Information Security Training

CompTIA Security+

CompTIA Security+ training from New Horizons Bulgaria provides an excellent introduction to the security field and is typically a better entry point than jumping right into an advanced security program. With Security+, you’ll build a solid foundation of knowledge that you can build upon—helping you advance your career in the months and years to come.

Whether your goal is to become Security+ certified for your job, to prove your basic knowledge of security concepts or to gain more knowledge to secure your network, expert training from New Horizons is the perfect solution.

Security+ certification candidates must pass one exam. Although not required, it is strongly recommended that candidates possess their A+ and Network+ Certifications.

Target Audience

This course is intended for students wishing to prepare for the CompTIA Security+ Exam. The qualification is aimed primarily at networking professionals, but because security is vital to all levels and job roles within an organization, it will also benefit PC support analysts, application developers and senior managers in accounting, sales, product development and marketing.

At Course Completion

Upon successful completion of this course, students will learn:

• Identify network attack strategies and defenses
• Understand the principles of organizational security and the elements of effective security policies
• Know the technologies and uses of encryption standards and products
• Identify network- and host-based security technologies and practices
• Describe how remote access security is enforced
• Identify strategies for ensuring business continuity, fault tolerance and disaster recovery

About (ISC)2

(ISC)2 is a global non-profit organization whose primary goal is to help educate and certify Information Security professionals world-wide. Earning your (ISC)2 certifications is an excellent way to establish your knowledge and credibility.

With New Horizons Bulgaria, students have the unique opportunity to join Online LIVE any (ISC)2 class in the global network of New Horizons.

Read descriptions of each of the (ISC)2 certifications and associated training below:

Certified Information Systems Security Professional (CISSP)

New Horizons is proud to be able to provide training to assist you in preparation for the CISSP Information Security Certification exam. The CISSP certification is a globally recognized information security certification governed and bestowed by the International Information Systems Security Certification Consortium, also known as (ISC)2. It was the first information security credential accredited by the international ANSI ISO/IEC Standard 17024:2003.

About EC-Council

The International Council of Electronic Commerce Consultants (EC-Council) is a long-standing professional certification organization for IT Professionsals. The EC-Council's goal is to provide support for individuals who create and maintain security and IT systems.

Read descriptions of each of the EC-Council certifications and associated training below:

Certified Ethical Hacker (CEH)

Certified Ethical Hacker training and certification at New Horizons Bulgaria will help you learn to stop hackers by thinking and acting like one. The CEH training immerses students in an interactive environment where they will learn how to scan, test, hack, and secure their own systems. Students then learn how intruders escalate privileges and what steps can be taken to secure a system.

The CEH certification will fortify the application knowledge of security officers, auditors, security professionals, site administrators and anyone who is concerned about the integrity of the network infrastructure.

Computer Hacking Forensic Investigator (CHFI)

The CHFI certification from EC-Council is an advanced certification for forensic network security investigators. As cybercrime has increased, the need for computer forensic investigators has grown dramatically. CHFI certified candidates may investigate invasion or theft of intellectual property, misuse of IT systems and violations of corporate IT usage policies.

The CHFI course will give participants the necessary skills to identify an intruder's footprints and to properly gather the necessary evidence to prosecute. Many of today's top tools of the forensic trade will be taught during this course, including software, hardware and specialized techniques. The need for businesses to become more efficient and integrated with one another, as well as the home user, has given way to a new type of criminal, the "cyber-criminal."

Certified Chief Information Security Officer (C-CISO)

The C-CISO Certification is an industry-leading program that recognizes the real-world experience necessary to succeed at the highest executive levels of information security.
Bringing together all the components required for a C-Level positions, the C-CISO program combines audit management, governance, IS controls, human capital management, strategic program development, and the financial expertise vital to leading a highly successful IS program

The CCISO aims to bridge the gap between the executive management knowledge that CISOs need and the technical knowledge that many aspiring CISOs have. This can be a crucial gap as a practitioner endeavors to move from mid-management to upper, executive management roles. Much of this is traditionally learned as on the job training, but the CCISO Training Program can be the key to a successful transition to the highest ranks of information security management.

Licensed Penetration Tester (LPT)

EC-Council’s Licensed Penetration Tester (LPT) certification is a natural evolution and extended value addition to its series of security related professional certifications. The LPT standardizes the knowledge base for penetration testing professionals by incorporating best practices followed by experienced experts in the field.

Gain the in-demand career skills of a professional security tester. Learn the methodologies, tools, and manual hacking techniques used by penetration testers.

EC-Council Certified Security Analyst (ECSA)

EC Council Certified Security Analyst, ECSA an advanced ethical hacking training certification that complements the Certified Ethical Hacker, CEH certification by exploring the analytical phase of ethical hacking.

While the Certified Ethical Hacker certification exposes the learner to hacking tools and technologies, the Certified Security Analyst course takes it a step further by exploring how to analyze the outcome from these tools and technologies. Through groundbreaking network penetration testing training methods and techniques, this pen testing computer security certification helps students perform the intensive assessments required to effectively identify and mitigate risks to the information security of the infrastructure.

Gain the in-demand career skills of a professional security tester. Learn the methodologies, tools, and manual hacking techniques used by penetration testers.

About ISACA

ISACA is an independent, non-profit global association founded in 1969 to provide guidance and benchmarks for information systems and risk management.

With New Horizons Bulgaria, students have the unique opportunity to join Online LIVE any ISACA class in the global network of New Horizons.

Read descriptions of each of the ISACA certifications and associated training below:

Certified Information Systems Auditor (CISA)

The CISA designation is a globally recognized certification for IS audit control, assurance and security professionals. Being CISA-certified showcases your audit experience, skills and knowledge, and demonstrates you are capable to manage vulnerabilities, ensure compliance and institute controls within the enterprise.

In this course students will perform evaluations of organizational policies, procedures and processes to ensure that an organization's information systems align with overall business goals and objectives. This course is aligned to the objectives established by Information Systems Audit and Control Association (ISACA) for the CISA exam.

Certified Information Security Manager (CISM)

Demonstrate your information security management expertise. The uniquely management-focused CISM certification promotes international security practices and recognizes the individual who manages designs, and oversees and assesses an enterprise’s information security.

This course is aligned with objectives established by the Information Systems Audit and Control Association (ISACA) for the CISM exam.

What is Penetration Testing?

A penetration test subjects a system or a range of systems to real life security tests. The benefit of a complete penetration suite compared to a normal vulnerability scan system is to reach beyond a vulnerability scan test and discover different weaknesses and perform a much more detailed analysis. The user can perform specified attacks in high detail depending on his specific choices and needs. This is normally done via the many advanced techniques and utilities of a security consultant.

Penetration Testing Compared to Vulnerability Scanning

The advantage of a penetration test compared with an automated vulnerability scan is the involvement of the human element versus automated systems. A human can do several attacks based on skills, creativity. and information about the target system that an automated scanning can not do.

Several techniques like social engineering can usually be done by humans alone since it requires physical techniques that have to be performed by a human and is not covered by an automated system.

Advance your Information Security knowledge and become a specialist in Penetration Testing with training from New Horizons Bulgaria.

Foundations and Prerequisites

The following courses are recommended or relevant experience:

• CompTIA Network+ Certification
• CompTIA Security+

Core Classes

• Certified Ethical Hacker (CEH) v11

The Penetration Test Process

Discovery: The Penetrator performs information discovery via a wide range of techniques—that is, whois databases, scan utilities, Google data, and more—in order to gain as much information about the target system as possible. These discoveries often reveal sensitive information that can be used to perform specific attacks on a given machine.

Enumeration: Once the specific networks and systems are identified through discovery, it is important to gain as much information possible about each system. The difference between enumeration and discovery depends on the state of intrusion. Enumeration is all about actively trying to obtain usernames as well as software and hardware device version information.

Vulnerability Identification: The vulnerability identification step is a very important phase in penetration testing. This allows the user to determine the weaknesses of the target system and where to launch the attacks.

Exploitation and Launching of Attacks: After the vulnerabilities are identified on the target system, it is then possible to launch the right exploits. The goal of launching exploits is to gain full access of the target system.

Denial of Service: A DOS (Denial of Service) test can be performed to test the stability of production systems in order to show if they can be crashed or not. When performing a penetration test of a preproduction system, it is important to test its stability and how easily can it be crashed. By doing this, its stability will be ensured once it is deployed into a real environment.

It is important to perform DOS testing to ensure the safeness of certain systems. If an attacker takes down your system during busy or peak hours, both you and your customer can incur a significant financial loss.

Reporting: After the completion of the penetration test, it is important to get user-customized reporting suites for a technical and/or management overview. This includes the executive summary, detailed recommendations to solve the identified vulnerabilities, and official security ID numbers for the vulnerabilities. The reports come in different formats such as html, pdf, and xml. Furthermore, all the reports are open to be modified as of the user’s choice.