• Online, Self-Paced
Course Description

You can probably think of at least one major account security breach you've heard about. When a security breach happens, it puts your customers, assets, and entire reputation at risk, so knowing how to identify and respond to potential attacks can be the difference between an organization's continued success or complete failure. In this course, you'll learn about enhancing user account security by establishing logon, logoff, and advanced password management protocols. You'll also learn about safe and secure policies for advanced user account management such as account change and reset practices. Finally, this course covers effective best practices for handling user account security breaches, such as neutralizing attacks, and safely handling compromised systems to limit any further damage to your systems, network, and other user assets.

Learning Objectives

Secure Logon Policies

  • start the course
  • describe the characteristics and purpose of the logon feature
  • identify best practices during development to secure site logon
  • use Secure Sockets Layer or SSL to enhance logon security
  • identify best practices for managing multiple simultaneous sessions from the same user
  • distinguish between the common types of attacks on logon pages
  • describe best practices for detecting and preventing logon fraud

Secure Logoff Policies

  • identify the purpose and characteristics of implementing logoff requirements
  • identify the best practices and purpose of session expiry
  • identify the characteristics and best practices for remote logoff procedures
  • describe the purpose and techniques for implementing Cross-Site Request Forgery or CSRF protection on the logoff feature

Secure Password Storage Policies

  • describe best practices for password storage policies
  • identify the best practices for hashing passwords for storage

Secure Password Reset Policies

  • identify the characteristics and purpose of password reset
  • identify the best practices for implementing timed password resets
  • describe the best practices for strengthening password reset with verification questions
  • identify the benefits and challenges of using password hints and best practices

Secure Account Change Policies

  • describe the characteristics of account detail changes and how and why they carry risk of attack
  • identify the specific account attributes that hackers target
  • describe the best practices for using password verification during account change activities
  • identify the best practices for implementing user account change notifications
  • identify the best practices for confirming user account changes with users

Mitigating Risk from Successful Attacks

  • identify the best practices for dealing with compromised systems after a successful security attack
  • identify the best practices when collecting evidence and information after a successful attack
  • describe the best practices for neutralizing user account security attacks

Practice: Establish Secure Account Access Policies

  • identify appropriate logon, logoff, and account change policies, and describe the best practices for responding to account compromise

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Cyber Defense Analysis
  • Cyber Defense Infrastructure Support
  • Cybersecurity Management
  • Systems Architecture
  • Vulnerability Assessment and Management