Upload
others
View
6
Download
0
Embed Size (px)
Citation preview
Analyst Endpoint Security
Model Curriculum
Analyst Endpoint Security
SECTOR: SUB-SECTOR: OCCUPATION:
REF ID: NSQF LEVEL:
IT-ITeS IT SERVICES INFORMATION/CYBER SECURITY SSC/Q0905
7
Analyst Endpoint Security
Analyst Endpoint Security
TABLE OF CONTENTS
1. Curriculum 01
2. Trainer Prerequisites 11
3. Annexure: Assessment Criteria 12
Analyst Endpoint Security 1
Analyst Endpoint Security CURRICULUM / SYLLABUS
This program is aimed at training candidates for the job of a “Analyst Endpoint Security” in the “IT- Services” Sector/Industry and aims at building the following key competencies amongst the learner
Program Name Analyst Endpoint Security
Qualification Pack Name & Reference ID. ID
Analyst Endpoint Security SSC/Q0905
Version No. 1.0 Version Update Date 04/1/2018
Pre-requisites to Training
Diploma in IT/Computer
Minimum Job Entry Age
18 years
Training Outcomes After completing this programme, participants will be able to:
Identify threats and vulnerabilities: Understanding of
emerging sophisticated threats, various characteristics of advanced threat, various types of threat vectors and significance of attacker’s motivation.
Inculcate knowledge about endpoint security: Basis understanding of network environment and endpoint security, threats and vulnerability, endpoint security system functionality, various measures endpoint security, etc.
Protect endpoint devices: Basics of safeguarding resources against sophisticated threats and vulnerabilities, security solutions for endpoint devices.
Identify and use opensource tools: Effectively identify, select & use the specified opensource tools relevant to endpoint security.
Become well versed with environment health & safety: Well versed with health and safety measures in terms of IT infrastructure and personal safety.
Analyst Endpoint Security 2
This course encompasses 7 out of 7 National Occupational Standards (NOS) of “Analyst Endpoint
Security” Qualification Pack issued by “IT-ITeS SSC”.
Sr. No. Module Key Learning Outcomes Equipment Required
1 IT-ITES/BPM Industry – An Introduction Theory Duration (hh:mm) 6:00 Practical Duration (hh:mm) 03:00 Corresponding NOS Code Bridge Module
Explain relevance of the IT-
ITeS industry
State the various sub-
sectors in the IT-ITeS
sector
Explain the relevance of IT
services sector
A General Overview of the
ITBPM Industry
The organizations within IT-
BPM Industry
The sub-sectors within the
IT BPM Industry
Whiteboard and Markers
LCD Projector and Laptop for
presentations
Lab equipped with the following: -
PCs/Laptops
Internet with WiFi (Min 2 Mbps
Dedicated)
Networking Equipment
Routers & Switches
Chart paper and sketch pens
2 IT Services – An Introduction Theory Duration (hh:mm) 01:00 Practical Duration (hh:mm) 01:00 Corresponding NOS Code Bridge Module
State the various
occupations and tracks in
the IT-ITeS sector
General Overview of the IT
Services Sub-Sector
Profile of the IT Services
Sub-Sector
Key Trends in the IT
Services Sub-Sector
Roles in the IT Services
Sub-Sector
Whiteboard and Markers
LCD Projector and Laptop for
presentations
Lab equipped with the following:
PCs/Laptops
Internet with WiFi (Min 2 Mbps
Dedicated)
Analyst Endpoint Security 3
Sr. No. Module Key Learning Outcomes Equipment Required
3 Information/Cyber Security – An Introduction Theory Duration (hh:mm) 04:00 Practical Duration (hh:mm) 02:00 Corresponding NOS Code Bridge Module.
Explain the relevance of
cyber security in the society
Explain the role of an
Analyst Endpoint Security
and their key
responsibilities
List the range of skills and
behavior, expected from
Analyst Endpoint Security
List the responsibilities of
an Analyst Endpoint
Security
State the growth
opportunities for an Analyst
Endpoint Security
General Overview of
Information/cyber security
and its Roles
Career Map for
Information/cyber security
Whiteboard and Markers
Chart paper and sketch pens
Lab equipped with the following:
PCs/Laptops
Internet with Wi-Fi (Min 2
Mbps Dedicated)
Sr. No. Module Key Learning Outcomes Equipment Required
4 Fundamentals of Endpoint Security
Theory Duration (hh:mm) 10:00 Practical Duration (hh:mm) 32:00
Corresponding NOS Code SSC/N0912
Know about the basics
understanding of Endpoint
devices
Comprehend various
endpoint security products
and their functionalities and
features
Gain knowledge about the
need and importance of
Endpoint security
Inculcate knowledge about
the benefit of Endpoint
Security
Whiteboard and Markers
LCD Projector and Laptop for
presentations
Lab with key devices, software and
hardware in a large network.
Should include but not be limited to-
application of multiple networking
topology; use of various Network
Protocols; Desktop computer;
Smartphone; Tablet (tablet PC);
Thin client (lean client); Printer;
need of endpoint; benefits of
endpoint etc.
Analyst Endpoint Security 4
Sr. No.
Module Key Learning Outcomes Equipment Required
5 Threats and Vulnerability
Theory Duration (hh:mm) 10:00 Practical Duration (hh:mm) 25:00
Corresponding NOS Code SSC/N0912
Understand emerging
sophisticated threats
Know various
characteristics of advanced
threat
Gain knowledge about
various types of threat
vectors
Acquire basic knowledge
about cyberattacked actions
and their motivations
Gain definite knowledge
and expertise to
comprehend the capability
of an attacker
Explain the real significance
of attacker’s motivation
Know the actual motivation
behind targeted attacks
Whiteboard and markers
LCD projector and laptop for
presentations
Provision for online research in the
lab for all students
At least two subject matter experts
from the industry in the field of
endpoint security
Demo for providing security to the
endpoint devices.
6 Endpoint Security System Functionality
Theory Duration (hh:mm) 05:00 Practical Duration (hh:mm) 15:00 Corresponding
NOS Code SSC/N0912
Gain basic understanding of
Seven Layers Endpoint
Security Platforms
Obtain knowledge about the
importance of BYOD
Security
Comprehend the basic
understanding of
Enterprising Mobility
Management
Gather fundamental
knowledge about Endpoint
modelling and threat
detection
Compare Endpoint Security
Compliance Models:
Traditional Vs. Continuous
Get clarity of Endpoint
Security Maturity
Know about the Next-
Generation Endpoint
Security
Whiteboard and markers
LCD projector and laptop for
presentations
Provision for online research in the
lab for all students
Open source code scanning tools
and their tutorials
Access to secure and unsecured
devices for endpoint security testing
activities
Access to public databases and
vulnerability sharing clubs, e.g.,
Bugtraq
National Institute of Standards and
Technology (NIST) NVB,
United States Computer Emergency
Readiness Team (US- CERT)
Analyst Endpoint Security 5
Sr. No. Module Key Learning Outcomes Equipment Required
7 Endpoint Security measures
Theory Duration (hh:mm) 05:00 Practical Duration (hh:mm) 20:00 Corresponding
NOS Code SSC/N0912
Explain the Four Tenets of
Security
Clarify endpoint hardening
Elucidate Trusted Platform
Modules
Whiteboard and markers
LCD projector and laptop for
presentations
Provision for online research in the
lab for all students
Access to list of vulnerabilities and
exposures identified in the
application by participants in the
activities of previous topic.
Open source tools in the field of
endpoint security for the above-
mentioned activities
Provision for online research for all
participants
Provision of software, such as word
processors, spreadsheets, etc. for
preparing reports for all participants.
8 Security Solutions for Endpoint Devices
Theory Duration (hh:mm) 07:00 Practical Duration (hh:mm) 20:00 Corresponding
NOS Code SSC/N0912
Gain fundamental
knowledge about Drive
Encryption
Classify Drive Encryption
versus File Encryption
Comprehend the basic
understanding of Data
Security and its importance
Know the relevance of
Securing Browser
State securing browser
Know about mobile phones
hardening
Relate cloud security and
mobility
Describe firewall hardening
Whiteboard and markers
LCD projector and laptop for
presentations
Provision for online research in the
lab for all students
Access to free OWASP tools and
methods and their tutorials
Analyst Endpoint Security 6
Sr. No. Module Key Learning Outcomes Equipment Required
9 Protection of Endpoint Devices and Networks
Theory Duration (hh:mm) 06:00 Practical Duration (hh:mm) 22:00 Corresponding
NOS Code SSC/N0913
Understand endpoint
resiliency
Explain the network
prioritization
Know about trusted boot
State measured boot
Describe securing
resources
Comprehend how to
reduce attacks on
endpoints
Obtain knowledge about
Patch Management
Process
Whiteboard and markers
LCD projector and laptop for
presentations
Provision for online research in lab
for all students
Access to free OWASP tools and
methods and their tutorials
10 Basics of Safeguarding Resources
Theory Duration (hh:mm) 07:00 Practical Duration (hh:mm) 20:00
Corresponding NOS Code SSC/N0913
Gain knowledge about
securing Resources
Summarize network access
protection
Illustrate network resiliency
Know different techniques
to secure the passwords
Explain protection against
numerous password-based
attacks
Understand various
Regulatory Compliance
and global standards
Inculcate clarity of
knowledge about Industry
Best Practices
Whiteboard and markers • LCD
projector and laptop for
presentations
Lab with provision for online
research
Analyst Endpoint Security 7
Sr. No. Module Key Learning Outcomes Equipment Required
11 Lab Installation
Theory Duration (hh:mm) 03:00 Practical Duration (hh:mm) 38:00 Corresponding NOS Code SSC/N0913
Get Fundamental
Knowledge about Manage
Engine Desktop Central
Explain Installation of
Manage Engine Desktop
Central
Illustrate how to Login and
configure Manage Engine
Desktop Center
Configure Firewall
Understand File Folder
Operations
Know different Industry
Best Practices
Whiteboard and markers
LCD projector and laptops for
making presentations
Provision for online research in lab
for all students
Undertake research on various
tools generating VA-PT reports
Hardware requirements:
Processor (CPU): Core i3 3.0 GHz
Memory (RAM): 4 GB
Hard Drive: 150 GB of free hard
disk drive space
Internet Connectivity: 2mbps (min)
Bandwidth Required
Local Network connectivity:
Required
DVD or USB port: Required
Software requirements:
Operating Systems: Win 10 (64 Bit)
setup
Supported Software’s: .Net, SQL
Server, PHP,
Supported Browsers: IE v10,
Google Chrome v54 or better
Sr. No. Module Key Learning Outcomes Equipment Required
12 Manage your work to meet requirements Theory Duration (hh:mm) 12:00 Practical Duration (hh:mm) 38:00 Corresponding
NOS Code SSC/N9001
Understanding scope of
work and working within
limits of authority
Work and work
environment
Maintaining Confidentiality
Whiteboard and Markers
LCD Projector and Laptop for
presentations
Training organization’s
confidentiality policy
Analyst Endpoint Security 8
13 Work effectively with colleagues Theory Duration (hh:mm) 12:00 Practical Duration (hh:mm) 38:00 Corresponding
NOS Code SSC/N9002
Effective Communication
Working Effectively
Whiteboard and Markers
LCD Projector and Laptop for
presentations
Provision to write emails and send
in the lab
Lab with provision for internet,
email, word processor and
presentation software
Chart paper, markers, picture
magazines and old newspapers
14 Maintain a healthy, safe and secure working environment Theory Duration (hh:mm) 06:00 Practical Duration (hh:mm) 19:00 Corresponding
NOS Code SSC/N9003
Need for Health and Safety
at Work
Analyst’s Role
Emergency Situations
Skills for Maintaining
Health and
Safety at Work
Whiteboard and Markers
LCD Projector and Laptop for
presentations
The training organization’s current
health, safety and security policies
and procedures
Provision for online research in the
Lab
A sample health and safety policy
document
Emergency broadcast system and
mock emergency signage in the
appropriate areas of the training
institute
Analyst Endpoint Security 9
15 Provide data/information in standard formats Theory Duration (hh:mm) 12:00 Practical Duration (hh:mm) 38:00 Corresponding
NOS Code SSC/N9004
Information and Knowledge
Management
How to manage data/
information effectively
Skills required to manage
data and information
effectively
Whiteboard and Markers
LCD Projector and Laptop
for presentations
Provision for online research in the
lab
16 Develop knowledge, skills and competence Theory Duration (hh:mm) 06:00 Practical Duration (hh:mm) 19:00 Corresponding NOS Code SSC/N9005
Importance of self-
development
Knowledge and Skills
required for the job
Avenues for Self-
Development
Planning for Self-
Development
Whiteboard and Markers LCD
Projector and Laptop for
presentations
Soft copy of QP-NOS
Provision for online access to all
students in the lab
Questionnaire and key for Honey
and Mumford learning styles
Total Duration:
Theory Duration
(hh:mm) 100:00 Practical Duration
(hh:mm) 350:00
Grand Total Course Duration: 450 Hours, 0 Minutes
(This syllabus/ curriculum has been approved by IT- ITeS Sector Skills Council)
Analyst Endpoint Security 10
Trainer Prerequisite for Job role: “Analyst Endpoint Security” mapped to Qualification Pack: “SSC/Q0905 v1.0”
Sr. No. Area Details
1 Description To deliver accredited training service, mapping to the curriculum detailed above, in accordance with the Qualification Pack SSC/Q0905.
2 Personal Attributes
This job may require the individual to work independently and take decisions for his/her own area of work. The individual should have a high level of analytical thinking ability, passion for information security and attention for detail, should be ethical, compliance and result oriented, should also be able to demonstrate interpersonal skills, along with willingness to undertake desk-based job with long working hours.
3 Minimum Educational Qualifications
Diploma in IT/Computer
4a Domain Certification
Certification in Information systems or related fields, Basic soft skills training, ethical hacking or pertaining to ISO27001
4b Platform Certification
80% marks achieved in Trainer QP (MEP/0102)/TVET/ pedagogy assessments (i.e. aggregate- 80% & per NOS - 70%)
5 Experience 0-2 years of work experience/internship in security
Analyst Endpoint Security 11
Annexure: Assessment Criteria
Assessment Criteria
Job Role Analyst Endpoint Security
Qualification Pack SSC/Q0905
Sector Skill Council IT-ITeS
Sr. No.
Guidelines for Assessment
1 Criteria for assessment for each Qualification Pack (QP) will be created by the Sector Skill Council (SSC). Each performance criteria (PC) will be assigned Theory and Skill/Practical marks proportional to its importance in NOS.
2 The assessment will be conducted online through assessment providers authorized by SSC.
3 Format of questions will include a variety of styles suitable to the PC being tested such as multiple-choice questions, fill in the blanks, situational judgment test, simulation and programming test.
4 To pass a QP, a trainee should pass each individual NOS. Standard passing criteria for each NOS is 70%
5 For latest details on the assessment criteria, please visit www.sscnasscom.com.
6 In case of successfully passing only certain number of NOS's, the trainee is eligible to take
Assessment
Outcomes Assessment Criteria for Outcomes
Total
Marks (700)
Out of
Marks Allocated
Theory Skills Practical
1. SSC/N0912 (Troubleshoot and maintain endpoint security in an enterprise environment)
PC1. verify the scope of endpoint assets and components to be monitored with authorized persons
100
5 2 3
PC2. participate in day, evening or overnight security operations center shift schedule
5 1 4
PC3. receive shift handover along with relevant information, authorities and instructions
3 1 2
PC4. verify that endpoint security clients are online and functional
PC5. obtain reports and notifications from the endpoint security tool and respond as per laid out process for the same
5 2 3
PC6. use reports and logs to identify security problems and monitor status and security events
5 2 3
PC7. interpret the results of reports and determine the priorities and actions to take to remediate the situation
3 1 2
PC8. respond to endpoint security client messages and apply a solution accordingly
4 1 3
Analyst Endpoint Security 12
PC9. monitor and troubleshoot an endpoint security environment, its security management tools and client content delivery
5 1 4
PC10. monitor and troubleshoot protection and communication technologies using basic troubleshooting and other monitoring tools
4 1 3
PC11. troubleshoot and remediate a virus outbreak or client installation failures
4 1 3
PC12. enable debugging and gather logs for technical support use
4 1 3
PC13. identify and prevent false positives 4 1 3
PC14. upgrade and maintain the endpoint security environment and clients
4 1 3
PC15. manage clients through groups/locations
4 1 3
PC16. manage and apply policies such as virus and spyware protection policies, firewall policies, intrusion prevention policies, application and device control policies, update policies, and centralized exception policies
4 2 2
PC17. update products and content as per specifications received
4 1 3
PC18. check client status in the endpoint security manager 3 1 2
PC19. perform client deployment manager optimizations 4 1 3
PC20. create application and device control and firewall rules 5 2 3
PC21. use IT analytics to generate comprehensive reports from Endpoint Protection
5 2 3
PC22. collaborate with others to resolve information technology issues that are beyond own capabilities or job profile
4 1 3
PC23. report the results of the monitoring, ticket raising and ticket closure activities using standard documentation following organizational procedures
4 2 2
PC24. comply with relevant legislation, standards, policies and procedures 4 1 3
Analyst Endpoint Security 13
PC25. maintain a knowledge-base of the known problems and action taken for the same
4 1 3
Total 100 31 69
2. SSC/N0913
(Assist in the installation of endpoint security measures)
PC1. receive instructions from authorized source for task(s) to be performed for installation of endpoint security tool on server of client endpoint
100
4 1 3
PC2. install a management console on a server to help manage clients, product licenses and logs as per specifications provided
5 2 3
PC3. create a database containing settings, privileges, events and security policies as per specifications
3 1 2
PC4. integrate tool with directory services or LDAP 5 1 4
PC5. manage the endpoint security tools database settings as per instructions provided
4 1 3
PC6. activate the product with the appropriate license or serial number 4 1 3
PC7. create and manage administrator accounts in the Endpoint Security Manager Console
4 1 3
PC8. install and configure Linux clients on the endpoint security manager tool
5 1 4
PC9. configure Endpoint security replication, load balancing, and failover as per instructions provided
4 1 3
PC10. configure and implement Endpoint Protection domains as per instructions provided
5 2 3
PC11. start and navigate the endpoint protection manager 6 2 4
PC12. perform endpoint security console authentication
4 1 3
PC13. install software on client computers and devices, either directly or across the network as per instructions provided
5 1 4
PC14. configure clients for client software updates (automatic or pushed from the server) and virus definition updates, at a minimum
4 2 2
PC15. distinguish between client-mode and user-mode
5 2 3
PC16. install managed clients as per instructions provided 6 2 4
Analyst Endpoint Security 14
PC17. configure an unmanaged detector as per instructions provided 4 1 3
PC18. configuring endpoint protection clients to use Secure Socket Layer (SSL) communication
5 2 3
PC19. collaborate with others to resolve information technology issues that are beyond own capabilities or job profile
4 1 3
PC20. report the results of the monitoring, ticket raising and ticket closure activities using standard documentation following organizational procedures
5 1 4
PC21. obtain help or advice from specialist if the problem is outside his/her area of competence or experience
4 1 3
PC22. comply with relevant legislation, standards, policies and procedures 5 2 3
Total 100 30 70
3. SSC/N9001
(Manage your work to meet requirements)
PC1.establish and agree your work requirements with appropriate people
100
7 0 7
PC2. keep your immediate work area clean and tidy 12 6 6
PC3. utilize your time effectively 12 6 6
PC4. use resources correctly and efficiently 19 6 13
PC5. treat confidential information correctly 7 1 6
PC6. work in line with your
organization’s policies and procedures 12 0 12
PC7. work within the limits of your job role 6 0 6
PC8. obtain guidance from appropriate people, where necessary 6 0 6
PC9. ensure your work meets the agreed requirements 19 6 13
Total 100 25 75
4. SSC/N9002
(Work effectively with colleagues)
PC1. communicate with colleagues clearly, concisely and accurately
100 20 0 20
Analyst Endpoint Security 15
PC2. work with colleagues to integrate your work effectively with theirs 10 0 10
PC3. pass on essential information to colleagues in line with organizational requirements
10 10 0
PC4. work in ways that show respect for colleagues
20 0 20
PC5. carry out commitments you have made to colleagues 10 0 10
PC6. let colleagues know in good time if you cannot carry out your commitments, explaining the reasons
10 10 0
PC7. identify any problems you have working with colleagues and take the initiative to solve these problems
10 0 10
PC8. follow the organization’s policies and procedures for working with colleagues
10 0 10
Total 100 20 80
5. SSC/N9003
(Maintain a healthy, safe and secure working environment)
PC1. comply with your organization’s current health, safety and security policies and procedures
100
20 10 10
PC2. report any identified breaches in health, safety, and security policies and procedures to the designated person
10 0 10
PC3. identify and correct any hazards that you can deal with safely, competently and within the limits of your authority
20 10 10
PC4. report any hazards that you are not
PC5. competent to deal with to the relevant person in line with organizational procedures and warn other people who may be affected
10 0 10
PC6. follow your organization’s emergency procedures promptly, calmly, and efficiently
20 10 10
PC7. identify and recommend opportunities for improving health, safety, and security to the designated person
10 0 10
PC8. complete any health and safety records legibly and accurately 10 0 10
Total 100 30 70
Analyst Endpoint Security 16
6. SSC/N9004
(Provide data/information in standard formats)
PC1. establish and agree with appropriate people the data/information you need to provide, the formats in which you need to provide it, and when you need to provide it
100
13 13 0
PC2. obtain the data/information from reliable sources 13 0 13
PC3. check that the data/information is accurate, complete and up-to-date 12 6 6
PC4. obtain advice or guidance from
appropriate people where there are problems with the data/information
6 0 6
PC5. carry out rule-based analysis of the data/information, if required 25 0 25
PC6. insert the data/information into the agreed formats 13 0 13
PC7. check the accuracy of your work, involving colleagues where required
6 0 6
PC8. report any unresolved anomalies in the data/information to appropriate people 6 6 0
PC9. provide complete, accurate and
upto-date data/information to the
appropriate people in the required formats on time
6 0 6
Total 100 25 75
7. SSC/N9005
(Develop your knowledge, skills and competence)
PC1. obtain advice and guidance from appropriate people to develop your knowledge, skills and competence
100
10 0 10
PC2. identify accurately the knowledge and skills you need for your job role 10 0 10
PC3. identify accurately your current level of knowledge, skills and competence and any learning and development needs
20 10 10
PC4. agree with appropriate people a plan of learning and development activities to address your learning needs
10 0 10
PC5. undertake learning and development activities in line with your plan
20 10 10
PC6. apply your new knowledge and skills in the workplace, under supervision 10 0 10
PC7. obtain feedback from appropriate
people on your knowledge and skills and
how effectively you apply them 10 0 10
Analyst Endpoint Security 17
PC8. review your knowledge, skills and
competence regularly and take
appropriate action 10 0 10
Total 100 20 80