certification.
Incident response is a coordinated and structured approach to go from incident detection to resolution. This course builds on Computer Forensics, and focuses on the tools and techniques used in the evaluation and remediation of computer incidents. Emphasis is placed on understanding the practical application of forensics as applied to malware and other information system threats. (CERT-Certified Computer Security Incident Handler)
Certification: CERT-Certified Computer Security Incident Handler
This course introduces the basics of ethical hacking, and includes practical, hands-on labs designed to teach students how to prepare and defend against intrusions. This course is aligned to the EC-Council Certified Ethical Hacker (CEH) exam.
Professional development has been the key building my career. As a cyber-security professional I knew that the Ethical Hacker program at Bucks County Community college offered the training I needed to improve my skill set. All the classes I have taken had skilled instructors, well-designed programs, and good systems for hands-on learning. I passed the Certified Ethical Hacker exam and Bucks was a large part of my success. – Randall C. Cole
The first of its kind at Bucks Community college, this cyber security course will leverage Elasticsearch, Kibana and other open source network data collection technologies to help the student not only understand what is happening on the network but also how to detect and make actionable decisions on events occurring real time in their environment. This class will include a multitude of hands on labs that will enable the student to visualize the state of the networks they are monitoring and protecting.
This course will focus on the concepts and practical application of Network Security Monitoring (NSM) using open source software to augment commercial products deployed within an organizations network. We will focus on three primary strategies, Collection, Detection and Analysis. Within these strategies we will discuss, plan and implement tools and techniques to build out or augment your security operations.
At the conclusion of this class students should be able to specify, deploy and manage NSM collectors and conduct analysis of collected data to produce actionable security responses to build upon the organization’s overall security posture.
Certification: Wireshark Certified Network Analyst (WCNA)
Concepts discussed in class and during hands on labs will build on the following concepts:
- Introduction to NSM and NSM concepts
- Planning NSM data collection
- Sensors platforms and management using Security Onion/RockNSM
- Session and flow data leveraging Zeek/Suricata
- Analysis of flow data using SiLK/Argus
- Packet data collection and parsing, tools and techniques
- Detection concepts and processes
- Indications of compromise use and application
- Network based IDS (NIDS) using Snort/Suricata
- Zeek analysis
- SIEM introduction using the Elastic Stack or (ELK)
- Visualization of NSM data using ELK
- Honeypots and Honeynet concepts and use
- Threat Intelligence
- NSM Analysis and Process
Building on the Ethical Hacking course (WITAC 2121), this course covers advanced penetration testing techniques and defenses. While the focus will be on developing the skill sets of the participants, the course will also focus on the defenses needed to protect the infrastructure from these types of attacks. No textbook required. Instructor will provide materials via slides and other handouts as necessary.
Students are required to purchase the following items prior to first class:
Canakit Raspberry Pi3 Complete Starter Kit, $69.99, https://www.amazon.com/dp/B01C6Q2GSY?PSC=1
UTRONICS IEEE 802.3af Micro USB Active PoE Splitter Power Over Ethernet 48V to 5V 2.4A for Tablets, Dropcam or Rasberry Pi, $9.49,https://www.amazon.com/UTRONICS-802-3af-Splitter-Ethernet-Raspberry/dp/B01MDLUSE7/ref=sr_1_3?s=electronics&ie=UTF8&qid=1492782528&sr=1-3&keywords=raspberry+pi+poe+adapter
Anker USB 3.0 Card Reader 8-in-1 for SDXC, SDHC, SD, MMC, RS-MMC, Micro SDXC, Micro SD Micro SDHC Card, Support UHS-I Cards, 18 Months Warranty, $7.99, https://www.amazon.com/Anker-Reader-RS-MCC-Support-Warranty/dp/B006T9B6R2/ref=sr_1_5?ie=UTF8&qid=1492782667&sr=8-5&keywords=usb+micro+sd+card+reader
This course is also available in a Boot Camp format. Please call 215-968-8132 for more information.
Upon completion of this course, students will have a working knowledge of all eight domains required to be an effective manager in a cybersecurity environment. These eight domains include:
* Security and Risk Management
* Asset Security
* Security Engineering
* Communication and Network Security
* Identity and Access Management
* Security Assessment and Testing
* Security Operations
* Software Development Security
This class will prepare students to sit for the CISSP exam.
Required Textbook: Digital Bundle will be provided.
Computer Hacking Forensic Investigator
This course will teach students the required skills to perform a digital forensics investigation. Students will learn the practices of search and seizure, acquisition, preservation, analysis, and reporting of digital evidence. This course will provide theoretical knowledge and hands on experience with commonly used forensics tools in an online lab environment. Topics covered will prepare the student for the Computer Hacking Forensic Investigator (CHFI v10) certification.
Textbook: Computer Hacking Forensics Investigator Version 10 eBook
Labs: EC Council iLabs 6 months access
CompTIA Security+ is an international, vendor-neutral certification that demonstrates competency in network security; compliance and operational security; threats and vulnerabilities; application, data and host security; access control and identity management;and cryptography. CompTIA Security+ provides the knowledge of security concepts, tools and procedures to react to security incidents. Prerequisite: Basic computer and networking knowledge including file management in a Windows environment.
This course will prepare you to pass the current CompTIA Security+ SY0-601 certification exam. After taking this course, you will understand the field of network security and how it relates to other areas of information technology. This course also provides the broad-based knowledge necessary to prepare for further study in specialized security fields, or it can serve as a capstone course that gives a general introduction to the field.
Tuition $895 (test voucher included), Text: CompTIA Security+ Study Guide: Exam SY0-601 8th Edition, ISBN# 9781119736257
Certification Test: SY0-601 for CompTIA Security+ Certification
Certification Information at www.comptia.org
The CPENT training program is designed to teach security professionals the advanced uses of the available methodologies, tools, and techniques required to perform comprehensive information security tests. Security professionals will learn how to design, secure, and test networks to protect their organizations from the threats hackers and crackers pose. By teaching the LPT methodology and ground breaking techniques, this class helps security professionals perform the intensive assessments required to effectively identify and mitigate risks to the security of their infrastructure. As students learn to identify the security problems they also learn how to avoid and eliminate them, as the class provides complete coverage of analysis and network security-testing topics.
The (CPENT) program teaches students how to perform an effective penetration test in an enterprise network environment. It covers the processes involved in attacking, exploiting, evading, and defending. Students will aquire skills by learning how to pen test IoT systems, OT systems, how to write exploits, how to build original tools, conduct advanced binaries exploitation, double pivot to access hidden networks, and also customize scripts/exploits to get into the innermost segments of the network.
The pace of information systems innovation has made vast expanses often with design flaws and technical vulnerabilities. The result is a patchworks of laws, regulations, and standards such as Sarbanes-Oxley, GLBA, HIPPA, PCI-DSS, NYDFS, PIPEDA, GDPR, CCPA, and scores of U.S. state laws requiring public disclosure of security breaches involving private information. IS auditing is a permanent fixture in organizations that have to contend with new technologies; new systems; new threats; and new data security and privacy laws, regulations, and standards. The CISA certification is the gold standard certification for professionals.
Textbook: CISA Certified Information Systems Auditor All-in-One Exam Guide, 4th Edition ISBN 9781260458800
The Certified Information Security Manager (CISM) certification, established in 2002, is the leading certification for information security management. Demand for the CISM certification has grown so much that the once-per-year certification exam was changed to twice per year in 2005 and is not offered multiple times each year. In 2005, the CISM certification was awarded accreditation by the American National Standards Institute (ANSI) under international standard ISO/IEC 17024. CISM is also one if the few certifications formally approved by the U.S. Department of Defense in its Information Assurance Technical category (DoD 8570.01-M.) In 2017, CISM was a finalist in SC Magazine’s Best Professional Certification Program. There are now more than 34,000 professionals with this certification.
Course topics include:
- Information Security Governance
- Information Risk Management and Compliance
- Information Security Program Development and Management
- Information Security Incident Management
Textbook: CISM Review Manual, 15th Edition, ISBN-13: 9781604205084
Detailed Methodological Learning Approach
CHFI presents a methodological approach to computer forensic including searching and seizing, chain-of-custody, acquisition, preservation, analysis and reporting of digital evidence.
Dark Web & IoT Forensics
The first certification program to offer you Dark Web and IoT Forensics modules.
Extensive Coverage on Malware Forensics
Covers latest malware samples like Emotet and Eternal Blue, also known as WannaCry.
Forensic Methodologies for Cloud Infrastructure
Master tools and techniques to ensure security across various cloud platforms — Amazon Web Services, Microsoft Azure Cloud, and Google Cloud Platform.
Course Topical Outline (a planned sequence of topics or learning activities for each session designed to help
students achieve the learning outcomes – a separate sheet may be attached if necessary):
Module 01: Computer Forensics in Today’s World
Module 02: Computer Forensics Investigation Process
Module 03: Understanding Hard Disks and File Systems
Module 04: Data Acquisition and Duplication
Module 05: Defeating Anti-Forensics Techniques
Module 06: Windows Forensics
Module 07: Linux and Mac Forensics
Module 08: Network Forensics
Module 09: Investigating Web Attacks
Module 10: Dark Web Forensics
Module 11: Database Forensics
Module 12: Cloud Forensics
Module 13: Investigating Email Crimes
Module 14: Malware Forensics
Module 15: Mobile Forensics
Module 16: IoT Forensics
WITAC 3080 CSA - Certified SOC Analyst WITAC 3080
Gain Knowledge of SOC processes, procedures, technologies, and workflows.
Gain a basic understanding and in-depth knowledge of security threats, attacks, vulnerabilities, attacker’s behaviors, cyber killchain, etc.
Able to recognize attacker tools, tactics, and procedures to identify indicators of compromise (IOCs) that can be utilized during active and future investigations.
Able to monitor and analyze logs and alerts from a variety of different technologies across multiple platforms (IDS/IPS, end-point protection, servers, and workstations).
Gain knowledge of the Centralized Log Management (CLM) process.
Able to perform Security events and log collection, monitoring, and analysis.
Gain experience and extensive knowledge of Security Information and Event Management.
Gain knowledge of administering SIEM solutions (Splunk/AlienVault/OSSIM/ELK).
Understand the architecture, implementation and fine-tuning of SIEM solutions (Splunk/AlienVault/OSSIM/ELK).
Gain hands-on experience in SIEM use case development process.
Able to develop threat cases (correlation rules), create reports, etc.
Learn use cases that are widely used across the SIEM deployment.
Plan, organize, and perform threat monitoring and analysis in the enterprise.
Able to monitor emerging threat patterns and perform security threat analysis.
Gain hands-on experience in the alert triaging process.
Able to escalate incidents to appropriate teams for additional assistance.
Able to use a Service Desk ticketing system.
Able to prepare briefings and reports of analysis methodology and results.
Gain knowledge of integrating threat intelligence into SIEM for enhanced incident detection and response.
Able to make use of varied, disparate, constantly changing threat information.
Gain knowledge of Incident Response Process.
Gain understating of SOC and IRT collaboration for better incident response.