CertNexus

DSBIZ™ (Exam DSZ-110): Data Science for
Business Professionals
Course Number: CNX0009
Course Length: 1/2 day

Overview:
The ability to identify and respond to changing trends is a hallmark of a successful business. Whether those trends are related to customers and sales, or to regulatory and industry standards, businesses are wise to keep track of the variables that can affect the bottom line. In today’s business landscape, data comes from numerous sources and in diverse forms. By leveraging data science concepts and technologies, businesses can mold all of that raw data into information that facilitates decisions to improve and expand the success of the business.

Target Student:
This course is designed for business leaders and decision-makers, including C-level executives, project
managers, HR leaders, Marketing and Sales leaders, and technical sales consultants, who want to increase
their knowledge of and familiarity with concepts surrounding data science. Other individuals who want to
know more about basic data science concepts are also candidates for this course.
This course is also designed to assist learners in preparing for the CertNexus® DSBIZ™ (Exam DSZ-110)
credential.

Prerequisites:
To ensure your success in this course, you should have a working knowledge of general business concepts and practices. You should also have a basic understanding of information technology (IT) resources and systems, including networks, computers, and other digital devices used in an enterprise setting.

Course Content

• Lesson 1: Data Science Fundamentals
  Topic A: What is Data Science?
  Topic B: Types of Data
  Topic C: The Data Science Lifecycle
• Lesson 2: Data Science Implementation
  Topic A: Data Acquisition and Preparation
  Topic B: Data Modeling and Visualization
  Topic C: Data Science Roles
• Lesson 3: The Impact of Data Science
  Topic A: Benefits of Data Science
  Topic B: Challenges of Data Science
  Topic C: Business Use Cases for Data Science

Certified Artificial Intelligence (AI) Practitioner
(Exam AIP-110)
Course Number: CNX0008
Course Length: 5 days

Overview:
Artificial intelligence (AI) and machine learning (ML) have become an essential part of the toolset for
many organizations. When used effectively, these tools provide actionable insights that drive critical
decisions and enable organizations to create exciting, new, and innovative products and services. This
course shows you how to apply various approaches and algorithms to solve business problems through AI
and ML, follow a methodical workflow to develop sound solutions, use open-source, off-the-shelf tools to
develop, test, and deploy those solutions, and ensure that they protect the privacy of users. This course
includes hands-on activities for each topic area. For a detailed outline including activities, hardware
requirements and datasets please contact info@certnexus.com

Course Objectives:
In this course, you will implement AI techniques in order to solve business problems.
You will:
• Specify a general approach to solve a given business problem that uses applied AI and ML.
• Collect and refine a dataset to prepare it for training and testing.
• Train and tune a machine learning model.
• Finalize a machine learning model and present the results to the appropriate audience.
• Build linear regression models.
• Build classification models.
• Build clustering models.
• Build decision trees and random forests.
• Build support-vector machines (SVMs).
• Build artificial neural networks (ANNs).
• Promote data privacy and ethical practices within AI and ML projects.

Target Student:
The skills covered in this course converge in three areas—software development, applied math and
statistics, and business analysis. Target students for this course may be strong in one or two or these of
these areas and looking to round out their skills in the other areas so they can apply artificial intelligence
(AI) systems, particularly machine learning models, to business problems.
So the target student may be a programmer looking to develop additional skills to apply machine learning
algorithms to business problems, or a data analyst who already has strong skills in applying math and
statistics to business problems, but is looking to develop technology skills related to machine learning.
A typical student in this course should have several years of experience with computing technology,
including some aptitude in computer programming.
This course is also designed to assist students in preparing for the CertNexus® Certified Artificial
Intelligence (AI) Practitioner (Exam AIP-110) certification.

Prerequisites:
To ensure your success in this course, you should have at least a high-level understanding of
fundamental AI concepts, including, but not limited to: machine learning, supervised learning,
unsupervised learning, artificial neural networks, computer vision, and natural language processing.
You can obtain this level of knowledge by taking the CertNexus AIBIZ™ (Exam AIZ-110) course.
You should also have experience working with databases and a high-level programming language such
as Python, Java, or C/C++. You can obtain this level of skills and knowledge by taking the following
Logical Operations or comparable course:
• Database Design: A Modern Approach
• Python® Programming: Introduction
• Python® Programming: Advanced

Course Content

• Lesson 1: Solving Business Problems Using AI and ML
  Topic A: Identify AI and ML Solutions for Business Problems
  Topic C: Formulate a Machine Learning Problem
  Topic D: Select Appropriate Tools
• Lesson 2: Collecting and Refining the Dataset
  Topic A: Collect the Dataset
  Topic B: Analyze the Dataset to Gain Insights
  Topic C: Use Visualizations to Analyze Data
  Topic D: Prepare Data
• Lesson 3: Setting Up and Training a Model
  Topic A: Set Up a Machine Learning Model
  Topic B: Train the Model
• Lesson 4: Finalizing a Model
  Topic A: Translate Results into Business Actions
  Topic B: Incorporate a Model into a Long-Term Business Solution
• Lesson 5: Building Linear Regression Models
  Topic A: Build a Regression Model Using Linear Algebra
  Topic B: Build a Regularized Regression Model Using Linear Algebra
  Topic C: Build an Iterative Linear Regression Model
• Lesson 6: Building Classification Models
  Topic A: Train Binary Classification Models
  Topic B: Train Multi-Class Classification Models
  Topic C: Evaluate Classification Models
  Topic D: Tune Classification Models
• Lesson 7: Building Clustering Models
  Topic A: Build k-Means Clustering Models
  Topic B: Build Hierarchical Clustering Models
• Lesson 8: Building Advanced Models
  Topic A: Build Decision Tree Models
  Topic B: Build Random Forest Models
• Lesson 9: Building Support-Vector Machines
  Topic A: Build SVM Models for Classification
  Topic B: Build SVM Models for Regression
• Lesson 10: Building Artificial Neural Networks
  Topic A: Build Multi-Layer Perceptrons (MLP)
  Topic B: Build Convolutional Neural Networks (CNN)
• Lesson 11: Promoting Data Privacy and Ethical Practices
  Topic A: Protect Data Privacy
  Topic B: Promote Ethical Practices
  Topic C: Establish Data Privacy and Ethics Policies
• Appendix A: Mapping Course Content to CertNexus® Certified Artificial Intelligence (AI) Practitioner (Exam
  AIP-100)

CertNexus CyberSAFE Course Description
Course Length: 1 hour
Course Format: Instructor-Led, Virtual or on-site

Regardless of your computer experience, this class will help you become more aware of technology-related risks and what you can do to protect yourself and your organization from them. This course
will help you to:
• Understand security compliance needs and requirements.
• Recognize and avoid phishing and other social engineering.
• Recognize and avoid viruses, ransomware, and other malware.
• Help ensure data security on computers, mobile devices, networks, the Internet, and in the cloud.
In this course, you will use discussions, case studies, and the experiences of your instructor and fellow students to explore the hazards and pitfalls of technology and learn how to use that technology safely and securely.

Objectives:
In this course, you will identify many of the common risks involved in using conventional end-user technology, as well as ways to use it safely, to protect yourself from those risks.
You will:
• Identify the need for security.
• Secure devices like desktops, laptops, smartphones, and more.
• Use the Internet securely.

Target Student
This course is designed for you as a non-technical end-user of computers, mobile devices, networks,
and the Internet, to enable you to use technology more securely to minimize digital risks.
This course is also designed for you to prepare for the Certified CyberSAFE credential. You can
obtain your Certified CyberSAFE certificate by completing the Certified CyberSAFE credential process on the CHOICE platform following the course presentation.

Prerequisites:
To ensure your success in this course, you should have experience with the basic use of conventional
end-user technology, including desktop, laptop, or tablet computers; mobile phones; and basic Internet
functions, such as web browsing and email.

Course Content

• Lesson 1: Identifying the Need for Security
  Topic A: Identify Security Compliance Requirements
  Topic B: Recognize Social Engineering and Avoid Phishing and Other Attacks
• Lesson 2: Securing Devices
  Topic A: Maintain Physical Security of Devices
  Topic B: Use Passwords for Security
  Topic C: Protect Your Data
  Topic D: Identify and Mitigate Viruses, Ransomware, and Other Malware
  Topic E: Use Wireless Devices Securely
• Lesson 3: Using the Internet Securely
  Topic A: Browse the Web Safely
  Topic B: Use Email Securely
  Topic C: Use Social Networking Securely
  Topic D: Use Cloud Services Securely
  Appendix A: Mapping Course Content to CyberSAFE 2019: Exam CBS-310

CyberSec First Responder (CFR-310)

Course Length: 5 days

Overview:
This course covers network defense and incident response methods, tactics and procedures are taught in alignment with industry frameworks such as NIST 800-61 r.2 (Computer Security Incident Handling), US-CERT’s NCISP (National Cyber Incident Response Plan), and Presidential Policy Directive (PPD) 41 on Cyber Incident Coordination Policy. It is ideal for candidates who have been tasked with the responsibility of monitoring and detecting security incidents in information systems
and networks, and for executing standardized responses to such incidents. The course introduces tools, tactics, and procedures to manage cybersecurity risks, identify various types of common
threats, evaluate the organization’s security, collect and analyze cybersecurity intelligence and remediate and report incidents as they occur. This course provides a comprehensive methodology
for individuals responsible for defending the cybersecurity of their organization.
This course is designed to assist students in preparing for the CertNexus CyberSec First Responder (Exam CFR-310) certification examination. What you learn and practice in this course can be a significant part of your preparation.
In addition, this course and subsequent certification (CFR-310) meets all requirements for personnel
requiring DoD directive 8570.01-M position certification baselines:
• CSSP Analyst
• CSSP Infrastructure Support
• CSSP Incident Responder
• CSSP Auditor

Course Objectives:
In this course, you will understand, assess and respond to security threats and operate a system and
network security analysis platform.
You will:
• Compare and contrast various threats and classify threat profile
• Explain the purpose and use of attack tools and technique
• Explain the purpose and use of post exploitation tools and tactic
• Explain the purpose and use of social engineering tactic
• Given a scenario, perform ongoing threat landscape research and use data to prepare for
incident
• Explain the purpose and characteristics of various data source
Course Objectives (cont.):
• Given a scenario, use appropriate tools to analyze log
• Given a scenario, use regular expressions to parse log files and locate meaningful data
• Given a scenario, use Windows tools to analyze incidents
• Given a scenario, use Linux-based tools to analyze incidents
• Summarize methods and tools used for malware analysis
• Given a scenario, analyze common indicators of potential compromise
• Explain the importance of best practices in preparation for incident response
• Given a scenario, execute incident response process
• Explain the importance of concepts that are unique to forensic analysis
• Explain general mitigation methods and devices

Target Student:
This course is designed primarily for cybersecurity practitioners preparing for or who currently
perform job functions related to protecting information systems by ensuring their availability,
integrity, authentication, confidentiality, and non-repudiation. It is ideal for those roles within
federal contracting companies, and private sector firms who whose mission or strategic objectives
require the execution of Defensive Cyber Operations (DCO) or DoD Information Network (DODIN)
operation and incident handling. This course focuses on the knowledge, ability, and skills necessary
to provide for the defense of those information systems in a cybersecurity context, including
protection, detection, analysis, investigation, and response processes.
In addition, the course ensures that all members of an IT team—regardless of size, rank or budget—
understand their role in the cyber defense, incident response, and incident handling process.

Prerequisites:
To ensure your success in this course, you should meet the following requirements:
• At least two years (recommended) of experience or education in computer network security technology, or a related field.
• The ability or curiosity to recognize information security vulnerabilities and threats in the context of risk management.
• Foundational knowledge of the concepts and operational framework of common assurance safeguards in network environments. Safeguards include, but are not limited to, firewalls, intrusion prevention systems, and VPNs.
• General knowledge of the concepts and operational framework of common assurance safeguards in computing environments. Safeguards include, but are not limited to, basic authentication and authorization, resource permissions, and anti-malware mechanisms.
• Foundation-level skills with some of the common operating systems for computing
environments. Entry-level understanding of some of the common concepts for network environments, such as routing and switching.
• General or practical knowledge of major TCP/IP networking protocols, including, but not limited to, TCP, IP, UDP, DNS, HTTP, ARP, ICMP, and DHCP

Course Content

• Lesson 1: Assessment of Information Security Risks
  Topic A: The Importance of Risk Management
  Topic B: Assess Risk
  Topic C: Mitigate Risk
  Topic D: Integrating Documentation into Risk Management
• Lesson 2: Analyzing the Threat Landscape
  Topic A: Classify Threats and Threat Profiles
  Topic B: Perform Ongoing Threat Research
• Lesson 3: Computing and Network Environments: Analyzing Reconnaissance Threats
  Topic A: Implementation of Threat Modeling
  Topic B: Reconnaissance: Assessing the Impact
  Topic C: Social Engineering: Assessing the Impact
• Lesson 4: Analyzing Attacks on Computing and Network Environments
  Topic A: System Hacking Attacks: Assessing the Impact
  Topic B: Web-Based Attacks: Assessing the Impact
  Topic C: Malware: Assessing the Impact
  Topic D: Hijacking and Impersonation Attacks: Assessing the Impact
  Topic E: DoS Incidents: Assessing the Impact
  Topic F: Threats to Mobile Security: Assessing the Impact
  Topic G: Threats to Cloud Security: Assessing the Impact
• Lesson 5: Examining Post-Attack Techniques
  Topic A: Examine Command and Control Techniques
  Topic B: Examine Persistence Techniques
  Topic C: Examine Lateral Movement and Pivoting Techniques
  Topic D: Examine Data Exfiltration Techniques
  Topic E: Examine Anti-Forensics Techniques
• Lesson 6: Manage Vulnerabilities in the Organization
  Topic A: Implement a Vulnerability Management Plan
  Topic B: Examine Common Vulnerabilities
  Topic C: Conduct Vulnerability Scans
• Lesson 7: Evaluate Security by Implementing Penetration Testing
  TopicA: Conduct Penetration Tests on Network Assets
  Topic B: Follow Up on Penetration Testing
• Lesson 8: Collecting Cybersecurity Intelligence
  Topic A: Deployment of a Security Intelligence Collection and Analysis Platform
  Topic B: Data Collection from Network-Based Intelligence Sources
  Topic C: Data Collection from Host-Based Intelligence Sources
• Lesson 9: Analyze Log Data
  Topic A: Common Tools to Analyze Logs
  Course Content (cont.)
  Topic B: SIEM Tools for Analysis
• Lesson 10: Performing Active Asset and Network Analysis
  Topic A: Analyze Incidents using Windows-Based Tools
  Topic B: Analyze Incidents using Linux-Based Tools
  Topic C: Analyze Malware
  Topic D: Analyze Indicators of Compromise
• Lesson 11: Response to Cybersecurity Incidents
  Topic A: Deployment of Incident Handling and Response Architecture
  Topic B: Containment and Mitigation of Incidents
  Topic C: Preparation for Forensic Investigation as a CSIRT
• Lesson 12: Investigating Cybersecurity Incidents
  Topic A: Use a Forensic Investigation Plan
  Topic B: Securely Collect and Analyze Electronic Evidence
  Topic C: Follow Up on the Results of an Investigation
  Appendix A: Mapping Course Content to CyberSec First Responder (Exam CFR-310)
  Appendix B: Regular Expressions
  Appendix C: Security Resources
  Appendix D: U.S. Department of Defense Operational Security Practices

Cyber Secure Coder (Exam CSC-210)
Course Length: 3 days

Overview:
The stakes for software security are very high, and yet many development teams deal with software
security only after the code has been developed and the software is being prepared for delivery. As with
any aspect of software quality, to ensure successful implementation, security and privacy issues should
be managed throughout the entire software development lifecycle.
This course presents an approach for dealing with security and privacy throughout the entire software
development lifecycle. You will learn about vulnerabilities that undermine security, and how to identify
and remediate them in your own projects. You will learn general strategies for dealing with security
defects and misconfiguration, how to design software to deal with the human element in security, and
how to incorporate security into all phases of development.

Course Objectives:
In this course, you will employ the best practices in software development to develop secure software.
You will:
• Identify the need for security in your software projects.
• Eliminate vulnerabilities within the software.
• Use a Security by Design approach to design a secure architecture for your software.
• Implement common protections to protect users and data.
• Apply various testing methods to find and correct security defects in your software.
• Maintain deployed software to ensure ongoing security.

This course includes hands-on activities for each topic area. The goal of these activities is to
demonstrate concepts utilizing two universal languages Python and JavaScript. Developers who use
alternate languages will be able to apply the principles from the activities to any coding languages.
Hands-on exercises are designed to keep the typing of code to a bare minimum. CertNexus provides
students with all of the code they need to complete activities. The activities do not require a “deep
dive” into code to understand the principles being covered.

Target Student:
This course is designed for software developers, testers, and architects who design and develop software in various programming languages and platforms, including desktop, web, cloud, and mobile,
and who want to improve their ability to deliver software that is of high quality, particularly regarding
security and privacy.
This course is also designed for students who are seeking the CertNexus Cyber Secure Coder (CSC) Exam
CSC-210 certification.

Prerequisites:
This course presents secure programming concepts that apply to many different types of software
development projects. Although this course uses Python®, HTML, and JavaScript® to demonstrate
various programming concepts, you do not need to have experience in these languages to benefit from
this course. However, you should have some programming experience, whether it be developing
desktop, mobile, web, or cloud applications. Logical Operations provides a variety of courses covering
software development that you might use to prepare for this course, such as:
• Python® Programming: Introduction
• Python® Programming: Advanced
• HTML5: Content Authoring with New and Advanced Features
• SQL Querying: Fundamentals (Second Edition)

Course Content

• Lesson 1: Identifying the Need for Security in Your Software Projects
  Topic A: Identify Security Requirements and Expectations
  Topic B: Identify Factors That Undermine Software Security
  Topic C: Find Vulnerabilities in Your Software
  Topic D: Gather Intelligence on Vulnerabilities and Exploits
• Lesson 2: Handling Vulnerabilities
  Topic A: Handle Vulnerabilities Due to Software Defects and Misconfiguration
  Topic B: Handle Vulnerabilities Due to Human Factors
  Topic C: Handle Vulnerabilities Due to Process Shortcomings
• Lesson 3: Designing for Security
  Topic A: Apply General Principles for Secure Design
  Topic B: Design Software to Counter Specific Threats
• Lesson 4: Developing Secure Code
  Topic A: Follow Best Practices for Secure Coding
  Topic B: Prevent Platform Vulnerabilities
  Topic C: Prevent Privacy Vulnerabilities
• Lesson 5: Implementing Common Protections
  Topic A: Limit Access Using Login and User Roles
  Topic B: Protect Data in Transit and At Rest
  Topic C: Implement Error Handling and Logging
  Topic D: Protect Sensitive Data and Functions
  Topic E: Protect Database Access
• Lesson 6: Testing Software Security
  Topic A: Perform Security Testing
  Topic B: Analyze Code to find Security Problems
  Topic C: Use Automated Testing Tools to Find Security Problems
• Lesson 7: Maintaining Security in Deployed Software
  Topic A: Monitor and Log Applications to Support Security
  Topic B: Maintain Security after Deployment
  Appendix A: Mapping Course Content to Cyber Secure Coder (Exam CSC-210)

IRBIZ (Exam IRZ-110) Incident Response for Business Professionals
Course Length: 1 day

Overview:
This course covers incident response methods and procedures are taught in alignment with industry
frameworks such as US-CERT’s NCISP (National Cyber Incident Response Plan), and Presidential
Policy Directive (PPD) 41 on Cyber Incident Coordination Policy. It is ideal for candidates who have
been tasked with managing compliance with state legislation and other regulatory requirements
regarding incident response, and for executing standardized responses to such incidents. The course
introduces procedures and resources to comply with legislative requirements regarding incident
response.
This course is designed to assist students in preparing for the CertNexus Incident Responder
Credential (CIR-110). What you learn and practice in this course can be a significant part of your
preparation.

Course Objectives:
In this course, you will understand, assess and respond to security threats and operate a system and
network security analysis platform.
You will:
• Explain the importance of best practices in preparation for incident response
• Given a scenario, execute incident response process
• Explain general mitigation methods and devices
• Assess and comply with current incident response requirements.

Target Student:
This course is designed primarily for IT leaders and company executives who are responsible for
complying with incident response legislation. This course focuses on the knowledge, resources, and
skills necessary to comply with incident response and incident handling process requirements.
Prerequisites:
General understanding of cybersecurity concepts.

Course Content

• Lesson 1: Assessment of Information Security Risks
  Topic A: The Importance of Risk Management
  Topic D: Integrating Documentation into Risk Management
• Lesson 2: Response to Cybersecurity Incidents
  Topic A: Deployment of Incident Handling and Response Architecture
  Topic B: Containment and Mitigation of Incidents
  Topic C: Preparation for Forensic Investigation as a CSIRT
• Lesson 3: Investigating Cybersecurity Incidents
  Topic A: Use a Forensic Investigation Plan
  Topic B: Securely Collect and Analyze Electronic Evidence
  Topic C: Follow Up on the Results of an Investigation
• Lesson 4: Complying with Legislation
  − Examples of Legislation (if this is covered in the above topics, no need to include here) GDPR,
  HIPPA, Elections
  − Case study: Incident Response and GDPR (Using GDPR legislation, create a response that is
  compliant with it – this could be discussion-based activity as well.)
  − State Legislation Resources and Example – Search terms to find state legislation
  − Using NYS as an example use the NYS Privacy Response act or other legislation to create
  a similar case study as previously.
  − Provide answers on when to use federal versus state and do you have to follow both?
  Appendix C: Security Resources

Certified Internet of Things
Practitioner (CIoTP™): Exam ITP-110
Course Number: CNX0002
Course Length: 3 days

Overview:
The Internet of Things (IoT) promises a wide range of benefits for industry, energy and utility companies,
municipalities, healthcare, and consumers. Data can be collected in extraordinary volume and detail
regarding almost anything worth measuring, such as public health and safety, the environment, industrial
and agricultural production, energy, and utilities. New data analysis tools have been optimized for the
massive amounts of data that IoT produces, enabling well-informed decisions to be made quickly.
But putting IoT systems into place can be a complicated proposition, and fraught with hazards. Solutions
may involve devices and technologies from many different vendors, requiring a good understanding of
software and hardware and strategies to integrate them, as well as the risks associated with security,
privacy, and the safety of those whose working and living environments are managed by these systems.
IT professionals often have little or no experience working with embedded systems, sensor networks,
actuators, real-time systems, and other components that are common to IoT, so this course provides a
foundation for understanding how these components work with other systems that IT professionals typically
have more experience working with—such as networks, cloud computing, and applications running on
servers, desktop computers, and mobile devices.
In this course, students will learn general strategies for planning, designing, developing, implementing, and
maintaining an IoT system through various case studies and by assembling and configuring an IoT device to
work in a sensor network. Students will create an IoT device based on an ESP8266 microcontroller,
implementing various common IoT features, such as analog and digital sensors, a web-based interface,
MQTT messaging, and data encryption.

Course Objectives:
In this course, you will learn how to apply Internet of Things technologies to solve real-world problems.
You will:
• Plan an IoT implementation.
• Construct and program an IoT device.
• Communicate with an IoT device using wired and wireless connections.
• Process sensor input and control an actuator on an IoT device.
• Manage security, privacy, and safety risks on IoT projects.
• Manage an IoT prototyping and development project throughout the development lifecycle.

Target Student:
This course is designed for IT professionals with baseline skills in
computer hardware, software support, and development who want to learn how to design, develop,
implement, operate, and manage Internet of Things devices and related systems. The student is interested in
learning more about embedded systems, microcontroller programming, IoT security, and the development
life cycle for IoT projects.
While students will gain hands-on experience assembling a prototype IoT device and using software
development tools, these activities are closely guided, so previous experience in electronics assembly and
programming are not required. This course prepares students for taking the CertNexus Certified Internet of
Things (IoT) Practitioner (Exam ITP-110).

Prerequisites:
To ensure your success in this course you should be an experienced computer user who is comfortable
setting up and configuring computers and electronic devices.

Course Content

• Lesson 1: Planning an IoT Implementation
  Topic A: Select a General Architecture for an IoT Project
  Topic B: Identify Benefits and Challenges of IoT
• Lesson 2: Constructing and Programming an IoT Device
  Topic A: Select and Configure a Processing Unit
  Topic B: Select a Microcontroller Power Source
  Topic C: Use a Software Development Kit to Program an IoT Device
• Lesson 3: Communicating with an IoT Device
  Topic A: Communicate Using Wired Connections
  Topic B: Communicate Using Wireless Connections
  Topic C: Communicate Using Internet Protocols
• Lesson 4: Processing IoT Data
  Topic A: Process IoT Device Input and Output
  Topic B: Process Data in the Cloud
  Topic C: Provide Machine to Machine Communication
• Lesson 5: Managing Risks on IoT Projects
  Topic A: Identify IoT Security and Privacy Risks
  Topic B: Manage IoT Security and Privacy Risks
  Topic C: Manage IoT Safety Risks
• Lesson 6: Undertaking an IoT Project
  Topic A: Identify Real-World Applications for IoT
  Topic B: Follow the IoT Development Lifecycle
  Appendix A: Mapping Course Content to Certified Internet of Things Practitioner (CIoTP) (Exam ITP-110)

Certified Internet of Things Security
Practitioner (CIoTSP™): Exam ITS-110
Course Length: 3 Days

Overview:
This course is designed for practitioners who are seeking to demonstrate a vendor-neutral,
cross-industry skill set that will enable them to design, implement, operate, and/or manage a secure
IoT ecosystem.

Target Student:
This course is designed for IoT practitioners who are looking to improve their skills and knowledge of
IoT security and privacy. This course is also designed for students who are seeking the CertNexus
Certified Internet of Things Security Practitioner (CIoTSP) certification and who want to prepare for
Exam ITS-110.

Prerequisites:
To ensure your success in this course you should have a fundamental understanding of IoT
ecosystems, which you can obtain by taking the following CertNexus course:
Certified Internet of Things (IoT) Practitioner (Exam ITP-110)

Course Content

• Lesson 1: Managing IoT Risks
  Topic A: Map the IoT Attack Surface
  Topic B: Build in Security by Design
• Lesson 2: Securing Web and Cloud Interfaces
  Topic A: Identify Threats to IoT Web and Cloud Interfaces
  Topic B: Prevent Injection Flaws
  Topic C: Prevent Session Management Flaws
  Topic D: Prevent Cross-Site Scripting Flaws
  Topic E: Prevent Cross-Site Request Forgery Flaws
  Topic F: Prevent Unvalidated Redirects and Forwards
• Lesson 3: Securing Data
  Topic A: Use Cryptography Appropriately
  Topic B: Protect Data in Motion
  Copyright 2020 CertNexus. All Rights Reserved
  Topic C: Protect Data at Rest
  Topic D: Protect Data in Use
• Lesson 4: Controlling Access to IoT Resources
  Topic A: Identify the Need to Protect IoT Resources
  Topic B: Implement Secure Authentication
  Topic C: Implement Secure Authorization
  Topic D: Implement Security Monitoring on IoT Systems
• Lesson 5: Securing IoT Networks
  Topic A: Ensure the Security of IP Networks
  Topic B: Ensure the Security of Wireless Networks
  Topic C: Ensure the Security of Mobile Networks
  Topic D: Ensure the Security of IoT Edge Networks
• Lesson 6: Ensuring Privacy
  Topic A: Improve Data Collection to Reduce Privacy Concerns
  Topic B: Protect Sensitive Data
  Topic C: Dispose of Sensitive Data
• Lesson 7: Managing Software and Firmware Risks
  Topic A: Manage General Software Risks
  Topic B: Manage Risks Related to Software Installation and Configuration
  Topic C: Manage Risks Related to Software Patches and Updates
  Topic D: Manage Risks Related to IoT Device Operating Systems and Firmware
• Lesson 8: Promoting Physical Security
  Topic A: Protect Local Memory and Storage
  Topic B: Prevent Physical Port Access

CertNexus IoTBIZ

Overview:
The Internet of Things (IoT) promises a wide range of benefits for industry, energy and utility
companies, municipalities, healthcare, and consumers. Data can be collected in extraordinary
volume and detail regarding almost anything worth measuring, such as public health and safety, the
environment, industrial and agricultural production, energy, and utilities. New data analysis tools
have been optimized for the massive amounts of data that IoT produces, enabling well-informed
decisions to be made quickly.
Before you can successfully plan and implement an IoT solution, you must understand the
various factors that will drive your decisions. But putting IoT systems into place can be a
complicated proposition with unique considerations distinctly different from traditional IT
solutions.
Business professionals often have little or no foundation for understanding of the components
and design decisions that go into an IoT project. They may have a traditional understanding of IT
solutions which includes knowledge of networks, cloud computing, and applications running on
servers, desktop computers, and mobile devices.

Objectives:
The half-day course and associated credential (IOZ-110) will validate a participant’s knowledge of
IoT terminology, their ability to understand the components of IoT infrastructure, uncover
challenges for consideration and the impact that IoT has on their organization. Successful
participants will be able to identify what IoT can do for their organization and the various business
and technical challenges to address.

Target Student:
This 4-hour course is intended for business leads in project management, marketing, and sales who
are seeking to grow their organization through IoT technology solutions. This course prepares
students for taking the CertNexus® IoTBIZ Credential (IOZ-110).

Course Content:

• Lesson 1: Planning an IoT Implementation
  Topic A: Defining IoT
  Topic B: IoT Infrastructure
  Topic C: Identify Benefits and Challenges of IoT
• Lesson 2: Undertaking an IoT Project
  Topic A: Identify Real-World Applications for IoT
  Topic B: The IoT Development Lifecycle