https://wiki.lpi.org/w/api.php?action=feedcontributions&feedformat=atom&user=MmarcoLPI Wiki - User contributions [en]2026-05-14T03:07:11ZUser contributionsMediaWiki 1.45.3https://wiki.lpi.org/w/index.php?title=Security_Essentials_Objectives_V1.0&diff=5323Security Essentials Objectives V1.02019-05-28T14:25:12Z<p>Mmarco: </p>
<hr />
<div>__FORCETOC__<br />
==Introduction==<br />
<br />
This certificate covers a basic knowledge of IT security. The focus is the digital self-defense of an individual user. This includes a general understanding of major threats against individual computing systems, networks, services and identity as well as approaches to prevent and mitigate them.<br />
<br />
<br /><br />
<br />
==Candidate Description==<br />
<br />
===The Minimally Qualified Candidate===<br />
<br />
The Candidate has a basic understanding of the major security threats of using computers, networks, connected devices and IT service on premise and in the cloud. The candidate understands common ways to prevent, mitigate and prevent attacks against their personal devices and data. Furthermore, the candidate is able to use encryption to secure data transferred through a network and stored on local storage media and in the cloud. The candidate is able to apply common security tools, protect private information and secure their identity. The candidate is able to take responsibility for securing their own devices and making use of IT services.<br />
<br />
<br /><br />
<br />
==Version Information==<br />
<br />
These objectives are '''A DRAFT FOR''' version 1.0.0.<br />
<br />
<br /><br />
<br />
==Translations of Objectives==<br />
<br />
The following translations of the objectives are available on this wiki:<br />
<br />
* [[SecurityEssentials Objectives V1.0|English]]<br />
* [[SecurityEssentials Objectives V1.0(PT-BR)|Brazilian Portuguese]]<br />
* [[SecurityEssentials Objectives V1.0(ZH)|Chinese (Simplified)]]<br />
* [[SecurityEssentials Objectives V1.0(ZH-TW)|Chinese (Traditional)]]<br />
* [[SecurityEssentials Objectives V1.0(NL)|Dutch]]<br />
* [[SecurityEssentials Objectives V1.0(FR)|French]]<br />
* [[SecurityEssentials Objectives V1.0(DE)|German]]<br />
* [[SecurityEssentials Objectives V1.0(IT)|Italian]]<br />
* [[SecurityEssentials Objectives V1.0(JA)|Japanese]]<br />
* [[SecurityEssentials Objectives V1.0(ES)|Spanish]]<br />
<br />
<br /><br />
<br />
==Objectives==<br />
<br />
===''021 Security Concepts''===<br />
<br />
====<span style="color:navy">021.1 Goals, Roles and Actors (weight: 1)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 1<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the importance of IT security. This includes an understanding of essential security goals as well as understanding various actors and roles in the field of IT security.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understand common security goals (confidentiality, integrity and availability, non repudiation)<br />
<br />
* Understand common roles in security (hackers, crackers, black hat, white hat)<br />
<br />
* Awareness of industrial espionage<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">021.2 Risk Assessment and Management (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should know how to find and interpret relevant security information. This includes understanding the risk of a vulnerability and determining the need, urgency and appropriateness for a reaction.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Know common sources for security information<br />
<br />
* Understand security incident classification schema<br />
<br />
* Understand the concepts of Common Vulnerabilities and Exposures (CVE)<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">021.3 Ethical Behaviour (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidates should understand the implications of their behavior when using digital infrastructure. This includes understanding the potential harm caused by using security tools. Furthermore, the candidate should understand common principles in copyright and privacy laws.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding the implications of one’s actions on others<br />
<br />
* Handling of personal and confidential information in a responsible way<br />
<br />
* Awareness of legal implications<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
===''022 Encryption''===<br />
<br />
====<span style="color:navy">022.1 Cryptography Public Key Infrastructure (weight: 3)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 3<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of symmetric and asymmetric encryption. Furthermore candidates should understand how digital certificates are used to associate cryptographic keys with individual persons and organizations.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the principles of symmetric, asymmetric and hybrid cryptography<br />
<br />
* Understanding of the principle of Perfect Forward Secrecy<br />
<br />
* Understanding of the principle of hash functions<br />
<br />
* Awareness of most important cryptographic algorithms <br />
<br />
* Understanding of the principle of digital certificates<br />
<br />
* Understanding of how certificates are associated with a subject and an issuer<br />
<br />
* Understanding of the role of Certificate Authorities<br />
<br />
* Awareness of Let’s Encrypt<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">022.2 Web Encryption (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of HTTPS. This includes verifying the identity of existing websites and understanding common browser error messages.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the major differences between plain text protocols and transport encryption<br />
<br />
* Understanding of the principle of HTTPS<br />
<br />
* Understanding of important fields in X.509 certificates for the use with HTTPS<br />
<br />
* Determining whether or not a website is encrypted, including common browser messages<br />
<br />
* Awareness of SSL Labs Server Test<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">022.3 Email Encryption (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of GPG for email encryption. This includes handling one’s own and foreign GPG keys and sending and receiving encrypted emails.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the principle of GPG<br />
<br />
* Understanding of the role of key servers<br />
<br />
* Using GPG for Email encryption (using Enigmail and Thunderbird on Windows, Linux or OS X)<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">022.4 Data Storage Encryption (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principles of data, file and storage device be able to encrypt data stored on local storage devices and in the cloud.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the principles of data, file and storage device encryption<br />
<br />
* Using VeraCrypt to store data in a container or an encrypted storage devices<br />
<br />
* Using Cryptomator to encrypt files stored in the cloud <br />
<br />
* Awareness of Bitlocker<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
===''023 Node, Device and Storage Security''===<br />
<br />
====<span style="color:navy">023.1 Hardware Security (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand security aspects of hardware. This includes understanding the various types of computer devices as well as their major components. Furthermore, the candidate should understand the security implications of various devices that interact with a computer.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the functionality of major components of a computer<br />
<br />
* Understanding of the functionality of tablets, smartphones, smart tvs, routers, printers smart home, alarm, and IoT devices (light bulbs, thermostats, TVs, …)<br />
<br />
* Understanding of the security implications of physical access to a computer<br />
<br />
* Understanding of security implications of USB devices<br />
<br />
* Understanding of security implications of Bluetooth devices<br />
<br />
* Understanding of security implications of RFID devices<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">023.2 Application Security (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the security aspects of software. This includes managing software updates, protecting software from remote access and understanding how to security install software.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of updates for firmware, operating systems and applications<br />
<br />
* Understanding of the concepts of local packet filters, endpoint firewalls and application layer firewalls<br />
<br />
* Understanding of various sources for applications and ways to securely procure and install software<br />
<br />
* Understanding of sources for mobile applications<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">023.3 Malware (weight: 3)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 3<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of various types of malware. This includes understanding of how they are installed on a device, what effects they cause and how to protect against malware.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of various types of malware (virus, ransomware, trojan horses, adware, cryptominers)<br />
<br />
* Understanding of various types of spying (file copy, keylogging, camera and microphone hijacking)<br />
<br />
* Awareness of the risk of data and address books copies<br />
<br />
* Understanding of the principle of rootkit and remote access<br />
<br />
* Understanding of keyloggers<br />
<br />
* Understanding of virus and malware scanners<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">023.4 Data Availability (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should be able to ensure the availability of their data. This includes storing data in appropriate devices and services as well as creating backups.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of data access and sharing in the cloud<br />
<br />
* Awareness of the dependence on internet connection and the synchronization of data between cloud services and local storage<br />
<br />
* Creating and securely storing backups (full, differential, incremental backups, backup retention)<br />
<br />
'''Partial list of used files, terms and utilities'''<br />
<br />
<br /><br />
<br />
===''024 Network and Service Security''===<br />
<br />
====<span style="color:navy">024.1 Local Network Access Security (weight: 4)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 4<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand how devices are connected to a local network and and which threats result from physical media access. Furthermore, candidates should be able to securely connect to a wireless network.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the principles behind IP networks and the internet<br />
<br />
* Understanding of the principles behind IP addresses and ports<br />
<br />
* Understanding of the principles behind routing and network providers<br />
<br />
* Understanding of the various types of network media (wired and WiFi)<br />
<br />
* Understanding of the implications of media / link layer access<br />
<br />
* Understanding of the concept of Man in the Middle attacks<br />
<br />
* Understanding of the risk of unencrypted / Public WiFi<br />
<br />
* Understanding and using of WiFi security and encryption<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">024.2 Internet Security (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of the Internet and routed networks. This includes understanding how connections to cloud services are established and understanding common threats against services on the Internet.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the principles of the internet<br />
<br />
* Understanding of the principle of traffic interception<br />
<br />
* Understanding of the principle of DoS and DDoS attacks<br />
<br />
* Understanding of the principle of botnets<br />
<br />
* Understanding of the principle of clouds<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">024.3 Network Encryption and Anonymity (weight: 3)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 3<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of virtual private networks. This includes using a VPN provider to encrypt transmitted data. Candidates should understand about the anonymity of the Internet and TOR.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of virtual private networks<br />
<br />
* Understanding of the role of a VPN provider<br />
<br />
* Understanding the concepts of gateway packet filters<br />
<br />
* Awareness of TOR and the Darknet<br />
<br />
* Awareness of crypto currencies and their anonymity aspects<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
===''025 Identity and Privacy''===<br />
<br />
====<span style="color:navy">025.1 Identity (weight: 3)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 3<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand various concepts on how to prove their identity when using services on the internet. This includes using a password manager and multi factor authentication as well as being aware of common threats against individual identities.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the characteristics of secure password (length, special characters, change frequencies, complexity)<br />
<br />
* Using a password manager (keepass2)<br />
<br />
* Understanding of the differences between online and offline password managers<br />
<br />
* Understanding of the risks of traditional password memorization compared to password managers<br />
<br />
* Understanding of the principle of security questions and account recovery tools<br />
<br />
* Understanding of the principle of multifactor factor authentication<br />
<br />
* Understanding of Phishing<br />
<br />
* Understanding of Social Engineering<br />
<br />
* Understanding of the role of email accounts for IT security<br />
<br />
* Monitoring own accounts for password leaks (Search engine alerts for own usernames, password leak checkers)<br />
<br />
* Understanding of the security aspects of online banking and credit cards<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">025.2 Information Confidentiality and Trustworthiness (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should be able to judge the trustworthiness and correctness of information on the internet. This includes understanding how search engines work and rank their results, knowing common criteria for recognizing fake news, spam messages and scam.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding the principle of search engines and web index<br />
<br />
* Awareness of web archives<br />
<br />
* Recognition of fake news<br />
<br />
* Distinguishing fake and real URLs<br />
<br />
* Understanding the principles of email spam filters<br />
<br />
* Understanding the principle of scamming and scareware<br />
<br />
* Handling of received email attachments<br />
<br />
* Sharing information securely and responsibly using email cloud shares and messaging services<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">025.3 Privacy Protection (weight: 3)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 3<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the importance of the confidentiality of personal information. This includes managing privacy settings in various services as well as being aware of common threats against personal information.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the importance of personal information<br />
<br />
* Understanding of the concepts of information gathering and profiling<br />
<br />
* Understanding of the principle of identity theft<br />
<br />
* Understanding of the principle of stalking<br />
<br />
* Understanding of the principle of cybermobbing<br />
<br />
* Understanding of the principle of doxxing<br />
<br />
* Understanding of the principle of fake profiles<br />
<br />
* Understanding of the principle of cookies and tracking<br />
<br />
* Configuring profile privacy settings on social media platforms and online services<br />
<br />
* Managing contacts and privacy settings on social networks<br />
<br />
* Understanding of the risk of publishing personal information<br />
<br />
* Understanding of the rights regarding information about own personal information (such as GDPR for companies based in Europe)<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /></div>Mmarcohttps://wiki.lpi.org/w/index.php?title=Security_Essentials_Objectives_V1.0&diff=5322Security Essentials Objectives V1.02019-05-28T14:22:47Z<p>Mmarco: /* Minimally Qualified Candidate */</p>
<hr />
<div>__FORCETOC__<br />
==Introduction==<br />
<br />
This certificate covers a basic knowledge of IT security. The focus is the digital self-defense of an individual user. This includes a general understanding of major threats against individual computing systems, networks, services and identity as well as approaches to prevent and mitigate them.<br />
<br />
<br /><br />
<br />
==Candidate Description==<br />
<br />
===The Minimally Qualified Candidate===<br />
<br />
The Candidate has a basic understanding of the major security threats of using computers, networks, connected devices and IT service on premise and in the cloud. The candidate understands common ways to prevent, mitigate and prevent attacks against their personal devices and data. Furthermore, the candidate is able to use encryption to secure data transferred through a network and stored on local storage media and in the cloud. The candidate is able to apply common security tools, protect private information and secure their identity. The candidate is able to take responsibility for securing their own devices and making use of IT services.<br />
<br />
<br /><br />
<br />
==Version Information==<br />
<br />
These objectives are '''A DRAFT FOR''' version 1.0.0.<br />
<br />
<br /><br />
<br />
==Translations of Objectives==<br />
<br />
The following translations of the objectives are available on this wiki:<br />
<br />
* [[SecurityEssentials Objectives V1.0|English]]<br />
* [[SecurityEssentials Objectives V1.0(PT-BR)|Brazilian Portuguese]]<br />
* [[SecurityEssentials Objectives V1.0(ZH)|Chinese (Simplified)]]<br />
* [[SecurityEssentials Objectives V1.0(ZH-TW)|Chinese (Traditional)]]<br />
* [[SecurityEssentials Objectives V1.0(NL)|Dutch]]<br />
* [[SecurityEssentials Objectives V1.0(FR)|French]]<br />
* [[SecurityEssentials Objectives V1.0(DE)|German]]<br />
* [[SecurityEssentials Objectives V1.0(IT)|Italian]]<br />
* [[SecurityEssentials Objectives V1.0(JA)|Japanese]]<br />
* [[SecurityEssentials Objectives V1.0(ES)|Spanish]]<br />
<br />
<br /><br />
<br />
==Objectives==<br />
<br />
===''021 Security Concepts''===<br />
<br />
<br />
====<span style="color:navy">021.1 Goals, Roles and Actors (weight: 1)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 1<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the importance of IT security. This includes an understanding of essential security goals as well as understanding various actors and roles in the field of IT security.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understand common security goals (confidentiality, integrity and availability, non repudiation)<br />
<br />
* Understand common roles in security (hackers, crackers, black hat, white hat)<br />
<br />
* Awareness of industrial espionage<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">021.2 Risk Assessment and Management (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should know how to find and interpret relevant security information. This includes understanding the risk of a vulnerability and determining the need, urgency and appropriateness for a reaction.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Know common sources for security information<br />
<br />
* Understand security incident classification schema<br />
<br />
* Understand the concepts of Common Vulnerabilities and Exposures (CVE)<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">021.3 Ethical Behaviour (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidates should understand the implications of their behavior when using digital infrastructure. This includes understanding the potential harm caused by using security tools. Furthermore, the candidate should understand common principles in copyright and privacy laws.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding the implications of one’s actions on others<br />
<br />
* Handling of personal and confidential information in a responsible way<br />
<br />
* Awareness of legal implications<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
===''022 Encryption''===<br />
<br />
====<span style="color:navy">022.1 Cryptography Public Key Infrastructure (weight: 3)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 3<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of symmetric and asymmetric encryption. Furthermore candidates should understand how digital certificates are used to associate cryptographic keys with individual persons and organizations.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the principles of symmetric, asymmetric and hybrid cryptography<br />
<br />
* Understanding of the principle of Perfect Forward Secrecy<br />
<br />
* Understanding of the principle of hash functions<br />
<br />
* Awareness of most important cryptographic algorithms <br />
<br />
* Understanding of the principle of digital certificates<br />
<br />
* Understanding of how certificates are associated with a subject and an issuer<br />
<br />
* Understanding of the role of Certificate Authorities<br />
<br />
* Awareness of Let’s Encrypt<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">022.2 Web Encryption (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of HTTPS. This includes verifying the identity of existing websites and understanding common browser error messages.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the major differences between plain text protocols and transport encryption<br />
<br />
* Understanding of the principle of HTTPS<br />
<br />
* Understanding of important fields in X.509 certificates for the use with HTTPS<br />
<br />
* Determining whether or not a website is encrypted, including common browser messages<br />
<br />
* Awareness of SSL Labs Server Test<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">022.3 Email Encryption (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of GPG for email encryption. This includes handling one’s own and foreign GPG keys and sending and receiving encrypted emails.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the principle of GPG<br />
<br />
* Understanding of the role of key servers<br />
<br />
* Using GPG for Email encryption (using Enigmail and Thunderbird on Windows, Linux or OS X)<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">022.4 Data Storage Encryption (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principles of data, file and storage device be able to encrypt data stored on local storage devices and in the cloud.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the principles of data, file and storage device encryption<br />
<br />
* Using VeraCrypt to store data in a container or an encrypted storage devices<br />
<br />
* Using Cryptomator to encrypt files stored in the cloud <br />
<br />
* Awareness of Bitlocker<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
===''023 Node, Device and Storage Security''===<br />
<br />
====<span style="color:navy">023.1 Hardware Security (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand security aspects of hardware. This includes understanding the various types of computer devices as well as their major components. Furthermore, the candidate should understand the security implications of various devices that interact with a computer.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the functionality of major components of a computer<br />
<br />
* Understanding of the functionality of tablets, smartphones, smart tvs, routers, printers smart home, alarm, and IoT devices (light bulbs, thermostats, TVs, …)<br />
<br />
* Understanding of the security implications of physical access to a computer<br />
<br />
* Understanding of security implications of USB devices<br />
<br />
* Understanding of security implications of Bluetooth devices<br />
<br />
* Understanding of security implications of RFID devices<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">023.2 Application Security (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the security aspects of software. This includes managing software updates, protecting software from remote access and understanding how to security install software.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of updates for firmware, operating systems and applications<br />
<br />
* Understanding of the concepts of local packet filters, endpoint firewalls and application layer firewalls<br />
<br />
* Understanding of various sources for applications and ways to securely procure and install software<br />
<br />
* Understanding of sources for mobile applications<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">023.3 Malware (weight: 3)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 3<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of various types of malware. This includes understanding of how they are installed on a device, what effects they cause and how to protect against malware.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of various types of malware (virus, ransomware, trojan horses, adware, cryptominers)<br />
<br />
* Understanding of various types of spying (file copy, keylogging, camera and microphone hijacking)<br />
<br />
* Awareness of the risk of data and address books copies<br />
<br />
* Understanding of the principle of rootkit and remote access<br />
<br />
* Understanding of keyloggers<br />
<br />
* Understanding of virus and malware scanners<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">023.4 Data Availability (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should be able to ensure the availability of their data. This includes storing data in appropriate devices and services as well as creating backups.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of data access and sharing in the cloud<br />
<br />
* Awareness of the dependence on internet connection and the synchronization of data between cloud services and local storage<br />
<br />
* Creating and securely storing backups (full, differential, incremental backups, backup retention)<br />
<br />
'''Partial list of used files, terms and utilities'''<br />
<br />
<br /><br />
<br />
===''024 Network and Service Security''===<br />
<br />
====<span style="color:navy">024.1 Local Network Access Security (weight: 4)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 4<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand how devices are connected to a local network and and which threats result from physical media access. Furthermore, candidates should be able to securely connect to a wireless network.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the principles behind IP networks and the internet<br />
<br />
* Understanding of the principles behind IP addresses and ports<br />
<br />
* Understanding of the principles behind routing and network providers<br />
<br />
* Understanding of the various types of network media (wired and WiFi)<br />
<br />
* Understanding of the implications of media / link layer access<br />
<br />
* Understanding of the concept of Man in the Middle attacks<br />
<br />
* Understanding of the risk of unencrypted / Public WiFi<br />
<br />
* Understanding and using of WiFi security and encryption<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">024.2 Internet Security (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of the Internet and routed networks. This includes understanding how connections to cloud services are established and understanding common threats against services on the Internet.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the principles of the internet<br />
<br />
* Understanding of the principle of traffic interception<br />
<br />
* Understanding of the principle of DoS and DDoS attacks<br />
<br />
* Understanding of the principle of botnets<br />
<br />
* Understanding of the principle of clouds<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">024.3 Network Encryption and Anonymity (weight: 3)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 3<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of virtual private networks. This includes using a VPN provider to encrypt transmitted data. Candidates should understand about the anonymity of the Internet and TOR.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of virtual private networks<br />
<br />
* Understanding of the role of a VPN provider<br />
<br />
* Understanding the concepts of gateway packet filters<br />
<br />
* Awareness of TOR and the Darknet<br />
<br />
* Awareness of crypto currencies and their anonymity aspects<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
===''025 Identity and Privacy''===<br />
<br />
====<span style="color:navy">025.1 Identity (weight: 3)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 3<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand various concepts on how to prove their identity when using services on the internet. This includes using a password manager and multi factor authentication as well as being aware of common threats against individual identities.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the characteristics of secure password (length, special characters, change frequencies, complexity)<br />
<br />
* Using a password manager (keepass2)<br />
<br />
* Understanding of the differences between online and offline password managers<br />
<br />
* Understanding of the risks of traditional password memorization compared to password managers<br />
<br />
* Understanding of the principle of security questions and account recovery tools<br />
<br />
* Understanding of the principle of multifactor factor authentication<br />
<br />
* Understanding of Phishing<br />
<br />
* Understanding of Social Engineering<br />
<br />
* Understanding of the role of email accounts for IT security<br />
<br />
* Monitoring own accounts for password leaks (Search engine alerts for own usernames, password leak checkers)<br />
<br />
* Understanding of the security aspects of online banking and credit cards<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">025.2 Information Confidentiality and Trustworthiness (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should be able to judge the trustworthiness and correctness of information on the internet. This includes understanding how search engines work and rank their results, knowing common criteria for recognizing fake news, spam messages and scam.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding the principle of search engines and web index<br />
<br />
* Awareness of web archives<br />
<br />
* Recognition of fake news<br />
<br />
* Distinguishing fake and real URLs<br />
<br />
* Understanding the principles of email spam filters<br />
<br />
* Understanding the principle of scamming and scareware<br />
<br />
* Handling of received email attachments<br />
<br />
* Sharing information securely and responsibly using email cloud shares and messaging services<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">025.3 Privacy Protection (weight: 3)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 3<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the importance of the confidentiality of personal information. This includes managing privacy settings in various services as well as being aware of common threats against personal information.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the importance of personal information<br />
<br />
* Understanding of the concepts of information gathering and profiling<br />
<br />
* Understanding of the principle of identity theft<br />
<br />
* Understanding of the principle of stalking<br />
<br />
* Understanding of the principle of cybermobbing<br />
<br />
* Understanding of the principle of doxxing<br />
<br />
* Understanding of the principle of fake profiles<br />
<br />
* Understanding of the principle of cookies and tracking<br />
<br />
* Configuring profile privacy settings on social media platforms and online services<br />
<br />
* Managing contacts and privacy settings on social networks<br />
<br />
* Understanding of the risk of publishing personal information<br />
<br />
* Understanding of the rights regarding information about own personal information (such as GDPR for companies based in Europe)<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /></div>Mmarcohttps://wiki.lpi.org/w/index.php?title=Security_Essentials_Objectives_V1.0&diff=5321Security Essentials Objectives V1.02019-05-28T14:22:00Z<p>Mmarco: /* Translations of Objectives */</p>
<hr />
<div>__FORCETOC__<br />
==Introduction==<br />
<br />
This certificate covers a basic knowledge of IT security. The focus is the digital self-defense of an individual user. This includes a general understanding of major threats against individual computing systems, networks, services and identity as well as approaches to prevent and mitigate them.<br />
<br />
<br /><br />
<br />
==Candidate Description==<br />
<br />
===Minimally Qualified Candidate===<br />
<br />
The Candidate has a basic understanding of the major security threats of using computers, networks, connected devices and IT service on premise and in the cloud. The candidate understands common ways to prevent, mitigate and prevent attacks against their personal devices and data. Furthermore, the candidate is able to use encryption to secure data transferred through a network and stored on local storage media and in the cloud. The candidate is able to apply common security tools, protect private information and secure their identity. The candidate is able to take responsibility for securing their own devices and making use of IT services.<br />
<br />
<br /><br />
<br />
==Version Information==<br />
<br />
These objectives are '''A DRAFT FOR''' version 1.0.0.<br />
<br />
<br /><br />
<br />
==Translations of Objectives==<br />
<br />
The following translations of the objectives are available on this wiki:<br />
<br />
* [[SecurityEssentials Objectives V1.0|English]]<br />
* [[SecurityEssentials Objectives V1.0(PT-BR)|Brazilian Portuguese]]<br />
* [[SecurityEssentials Objectives V1.0(ZH)|Chinese (Simplified)]]<br />
* [[SecurityEssentials Objectives V1.0(ZH-TW)|Chinese (Traditional)]]<br />
* [[SecurityEssentials Objectives V1.0(NL)|Dutch]]<br />
* [[SecurityEssentials Objectives V1.0(FR)|French]]<br />
* [[SecurityEssentials Objectives V1.0(DE)|German]]<br />
* [[SecurityEssentials Objectives V1.0(IT)|Italian]]<br />
* [[SecurityEssentials Objectives V1.0(JA)|Japanese]]<br />
* [[SecurityEssentials Objectives V1.0(ES)|Spanish]]<br />
<br />
<br /><br />
<br />
==Objectives==<br />
<br />
===''021 Security Concepts''===<br />
<br />
<br />
====<span style="color:navy">021.1 Goals, Roles and Actors (weight: 1)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 1<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the importance of IT security. This includes an understanding of essential security goals as well as understanding various actors and roles in the field of IT security.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understand common security goals (confidentiality, integrity and availability, non repudiation)<br />
<br />
* Understand common roles in security (hackers, crackers, black hat, white hat)<br />
<br />
* Awareness of industrial espionage<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">021.2 Risk Assessment and Management (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should know how to find and interpret relevant security information. This includes understanding the risk of a vulnerability and determining the need, urgency and appropriateness for a reaction.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Know common sources for security information<br />
<br />
* Understand security incident classification schema<br />
<br />
* Understand the concepts of Common Vulnerabilities and Exposures (CVE)<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">021.3 Ethical Behaviour (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidates should understand the implications of their behavior when using digital infrastructure. This includes understanding the potential harm caused by using security tools. Furthermore, the candidate should understand common principles in copyright and privacy laws.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding the implications of one’s actions on others<br />
<br />
* Handling of personal and confidential information in a responsible way<br />
<br />
* Awareness of legal implications<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
===''022 Encryption''===<br />
<br />
====<span style="color:navy">022.1 Cryptography Public Key Infrastructure (weight: 3)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 3<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of symmetric and asymmetric encryption. Furthermore candidates should understand how digital certificates are used to associate cryptographic keys with individual persons and organizations.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the principles of symmetric, asymmetric and hybrid cryptography<br />
<br />
* Understanding of the principle of Perfect Forward Secrecy<br />
<br />
* Understanding of the principle of hash functions<br />
<br />
* Awareness of most important cryptographic algorithms <br />
<br />
* Understanding of the principle of digital certificates<br />
<br />
* Understanding of how certificates are associated with a subject and an issuer<br />
<br />
* Understanding of the role of Certificate Authorities<br />
<br />
* Awareness of Let’s Encrypt<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">022.2 Web Encryption (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of HTTPS. This includes verifying the identity of existing websites and understanding common browser error messages.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the major differences between plain text protocols and transport encryption<br />
<br />
* Understanding of the principle of HTTPS<br />
<br />
* Understanding of important fields in X.509 certificates for the use with HTTPS<br />
<br />
* Determining whether or not a website is encrypted, including common browser messages<br />
<br />
* Awareness of SSL Labs Server Test<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">022.3 Email Encryption (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of GPG for email encryption. This includes handling one’s own and foreign GPG keys and sending and receiving encrypted emails.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the principle of GPG<br />
<br />
* Understanding of the role of key servers<br />
<br />
* Using GPG for Email encryption (using Enigmail and Thunderbird on Windows, Linux or OS X)<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">022.4 Data Storage Encryption (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principles of data, file and storage device be able to encrypt data stored on local storage devices and in the cloud.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the principles of data, file and storage device encryption<br />
<br />
* Using VeraCrypt to store data in a container or an encrypted storage devices<br />
<br />
* Using Cryptomator to encrypt files stored in the cloud <br />
<br />
* Awareness of Bitlocker<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
===''023 Node, Device and Storage Security''===<br />
<br />
====<span style="color:navy">023.1 Hardware Security (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand security aspects of hardware. This includes understanding the various types of computer devices as well as their major components. Furthermore, the candidate should understand the security implications of various devices that interact with a computer.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the functionality of major components of a computer<br />
<br />
* Understanding of the functionality of tablets, smartphones, smart tvs, routers, printers smart home, alarm, and IoT devices (light bulbs, thermostats, TVs, …)<br />
<br />
* Understanding of the security implications of physical access to a computer<br />
<br />
* Understanding of security implications of USB devices<br />
<br />
* Understanding of security implications of Bluetooth devices<br />
<br />
* Understanding of security implications of RFID devices<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">023.2 Application Security (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the security aspects of software. This includes managing software updates, protecting software from remote access and understanding how to security install software.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of updates for firmware, operating systems and applications<br />
<br />
* Understanding of the concepts of local packet filters, endpoint firewalls and application layer firewalls<br />
<br />
* Understanding of various sources for applications and ways to securely procure and install software<br />
<br />
* Understanding of sources for mobile applications<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">023.3 Malware (weight: 3)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 3<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of various types of malware. This includes understanding of how they are installed on a device, what effects they cause and how to protect against malware.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of various types of malware (virus, ransomware, trojan horses, adware, cryptominers)<br />
<br />
* Understanding of various types of spying (file copy, keylogging, camera and microphone hijacking)<br />
<br />
* Awareness of the risk of data and address books copies<br />
<br />
* Understanding of the principle of rootkit and remote access<br />
<br />
* Understanding of keyloggers<br />
<br />
* Understanding of virus and malware scanners<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">023.4 Data Availability (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should be able to ensure the availability of their data. This includes storing data in appropriate devices and services as well as creating backups.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of data access and sharing in the cloud<br />
<br />
* Awareness of the dependence on internet connection and the synchronization of data between cloud services and local storage<br />
<br />
* Creating and securely storing backups (full, differential, incremental backups, backup retention)<br />
<br />
'''Partial list of used files, terms and utilities'''<br />
<br />
<br /><br />
<br />
===''024 Network and Service Security''===<br />
<br />
====<span style="color:navy">024.1 Local Network Access Security (weight: 4)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 4<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand how devices are connected to a local network and and which threats result from physical media access. Furthermore, candidates should be able to securely connect to a wireless network.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the principles behind IP networks and the internet<br />
<br />
* Understanding of the principles behind IP addresses and ports<br />
<br />
* Understanding of the principles behind routing and network providers<br />
<br />
* Understanding of the various types of network media (wired and WiFi)<br />
<br />
* Understanding of the implications of media / link layer access<br />
<br />
* Understanding of the concept of Man in the Middle attacks<br />
<br />
* Understanding of the risk of unencrypted / Public WiFi<br />
<br />
* Understanding and using of WiFi security and encryption<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">024.2 Internet Security (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of the Internet and routed networks. This includes understanding how connections to cloud services are established and understanding common threats against services on the Internet.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the principles of the internet<br />
<br />
* Understanding of the principle of traffic interception<br />
<br />
* Understanding of the principle of DoS and DDoS attacks<br />
<br />
* Understanding of the principle of botnets<br />
<br />
* Understanding of the principle of clouds<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">024.3 Network Encryption and Anonymity (weight: 3)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 3<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of virtual private networks. This includes using a VPN provider to encrypt transmitted data. Candidates should understand about the anonymity of the Internet and TOR.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of virtual private networks<br />
<br />
* Understanding of the role of a VPN provider<br />
<br />
* Understanding the concepts of gateway packet filters<br />
<br />
* Awareness of TOR and the Darknet<br />
<br />
* Awareness of crypto currencies and their anonymity aspects<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
===''025 Identity and Privacy''===<br />
<br />
====<span style="color:navy">025.1 Identity (weight: 3)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 3<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand various concepts on how to prove their identity when using services on the internet. This includes using a password manager and multi factor authentication as well as being aware of common threats against individual identities.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the characteristics of secure password (length, special characters, change frequencies, complexity)<br />
<br />
* Using a password manager (keepass2)<br />
<br />
* Understanding of the differences between online and offline password managers<br />
<br />
* Understanding of the risks of traditional password memorization compared to password managers<br />
<br />
* Understanding of the principle of security questions and account recovery tools<br />
<br />
* Understanding of the principle of multifactor factor authentication<br />
<br />
* Understanding of Phishing<br />
<br />
* Understanding of Social Engineering<br />
<br />
* Understanding of the role of email accounts for IT security<br />
<br />
* Monitoring own accounts for password leaks (Search engine alerts for own usernames, password leak checkers)<br />
<br />
* Understanding of the security aspects of online banking and credit cards<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">025.2 Information Confidentiality and Trustworthiness (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should be able to judge the trustworthiness and correctness of information on the internet. This includes understanding how search engines work and rank their results, knowing common criteria for recognizing fake news, spam messages and scam.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding the principle of search engines and web index<br />
<br />
* Awareness of web archives<br />
<br />
* Recognition of fake news<br />
<br />
* Distinguishing fake and real URLs<br />
<br />
* Understanding the principles of email spam filters<br />
<br />
* Understanding the principle of scamming and scareware<br />
<br />
* Handling of received email attachments<br />
<br />
* Sharing information securely and responsibly using email cloud shares and messaging services<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">025.3 Privacy Protection (weight: 3)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 3<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the importance of the confidentiality of personal information. This includes managing privacy settings in various services as well as being aware of common threats against personal information.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the importance of personal information<br />
<br />
* Understanding of the concepts of information gathering and profiling<br />
<br />
* Understanding of the principle of identity theft<br />
<br />
* Understanding of the principle of stalking<br />
<br />
* Understanding of the principle of cybermobbing<br />
<br />
* Understanding of the principle of doxxing<br />
<br />
* Understanding of the principle of fake profiles<br />
<br />
* Understanding of the principle of cookies and tracking<br />
<br />
* Configuring profile privacy settings on social media platforms and online services<br />
<br />
* Managing contacts and privacy settings on social networks<br />
<br />
* Understanding of the risk of publishing personal information<br />
<br />
* Understanding of the rights regarding information about own personal information (such as GDPR for companies based in Europe)<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /></div>Mmarcohttps://wiki.lpi.org/w/index.php?title=Security_Essentials_Objectives_V1.0&diff=5320Security Essentials Objectives V1.02019-05-28T14:20:14Z<p>Mmarco: </p>
<hr />
<div>__FORCETOC__<br />
==Introduction==<br />
<br />
This certificate covers a basic knowledge of IT security. The focus is the digital self-defense of an individual user. This includes a general understanding of major threats against individual computing systems, networks, services and identity as well as approaches to prevent and mitigate them.<br />
<br />
<br /><br />
<br />
==Candidate Description==<br />
<br />
===Minimally Qualified Candidate===<br />
<br />
The Candidate has a basic understanding of the major security threats of using computers, networks, connected devices and IT service on premise and in the cloud. The candidate understands common ways to prevent, mitigate and prevent attacks against their personal devices and data. Furthermore, the candidate is able to use encryption to secure data transferred through a network and stored on local storage media and in the cloud. The candidate is able to apply common security tools, protect private information and secure their identity. The candidate is able to take responsibility for securing their own devices and making use of IT services.<br />
<br />
<br /><br />
<br />
==Version Information==<br />
<br />
These objectives are '''A DRAFT FOR''' version 1.0.0.<br />
<br />
<br /><br />
<br />
==Translations of Objectives==<br />
<br />
The following translations of the objectives are available on this wiki:<br />
<br />
* [[LinuxEssentials Objectives V1.6|English]]<br />
* [[LinuxEssentials Objectives V1.6(PT-BR)|Brazilian Portuguese]]<br />
* [[LinuxEssentials Objectives V1.6(ZH)|Chinese (Simplified)]]<br />
* [[LinuxEssentials Objectives V1.6(ZH-TW)|Chinese (Traditional)]]<br />
* [[LinuxEssentials Objectives V1.6(NL)|Dutch]]<br />
* [[LinuxEssentials Objectives V1.6(FR)|French]]<br />
* [[LinuxEssentials Objectives V1.6(DE)|German]]<br />
* [[LinuxEssentials Objectives V1.6(IT)|Italian]]<br />
* [[LinuxEssentials Objectives V1.6(JA)|Japanese]]<br />
* [[LinuxEssentials Objectives V1.6(ES)|Spanish]]<br />
<br />
<br /><br />
<br />
==Objectives==<br />
<br />
===''021 Security Concepts''===<br />
<br />
<br />
====<span style="color:navy">021.1 Goals, Roles and Actors (weight: 1)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 1<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the importance of IT security. This includes an understanding of essential security goals as well as understanding various actors and roles in the field of IT security.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understand common security goals (confidentiality, integrity and availability, non repudiation)<br />
<br />
* Understand common roles in security (hackers, crackers, black hat, white hat)<br />
<br />
* Awareness of industrial espionage<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">021.2 Risk Assessment and Management (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should know how to find and interpret relevant security information. This includes understanding the risk of a vulnerability and determining the need, urgency and appropriateness for a reaction.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Know common sources for security information<br />
<br />
* Understand security incident classification schema<br />
<br />
* Understand the concepts of Common Vulnerabilities and Exposures (CVE)<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">021.3 Ethical Behaviour (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidates should understand the implications of their behavior when using digital infrastructure. This includes understanding the potential harm caused by using security tools. Furthermore, the candidate should understand common principles in copyright and privacy laws.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding the implications of one’s actions on others<br />
<br />
* Handling of personal and confidential information in a responsible way<br />
<br />
* Awareness of legal implications<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
===''022 Encryption''===<br />
<br />
====<span style="color:navy">022.1 Cryptography Public Key Infrastructure (weight: 3)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 3<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of symmetric and asymmetric encryption. Furthermore candidates should understand how digital certificates are used to associate cryptographic keys with individual persons and organizations.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the principles of symmetric, asymmetric and hybrid cryptography<br />
<br />
* Understanding of the principle of Perfect Forward Secrecy<br />
<br />
* Understanding of the principle of hash functions<br />
<br />
* Awareness of most important cryptographic algorithms <br />
<br />
* Understanding of the principle of digital certificates<br />
<br />
* Understanding of how certificates are associated with a subject and an issuer<br />
<br />
* Understanding of the role of Certificate Authorities<br />
<br />
* Awareness of Let’s Encrypt<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">022.2 Web Encryption (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of HTTPS. This includes verifying the identity of existing websites and understanding common browser error messages.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the major differences between plain text protocols and transport encryption<br />
<br />
* Understanding of the principle of HTTPS<br />
<br />
* Understanding of important fields in X.509 certificates for the use with HTTPS<br />
<br />
* Determining whether or not a website is encrypted, including common browser messages<br />
<br />
* Awareness of SSL Labs Server Test<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">022.3 Email Encryption (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of GPG for email encryption. This includes handling one’s own and foreign GPG keys and sending and receiving encrypted emails.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the principle of GPG<br />
<br />
* Understanding of the role of key servers<br />
<br />
* Using GPG for Email encryption (using Enigmail and Thunderbird on Windows, Linux or OS X)<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">022.4 Data Storage Encryption (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principles of data, file and storage device be able to encrypt data stored on local storage devices and in the cloud.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the principles of data, file and storage device encryption<br />
<br />
* Using VeraCrypt to store data in a container or an encrypted storage devices<br />
<br />
* Using Cryptomator to encrypt files stored in the cloud <br />
<br />
* Awareness of Bitlocker<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
===''023 Node, Device and Storage Security''===<br />
<br />
====<span style="color:navy">023.1 Hardware Security (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand security aspects of hardware. This includes understanding the various types of computer devices as well as their major components. Furthermore, the candidate should understand the security implications of various devices that interact with a computer.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the functionality of major components of a computer<br />
<br />
* Understanding of the functionality of tablets, smartphones, smart tvs, routers, printers smart home, alarm, and IoT devices (light bulbs, thermostats, TVs, …)<br />
<br />
* Understanding of the security implications of physical access to a computer<br />
<br />
* Understanding of security implications of USB devices<br />
<br />
* Understanding of security implications of Bluetooth devices<br />
<br />
* Understanding of security implications of RFID devices<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">023.2 Application Security (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the security aspects of software. This includes managing software updates, protecting software from remote access and understanding how to security install software.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of updates for firmware, operating systems and applications<br />
<br />
* Understanding of the concepts of local packet filters, endpoint firewalls and application layer firewalls<br />
<br />
* Understanding of various sources for applications and ways to securely procure and install software<br />
<br />
* Understanding of sources for mobile applications<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">023.3 Malware (weight: 3)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 3<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of various types of malware. This includes understanding of how they are installed on a device, what effects they cause and how to protect against malware.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of various types of malware (virus, ransomware, trojan horses, adware, cryptominers)<br />
<br />
* Understanding of various types of spying (file copy, keylogging, camera and microphone hijacking)<br />
<br />
* Awareness of the risk of data and address books copies<br />
<br />
* Understanding of the principle of rootkit and remote access<br />
<br />
* Understanding of keyloggers<br />
<br />
* Understanding of virus and malware scanners<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">023.4 Data Availability (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should be able to ensure the availability of their data. This includes storing data in appropriate devices and services as well as creating backups.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of data access and sharing in the cloud<br />
<br />
* Awareness of the dependence on internet connection and the synchronization of data between cloud services and local storage<br />
<br />
* Creating and securely storing backups (full, differential, incremental backups, backup retention)<br />
<br />
'''Partial list of used files, terms and utilities'''<br />
<br />
<br /><br />
<br />
===''024 Network and Service Security''===<br />
<br />
====<span style="color:navy">024.1 Local Network Access Security (weight: 4)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 4<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand how devices are connected to a local network and and which threats result from physical media access. Furthermore, candidates should be able to securely connect to a wireless network.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the principles behind IP networks and the internet<br />
<br />
* Understanding of the principles behind IP addresses and ports<br />
<br />
* Understanding of the principles behind routing and network providers<br />
<br />
* Understanding of the various types of network media (wired and WiFi)<br />
<br />
* Understanding of the implications of media / link layer access<br />
<br />
* Understanding of the concept of Man in the Middle attacks<br />
<br />
* Understanding of the risk of unencrypted / Public WiFi<br />
<br />
* Understanding and using of WiFi security and encryption<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">024.2 Internet Security (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of the Internet and routed networks. This includes understanding how connections to cloud services are established and understanding common threats against services on the Internet.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the principles of the internet<br />
<br />
* Understanding of the principle of traffic interception<br />
<br />
* Understanding of the principle of DoS and DDoS attacks<br />
<br />
* Understanding of the principle of botnets<br />
<br />
* Understanding of the principle of clouds<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">024.3 Network Encryption and Anonymity (weight: 3)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 3<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of virtual private networks. This includes using a VPN provider to encrypt transmitted data. Candidates should understand about the anonymity of the Internet and TOR.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of virtual private networks<br />
<br />
* Understanding of the role of a VPN provider<br />
<br />
* Understanding the concepts of gateway packet filters<br />
<br />
* Awareness of TOR and the Darknet<br />
<br />
* Awareness of crypto currencies and their anonymity aspects<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
===''025 Identity and Privacy''===<br />
<br />
====<span style="color:navy">025.1 Identity (weight: 3)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 3<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand various concepts on how to prove their identity when using services on the internet. This includes using a password manager and multi factor authentication as well as being aware of common threats against individual identities.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the characteristics of secure password (length, special characters, change frequencies, complexity)<br />
<br />
* Using a password manager (keepass2)<br />
<br />
* Understanding of the differences between online and offline password managers<br />
<br />
* Understanding of the risks of traditional password memorization compared to password managers<br />
<br />
* Understanding of the principle of security questions and account recovery tools<br />
<br />
* Understanding of the principle of multifactor factor authentication<br />
<br />
* Understanding of Phishing<br />
<br />
* Understanding of Social Engineering<br />
<br />
* Understanding of the role of email accounts for IT security<br />
<br />
* Monitoring own accounts for password leaks (Search engine alerts for own usernames, password leak checkers)<br />
<br />
* Understanding of the security aspects of online banking and credit cards<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">025.2 Information Confidentiality and Trustworthiness (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should be able to judge the trustworthiness and correctness of information on the internet. This includes understanding how search engines work and rank their results, knowing common criteria for recognizing fake news, spam messages and scam.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding the principle of search engines and web index<br />
<br />
* Awareness of web archives<br />
<br />
* Recognition of fake news<br />
<br />
* Distinguishing fake and real URLs<br />
<br />
* Understanding the principles of email spam filters<br />
<br />
* Understanding the principle of scamming and scareware<br />
<br />
* Handling of received email attachments<br />
<br />
* Sharing information securely and responsibly using email cloud shares and messaging services<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">025.3 Privacy Protection (weight: 3)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 3<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the importance of the confidentiality of personal information. This includes managing privacy settings in various services as well as being aware of common threats against personal information.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the importance of personal information<br />
<br />
* Understanding of the concepts of information gathering and profiling<br />
<br />
* Understanding of the principle of identity theft<br />
<br />
* Understanding of the principle of stalking<br />
<br />
* Understanding of the principle of cybermobbing<br />
<br />
* Understanding of the principle of doxxing<br />
<br />
* Understanding of the principle of fake profiles<br />
<br />
* Understanding of the principle of cookies and tracking<br />
<br />
* Configuring profile privacy settings on social media platforms and online services<br />
<br />
* Managing contacts and privacy settings on social networks<br />
<br />
* Understanding of the risk of publishing personal information<br />
<br />
* Understanding of the rights regarding information about own personal information (such as GDPR for companies based in Europe)<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /></div>Mmarcohttps://wiki.lpi.org/w/index.php?title=Security_Essentials_Objectives_V1.0&diff=5319Security Essentials Objectives V1.02019-05-28T14:13:40Z<p>Mmarco: /* The Minimally Qualified Candidate */</p>
<hr />
<div>__FORCETOC__<br />
==Introduction==<br />
<br />
This certificate covers a basic knowledge of IT security. The focus is the digital self-defense of an individual user. This includes a general understanding of major threats against individual computing systems, networks, services and identity as well as approaches to prevent and mitigate them.<br />
<br />
<br /><br />
<br />
==Candidate Description==<br />
<br />
===Minimally Qualified Candidate===<br />
<br />
The Candidate has a basic understanding of the major security threats of using computers, networks, connected devices and IT service on premise and in the cloud. The candidate understands common ways to prevent, mitigate and prevent attacks against their personal devices and data. Furthermore, the candidate is able to use encryption to secure data transferred through a network and stored on local storage media and in the cloud. The candidate is able to apply common security tools, protect private information and secure their identity. The candidate is able to take responsibility for securing their own devices and making use of IT services.<br />
<br />
<br /><br />
<br />
==Version Information==<br />
<br />
These objectives are '''A DRAFT FOR''' version 1.0.0.<br />
<br />
<br /><br />
<br />
==Objectives==<br />
<br />
===''021 Security Concepts''===<br />
<br />
<br />
====<span style="color:navy">021.1 Goals, Roles and Actors (weight: 1)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 1<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the importance of IT security. This includes an understanding of essential security goals as well as understanding various actors and roles in the field of IT security.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understand common security goals (confidentiality, integrity and availability, non repudiation)<br />
<br />
* Understand common roles in security (hackers, crackers, black hat, white hat)<br />
<br />
* Awareness of industrial espionage<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">021.2 Risk Assessment and Management (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should know how to find and interpret relevant security information. This includes understanding the risk of a vulnerability and determining the need, urgency and appropriateness for a reaction.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Know common sources for security information<br />
<br />
* Understand security incident classification schema<br />
<br />
* Understand the concepts of Common Vulnerabilities and Exposures (CVE)<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">021.3 Ethical Behaviour (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidates should understand the implications of their behavior when using digital infrastructure. This includes understanding the potential harm caused by using security tools. Furthermore, the candidate should understand common principles in copyright and privacy laws.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding the implications of one’s actions on others<br />
<br />
* Handling of personal and confidential information in a responsible way<br />
<br />
* Awareness of legal implications<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
===''022 Encryption''===<br />
<br />
====<span style="color:navy">022.1 Cryptography Public Key Infrastructure (weight: 3)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 3<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of symmetric and asymmetric encryption. Furthermore candidates should understand how digital certificates are used to associate cryptographic keys with individual persons and organizations.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the principles of symmetric, asymmetric and hybrid cryptography<br />
<br />
* Understanding of the principle of Perfect Forward Secrecy<br />
<br />
* Understanding of the principle of hash functions<br />
<br />
* Awareness of most important cryptographic algorithms <br />
<br />
* Understanding of the principle of digital certificates<br />
<br />
* Understanding of how certificates are associated with a subject and an issuer<br />
<br />
* Understanding of the role of Certificate Authorities<br />
<br />
* Awareness of Let’s Encrypt<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">022.2 Web Encryption (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of HTTPS. This includes verifying the identity of existing websites and understanding common browser error messages.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the major differences between plain text protocols and transport encryption<br />
<br />
* Understanding of the principle of HTTPS<br />
<br />
* Understanding of important fields in X.509 certificates for the use with HTTPS<br />
<br />
* Determining whether or not a website is encrypted, including common browser messages<br />
<br />
* Awareness of SSL Labs Server Test<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">022.3 Email Encryption (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of GPG for email encryption. This includes handling one’s own and foreign GPG keys and sending and receiving encrypted emails.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the principle of GPG<br />
<br />
* Understanding of the role of key servers<br />
<br />
* Using GPG for Email encryption (using Enigmail and Thunderbird on Windows, Linux or OS X)<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">022.4 Data Storage Encryption (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principles of data, file and storage device be able to encrypt data stored on local storage devices and in the cloud.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the principles of data, file and storage device encryption<br />
<br />
* Using VeraCrypt to store data in a container or an encrypted storage devices<br />
<br />
* Using Cryptomator to encrypt files stored in the cloud <br />
<br />
* Awareness of Bitlocker<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
===''023 Node, Device and Storage Security''===<br />
<br />
====<span style="color:navy">023.1 Hardware Security (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand security aspects of hardware. This includes understanding the various types of computer devices as well as their major components. Furthermore, the candidate should understand the security implications of various devices that interact with a computer.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the functionality of major components of a computer<br />
<br />
* Understanding of the functionality of tablets, smartphones, smart tvs, routers, printers smart home, alarm, and IoT devices (light bulbs, thermostats, TVs, …)<br />
<br />
* Understanding of the security implications of physical access to a computer<br />
<br />
* Understanding of security implications of USB devices<br />
<br />
* Understanding of security implications of Bluetooth devices<br />
<br />
* Understanding of security implications of RFID devices<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">023.2 Application Security (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the security aspects of software. This includes managing software updates, protecting software from remote access and understanding how to security install software.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of updates for firmware, operating systems and applications<br />
<br />
* Understanding of the concepts of local packet filters, endpoint firewalls and application layer firewalls<br />
<br />
* Understanding of various sources for applications and ways to securely procure and install software<br />
<br />
* Understanding of sources for mobile applications<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">023.3 Malware (weight: 3)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 3<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of various types of malware. This includes understanding of how they are installed on a device, what effects they cause and how to protect against malware.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of various types of malware (virus, ransomware, trojan horses, adware, cryptominers)<br />
<br />
* Understanding of various types of spying (file copy, keylogging, camera and microphone hijacking)<br />
<br />
* Awareness of the risk of data and address books copies<br />
<br />
* Understanding of the principle of rootkit and remote access<br />
<br />
* Understanding of keyloggers<br />
<br />
* Understanding of virus and malware scanners<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">023.4 Data Availability (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should be able to ensure the availability of their data. This includes storing data in appropriate devices and services as well as creating backups.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of data access and sharing in the cloud<br />
<br />
* Awareness of the dependence on internet connection and the synchronization of data between cloud services and local storage<br />
<br />
* Creating and securely storing backups (full, differential, incremental backups, backup retention)<br />
<br />
'''Partial list of used files, terms and utilities'''<br />
<br />
<br /><br />
<br />
===''024 Network and Service Security''===<br />
<br />
====<span style="color:navy">024.1 Local Network Access Security (weight: 4)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 4<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand how devices are connected to a local network and and which threats result from physical media access. Furthermore, candidates should be able to securely connect to a wireless network.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the principles behind IP networks and the internet<br />
<br />
* Understanding of the principles behind IP addresses and ports<br />
<br />
* Understanding of the principles behind routing and network providers<br />
<br />
* Understanding of the various types of network media (wired and WiFi)<br />
<br />
* Understanding of the implications of media / link layer access<br />
<br />
* Understanding of the concept of Man in the Middle attacks<br />
<br />
* Understanding of the risk of unencrypted / Public WiFi<br />
<br />
* Understanding and using of WiFi security and encryption<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">024.2 Internet Security (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of the Internet and routed networks. This includes understanding how connections to cloud services are established and understanding common threats against services on the Internet.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the principles of the internet<br />
<br />
* Understanding of the principle of traffic interception<br />
<br />
* Understanding of the principle of DoS and DDoS attacks<br />
<br />
* Understanding of the principle of botnets<br />
<br />
* Understanding of the principle of clouds<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">024.3 Network Encryption and Anonymity (weight: 3)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 3<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of virtual private networks. This includes using a VPN provider to encrypt transmitted data. Candidates should understand about the anonymity of the Internet and TOR.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of virtual private networks<br />
<br />
* Understanding of the role of a VPN provider<br />
<br />
* Understanding the concepts of gateway packet filters<br />
<br />
* Awareness of TOR and the Darknet<br />
<br />
* Awareness of crypto currencies and their anonymity aspects<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
===''025 Identity and Privacy''===<br />
<br />
====<span style="color:navy">025.1 Identity (weight: 3)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 3<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand various concepts on how to prove their identity when using services on the internet. This includes using a password manager and multi factor authentication as well as being aware of common threats against individual identities.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the characteristics of secure password (length, special characters, change frequencies, complexity)<br />
<br />
* Using a password manager (keepass2)<br />
<br />
* Understanding of the differences between online and offline password managers<br />
<br />
* Understanding of the risks of traditional password memorization compared to password managers<br />
<br />
* Understanding of the principle of security questions and account recovery tools<br />
<br />
* Understanding of the principle of multifactor factor authentication<br />
<br />
* Understanding of Phishing<br />
<br />
* Understanding of Social Engineering<br />
<br />
* Understanding of the role of email accounts for IT security<br />
<br />
* Monitoring own accounts for password leaks (Search engine alerts for own usernames, password leak checkers)<br />
<br />
* Understanding of the security aspects of online banking and credit cards<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">025.2 Information Confidentiality and Trustworthiness (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should be able to judge the trustworthiness and correctness of information on the internet. This includes understanding how search engines work and rank their results, knowing common criteria for recognizing fake news, spam messages and scam.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding the principle of search engines and web index<br />
<br />
* Awareness of web archives<br />
<br />
* Recognition of fake news<br />
<br />
* Distinguishing fake and real URLs<br />
<br />
* Understanding the principles of email spam filters<br />
<br />
* Understanding the principle of scamming and scareware<br />
<br />
* Handling of received email attachments<br />
<br />
* Sharing information securely and responsibly using email cloud shares and messaging services<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">025.3 Privacy Protection (weight: 3)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 3<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the importance of the confidentiality of personal information. This includes managing privacy settings in various services as well as being aware of common threats against personal information.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the importance of personal information<br />
<br />
* Understanding of the concepts of information gathering and profiling<br />
<br />
* Understanding of the principle of identity theft<br />
<br />
* Understanding of the principle of stalking<br />
<br />
* Understanding of the principle of cybermobbing<br />
<br />
* Understanding of the principle of doxxing<br />
<br />
* Understanding of the principle of fake profiles<br />
<br />
* Understanding of the principle of cookies and tracking<br />
<br />
* Configuring profile privacy settings on social media platforms and online services<br />
<br />
* Managing contacts and privacy settings on social networks<br />
<br />
* Understanding of the risk of publishing personal information<br />
<br />
* Understanding of the rights regarding information about own personal information (such as GDPR for companies based in Europe)<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /></div>Mmarcohttps://wiki.lpi.org/w/index.php?title=Security_Essentials_Objectives_V1.0&diff=5318Security Essentials Objectives V1.02019-05-28T13:32:31Z<p>Mmarco: Created page with "__FORCETOC__ ==Introduction== This certificate covers a basic knowledge of IT security. The focus is the digital self-defense of an individual user. This includes a general u..."</p>
<hr />
<div>__FORCETOC__<br />
==Introduction==<br />
<br />
This certificate covers a basic knowledge of IT security. The focus is the digital self-defense of an individual user. This includes a general understanding of major threats against individual computing systems, networks, services and identity as well as approaches to prevent and mitigate them.<br />
<br />
<br /><br />
<br />
==Candidate Description==<br />
<br />
===The Minimally Qualified Candidate===<br />
<br />
The Candidate has a basic understanding of the major security threats of using computers, networks, connected devices and IT service on premise and in the cloud. The candidate understands common ways to prevent, mitigate and prevent attacks against their personal devices and data. Furthermore, the candidate is able to use encryption to secure data transferred through a network and stored on local storage media and in the cloud. The candidate is able to apply common security tools, protect private information and secure their identity. The candidate is able to take responsibility for securing their own devices and making use of IT services.<br />
<br />
<br /><br />
<br />
==Version Information==<br />
<br />
These objectives are '''A DRAFT FOR''' version 1.0.0.<br />
<br />
<br /><br />
<br />
==Objectives==<br />
<br />
===''021 Security Concepts''===<br />
<br />
<br />
====<span style="color:navy">021.1 Goals, Roles and Actors (weight: 1)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 1<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the importance of IT security. This includes an understanding of essential security goals as well as understanding various actors and roles in the field of IT security.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understand common security goals (confidentiality, integrity and availability, non repudiation)<br />
<br />
* Understand common roles in security (hackers, crackers, black hat, white hat)<br />
<br />
* Awareness of industrial espionage<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">021.2 Risk Assessment and Management (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should know how to find and interpret relevant security information. This includes understanding the risk of a vulnerability and determining the need, urgency and appropriateness for a reaction.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Know common sources for security information<br />
<br />
* Understand security incident classification schema<br />
<br />
* Understand the concepts of Common Vulnerabilities and Exposures (CVE)<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">021.3 Ethical Behaviour (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidates should understand the implications of their behavior when using digital infrastructure. This includes understanding the potential harm caused by using security tools. Furthermore, the candidate should understand common principles in copyright and privacy laws.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding the implications of one’s actions on others<br />
<br />
* Handling of personal and confidential information in a responsible way<br />
<br />
* Awareness of legal implications<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
===''022 Encryption''===<br />
<br />
====<span style="color:navy">022.1 Cryptography Public Key Infrastructure (weight: 3)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 3<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of symmetric and asymmetric encryption. Furthermore candidates should understand how digital certificates are used to associate cryptographic keys with individual persons and organizations.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the principles of symmetric, asymmetric and hybrid cryptography<br />
<br />
* Understanding of the principle of Perfect Forward Secrecy<br />
<br />
* Understanding of the principle of hash functions<br />
<br />
* Awareness of most important cryptographic algorithms <br />
<br />
* Understanding of the principle of digital certificates<br />
<br />
* Understanding of how certificates are associated with a subject and an issuer<br />
<br />
* Understanding of the role of Certificate Authorities<br />
<br />
* Awareness of Let’s Encrypt<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">022.2 Web Encryption (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of HTTPS. This includes verifying the identity of existing websites and understanding common browser error messages.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the major differences between plain text protocols and transport encryption<br />
<br />
* Understanding of the principle of HTTPS<br />
<br />
* Understanding of important fields in X.509 certificates for the use with HTTPS<br />
<br />
* Determining whether or not a website is encrypted, including common browser messages<br />
<br />
* Awareness of SSL Labs Server Test<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">022.3 Email Encryption (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of GPG for email encryption. This includes handling one’s own and foreign GPG keys and sending and receiving encrypted emails.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the principle of GPG<br />
<br />
* Understanding of the role of key servers<br />
<br />
* Using GPG for Email encryption (using Enigmail and Thunderbird on Windows, Linux or OS X)<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">022.4 Data Storage Encryption (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principles of data, file and storage device be able to encrypt data stored on local storage devices and in the cloud.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the principles of data, file and storage device encryption<br />
<br />
* Using VeraCrypt to store data in a container or an encrypted storage devices<br />
<br />
* Using Cryptomator to encrypt files stored in the cloud <br />
<br />
* Awareness of Bitlocker<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
===''023 Node, Device and Storage Security''===<br />
<br />
====<span style="color:navy">023.1 Hardware Security (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand security aspects of hardware. This includes understanding the various types of computer devices as well as their major components. Furthermore, the candidate should understand the security implications of various devices that interact with a computer.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the functionality of major components of a computer<br />
<br />
* Understanding of the functionality of tablets, smartphones, smart tvs, routers, printers smart home, alarm, and IoT devices (light bulbs, thermostats, TVs, …)<br />
<br />
* Understanding of the security implications of physical access to a computer<br />
<br />
* Understanding of security implications of USB devices<br />
<br />
* Understanding of security implications of Bluetooth devices<br />
<br />
* Understanding of security implications of RFID devices<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">023.2 Application Security (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the security aspects of software. This includes managing software updates, protecting software from remote access and understanding how to security install software.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of updates for firmware, operating systems and applications<br />
<br />
* Understanding of the concepts of local packet filters, endpoint firewalls and application layer firewalls<br />
<br />
* Understanding of various sources for applications and ways to securely procure and install software<br />
<br />
* Understanding of sources for mobile applications<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">023.3 Malware (weight: 3)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 3<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of various types of malware. This includes understanding of how they are installed on a device, what effects they cause and how to protect against malware.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of various types of malware (virus, ransomware, trojan horses, adware, cryptominers)<br />
<br />
* Understanding of various types of spying (file copy, keylogging, camera and microphone hijacking)<br />
<br />
* Awareness of the risk of data and address books copies<br />
<br />
* Understanding of the principle of rootkit and remote access<br />
<br />
* Understanding of keyloggers<br />
<br />
* Understanding of virus and malware scanners<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">023.4 Data Availability (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should be able to ensure the availability of their data. This includes storing data in appropriate devices and services as well as creating backups.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of data access and sharing in the cloud<br />
<br />
* Awareness of the dependence on internet connection and the synchronization of data between cloud services and local storage<br />
<br />
* Creating and securely storing backups (full, differential, incremental backups, backup retention)<br />
<br />
'''Partial list of used files, terms and utilities'''<br />
<br />
<br /><br />
<br />
===''024 Network and Service Security''===<br />
<br />
====<span style="color:navy">024.1 Local Network Access Security (weight: 4)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 4<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand how devices are connected to a local network and and which threats result from physical media access. Furthermore, candidates should be able to securely connect to a wireless network.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the principles behind IP networks and the internet<br />
<br />
* Understanding of the principles behind IP addresses and ports<br />
<br />
* Understanding of the principles behind routing and network providers<br />
<br />
* Understanding of the various types of network media (wired and WiFi)<br />
<br />
* Understanding of the implications of media / link layer access<br />
<br />
* Understanding of the concept of Man in the Middle attacks<br />
<br />
* Understanding of the risk of unencrypted / Public WiFi<br />
<br />
* Understanding and using of WiFi security and encryption<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">024.2 Internet Security (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of the Internet and routed networks. This includes understanding how connections to cloud services are established and understanding common threats against services on the Internet.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the principles of the internet<br />
<br />
* Understanding of the principle of traffic interception<br />
<br />
* Understanding of the principle of DoS and DDoS attacks<br />
<br />
* Understanding of the principle of botnets<br />
<br />
* Understanding of the principle of clouds<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">024.3 Network Encryption and Anonymity (weight: 3)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 3<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the principle of virtual private networks. This includes using a VPN provider to encrypt transmitted data. Candidates should understand about the anonymity of the Internet and TOR.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of virtual private networks<br />
<br />
* Understanding of the role of a VPN provider<br />
<br />
* Understanding the concepts of gateway packet filters<br />
<br />
* Awareness of TOR and the Darknet<br />
<br />
* Awareness of crypto currencies and their anonymity aspects<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
===''025 Identity and Privacy''===<br />
<br />
====<span style="color:navy">025.1 Identity (weight: 3)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 3<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand various concepts on how to prove their identity when using services on the internet. This includes using a password manager and multi factor authentication as well as being aware of common threats against individual identities.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the characteristics of secure password (length, special characters, change frequencies, complexity)<br />
<br />
* Using a password manager (keepass2)<br />
<br />
* Understanding of the differences between online and offline password managers<br />
<br />
* Understanding of the risks of traditional password memorization compared to password managers<br />
<br />
* Understanding of the principle of security questions and account recovery tools<br />
<br />
* Understanding of the principle of multifactor factor authentication<br />
<br />
* Understanding of Phishing<br />
<br />
* Understanding of Social Engineering<br />
<br />
* Understanding of the role of email accounts for IT security<br />
<br />
* Monitoring own accounts for password leaks (Search engine alerts for own usernames, password leak checkers)<br />
<br />
* Understanding of the security aspects of online banking and credit cards<br />
<br />
'''Partial list of used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">025.2 Information Confidentiality and Trustworthiness (weight: 2)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 2<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should be able to judge the trustworthiness and correctness of information on the internet. This includes understanding how search engines work and rank their results, knowing common criteria for recognizing fake news, spam messages and scam.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding the principle of search engines and web index<br />
<br />
* Awareness of web archives<br />
<br />
* Recognition of fake news<br />
<br />
* Distinguishing fake and real URLs<br />
<br />
* Understanding the principles of email spam filters<br />
<br />
* Understanding the principle of scamming and scareware<br />
<br />
* Handling of received email attachments<br />
<br />
* Sharing information securely and responsibly using email cloud shares and messaging services<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /><br />
<br />
====<span style="color:navy">025.3 Privacy Protection (weight: 3)</span>====<br />
<br />
{|<br />
| style="background:#dadada" |<br />
<br />
'''Weight'''<br />
<br />
| style="background:#eaeaea" | 3<br />
|-<br />
| style="background:#dadada; padding-right:1em" |<br />
<br />
'''Description'''<br />
<br />
| style="background:#eaeaea" |<br />
<br />
The candidate should understand the importance of the confidentiality of personal information. This includes managing privacy settings in various services as well as being aware of common threats against personal information.<br />
<br />
|}<br />
<br />
'''Key Knowledge Areas:'''<br />
<br />
* Understanding of the importance of personal information<br />
<br />
* Understanding of the concepts of information gathering and profiling<br />
<br />
* Understanding of the principle of identity theft<br />
<br />
* Understanding of the principle of stalking<br />
<br />
* Understanding of the principle of cybermobbing<br />
<br />
* Understanding of the principle of doxxing<br />
<br />
* Understanding of the principle of fake profiles<br />
<br />
* Understanding of the principle of cookies and tracking<br />
<br />
* Configuring profile privacy settings on social media platforms and online services<br />
<br />
* Managing contacts and privacy settings on social networks<br />
<br />
* Understanding of the risk of publishing personal information<br />
<br />
* Understanding of the rights regarding information about own personal information (such as GDPR for companies based in Europe)<br />
<br />
'''Partial list of the used files, terms and utilities:'''<br />
<br />
<br /></div>Mmarco