Request for consultation
Thanks for your request. You’ll soon be chatting with a consultant to get the answers you need.
Your form is submitting...
{{formPostErrorMessage.message}} [{{formPostErrorMessage.code}}]
CompTIA CySA+ Guide to Cybersecurity Analyst (CSO-003), 3rd Edition
Starting At $84.95
See pricing and ISBN options
Quick Navigation
Overview
Get students ready for the new CompTIA CySA+ CSO-003 Certification Exam with Ciampa's COMPTIA CYSA+ GUIDE TO CYBERSECURITY ANALYST, 3rd Edition. Meticulously designed to equip students with the necessary skills, this guide supports not only professional certification, but also sets the stage for a successful cybersecurity career. The text covers security operations, vulnerability management, incident response and management, reporting and communication. It also includes expansive coverage of the foundations of cybersecurity, identifying indicators of attack and indicators of compromise, threat detection and process improvement, vulnerability scanning and assessment tools, incident response planning and using data analytics and artificial intelligence. Students can apply their knowledge and experience the practical side of what they learn with our new case activities.
- UPDATED AND EXPANDED COVERAGE helps instructors teach the most current cybersecurity topics including security operations, vulnerability management, incident response and management, reporting and communication.
- NEW LIVE VIRTUAL MACHINE LABS aligned to the CySA+ CSO-003 certification exam help students refine the hands-on expertise needed to master today’s cybersecurity toolset by learning practical skills in a live environment.
- NEW #TRENDINGCYBER CHAPTER OPENERS HIGHLIGHT THE LATEST CYBERSECURITY ATTACKS AND DEFENSES FROM TODAY'S HEADLINES. Students see the relevance and importance of the skills they are mastering as each chapter opener describes an actual cybersecurity attack or defense drawn from current events.
- UPDATED CONTENT CORRESPONDS DIRECTLY WITH THE LATEST CySA+ CSO-003 CERTIFICATION. Author Mark Ciampa applies his extensive professional and academic experience to organize and update all content to clearly map to the most recent CySA+ CSO-003 exam and certification requirements.
- NEW HANDS-ON CASE PROJECTS DELVE DEEPER INTO CRITICAL CYBERSECURITY TOPICS. Completely new case projects guide students through a "deeper dive" into the critical topics covered in each chapter.
- NEW CHAPTER UNITS AND REORGANIZED CONTENT CORRESPOND DIRECTLY TO TODAY'S CYBERSECURITY LATEST REQUIREMENTS AND NEEDS. An all-new sequencing of the information efficiently prepares students for certification and helps them learn the skills needed for security operations, vulnerability management, incident response and management, reporting, communication control, monitoring, compliance and incident response.
- NEW SELF-ASSESSMENT. “Two Rights and a Wrong” self-assessments provide students with an engaging and rapid way to assess their understanding of concepts by challenging them to critically analyze the material and apply their knowledge to identify the correct answers while skillfully avoiding the misleading option.
- ALL CySA+ CS0-003 EXAM TOPICS FULLY DEFINED WITH EACH EXAM SUB-DOMAIN LINKED TO BLOOM’S TAXONOMY. This approach helps stimulate students' critical thinking skills and boosts their motivation and interest in learning.
Part 1: CYBERSECURITY FOUNDATIONS.
1. Technology Underpinnings.
a. Infrastructures and Architectures.
i. Infrastructure Concepts.
ii. Network Architectures.
iii. Operational Technology.
b. Software.
i. Operating System Fundamentals.
ii. Coding (1.3c).
2. Threat Actors and Their Threats.
a. Who Are the Threat Actors?
i. Script Kiddie.
ii. Organized Crime.
iii. Insider Threat.
iv. Hacktivists.
v. Nation-state Actors.
vi. Others.
b. Threat Actor Actions.
i. Tactics, Techniques, and Procedures (TTP).
ii. Known and Unknown Threats.
c. Types of Attacks.
i. Web Server Application Attacks.
ii. Remote Code Execution.
iii. Data Poisoning.
iv. Obfuscated Links.
d. Vulnerabilities.
i. Programming Vulnerabilities.
ii. Broken Access Control.
iii. Cryptographic Failures.
iv. Dated Components.
v. Identification and Authentication Failures.
3. Cybersecurity Substrata.
a. Identity and Access Management (IAM).
i. Identity.
ii. Access.
b. Encryption.
i. Public Key Infrastructure (PKI).
ii. Secure Sockets Layer (SSL) Inspection.
c. Secure Coding.
i. Secure Software Development Life Cycle (SDLC).
ii. Secure Coding Best Practices.
d. Networking (1.1d).
i. Zero Trust.
ii. Secure Access Service Edge (SASE).
Part 2: SECURITY OPERATIONS.
4. Identifying Indicators of Attack (IOA).
a. Cybersecurity Indicators.
i. Indicators of Attack (IOA).
ii. Indicators of Compromise (IOC) (1.4f).
b. Network IOA.
i. Abnormal Network Traffic.
ii. Stealth Transmissions.
iii. Scan/Sweeps.
iv. Rogue Devices on a Network.
c. Endpoint IOA.
i. High-Volume Consumption of Resources.
ii. Operating System Evidence.
iii. Software-Related Evidence.
iv. Data Exfiltration.
d. Application IOA.
i. Unusual Activity.
ii. New Account Creation.
iii. Unexpected Outbound Communications.
iv. Application Logs.
5. Analyzing Indicators of Compromise (IOC).
a. Common Techniques for Investigating IOC.
i. Diagnose Malware.
ii. Analyze Email.
iii. User Behavior Analysis (UBA).
b. Tools for IOC Analysis.
i. File Analysis Tools.
ii. Tools for Analyzing Network IOC
iii. Reputation Tools.
iv. Log Correlation and Analysis Tools.
6. Threat Detection and Process Improvement.
a. Threat Intelligence.
i. What is Threat Intelligence (TI)?
ii. Threat Intelligence Versus Threat Data.
iii. The Intelligence Cycle.
iv. Threat Intelligence Sources.
v. Confidence Levels.
b. Threat Hunting.
i. What is Threat Hunting?
ii. Hunters and Hunting.
iii. Threat Hunting Methodologies.
iv. Steps in Threat Hunting.
c. Improving Security Operation Processes.
i. Standardize Processes.
ii. Streamline Operations.
iii. Tool Automation and Integration.
Part 3: VULNERABILITY ASSESSMENT AND MANAGEMENT.
7. Vulnerability Scanning and Assessment Tools.
a. Industry Frameworks.
i. Payment Card Industry Data Security Standard (PCI DSS).
ii. Center for Internet Security (CIS) Benchmarks.
iii. Open Web Application Security Project (OWASP).
iv. International Organization for Standardization (ISO) 27000 Series.
b. Vulnerability Scanning Methods.
i. Asset Discovery.
ii. Special Considerations.
iii. Types of Scanning.
c. Vulnerability Assessment Tools.
i. Network Scanning and Mapping.
ii. Web Application Scanners.
iii. Vulnerability Scanners.
iv. Debuggers.
v. Multipurpose.
vi. Cloud Infrastructure Assessment Tools.
8. Addressing Vulnerabilities.
a. Prioritizing Vulnerabilities.
i. Common Vulnerability Scoring System (CVSS) Interpretation.
ii. Validation.
iii. Context Awareness.
iv. Exploitability/Weaponization.
v. Asset Value.
vi. Zero-day.
b. Managing Vulnerabilities.
i. Using Controls.
ii. Patching and Configuration Management.
iii. Maintenance Windows.
iv. Exceptions.
v. Policies, Governance, and Service-level Objectives (SLOs).
vi. Prioritization and Escalation.
vii. Attack Surface Management.
viii. Threat Modeling.
9. Vulnerability Management Reporting and Communication.
a. Reporting Vulnerabilities.
b. Compliance Reports.
c. Action Plans.
d. Inhibitors to Remediation
i. Memorandum of Understanding (MOU).
ii. Service-level Agreement (SLA).
iii. Organizational Governance.
iv. Business Process Interruption.
v. Degrading Functionality.
vi. Legacy Systems.
vii. Proprietary Systems.
e. Metrics and Key Performance Indicators (KPIs).
i. Trends.
ii. Top 10.
iii. Critical Vulnerabilities and Zero-days.
iv. SLOs.
f. Stakeholder Identification and Communication.
Part 4: INCIDENT RESPONSE.
10. Incident Response Planning.
a. Attack Methodology Frameworks.
i. Cyber Kill Chains.
ii. Diamond Model of Intrusion Analysis.
iii. MITRE ATT&CK.
iv. Open Source Security Testing Methodology Manual (OSS TMM).
v. OWASP Testing Guide.
b. Incident Response Procedures.
i. Preparation.
c. Reporting and Communication.
i. Stakeholder Identification and Communication.
ii. Incident Declaration and Escalation.
iii. Incident Response Reporting.
iv. Communications.
v. Root Cause Analysis.
vi. Lessons Learned.
vii. Metrics and KPIs.
11. Responding to a Cyber Incident.
a. Detecting an Incident.
i. IOC.
ii. Evidence Acquisitions.
iii. Data and Log Analysis.
b. Controlling an Incident.
i. Scope.
ii. Impact.
iii. Isolation.
c. Recovering From an Incident.
i. Remediation.
ii. Re-imaging.
iii. Compensating Controls.
d. Post-incident Analysis.
i. Forensic Analysis.
ii. Root Cause Analysis.
iii. Lessons Learned.
iv. Adjusting Risk Thresholds.
12. Data Protection and Utilization.
a. Sensitive Data Protection.
i. Data Loss Prevention (DLP).
ii. Personally Identifiable Information (PII).
iii. Cardholder Data (CHD).
b. Utilizing Data for Cybersecurity.
i. Data Analytics.
ii. Artificial Intelligence (AI).
1. Technology Underpinnings.
a. Infrastructures and Architectures.
i. Infrastructure Concepts.
ii. Network Architectures.
iii. Operational Technology.
b. Software.
i. Operating System Fundamentals.
ii. Coding (1.3c).
2. Threat Actors and Their Threats.
a. Who Are the Threat Actors?
i. Script Kiddie.
ii. Organized Crime.
iii. Insider Threat.
iv. Hacktivists.
v. Nation-state Actors.
vi. Others.
b. Threat Actor Actions.
i. Tactics, Techniques, and Procedures (TTP).
ii. Known and Unknown Threats.
c. Types of Attacks.
i. Web Server Application Attacks.
ii. Remote Code Execution.
iii. Data Poisoning.
iv. Obfuscated Links.
d. Vulnerabilities.
i. Programming Vulnerabilities.
ii. Broken Access Control.
iii. Cryptographic Failures.
iv. Dated Components.
v. Identification and Authentication Failures.
3. Cybersecurity Substrata.
a. Identity and Access Management (IAM).
i. Identity.
ii. Access.
b. Encryption.
i. Public Key Infrastructure (PKI).
ii. Secure Sockets Layer (SSL) Inspection.
c. Secure Coding.
i. Secure Software Development Life Cycle (SDLC).
ii. Secure Coding Best Practices.
d. Networking (1.1d).
i. Zero Trust.
ii. Secure Access Service Edge (SASE).
Part 2: SECURITY OPERATIONS.
4. Identifying Indicators of Attack (IOA).
a. Cybersecurity Indicators.
i. Indicators of Attack (IOA).
ii. Indicators of Compromise (IOC) (1.4f).
b. Network IOA.
i. Abnormal Network Traffic.
ii. Stealth Transmissions.
iii. Scan/Sweeps.
iv. Rogue Devices on a Network.
c. Endpoint IOA.
i. High-Volume Consumption of Resources.
ii. Operating System Evidence.
iii. Software-Related Evidence.
iv. Data Exfiltration.
d. Application IOA.
i. Unusual Activity.
ii. New Account Creation.
iii. Unexpected Outbound Communications.
iv. Application Logs.
5. Analyzing Indicators of Compromise (IOC).
a. Common Techniques for Investigating IOC.
i. Diagnose Malware.
ii. Analyze Email.
iii. User Behavior Analysis (UBA).
b. Tools for IOC Analysis.
i. File Analysis Tools.
ii. Tools for Analyzing Network IOC
iii. Reputation Tools.
iv. Log Correlation and Analysis Tools.
6. Threat Detection and Process Improvement.
a. Threat Intelligence.
i. What is Threat Intelligence (TI)?
ii. Threat Intelligence Versus Threat Data.
iii. The Intelligence Cycle.
iv. Threat Intelligence Sources.
v. Confidence Levels.
b. Threat Hunting.
i. What is Threat Hunting?
ii. Hunters and Hunting.
iii. Threat Hunting Methodologies.
iv. Steps in Threat Hunting.
c. Improving Security Operation Processes.
i. Standardize Processes.
ii. Streamline Operations.
iii. Tool Automation and Integration.
Part 3: VULNERABILITY ASSESSMENT AND MANAGEMENT.
7. Vulnerability Scanning and Assessment Tools.
a. Industry Frameworks.
i. Payment Card Industry Data Security Standard (PCI DSS).
ii. Center for Internet Security (CIS) Benchmarks.
iii. Open Web Application Security Project (OWASP).
iv. International Organization for Standardization (ISO) 27000 Series.
b. Vulnerability Scanning Methods.
i. Asset Discovery.
ii. Special Considerations.
iii. Types of Scanning.
c. Vulnerability Assessment Tools.
i. Network Scanning and Mapping.
ii. Web Application Scanners.
iii. Vulnerability Scanners.
iv. Debuggers.
v. Multipurpose.
vi. Cloud Infrastructure Assessment Tools.
8. Addressing Vulnerabilities.
a. Prioritizing Vulnerabilities.
i. Common Vulnerability Scoring System (CVSS) Interpretation.
ii. Validation.
iii. Context Awareness.
iv. Exploitability/Weaponization.
v. Asset Value.
vi. Zero-day.
b. Managing Vulnerabilities.
i. Using Controls.
ii. Patching and Configuration Management.
iii. Maintenance Windows.
iv. Exceptions.
v. Policies, Governance, and Service-level Objectives (SLOs).
vi. Prioritization and Escalation.
vii. Attack Surface Management.
viii. Threat Modeling.
9. Vulnerability Management Reporting and Communication.
a. Reporting Vulnerabilities.
b. Compliance Reports.
c. Action Plans.
d. Inhibitors to Remediation
i. Memorandum of Understanding (MOU).
ii. Service-level Agreement (SLA).
iii. Organizational Governance.
iv. Business Process Interruption.
v. Degrading Functionality.
vi. Legacy Systems.
vii. Proprietary Systems.
e. Metrics and Key Performance Indicators (KPIs).
i. Trends.
ii. Top 10.
iii. Critical Vulnerabilities and Zero-days.
iv. SLOs.
f. Stakeholder Identification and Communication.
Part 4: INCIDENT RESPONSE.
10. Incident Response Planning.
a. Attack Methodology Frameworks.
i. Cyber Kill Chains.
ii. Diamond Model of Intrusion Analysis.
iii. MITRE ATT&CK.
iv. Open Source Security Testing Methodology Manual (OSS TMM).
v. OWASP Testing Guide.
b. Incident Response Procedures.
i. Preparation.
c. Reporting and Communication.
i. Stakeholder Identification and Communication.
ii. Incident Declaration and Escalation.
iii. Incident Response Reporting.
iv. Communications.
v. Root Cause Analysis.
vi. Lessons Learned.
vii. Metrics and KPIs.
11. Responding to a Cyber Incident.
a. Detecting an Incident.
i. IOC.
ii. Evidence Acquisitions.
iii. Data and Log Analysis.
b. Controlling an Incident.
i. Scope.
ii. Impact.
iii. Isolation.
c. Recovering From an Incident.
i. Remediation.
ii. Re-imaging.
iii. Compensating Controls.
d. Post-incident Analysis.
i. Forensic Analysis.
ii. Root Cause Analysis.
iii. Lessons Learned.
iv. Adjusting Risk Thresholds.
12. Data Protection and Utilization.
a. Sensitive Data Protection.
i. Data Loss Prevention (DLP).
ii. Personally Identifiable Information (PII).
iii. Cardholder Data (CHD).
b. Utilizing Data for Cybersecurity.
i. Data Analytics.
ii. Artificial Intelligence (AI).
Compare Buying Options
{{collapseContainerClosed['compare-buying-options'] ? 'Show More' : 'Show Less'}}
Each MindTap product offers the full, mobile-ready textbook combined with superior and proven learning tools at one affordable price. Students who purchase digital access can add a print option at any time when a print option is available for their course.
This Cengage solution can be seamlessly integrated into most Learning Management Systems (Blackboard, Brightspace by D2L, Canvas, Moodle, and more) but does require a different ISBN for access codes. Please work with your Cengage Learning Consultant to ensure the proper course set up and ordering information. For additional information, please visit the LMS Integration site.
This Cengage solution can be seamlessly integrated into most Learning Management Systems (Blackboard, Brightspace by D2L, Canvas, Moodle, and more) but does require a different ISBN for access codes. Please work with your Cengage Learning Consultant to ensure the proper course set up and ordering information. For additional information, please visit the LMS Integration site.
Standalone Digital Access — Ultimate Value
Recommended and most popular
- ISBN-10: 8214011515
- ISBN-13: 9798214011516
- RETAIL $84.95
Textbook Only Options
Traditional eBook and Print Options
- ISBN-10: 8214011574
- ISBN-13: 9798214011578
- RETAIL $84.95
- ISBN-10: 8214011477
- ISBN-13: 9798214011479
- RETAIL $299.95
Cengage provides a range of supplements that are updated in coordination with the main title selection. For more information about these supplements, contact your Learning Consultant.
FOR STUDENTS
MindTap for Ciampa's CompTIA CySA+ Guide to Cybersecurity Analyst (CS0-003), 2 terms Instant Access
ISBN: 9798214011516