Certified Internet of Things Security Practitioner (CIoTSP)

Price
$2,085.00 USD

Duration
3 Days

 

Delivery Methods
Virtual Instructor Led
Private Group

Request More Information
Download Course Details
Course Details Only
Course Details & Schedule
Skip to Class Dates

Course Overview

The Internet of Things (IoT) enables data to be collected and analyzed on a massive scale, enabling well-informed decisions to be made quickly. However, the deluge of data handled by IoT systems is often acquired, processed, and presented using new technologies that are rapidly evolving and in some cases being rushed to market, creating new concerns for data privacy and cybersecurity.

Securing IoT systems can be a complicated proposition, involving hazards that many IT workers have never had to deal with. Solutions may involve resource-constrained IoT devices and technologies from many different vendors. IoT devices may be installed in vulnerable locations, and new network devices and protocols add complexity to the overall network architecture.

Course Objectives

This course presents an approach for managing the security and data privacy of IoT throughout the entire lifecycle. Through a combination of hands-on activities and case studies, you will learn how to identify and remediate vulnerabilities that undermine IoT security, as well as strategies for managing risk, securing data throughout its entire lifecycle, protecting data privacy, ensuring that IoT resources can be accessed only by authorized users, managing risks related to device firmware and software, and protecting IoT devices from direct physical and network access.

Who Should Attend?

This course is designed for IoT practitioners who are looking to improve their skills and knowledge of IoT security and privacy. This course is also designed for students who are seeking the Certified Internet of Things Security Practitioner (CIoTSP) certification and who want to prepare for Exam ITS-110.
  • Top-rated instructors: Our crew of subject matter experts have an average instructor rating of 4.8 out of 5 across thousands of reviews.
  • Authorized content: We maintain more than 35 Authorized Training Partnerships with the top players in tech, ensuring your course materials contain the most relevant and up-to date information.
  • Interactive classroom participation: Our virtual training includes live lectures, demonstrations and virtual labs that allow you to participate in discussions with your instructor and fellow classmates to get real-time feedback.
  • Post Class Resources: Review your class content, catch up on any material you may have missed or perfect your new skills with access to resources after your course is complete.
  • Private Group Training: Let our world-class instructors deliver exclusive training courses just for your employees. Our private group training is designed to promote your team’s shared growth and skill development.
  • Tailored Training Solutions: Our subject matter experts can customize the class to specifically address the unique goals of your team.

Learning Credits: Learning Credits can be purchased well in advance of your training date to avoid having to commit to specific courses or dates. Learning Credits allow you to secure your training budget for an entire year while eliminating the administrative headache of paying for individual classes. They can also be redeemed for a full year from the date of purchase. If you have previously purchased a Learning Credit agreement with New Horizons, you may use a portion of your agreement to pay for this class.

If you have questions about Learning Credits, please contact your Account Manager.

Corporate Tech Pass: Our Corporate Tech Pass includes unlimited attendance for a single person, in the following Virtual Instructor Led course types: Microsoft Office, Microsoft Technical, CompTIA, Project Management, SharePoint, ITIL, Certified Ethical Hacker, Certified Hacking Forensics Investigator, Java, Professional Development Courses and more. The full list of eligible course titles can be found at https://www.newhorizons.com/eligible.

If you have questions about our Corporate Tech Pass, please contact your Account Manager.

Course Prerequisites

  • Certified Internet of Things (IoT) Practitioner

Agenda

1 - Managing IoT Risks

  • Topic A: Map the IoT Attack Surface
  • Case Study: Connected Services Company
  • The IoT Ecosystem
  • The IoT Attack Surface
  • Shadow IT
  • IoT Risk Management
  • Security Versus Risk
  • Guidelines for Identifying Threats to IoT
  • Identifying Strategies to Deal with IoT Threats
  • Topic B: Build in Security by Design
  • Security by Design
  • Guidelines for Implementing Security by Design
  • Building Security into IoT Systems

2 - Securing Web and Cloud Interfaces

  • Topic A: Identify Threats to IoT Web and Cloud Interfaces
  • Web Protocols
  • H2M Interfaces
  • M2M Interfaces
  • The Request/Response Model
  • Send Data with a Request
  • Asynchronous HTTP
  • Data Serialization
  • Common Attack Patterns
  • Guidelines for Protecting Against Threats to IoT WebBased User Interfaces
  • Identifying Threats to IoT Web and Cloud Interfaces
  • Topic B: Prevent Injection Flaws
  • Injection Flaws
  • SQL Injection
  • Consequences of a SQL Injection Attack
  • Second Order SQL Injection
  • LDAP Injection
  • Shell Attack
  • Reverse Shell
  • URLBased Attacks
  • Malformed URL Attack
  • Unsecure Direct Object References
  • Setting Up an Account
  • Exploiting Injection Flaws
  • Guidelines for Preventing Injection Flaws
  • Preventing Injection Flaws
  • Copyright 2020 CertNexus. All Rights Reserved
  • Topic C: Prevent Session Management Flaw
  • Session Tokens
  • Token Management
  • Session Management
  • Session Replay
  • ManintheMiddle
  • Simulating an MITM Attack
  • Guidelines for Preventing Session Management Flaws
  • Preventing Session Management Flaws
  • Topic D: Prevent CrossSite Scripting Flaws
  • CrossSite Scripting (XSS)
  • Persistent XSS
  • Exploiting XSS to Run Untrusted Code
  • Guidelines for Preventing XSS Flaws
  • Preventing XSS Flaws
  • Topic E: Prevent CrossSite Request Forgery Flaws
  • CrossSite Request Forgery (CSRF)
  • Exploiting CSRF to Access Another User’s Privileges
  • Guidelines for Preventing CSRF Flaws
  • Preventing CSRF Flaws
  • Topic F: Prevent Unvalidated Redirects and Forwards
  • Unvalidated Redirects and Forwards
  • Exploiting an Unvalidated Redirect
  • Guidelines for Preventing Unvalidated Redirects and Forwards
  • Preventing Unvalidated Redirects and Forwards

3 - Securing Data

  • Topic A: Use Cryptography Appropriately
  • Cryptography
  • Encryption Functions
  • Symmetric Key Encryption
  • Asymmetric Key Encryption
  • Hashing
  • Hashing Functions
  • Salt
  • Cipher Suites
  • Handshaking
  • Block Versus Stream Ciphers
  • Strength and Processing Requirements
  • Common Algorithms
  • HardwareBased Encryption Modules on IoT Devices
  • Guidelines for Selecting Appropriate Encryption
  • Selecting Appropriate Cryptography
  • Copyright 2020 CertNexus. All Rights Reserved
  • Topic B: Protect Data in Motion
  • Data in Motion
  • Data in Motion Vulnerabilities
  • Interprocess Communication
  • Content Provider Leakage
  • Capturing Data Leakage from a Content Provider
  • Transport Encryption
  • PKI
  • Vulnerabilities Related to PKI
  • Outdated Cipher Suites
  • Secure SSH Implementation
  • IPSec
  • IPSec Modes
  • IPSec Security Association
  • IPSec Process
  • SDN
  • Benefits of SDN for IoT
  • S/MIME
  • Blockchain
  • Guidelines for Securing Data in Motion
  • Protecting Data in Motion
  • Topic C: Protect Data at Rest
  • Data at Rest Vulnerabilities
  • Data at Rest Protections
  • Guidelines for Protecting Data at Rest
  • Protecting Data at Rest
  • Topic D: Protect Data in Use
  • Data in Use Vulnerabilities
  • Buffer overflow
  • Rootkits
  • Malicious Hardware and Firmware
  • Performing a MemoryBased Attack
  • Data in Use Protections
  • Guidelines for Securing Data in Use
  • Protecting Data in Use

4 - Controlling Access to IoT Resources

  • Topic A: Identify the Need to Protect IoT Resources
  • The Need to Protect IoT Resources
  • AAA
  • Identifying the Need to Protect IoT Resources
  • Topic B: Implement Secure Authentication
  • Authentication Throughout the IoT Ecosystem
  • Copyright 2020 CertNexus. All Rights Reserved
  • Threats Related to Inadequate Authentication
  • Password Attacks
  • Credential Protection Flaws
  • Accessing Unsecured Credentials
  • Password Recovery Flaws
  • Account Enumeration
  • Exploiting Poor Password Recovery
  • Machine Authentication
  • Challenges of Authentication on Constrained Devices
  • Credential Protection Strategies
  • Reauthentication
  • Multifactor Authentication
  • Problems Mitigated by MFA
  • Example Authentication Factors
  • Account Lockout Policies
  • Guidelines for Implementing Secure Authentication
  • Implementing Secure Authentication in IoT
  • Topic C: Implement Secure Authorization
  • Threats Related to Inadequate Authorization
  • Vulnerabilities That Undermine Authorization
  • Exploiting Authorization Flaws
  • RoleBased Access Control
  • Access Control Throughout the IoT Ecosystem
  • Guidelines for Implementing Secure Authorization
  • Implementing Secure Authorization in IoT
  • Topic D: Implement Security Monitoring on IoT Systems
  • Security Logging and Monitoring
  • Log Tuning
  • Use of AI and Machine Learning in IoT Monitoring
  • Guidelines for Implementing Secure Logging and Monitoring
  • Implementing Security Monitoring

5 - Securing IoT Networks

  • Topic A: Ensure the Security of IP Networks
  • TCP/IP in IoT
  • Common Threats to IP Networks
  • Spoofing
  • DoS/DDoS
  • DNS Poisoning
  • Reconnaissance
  • Packet Manipulation/Injection
  • Scanning the Local Network
  • IP Versions
  • Copyright 2020 CertNexus. All Rights Reserved
  • DNSSEC
  • IEEE 802.15.4
  • Guidelines for Securing IP Networks
  • Securing IP Networks
  • Topic B: Ensure the Security of Wireless Networks
  • Common Threats to Wireless Networks
  • Identifying Wireless Network Vulnerabilities
  • Guidelines for Securing Wireless Networks
  • Securing Wireless Networks
  • Topic C: Ensure the Security of Mobile Networks
  • Mobile Networking
  • Generations of Cellular Protocols
  • Cellular Protocols
  • Cellular Communications in IoT
  • Custom APNs
  • Threats to Cellular Communication
  • Mobile Client Security
  • Threats to LowPower Mobile Devices
  • Guidelines for Ensuring Mobile Network Security
  • Securing Mobile Networks
  • Topic D: Ensure the Security of IoT Edge Networks
  • Threats to Edge Networks
  • Edge Network Security Strategies
  • Security in IoT Edge Network Protocols
  • Guidelines for Ensuring IoT Edge Network Security
  • Securing IoT Edge Network

6 - Ensuring Privacy

  • Topic A: Improve Data Collection to Reduce Privacy Concerns
  • Data Lifecycle
  • Data Collection Concerns
  • Identifying Data Collection Privacy Concerns
  • Compliance Requirements
  • PHI
  • PII
  • Metadata
  • Guidelines for Managing Data Collection
  • Improving Data Collection
  • Topic B: Protect Sensitive Data
  • Data Protection Concerns
  • Gaining Unauthorized Access to Private Data
  • Appropriate Access
  • Identifiability
  • Copyright 2020 CertNexus. All Rights Reserved
  • Guidelines for Protecting Sensitive Data
  • Protecting Sensitive Data
  • Topic C: Dispose of Sensitive Data
  • Data Retention and Disposal Concerns
  • Data Retention Policies
  • Data Disposal Policies
  • Guidelines for Retaining and Disposing of Sensitive Data
  • Disposing of Sensitive Data

7 - Managing Software and Firmware Risks

  • Topic A: Manage General Software Risks
  • Software and Firmware Within the IoT Ecosystem
  • Exploiting Common Application Flaws
  • Lack of Secure EndtoEnd Solutions
  • Common Software Flaws
  • Desktop and Mobile Apps
  • Special Concerns for Mobile Apps
  • Smartphones and Consumer IoT Devices
  • Input Validation
  • Validation Approaches
  • Fuzzing
  • Secure Application Development
  • IoT Product Research and Evaluation
  • Guidelines for Managing IoT Software Risks
  • Improving Software Security
  • Topic B: Manage Risks Related to Software Installation and Configuration
  • IoT Misconfiguration Flaws
  • Guidelines for Securing Installed Applications
  • Managing Software Installation and Configuration Risks
  • Topic C: Manage Risks Related to Software Patches and Updates
  • Vulnerabilities in Software Updating and Patching
  • Secure Updates
  • IoT Device Asset Management
  • Guidelines for Implementing Secure Patches and Updates
  • Managing Risks Related to Patches and Updates
  • Topic D: Manage Risks Related to IoT Device Operating Systems and Firmware
  • Constrained Devices with Limited Security Features
  • IoT Device Operating System Vulnerabilities
  • Bootloader/Boot Vulnerabilities
  • RoT
  • Guidelines for Securing IoT Device Operating Systems and Firmware
  • Managing Risks Related to Operating Systems and Firmware

8 - Promoting Physical Security

  • Physical Access
  • Mobile Device Vulnerabilities
  • Guidelines for Protecting Local Memory and Storage
  • Protecting Local Memory and Storage
  • Topic B: Prevent Physical Port Access
  • Physical Port Access
  • Guidelines for Protecting Devices from Physical Shell Access
  • Protecting Devices from Shell Access and Reverse Engineering
 

Get in touch to schedule training for your team
We can enroll multiple students in an upcoming class or schedule a dedicated private training event designed to meet your organization’s needs.

               
 



Do You Have Additional Questions? Please Contact Us Below.

contact us contact us 
Contact Us about Starting Your Business Training Strategy with New Horizons