Legitimized [GIAC Foundational Cybersecurity Technologies (GFACT)] Expert – Led Video Course – MASTERYTRAIL

1.0 Introduction to Cybersecurity
1.1 Definition of Cybersecurity
1.2 Importance of Cybersecurity
1.3 Types of Cyber Threats
1.4 Cybersecurity Goals (CIA Triad)
1.5 Stakeholders in Cybersecurity
1.6 Fundamental Security Principles
1.7 Cybersecurity Terminology
1.8 Current Threat Landscape
1.9 Cybersecurity Standards
1.10 Overview of GFACT

2.0 Operating System Concepts
2.1 What is an Operating System
2.2 OS Types (Windows, Linux, macOS)
2.3 File Systems Overview
2.4 User and Group Management
2.5 Processes and Services
2.6 Permissions and Access Controls
2.7 OS Security Features
2.8 Patch Management
2.9 OS Hardening
2.10 Logging and Auditing

3.0 Computer Networking Fundamentals
3.1 Network Topologies
3.2 OSI Model Layers
3.3 TCP/IP Stack
3.4 IPv4 vs IPv6
3.5 Network Devices (Router, Switch, Firewall)
3.6 MAC Addressing
3.7 Subnetting Basics
3.8 DNS Functionality
3.9 DHCP and IP Assignment
3.10 Network Ports and Protocols

4.0 Network Security Technologies
4.1 Firewalls
4.2 Intrusion Detection Systems (IDS)
4.3 Intrusion Prevention Systems (IPS)
4.4 Virtual Private Networks (VPNs)
4.5 Network Segmentation
4.6 Proxy Servers
4.7 Network Address Translation (NAT)
4.8 Wireless Security
4.9 Network Access Control (NAC)
4.10 Unified Threat Management (UTM)

5.0 Encryption and Cryptography
5.1 Definition of Cryptography
5.2 Symmetric Encryption
5.3 Asymmetric Encryption
5.4 Hash Functions
5.5 Digital Signatures
5.6 Public Key Infrastructure (PKI)
5.7 SSL/TLS Protocols
5.8 Encryption Algorithms
5.9 Key Management
5.10 Common Cryptographic Attacks

6.0 Authentication and Access Control
6.1 Authentication Methods
6.2 Password Security
6.3 Multi-Factor Authentication (MFA)
6.4 Biometrics
6.5 Authorization vs Authentication
6.6 Access Control Models (DAC, MAC, RBAC)
6.7 Directory Services (LDAP, Active Directory)
6.8 Single Sign-On (SSO)
6.9 Privileged Access Management
6.10 Identity Federation

7.0 Malware and Attack Techniques
7.1 Types of Malware (Virus, Worm, Trojan)
7.2 Ransomware
7.3 Spyware and Adware
7.4 Phishing Attacks
7.5 Social Engineering
7.6 Denial of Service (DoS)
7.7 Advanced Persistent Threats (APT)
7.8 Exploits and Payloads
7.9 Command and Control (C2)
7.10 Indicators of Compromise (IoCs)

8.0 Vulnerability Management
8.1 Vulnerability Assessment
8.2 Vulnerability Scanning Tools
8.3 Patch Management Processes
8.4 Common Vulnerabilities (CVEs)
8.5 Risk Ratings (CVSS)
8.6 Remediation Strategies
8.7 Zero-Day Vulnerabilities
8.8 Vulnerability Disclosure
8.9 Penetration Testing Basics
8.10 Reporting and Documentation

9.0 Security Policies and Procedures
9.1 Security Policy Types
9.2 Acceptable Use Policy
9.3 Incident Response Policy
9.4 Data Classification Policy
9.5 Password Policy
9.6 Remote Access Policy
9.7 Change Management Policy
9.8 Policy Enforcement
9.9 Policy Review Process
9.10 Policy Training

10.0 Incident Response
10.1 What is Incident Response
10.2 Incident Response Lifecycle
10.3 Preparation Phase
10.4 Detection and Analysis
10.5 Containment
10.6 Eradication
10.7 Recovery
10.8 Post-Incident Activities
10.9 Incident Response Team Roles
10.10 Reporting and Documentation

11.0 Security Operations Center (SOC)
11.1 SOC Overview
11.2 SOC Roles and Responsibilities
11.3 Security Information and Event Management (SIEM)
11.4 Log Management
11.5 SOC Processes
11.6 Threat Hunting
11.7 SOC Metrics
11.8 SOC Tools and Technologies
11.9 Outsourced vs In-house SOC
11.10 Future of SOCs

12.0 Security Awareness and Training
12.1 Importance of Security Awareness
12.2 Social Engineering Prevention
12.3 Phishing Simulation
12.4 Safe Browsing Practices
12.5 Password Hygiene
12.6 Mobile Device Security
12.7 Physical Security Awareness
12.8 Reporting Suspicious Activity
12.9 Security Training Methods
12.10 Measuring Awareness Effectiveness

13.0 Data Security and Privacy
13.1 Data Classification
13.2 Data Encryption
13.3 Data Loss Prevention (DLP)
13.4 Data Masking
13.5 Data Retention Policy
13.6 Privacy Principles
13.7 GDPR Overview
13.8 Data Disposal Methods
13.9 Secure Data Transmission
13.10 Insider Threats

14.0 Physical Security
14.1 Physical Security Controls
14.2 Access Control Systems
14.3 Surveillance Systems
14.4 Visitor Management
14.5 Environmental Controls
14.6 Hardware Security
14.7 Secure Areas
14.8 Physical Security Audits
14.9 Security Guards
14.10 Physical Security Policy

15.0 Cloud Security Fundamentals
15.1 Cloud Service Models (IaaS, PaaS, SaaS)
15.2 Cloud Deployment Models
15.3 Cloud Security Challenges
15.4 Shared Responsibility Model
15.5 Cloud Access Security Broker (CASB)
15.6 Cloud Encryption
15.7 Cloud Identity and Access Management
15.8 Cloud Compliance
15.9 Cloud Threats
15.10 Cloud Incident Response

16.0 Web Application Security
16.1 Introduction to Web Applications
16.2 OWASP Top Ten
16.3 SQL Injection
16.4 Cross-Site Scripting (XSS)
16.5 Cross-Site Request Forgery (CSRF)
16.6 Secure Coding Practices
16.7 Input Validation
16.8 Session Management
16.9 Web Application Firewalls (WAF)
16.10 Web Application Testing Tools

17.0 Mobile Device Security
17.1 Mobile Threat Landscape
17.2 Device Hardening
17.3 Mobile Application Security
17.4 Mobile Device Management (MDM)
17.5 Mobile Encryption
17.6 Bring Your Own Device (BYOD)
17.7 Mobile Malware
17.8 Secure App Development
17.9 Mobile Privacy
17.10 Mobile Forensics

18.0 Wireless Security
18.1 Wireless Network Types
18.2 Wireless Encryption Standards
18.3 Wi-Fi Authentication
18.4 Wireless Attacks (Evil Twin, Rogue AP)
18.5 Wireless Intrusion Detection
18.6 Wireless Security Best Practices
18.7 Bluetooth Security
18.8 Wireless Guest Networks
18.9 Wireless Device Management
18.10 Wireless Policy

19.0 Secure Network Design
19.1 Defense in Depth
19.2 Network Segmentation
19.3 DMZ Design
19.4 VLANs
19.5 Network Zoning
19.6 Redundant Network Design
19.7 Secure Remote Access
19.8 Secure Protocols
19.9 Network Hardening
19.10 Network Security Baselines

20.0 Security Monitoring and Logging
20.1 Log Sources
20.2 Log Collection
20.3 Log Analysis
20.4 SIEM Platforms
20.5 Correlation Rules
20.6 Alerting and Notifications
20.7 Log Retention
20.8 Log Integrity
20.9 Log Review Procedures
20.10 Compliance Logging

21.0 Patch and Configuration Management
21.1 Importance of Patch Management
21.2 Patch Management Process
21.3 Automated Patch Tools
21.4 Configuration Management Databases (CMDB)
21.5 Configuration Baselines
21.6 Change Management
21.7 Rollback Procedures
21.8 Patch Testing
21.9 Third-Party Patching
21.10 Patch Management Policy

22.0 Risk Management
22.1 What is Risk
22.2 Risk Assessment Process
22.3 Risk Identification
22.4 Risk Analysis
22.5 Risk Evaluation
22.6 Risk Treatment
22.7 Risk Appetite
22.8 Risk Register
22.9 Residual Risk
22.10 Risk Reporting

23.0 Business Continuity and Disaster Recovery
23.1 Business Continuity Planning (BCP)
23.2 Disaster Recovery Planning (DRP)
23.3 Business Impact Analysis (BIA)
23.4 Recovery Time Objective (RTO)
23.5 Recovery Point Objective (RPO)
23.6 Backup Strategies
23.7 Crisis Communication
23.8 Plan Testing
23.9 Plan Maintenance
23.10 Lessons Learned

24.0 Secure Software Development
24.1 Software Development Lifecycle (SDLC)
24.2 Secure Coding Guidelines
24.3 Static and Dynamic Analysis
24.4 Code Reviews
24.5 Threat Modeling
24.6 Secure Software Frameworks
24.7 DevSecOps
24.8 Application Security Testing
24.9 Secure Deployment
24.10 Software Supply Chain Security

25.0 Digital Forensics Fundamentals
25.1 What is Digital Forensics
25.2 Forensics Process
25.3 Evidence Collection
25.4 Chain of Custody
25.5 Forensic Tools
25.6 Disk Imaging
25.7 Memory Forensics
25.8 Network Forensics
25.9 Reporting Forensic Findings
25.10 Legal Considerations

26.0 Security Compliance and Standards
26.1 Importance of Compliance
26.2 PCI DSS
26.3 HIPAA
26.4 SOX
26.5 GDPR
26.6 ISO/IEC 27001
26.7 NIST Framework
26.8 Compliance Audits
26.9 Compliance Reporting
26.10 Regulatory Fines

27.0 Threat Intelligence
27.1 What is Threat Intelligence
27.2 Threat Intelligence Sources
27.3 Threat Feeds
27.4 Intelligence Cycle
27.5 Tactical, Operational, and Strategic TI
27.6 Threat Intelligence Platforms
27.7 Open-Source Intelligence (OSINT)
27.8 Threat Sharing
27.9 Threat Attribution
27.10 Threat Hunting

28.0 Security Testing
28.1 Vulnerability Assessment
28.2 Penetration Testing
28.3 Red Team vs Blue Team
28.4 Security Testing Tools
28.5 Social Engineering Tests
28.6 Wireless Security Testing
28.7 Web Application Testing
28.8 Physical Security Testing
28.9 Reporting Test Results
28.10 Remediation Planning

29.0 Insider Threats
29.1 Definition of Insider Threat
29.2 Types of Insiders
29.3 Motivations for Insider Threats
29.4 Insider Threat Indicators
29.5 Detection Techniques
29.6 Insider Threat Programs
29.7 Monitoring User Activity
29.8 Prevention Strategies
29.9 Insider Threat Case Studies
29.10 Legal and Ethical Issues

30.0 Social Engineering Attacks
30.1 What is Social Engineering
30.2 Phishing
30.3 Spear Phishing
30.4 Impersonation
30.5 Pretexting
30.6 Baiting
30.7 Tailgating
30.8 Vishing and Smishing
30.9 Social Engineering Prevention
30.10 Employee Training

31.0 Network Protocol Analysis
31.1 Protocol Analysis Fundamentals
31.2 Packet Capture Tools
31.3 TCP/IP Protocols
31.4 HTTP/HTTPS Analysis
31.5 DNS Analysis
31.6 SMTP Analysis
31.7 FTP/SFTP Analysis
31.8 Decoding Encrypted Traffic
31.9 Protocol Anomalies
31.10 Protocol Analysis Reporting

32.0 Security Architecture
32.1 Security Architecture Concepts
32.2 Security Models
32.3 Reference Architectures
32.4 Security by Design
32.5 Secure Network Design
32.6 Defense in Depth
32.7 Zero Trust Architecture
32.8 Segmentation Strategies
32.9 Security Controls Placement
32.10 Architecture Review

33.0 Secure Remote Access
33.1 Remote Access Technologies
33.2 Virtual Private Networks (VPN)
33.3 Remote Desktop Protocol (RDP)
33.4 Secure Shell (SSH)
33.5 Security Risks of Remote Access
33.6 Remote Access Policies
33.7 Multi-Factor Authentication for Remote Access
33.8 Endpoint Security
33.9 Monitoring Remote Access
33.10 Remote Access Best Practices

34.0 Endpoint Security
34.1 Endpoint Threat Landscape
34.2 Endpoint Protection Platforms (EPP)
34.3 Endpoint Detection and Response (EDR)
34.4 Antivirus and Anti-malware
34.5 Application Whitelisting
34.6 Host-based Firewalls
34.7 Patch Management for Endpoints
34.8 Device Control
34.9 Mobile Endpoint Security
34.10 Endpoint Security Policy

35.0 Identity and Access Management (IAM)
35.1 IAM Overview
35.2 User Provisioning
35.3 Access Reviews
35.4 Roles and Permissions
35.5 Identity Federation
35.6 Single Sign-On (SSO)
35.7 Privileged Access Management
35.8 IAM Tools
35.9 IAM Best Practices
35.10 IAM Policy

36.0 Secure Communications
36.1 Secure Email
36.2 Secure Messaging
36.3 Virtual Private Networks (VPNs)
36.4 Secure File Transfer
36.5 Encrypted Voice Communications
36.6 Email Encryption
36.7 Secure Web Browsing
36.8 Secure Protocols (HTTPS, SFTP, SSH)
36.9 Secure Instant Messaging
36.10 Secure Collaboration Platforms

37.0 Security in Virtualized Environments
37.1 Virtualization Basics
37.2 Hypervisor Security
37.3 Virtual Machine Security
37.4 Virtual Networking
37.5 Snapshot Management
37.6 VM Sprawl
37.7 Virtualization-specific Threats
37.8 Virtualization Best Practices
37.9 Containerization Security
37.10 Virtualization Policy

38.0 Application Security
38.1 Application Threats
38.2 Secure Coding Standards
38.3 Input Validation
38.4 Output Encoding
38.5 Authentication and Session Management
38.6 Application Testing Tools
38.7 Patch Management for Applications
38.8 Application Hardening
38.9 Web Application Firewalls (WAF)
38.10 Application Security Lifecycle

39.0 Security Automation and Orchestration
39.1 Security Automation Overview
39.2 Security Orchestration Platforms
39.3 Automated Incident Response
39.4 Automated Threat Intelligence
39.5 Automation Scripting
39.6 Continuous Monitoring
39.7 Automated Compliance Checks
39.8 Integration with SIEM
39.9 Challenges of Automation
39.10 Security Automation Best Practices

40.0 Secure Backup and Recovery
40.1 Importance of Backups
40.2 Backup Types
40.3 Backup Strategies
40.4 Backup Encryption
40.5 Backup Testing
40.6 Disaster Recovery Integration
40.7 Offsite and Cloud Backups
40.8 Backup Retention Policies
40.9 Backup Monitoring
40.10 Secure Data Restoration

41.0 Security Auditing
41.1 Audit Basics
41.2 Types of Audits
41.3 Audit Planning
41.4 Audit Trails
41.5 Log Review
41.6 Compliance Auditing
41.7 Technical Controls Audit
41.8 Physical Controls Audit
41.9 Audit Reporting
41.10 Audit Follow-Up

42.0 Security Metrics and Reporting
42.1 Importance of Metrics
42.2 Types of Security Metrics
42.3 Key Performance Indicators (KPIs)
42.4 Security Dashboards
42.5 Metrics Collection Tools
42.6 Reporting Frequency
42.7 Custom Reports
42.8 Executive Reporting
42.9 Metric Interpretation
42.10 Metrics Improvement

43.0 Emerging Cybersecurity Technologies
43.1 Artificial Intelligence in Security
43.2 Machine Learning Applications
43.3 Blockchain Security
43.4 Internet of Things (IoT) Security
43.5 Quantum Computing Threats
43.6 Cybersecurity Automation
43.7 Threat Intelligence Advancements
43.8 Security in 5G Networks
43.9 Secure DevOps (DevSecOps)
43.10 Future Trends

44.0 Privacy Principles
44.1 Definition of Privacy
44.2 Privacy by Design
44.3 Data Minimization
44.4 Consent Management
44.5 Data Subject Rights
44.6 Privacy Impact Assessments
44.7 Privacy Breach Notification
44.8 Privacy Regulations
44.9 Third-Party Privacy
44.10 Privacy Training

45.0 Security Governance
45.1 What is Security Governance
45.2 Governance Frameworks
45.3 Security Leadership
45.4 Security Committees
45.5 Policy Development
45.6 Compliance Monitoring
45.7 Risk Oversight
45.8 Governance Metrics
45.9 Security Culture
45.10 Governance Reporting

46.0 Human Factors in Cybersecurity
46.1 Human Error in Security
46.2 Security Awareness
46.3 Social Engineering Risks
46.4 Insider Threats
46.5 User Behavior Analytics
46.6 Security Training Programs
46.7 Phishing Simulations
46.8 Psychological Aspects
46.9 Reducing Human Risk
46.10 Building Security Culture

47.0 Legal and Ethical Issues in Cybersecurity
47.1 Cybercrime Laws
47.2 Intellectual Property
47.3 Data Protection Regulations
47.4 Digital Evidence
47.5 Lawful Intercept
47.6 Ethics in Hacking
47.7 Reporting Security Incidents
47.8 Responsible Disclosure
47.9 International Laws
47.10 Legal Case Studies

48.0 Security Project Management
48.1 Project Management Basics
48.2 Security Project Planning
48.3 Project Risk Management
48.4 Budgeting and Resources
48.5 Project Scheduling
48.6 Stakeholder Communication
48.7 Project Documentation
48.8 Project Monitoring
48.9 Project Closure
48.10 Lessons Learned

49.0 Cybersecurity Careers and Certifications
49.1 Cybersecurity Job Roles
49.2 Skills Required
49.3 Career Pathways
49.4 Entry-Level Jobs
49.5 Advanced Roles
49.6 Certification Overview
49.7 GIAC Certifications
49.8 Other Major Certifications
49.9 Continuing Education
49.10 Professional Organizations

50.0 Review and Exam Preparation
50.1 GFACT Exam Structure
50.2 Sample Exam Questions
50.3 Exam Study Tips
50.4 Time Management Strategies
50.5 Practice Exams
50.6 Reviewing Weak Areas
50.7 Using Study Groups
50.8 Test-Taking Techniques
50.9 Exam Day Preparation
50.10 Continuing Education After GFACT