Cyber Threat Management

Scope and Sequence

Version 1.0

© 2023 Cisco and/or its affiliates. All rights reserved. Page 1 of 6

 Contents
Target Audience 3

Prerequisites 3

Certification Alignment 3

Course Description 3

Course Objectives 3

Equipment Requirements 4

Course Outline 4

© 2023 Cisco and/or its affiliates. All rights reserved. Page 2 of 6

 Target Audience
The Cyber Threat Management course is appropriate for learners with a high school reading proficiency, basic
computer literacy, and interested in pursuing an entry-level job in the field of cybersecurity.

Prerequisites
There are no prerequisites for this course, although learners should have the following basic skills:
• Basic PC operating system navigation skills
• Knowledge of TCP/IP networking including network protocols, services, and processes

While not required, it is recommended that learners complete the following courses within the cybersecurity
learning path:
• Introduction to Cybersecurity
• Network Essentials
• Endpoint Security
• Network Defense

Certification Alignment
This course, from the Junior Cybersecurity Analyst Career Path, aligns with the CCST Cybersecurity Certification
(formerly known as IT Specialist Cybersecurity certification from Certiport).

Course Description
Cyber Threat Management has many features to help learners understand security concepts. The course design
includes:

• Six modules comprised of key topics.

• Modules emphasize critical thinking, problem solving, collaboration, and the practical application of skills.
• Each module contains practice and assessment activities such as a Check Your Understanding activity, a lab,
or an activity using our network simulation tool, Cisco® Packet Tracer.
• Topic-level activities are designed to indicate a learner’s mastery of course skills, enabling learners to gage
understanding before taking a graded quiz or exam.
• Language describing concepts is designed to be easily understood by learners at a high school level.
• Assessments and practice activities focus on specific competencies are designed to increase retention and
provide flexibility in the learning path.
• Multimedia learning tools, including videos and quizzes, address a variety of learning styles, stimulate
learning, and promote knowledge retention.
• Labs and Packet Tracer simulation-based activities help learners develop critical thinking and complex
problem-solving skills.

© 2023 Cisco and/or its affiliates. All rights reserved. Page 3 of 6

 • Innovative assessments provide immediate feedback to support the evaluation of knowledge and skills.
• Technical concepts are explained using introductory-level language.
• Embedded interactive activities break-up reading of large content blocks and reinforce understanding.
• The course emphasizes applied skills and hands-on experiences, while encouraging learners to consider
additional Information Technology (IT) education.

Course Objectives
Cyber Threat Management introduces important foundational concepts in cybersecurity such as ethics and
governance, network security testing, threat intelligence, endpoint vulnerability assessment, risk management, and
post incident response. By the end of the course, learners will be prepared to participate in a wide range of threat
management and incident response activities as a member of a cybersecurity operations team.

The course material will assist you in developing learner skills, including:
• Create documents and policies related to cybersecurity governance and compliance.
• Use tools for network security testing.
• Evaluate threat intelligence sources.
• Explain how endpoint vulnerabilities are assessed and managed.
• Select security controls based on risk assessment outcomes
• Use incident response models and forensic techniques to investigate security incidents.

Equipment Requirements
Cyber Threat Management hands-on labs require equipment found in most home networks. Any lab that requires a
more complex networking environment uses Packet Tracer, the network simulation tool.

Software
• Oracle Virtual Box
• Lab virtual machine OVA files
• Packet Tracer 8.0.1 or higher

Optional Lab Equipment

• Microsoft Windows host

Course Outline
Table 1 details the modules and their associated competencies. Each module is an integrated unit of learning that
consists of content, activities, and assessments that target a specific set of competencies. The size of the module
depends on the depth of knowledge and skill needed to master the competency.

Table 1: Module Title and Objective

Module Title / Topic Title Objective

Module 1: Governance and Compliance

© 2023 Cisco and/or its affiliates. All rights reserved. Page 4 of 6

 1.0 Governance and Compliance Create documents and policies related to cybersecurity
governance and compliance.

1.1 Governance Create cybersecurity policy documents.

1.2 The Ethics of Cybersecurity Create a personal code of ethical conduct.

1.3 IT Security Management Framework Evaluate security controls.

Module 2: Network Security Testing

2.0 Network Security Testing Use tools for network security testing.

2.1 Security Assessments Use commands to gather network information and diagnose
connectivity issues.

2.2 Network Security Testing Techniques Describe the techniques used in network security testing.

2.3 Network Security Testing Tools Describe the tools used in network security testing

2.4 Penetration Testing Describe how an organization uses penetration testing to

evaluate the security of the system.

Module 3: Threat Intelligence

3.0 Threat Intelligence Evaluate threat intelligence sources.

3.1 Information Sources Evaluate information sources used to communicate emerging

network security threats.

3.2 Threat Intelligence Services Describe various threat intelligence services.

Module 4: Endpoint Vulnerability Assessment

4.0 Endpoint Vulnerability Assessment Explain how endpoint vulnerabilities are assessed and
managed.

4.1 Network and Server Profiling Explain the value of network and server profiling.

4.2 Common Vulnerability Scoring System (CVSS) Explain how CVSS reports are used to describe security
vulnerabilities.

4.3 Secure Device Management Explain how secure device management techniques are used
to protect data and assets.

Module 5: Risk Management and Security Controls

5.0 Risk Management and Security Controls Select security controls based on risk assessment outcomes.

5.1 Risk Management Explain risk management.

5.2 Risk Assessment Calculate risks.

5.3 Security Controls Evaluate security controls according to organization

characteristics.

© 2023 Cisco and/or its affiliates. All rights reserved. Page 5 of 6

 Module 6: Digital Forensics and Incident Analysis and Response

6.0 Digital Forensics and Incident Analysis and Response Use incident response models and forensic techniques to
investigate security incidents.

6.1 Evidence Handling and Attack Attribution Explain the role of digital forensic processes.

6.2 The Cyber Kill Chain Identify the steps in the Cyber Kill Chain.

6.3 The Diamond Model of Intrusion Analysis Use the Diamond Model of Intrusion Analysis to classify
intrusion events.

6.4 Incident Response Apply the NIST 800-61r2 incident handling procedures to a
given incident scenario.

6.5 Disaster Recovery Use commands to back up files and restore network
operations.

© 2023 Cisco and/or its affiliates. All rights reserved. Page 6 of 6