2015 Security University Sondra Schneider Security University July 2015 i
SECURITY UNIVERSITY STUDENT HANDBOOK 510 SPRING STREET SUITE 130, HERNDON VA 20170 JULY 2015 The Student Handbook is edited & published by the CEO of Security University, a non-degree granting intuition. It serves as a general source of information for Security University students. The information in the Handbook should not be regarded as a contract* between the students and Security University. All information is subject to change without warning. *except where indicated. This handbook supersedes all other previous editions of the student handbook. Should there be any questions or the need for clarification, please contact the CEO of Security University. Students enrolling in a course need to have a sufficient background to be able to take the course. Certified to Operate by State Council of Higher Education for Virginia (SCHEV) ii
Table of Contents A Message from the CEO... 2 Why Qualification Matters... 3 Welcome... 4 Education Mission and Objectives... 4 History... 5 Pre-requisites... 5 Criteria for Student Enrollment... 5 Active Student Policies... 5 Attendance Policy... 5 Satisfactory Class Progress... 6 Previous Credit Hours and Certification Policy... 6 Transfer of Security University Course Hours... 6 Student Communication Plan... 6 Priority of Service Policy for Veterans and Eligible Spouses... 6 Financial Aid, Loans, or Scholarships and Tuition Assistance... 7 Refunds... 7 Students with Disabilities... 7 Conduct Policies... 7 Code of Conduct... 7 Academic Integrity... 8 Copyright Policy... 8 Non-Discrimination and Harassment Policy... 8 Reporting Violations... 9 Disciplinary or criminal activity... 9 Student Records... 9 Storage... 9 Public Records Containing Sociological Information... 9 Website Access Policy... 10 Opt-Out... 10 Holidays... 10 Grievances... 10 Placement... 10 SU graduate certification verification... 11 July 2015 STUDENT HANDBOOK 1
Equipment... 11 Smoking Regulations... 11 Public Health and Safety... 11 Exam Locations... 11 Certificate of Mastery CoM... 12 Qualification Mark Qualified/ Information Security Professional (Q/ISP)... 12 Q/ISP Class Descriptions... 13 Website Disclaimer... 19 estudy online quizzes and e-resources... 19 Legal Disclaimers... 19 Application for SUT Security University Testing Q/ISP, Q/IAP, Q/SSE, and Wireless Credential... 19 This handbook supersedes all other previous editions of the student handbook. Should there be any questions or the need for clarification, please contact the CEO of Security University. Students enrolling in a course need to have a sufficient background to be able to take the course. Certified to Operate by State Council of Higher Education for Virginia (SCHEV) Security University IT Security Skills Q/ISP Qualified TacticalSkills Qualified Pyramid Hands onpractical Reports Tactical Experience Hands On Q/ISP Certifications Q/EH Q/SA Q/PTL Q/FE, Q/ND CISSP MCSE GIAC CEH CompTIA A+ Security+ Network+ Administrator Skills www.securityuniversity.net July 2015 STUDENT HANDBOOK 2
A Message from the CEO Why Qualification Matters SU seeks to remove barriers so that students can become successful, lifelong learner cybersecurity professionals. This handbook will help you the non-traditional student in the pursuit of that goal. In a world fraught with security threats, the need for skilled and knowledgeable information security cyber professionals has never been greater. Each SU class is 5 days /40 hours of intense learning mashed with massive amounts of hands-on labs/ performance based cyber education and not for the faint of heart. Student experience in the field is an important component and valuable to employers. But experience isn t enough. Employers need something quantifiable and verifiable to show them their staff (student) is competent to do the task/ job with hands on expertise from rigorous labs. Here at SU, they will live the dream of being a Qualified Cyber Security Professional. Since 1999 SU established Qualification standards, and adherence to these standards is as critical as NSA s CNSS Standards and fast becoming indispensable to the Information Security, Assurance & Cybersecurity Professional. SU believes everyone should have options to pursue professional education and certifications that allow them to be qualified, validated cybersecurity professionals. This means access to an institution that offers high quality performance based courses taught by highly qualified experts in information/cybersecurity that are capable of qualified and validating the cybersecurity skills goals of our students. SU classes teach a process and methodology for cybersecurity professionals that cultivate vastly effective learning and retention. This provides large corporations and governmental agencies worldwide the opportunity to hire highly qualified, certified and validated cybersecurity practitioners who have mastered cybersecurity skills and expertise in many critical areas of the infrastructure. These performance based educated cybersecurity students have a higher earning potential and expanded career opportunities. Moreover, being qualified and certified with validated hands on cyber security skills makes a statement about who you are and recognized as a serious, knowledgeable and dedicated cyber threat professional part of a globally recognized family of qualified and validated cybersecurity professionals. At SU, we believe in continuous quality improvement. As you review the courses and materials in this handbook, please let us know how we could work better for you. SU exists to serve our students; please challenge us about how we can do an even better job with that service. Best wishes for a successful educational undertaking. Sincerely, Sondra J Schneider CEO and Founder, Security University July 2015 STUDENT HANDBOOK 3
Welcome Security University (SU) is a non-degree granting University. Students enrolling in a course need to have a sufficient background to be able to take the course. This Student Handbook is intended to serve as a general guide for current and prospective SU students and includes information about SU and links to several policies students may need to access throughout their association with SU. And designed in conjunction with the SU Class Schedule http://www.securityuniversity.net/scheddate.php that includes links: to class time, location, syllabus, pre-requisites, method of delivery, method of evaluation, pass/fail grading and any additional information you require to make a class selection decision. This handbook does not constitute a contract between SU and any party or parties. Reasonable effort is used to ensure the factual accuracy of the information. This handbook is not a complete statement of all policies, procedures, rules, regulations, and certificate requirements. SU reserves the right to make changes and additions to the information in this handbook without prior notice. When a curriculum or certification requirement changes, it is not made retroactive unless the change is to the students advantage and can be accommodated within the span of years normally required for certification. Information on the Q/ISP Credential can be found @ http://www.securityuniversity.net/sut/ataglance.php As a non-degree granting institution SU advertises highly qualified performance based "certification classes that lead to certification. Students can take a single class or multiple classes depending on their particular interest or requirement to satisfy a specific certification for employment or professional determination. SU classes that include an (optional) exam onsite are proctored by SU for third party testing providers such as Pearson Vue and Testrac. Education Mission and Objectives The mission of SU is striving to provide our students with the highest quality information security education available through our CyberSecurity, Information Security, and Information Assurance Certification training for IT Security Professionals Worldwide. The objective is to lead the cybersecurity professional education industry by delivering hands-on performance based computer security training, education and certifications to qualify and validate cybersecurity professionals. July 2015 STUDENT HANDBOOK 4
History Since 1999, Security University (SU) has led hands-on computer security training & education. SU was the first to deliver "security analysis penetration testing" classes and certifications that validate tactical security skills. SU provides cybersecurity professionals a complete hands-on mastery curriculum to secure infrastructures, qualify and validate performance based cybersecurity skills. The SU s non degree CyberSecurity Certificate of Mastery (CoM) practical s were born from IS professionals who need to prove they are not just certified, but "Qualified" and validated to perform their job. Committee on National Security Systems (CNSS) achievement Security University Certification classes have earned the highest CNSS 4016A approval. From 2006 until 2017 the SU Q/EH, Q/SA, Q/PTL, Q/FE, Q/ND, Q/CA, Q/AAP, Q/WP, Q/SSE courseware submission has been certified as mapping 100% to the Committee on National Security Systems (CNSS) National Standards 4011, 4012, 4013, 4015 and 4016E I & A. 4011 Information Systems Security Professional 4012- Senior Systems Managers 4013- System Administrators 4015 System Certification Agent. 4016 E, I A Risk Analysis Advanced Admissions and Enrollment Pre-requisites Students enrolling in a course need to have a sufficient (TCP/IP) background to be able to take the course. If for some reason an uninformed student pays for a class before speaking with the CEO or career specialist, and does not have the requisite TCP/IP knowledge, SU will immediately void the student s credit card charge. If a student selects the wrong class, a simple re-registration into the correct class will be advised. Criteria for Student Enrollment All Students are required to register online at the SU website REGISTER ME section (https://www.securityuniversity.net/reg.php) for classes. The student agrees to pay SU fees indicated and adhere to the SU polices. Students must provide evidence, a phone discussion with CEO pre-class, an email, or other documentation of an understanding of TCP/IP Protocols pre class. Student responsibilities include adhering to the registration requirements. SU class attendance tracking begins the first day of class by signing in (and out) each day of class. A student graduates class and is considered a completer based on 95% class attendance (40-hours) and classroom participation in agenda and lab activities. Active Student Policies Attendance Policy All students are expected to attend 95% of class which runs from 7:45am - 5pm unless otherwise noted. During the first hour of each day instructors review information critical to student success in the facility specific classroom / class (e.g. agenda, syllabi, handouts, daily schedule, class format, etc.). Students earn Continuing Education Units CEU or Continuing Professional Education CPE hours by attending class, participating quizzes and labs and adhering to class progress policy. July 2015 STUDENT HANDBOOK 5
Satisfactory Class Progress Students are required to make quantitative progress toward class completion. To achieve satisfactory class progress and become a completer, as stated above and each day in class, students must attend class no less than 95% of total class hours (40). "Completers" will receive a participation certificate from the school director. SU maintains and digitally stores all certificates forever. Student responsibilities include adhering to the registration requirements, signing in/out of class each day and participate in performance based agenda activities. Every student must complete a student evaluation at the end of each class. 1. Each student is required to maintain 95% satisfactory progress towards 40 class hours. 2. If an attendee fails to show up to class for more than 2 hours, they will be asked to re-schedule their class. For a 40- hour class, these are conditions for termination of Veteran s benefits due to unsatisfactory conduct or progress. Previous Credit Hours and Certification Policy SU does not accept previous credit hours to complete a course. Transfer of Security University Course Hours Course hours transfer to another school only if an existing articulation agreement with that school. Check with your enrollment advisor or CEO for a list of existing articulation agreements. Student Communication Plan SU CEO, staff and instructors communicate with student s weeks before class. SU emails pre and post enrollment information including class invoices & receipts, pre- class ebooks or reading materials, free practice tests and exam challenges as well as post class evaluations and practical reviews. Students are sent "critical information for their success email with next step information, based on their registration. By the first day of class students have received multiple emails from SU regarding class location, start time what to bring, study materials with tips and tricks. Students have discussed independent training roadmaps. During class instructors are available 7/24 via email and in the classroom 6:30 7pm daily. The CEO is available for pre/post class questions and answers the 877 support and emergency line. SU sends students info reminder emails 1 week prior to the start of class. SU fosters continuous improvement by asking students to communicate with instructors and faculty throughout classes and practical s by asking a few times a day if they have any questions to ensure students satisfaction. Lastly in order for a student to receive a Student completion certificate, each student must complete a class evaluation which is sent to the CEO/ instructor to be forwarded to the CEO for review and reply. SU faculty are available as needed by email before and after class as well as until the completion of class. Questions can be emailed to faculty members 24/7, and they will answer within 24 hours. Priority of Service Policy for Veterans and Eligible Spouses Security University acts in accordance with the implementation of the Veterans' Priority Provisions of the "Jobs for Veterans Act" (PL107-288). What is Veterans Priority of Service? This act states that qualified veterans and eligible spouses receive priority services over non-veterans. If a student meets the eligibility criteria, they must self-identify upon application for enrollment. This way the priority of service may be implemented over the full range of the services available including, but not limited to registration and training. To determine if you meet these criteria, please contact your enrollment advisor, CEO or the School Director. You are a "Covered Person" and are entitled to Priority of Service if: You served in the military or air service, were discharged or released under conditions other than dishonorable as specified in 38 U.S.C 101(2); Active service includes full time National Guard or a Reserve component, other than full time duty for training; or you are the spouse of any veteran that died of a service connected disability; or any member of the armed forces service on active duty who, at the time of application for the priority, is listed as one or more of the following categories and has been so listed a total of more than 90 days: missing In Action, captured in line of duty by a hostile force, forcibly detained or interned in the line July 2015 STUDENT HANDBOOK 6
of duty by a foreign government. Any veteran who has a total disability resulting from a service connected disability, as evaluated by the Veterans Administration, Any veteran who died and a total disability (service connected), as evaluated by the Department of Veteran Affairs, was in existence. Financial Aid, Loans, or Scholarships and Tuition Assistance No Financial AID, Loans or Scholarships are provided at SU at this time. Refunds A prospective or current student may cancel their enrollment at any time and refunded 100% of their course fee. A student may cancel and request a refund any time prior to the first class day and through the last day of class. Should a prospective or current student request to re-schedule for extenuating or unforeseen circumstances, SU requests the student re-register for the next class date at no additional charge at least by the first day of class, the sooner the better.su submits refunds within 30 days after receipt of a written request or the date the student last attended classes whichever is sooner. Students who cancels a 12 or 24 month v0upon or other volume discount offering will have their tuition recalculated to a per class fee for each class attended against the paid amount and SU will refund the difference. For the student who fails to complete the group of classes offered in the v0upon, SU calculates their refund as follows: The classes are refunded on a per class basis, classes are converted to their regular price, and each completed class is then deducted from the value paid for the v0upon. As an example: the v0upon may contain up to 23 classes. If offered on a class-by-class, these would cost $35,000 as opposed to the v0upon discounted value of $11,000. Because of the value of individual classes ($1,995 to $2,995), the v0upon has no refund value should the student drop after attending five classes. As such, there would be no refund. Alternatively, if a student drops after two classes they would be refunded the difference (e.g. $11,000 less a value of $3,998 for two classes taken generates a refund of $7,002 If students enrolled in a Platinum Pass or Platinum Plus CISSP Pass {each class fee is $2,995 or $14,975 for multiple classes} for $8,495. The Platinum Pass has no value should the student cancel or drop the remaining classes after the third class has been completed, there would be no refund. If the student attended 2 classes, there is a remaining value of $5,990 the student would be refunded $2,505, which is the difference of $5,990 and $8,495.00. SU reserves the right to cancel class at any time. If this happens, SU will refund the class fee in full if the class cannot be rescheduled. Security University s liability is limited to the class fee only. SU cannot be held liable for other related expenses, i.e., airfare, airline penalties, lodging, etc. Students with Disabilities SU strives to meet the needs of all students. If a student requires any special testing accommodations because of a temporary or permanent disability, please notify the Testing Center well in advance of student testing appointment or final exam session. Conduct Policies Code of Conduct The environment at SU is one of mutual respect. SU expects students in the classrooms to conduct themselves as mature adults at all times, and to follow the regulations necessary to maintain the standards of SU and its courses. Student Expectations: To exhibit good conduct in the classroom and community To complete the class in 5 days and complete the practicals in a timely and acceptable manner To demonstrate good attendance To follow the rules and regulations of SU July 2015 STUDENT HANDBOOK 7
To respect the facilities and equipment To remain respectful in the expression of opinions and ideas Maintain the safety of students at all times Misconduct is considered to be in conflict with the educational objectives of the school and thus subject to dismissal. Misconduct is cheating, forgery, plagiarism, furnishing false information, alteration of school documents, disruption, or obstruction of teaching or administration, physical abuse of any person on school premises, theft, or damage to school premises and property of other students, and use of alcoholic beverages and/or illegal drugs on school property. Any sexual misconduct in class will not be tolerated. The above misconduct is subject to disciplinary action. Academic Integrity As part of Security University s community of scholars, you are expected to hold the pursuit of learning and the search for truth in the highest regard while displaying unquestionable integrity and honesty. There is no place for academic dishonesty, regardless of any seeming advantage or gain that may accrue from such dishonesty. Students will be disciplined for any intentional act(s) of dishonesty in the fulfillment of course requirements and for intentionally representing as one s own, any ideas, writings and works of another without acknowledging that author. Copyright Policy SU will not tolerate the unauthorized reproduction of software or other copyrighted material by employees or students. Whether you call it borrowing, copying, sharing, or "fair use," software copyright infringement is illegal and puts SU's students, staff, and the university itself at risk for legal action. This policy defines software as any electronic copyrighted material, including but not limited to software applications, video, audio, or other data files. Students must adhere to the contractual obligations of this institution, and are expected to comply with all copyright laws. Any individual found to be in violation of this policy may be subject to discipline, and additionally may be held responsible in civil or criminal court. Non-Discrimination and Harassment Policy Students are advised of their right to pursue their education in a setting free of harassment or discrimination, and are expected to apply the same values to the staff and their peers. SU is committed to the principle of equal opportunity in its activities and classes and does not now allow, condone or support discrimination of any type within its organization, practices, procedures, or vendors. This policy also applies to SU employees, students, candidates, and supporters. SU is a non-political/ non-religious organization and will not tolerate coercion of any form. SU is committed to eliminating discrimination and harassment on the basis of race, religion, color, and creed. The policies and procedures are fair and equitable to students and shall comply with all applicable regulations and statutory requirements. Whether participating in an class or a qualification examination, whether as an employee, contractor, or a student, in the unlikely event a student feels they have been discriminated against for whatever reason (whether based on nationality, religion, sex, race, gender, disability, etc ), please notify SU at 877-357-7744, and in writing where possible, so that we may research the problem and correct it as soon as possible. If a student has any questions about this policy, please contact the SU as soon as possible. It is the policy of SU to be free of discrimination. For this reason, SU will not tolerate the harassment or retaliation of any staff, student, or visitor. Harassment consists of unwelcome conduct, including verbal, physical, or visible conduct that denigrates or shows hostility or aversion toward an individual because of the individual s race, color, religion, national origin, sex, age, disability, or any other basis protected by law. SU will promptly investigate all allegations of July 2015 STUDENT HANDBOOK 8
harassment and take proper steps towards resolving any allegations. Any student who is determined, after an investigation, to have engaged in harassment in violation of this policy will be subject to disciplinary action, up to and possibly including withdrawal. Reporting Violations Any person may report a violation to the CEO within a reasonable period of time of knowing of the alleged violation. All allegations will be treated as confidential. Persons making such allegations are required to provide information pertinent to the case and will normally be expected to provide information as requested and appear before the CEO as the complainant. Any alleged violation that also may violate a United States, Virginia, or local law should be immediately reported to the proper authorities. Disciplinary or criminal activity Standard of Due Process The CEO would refer the case to the local police to handle the initial inquiry if in the case of criminal activity. Any SU related non-criminal activity would focus on the guilt or innocence of the accused who has violated the Code of Conduct. Upon receipt of the allegation, the CEO will immediately inform the person accused, in writing, of the alleged Code of Conduct violation. Within 15 calendar days an investigation/ inquiry will be completed. All material reviewed will be considered confidential and shared only with those with a need to know. The CEO may communicate with the person accused and give him or her the opportunity to present any relevant evidence. However, the person accused will not have the right to see any information that violates the privacy rights of other students. The CEO will dismiss the allegation if the complainant has failed to comply with procedure. The allegations, even if true, do not constitute violation of the Code of Conduct; or there is no evidence of violation of this Code based upon the inquiry conducted by the administrator or designee(s). The complainant and the person accused will be notified of the decision in writing within 40 calendar days of the referral. The person accused may file an appeal Penalties for violations of disciplinary regulations include, but are not limited to: Expulsion: The student is permanently separated from SU. Suspension: The student is separated from SU for a specified period of time. The reporting of any violation of the Code of Conduct will result in the development of a student's disciplinary file. These records will be retained as permanent disciplinary records Student Records The official SU repository of student records is co-located in the CEO s office and the cloud. The repository holds registration information, student records and exam information (if any), attendance, certifications and transcripts. Student records are confidential and are only available to the student and the CEO. Student files may not be printed or removed by employees except with CEO authorization. All student records, certification certificates, and validation reports are backed up to cloud storage indefinitely. SU does not store student financial information. Storage SU maintains and digitally stores all student records, transcripts and certificates forever. Public Records Containing Sociological Information SU defines sociological information as any of the following information maintained by SU about a student, staff, University class, or event or using University facilities. SU shall deny access of the portion of a public record containing the following sociological information: records about an individual s personal history, class achievement; social security numbers; Personal addresses; personal phone numbers; information regarding employment status, including an employment application; military status; state residency status; any information obtained through surveys. In addition, access to student records also is guided by the SU's Policy on Disclosure of Student Records and the Family and Educational Rights and Privacy Act. July 2015 STUDENT HANDBOOK 9
Website Access Policy Per Security University's Website Access Policy, clients, students, employees are not authorized to: Modify Security University's Website for any reason. Interfere with its access by other users. Modify any Website database unless otherwise authorized. Access this Website for the purpose of using software classes that collect information for any purpose other than indexing of search engines. Obtain email addresses for unsolicited email. Obtain personal information that could result in directly contacting an individual for a non-legitimate reasons unless it s to verify their status as Security University's qualification holder. Attempt to gain access and control of host server. Launch an attack against any other Internet host. Harass Security University, its qualified clients or partner vendors. Access this Website for any purpose other than to obtain information regarding SU products and services. Any activity which exceeds authorization will be subject to criminal prosecution. Opt-Out SU maintains contact information on its students to communicate transactional information and sends promotional material promoting its classes, newsletters, training opportunities, and other offerings. If at any time a student does not wish to receive marketing materials, there is an Opt- out link included in every marketing e-mail or notify SU in writing. SU sends email to its students for Official Communications that convey important information regarding Qualification certification status & CPE advice and resources /dates and opportunities. If a Qualified/Information CyberSecurity Professional is in good standing, we do not allow students to opt out of 'Official Communication' messages. If student have any questions or concerns about emails, please contact us at 877-357-7744. Holidays Unless otherwise noted: New Year s Day, Memorial Day, July 4th, Labor Day, Thanksgiving and Christmas. Grievances Should a student have a conflict with Security University, the first step is to arrange a conference with the CEO. Once the CEO has determined this is an issue for a grievance committee, a Grievance committee is selected to respond to the complaint. Students may lodge a complaint either verbally or in writing to the instructor or compliance officer, outlining the details of the complaint. Remit the complaint immediately to the CEO. SU recognizes that any dispute that may arise should be resolved as quickly and as amicably as possible. The following procedures shall apply to the resolution of any dispute: Send an email to Grievances@securityuniversity.net with as much information and documentation of the situation as possible. Please include student full name, registered email address, and any other contact information appropriate. If the SU CEO cannot resolve the grievance, the CEO will select a student volunteer/advisor to compile the information and present it via e-mail to the SU CEO along with recommendations on how to resolve the grievance in a fair manner. The SU CEO will send the student an e-mail response within 15 days with an explanation the decision. As a last resort, students may also file complaints with the State Council of Higher Education for Virginia, James Monroe Building, 101 N. 14th Street, Richmond, VA 23219, Office: 804-371-2285, Fax: 804-225-2604, Website: www.schev.edu. Students will not be subject to unfair treatment or adverse actions as result of initiating a complaint proceeding. Graduate Policies Placement SU does not provide job placement services however SU does provide independent training plan consultation (upon request) to determine student s certification path to increase their interview opportunities before/ after class registration. SU is frequently requested to post cybersecurity job openings and career links to recruiters, websites, and advertise job opportunities (http://www.securityuniversity.net/classifieds.php). SU sends emails to current and prospective students with local and national career fair events. Upon registering for class, SU s CEO discusses each student s current certifications to determine an effective independent training plan to earn industry recognized certifications that increase interview opportunities that lead to employment. SU graduate website access - once students have earned their July 2015 STUDENT HANDBOOK 10
certifications - students have access to the SU Student web portal (under construction)for the purpose of reviewing their own qualification and submitting CPE credits (Continuing Professional Education) or validate their CISSP credentials, modify personal records, accesses information pertaining to their certification(s). SU graduate certification verification As an organization that qualifies individuals in performance based hands-on information security skills, SU is frequently requested to provide verification of a student class certificate or renewed certificate to verify an individual's assertion that they possess our qualification. It is an implied duty that SU will identify and attest to the qualified status of those individuals who have earned and possess SU qualification. Periodically, SU is asked by an employer to identify those employed by their organization who hold SU qualifications. We provide names of those SU students who list the requester as their employer. No information, other than name, is revealed, and it is provided only to the employer upon written request. Equipment SU uses equipment to teach classes. If a student requests to borrow any equipment, permission must be requested from the CEO. Software may not be copied or borrowed. Equipment availability is vital to the delivery of our courses and to student success. All equipment is inventoried prior to the start of each course to ensure adequate quantities are available for student use. Maintaining and preserving SU s equipment is an obligation of all students, faculty and staff of the organization. All computer/peripheral repairs must be immediately reported to the School Director/ CEO and sourced for repair. The will coordinate repair service. Often times, SU will have excess equipment available for use while a repair is in process. An inventory of all training related equipment- 1-2 Laptops per student for classroom use (only) SU requests students to bring their own computers to class for email. Including switches and wireless access points with capability to allow wired and wireless connectivity per student. Smoking Regulations The School is a non-smoking environment. Smoking is permitted in the designated areas outside the building. Public Health and Safety SU provides a clean, safe, and healthy place to learn. Students are expected to do their part by working safely, observing all posted safety rules and regulations and keeping the school labs and classrooms neat and clean. The policy of the School is that students should never take any personal risk in the performance of the job. The following are some special precautions that should be observed: Strangers in the facility: When classes are in session, no unauthorized individuals may be in the class rooms, all others must wait in the kitchen reception area, assuming they are waiting for students. Attending classes after normal hours or on weekends: When attending class after normal hours or on weekends, please keep student area locked and do not unlock student areas for anyone students do not know. The security personnel, the building personnel, and the maintenance people have their own keys. Above all, use caution and care in all situations. Report any accident, no matter how slight, to the CEO. Email and txt must be sent at once to CEO. Observe all warning signs. Keep aisles clear of materials and equipment. Be especially careful that cords do not obstruct walkways. Be alert to any safety hazards and report them immediately to the CEO. Should a student become ill or have an accident, the CEO should be notified at once. The seriousness of the illness or accident will be determined. At that time a decision will be made if the individual should be transported to a medical facility or if the paramedics should be called. Always use the rubber gloves (next to kitchen sink) if an accident involves blood or body fluids. Exam Locations SU proctors certification examinations on site during the week. If students are eligible to sit for a proctored exam and possess a physical disability that prohibits them from reading or writing the examination, please notify us, and we will gladly offer reasonable accommodation. July 2015 STUDENT HANDBOOK 11
Certificate of Mastery CoM Certificate of Mastery is achieved when a student completes a Q/PTL, Q/FE, Q/ND practical portion of their certification class. The CoM provides the only means of identifying, certifying and validating "qualified persons" who subscribe to a rigorous requirement for maintaining their knowledge and proficiency with hands-on practical competence that validates MASTERY level competence cyber security skills. Qualification Mark Qualified/ Information Security Professional (Q/ISP) What does the Q/ISP Logo Represent? The Q/ISP logo represents the highest level achievement for Qualified CyberSecurity Professionals. This custom logo honors qualified security professionals who have who have achieved the mastery level of validated performance based hands-on security skills. The Q/ISP Certificate and SU Certificate of Mastery (CoM) shows others you re qualified and have validated your performance based hands-on cyber security skills. The skull represents commitment and brains. The ribbons symbolize integrity and honor. The wings help you soar towards your true potential (& above the turkeys you work with). The 4 Aces & King cards attest that you've mastered tactical security skills to reduce risk. Bravo! You are a Qualified, Certified and Validated Cyber Security Professional. Security University Classes SU QISP Qualified Information Security Professional Certification Hours Cost (4 classes + 1 workshop classes) non degree Certificate of Mastery QISP001 Q/SA Qualified/ Security Analyst Penetration Tester 50 $2,995 QISP002 Q/PTL Qualified/ Penetration Tester License CoM 30 $2,995 QISP003 Q/EH Qualified/ Ethical Hacker 40 $2,995 QISP004 Q/ND Qualified/ Network Defender CoM 40 $2,995 QISP005 Q/FE Qualified/ Forensic Expert CoM 40 $2,995 SU QIAP Qualified Information Assurance Professional Certification non Hours Cost degree Certificate of Mastery QIAP001 Q/AAP Qualified Access, Authentication & PKI Professional 40 $2,995 QIAP002 Q/NSP Qualified Network Security Policy Administrator & SOA 40 $2,995 Security Oriented Architect QIAP003 Q/CA Qualified Certification & Accreditation Administrator class CoM 40 $2,995 QIAP004 DoD Information Technology Security Certification and Accreditation Process DITSCAP 40 $2,995 CISSP, SSCP & CompTIA Security+ Certification classes Hours Cost ISC2001 CISSP ISC2 Certification Class 40 $2,995 SSCP002 SSCP System Security Certified Professional 40 $2,995 ISC2003 ISSEP ISC2 Certification Class 40 $2,995 CISA001 SU CISA Training Class 40 $2,995 CISM001 SU CISM Training Class 40 $2,995 SSCP001 Security + 40 $2,995 Q/WP Qualified Wireless Professional Certificate of Mastery Hours Cost CWNP001 Q/ WP Qualified/ Wireless Professional Certification CWNA 40 $2,495 Test Prep CWNP002 Q/WSP Qualified Wireless Security Professional 40 $2,995 Certification CWSP Test Prep Q/WP003 Q/WAD Qualified/ Wireless Analyst and Defender Bootcamp 40 $3,490 July 2015 STUDENT HANDBOOK 12
CWNP004 Q/WP / Q/WSP Bootcamp Test prep CWNA / CWSP 80 $4,960 Qualified Wireless / Qualified Wireless Security Professional SU ISO27001 Certification Classes Hours Cost ISO001 Certified ISO 27001 ISMS Lead Auditor Certification Class 40 $2,995 ISO002 Certified ISO 27001 ISMS Lead Implementation Course 40 $2,995 SU QSSE Qualified Software Security Expert Certifications Hours Cost non degree CyberSecurity Certificate of Mastery QSSE001 Q/SSE Qualified Software Security Expert 5 Day Bootcamp 40 $2,995 QSSE002 Q/SSPT Qualified Software Security Penetration Tester 40 $2,995 QSSE003 Q/STP Qualified Software Testing Bootcamp 40 $2,995 QSSE004 How to Break & FIX Web Security 40 $2,995 QSSE005 How to Break & FIX Software Security 40 $2,995 QSSE006 Fundamentals of Secure Software Programming 40 $2,995 QSSE007 Q/SH/D Qualified Software Hacker / Defender 40 $2,995 QSSE008 Q/STBP Qualified Software Tester Best Practices 40 $2,995 QSSE009 Introduction to Reverse Engineering 40 $2,995 Qualified/ Computer Security Awareness Classes Hours Cost QSAP001 Qualified/ Internet Threat Security Awareness Training and 8 $995 Compliance For MGT QSAP002 Qualified/ Internet Security Awareness Training 8 $995 QSAP003 Qualified/ Security Hacking Certificate for Managers 16 $1,195 Specialty Security Classes Hours Cost QISP004 Mission Critical Certification 40 $2,995 MS008 MS2002 MCIT Certification 40 $9,995 Cyber Defense Analysis Training Classes Hours Cost QISP006 Catching the Hackers - Introduction to Intrusion Detection 24 $1,395 QISP008 Catching the Hackers II: Systems to Defend Networks 40 $2,995 QISP027 Linux/UNIX Security 40 $2,995 * Please see estudy online quizzes section below. Q/ISP Class Descriptions full class descriptions & syllabus located at http://www.securityuniversity.net/classes.php Q/ISP Qualified/ Information Security Professional Certification non degree Certificate of Mastery CoM Q/EH Qualified/Ethical Hacker Certification 40 Hours. Hands-on security skills #1-5 days of ethical hacking & professional security tester process & methodology. You will learn how security testing tools are used to scan, test & exploit systems from experts. Get shell, crack passwords live! Penetrate & exploit live targets to own the box! Of open source tools, hacker tips and tricks. Q/EH exam incl Q/SA Qualified/Security Analyst/Penetration Tester 40 hours. Hands-on Security Skills #2 5 days! Since 1999, the Best Pen Testing class, 90% hands-on labs. SU s Analysis & Pen Testing process & methodology is the step-by-step process to gather & analyze data & write the report. Discover & exploit vulnerabilities & privileges on multiple complex targets. This class sets a new standard for IA Cyber security skills says Army. Q/SA Exam included & 3 hour practical. Q/PTL Qualified /Penetration Tester License Certificate of Mastery Wk30 hours. July 2015 STUDENT HANDBOOK 13
Hands-on Security Skills #3 100% labs class that Validates and Qualifies your tactical security penetration testing skills from nightly live penetration testing training. 3 hours exploiting privileges on multiple complex targets that keep getting progressively harder. think your good? SU s Q/TPL is the only way to validate your vulnerability. Pen testing security skills and inspires UTMOST COMPETENCE to those you work with. Q/FE Qualified /Forensic Expert Certification of Mastery CoM 40 Hrs. Hands-on Security Skills #4 5 day Computer Forensic Expert. Basic to Adv. Live forensics. Locate, secure,& collect computer evidence using tools & auto analysis utilities. The Q/FE process & methodology preserves digital evidence & prepares you to be an expert witness. 20+ Live Labs, live system analysis, hard drive forensics, FTK, EnCase, Forensic Acquisition Utilities, DD, HB Gary & image programs. Exam included - Q/FE License Practical - 3 reports on 2 different types of evidence for court. Q/ND Qualified/ Network Defender Certificate of Mastery CoM 40 hrs. Hands-on Security Skills #5 Deep perimeter protection & analysis from threats. Manage malware & incidents while reducing risk. 90% Hands-on live labs - viruses, IDS & IPS s. Network Defense Security Skills taught every day for max impact to harden network devices & defend internal external networks. Q/ND Practical required. Exam included Q/IAP Qualified / Information Assurance Professional Certification Certificate of Mastery Q/AAP Qualified/ Access, Authentication & PKI Professional 40 Hrs. 5 days to show you how to build, implement & securely access PKI identity mgt systems. 15+ hands-on labs about digital identity, certificates,& encryption. Learn the impact of CP & CPS. Install multiple CA s, certificates, PGP and high assurance CA s BAH, ESC/DIWS. Certification/ Exam included Q/NSP SOA Qualified/Network Security Policy Administrator & SOA 40Hrs. 5-day Policy and SOA to answer every SOA question. Netcentric SOA can be achieved! Set & design SOA with security policies to build secure architectures. SOA requires a close review of current business processes. SOA template & case studies. Be netcentric. Certification Exam included Qualified C & A Certification & Accreditation Administrator 40 Hrs. Certificate of Mastery Cyber Security Skills# 5-4016A Certificate Approved NAVY Validator class. Get C&A. security skills to certify & validate systems. 30+ labs on security controls, Retina & Gold Disk ending with C&A validation practical. Step by step how to prepare for C&A. This class is for System Certifiers & Validators who need cyber security skills. The Practical Certificate lets others will know your qualified to validate systems. Exam Included CNSS No. 4011, 4012, 4015/ 4016A Risk NAVY VALIDATOR Cert CISSP SSCP, COMPTIA Security+, Certification's SU s CISSP ISC2 Training Class 40 Hrs. 5-day - Ken Cutler - Instructor led classes quiz /review/ quiz process engages you to strengthen weakest areas COMPTIA Security + Class 40 Hrs Master 8570 certs- communication security, infrastructure security, crypto, access control, authentication, external attack& ops & organization security. CISA 40 Hrs. ISACA primary cert for IS Auditor who oversee, manage & assess IS. CISM 40 Hrs. ISACA primary cert for IS pros who oversee, manage, design & assess IS. July 2015 STUDENT HANDBOOK 14
Q/WP Qualified Wireless Professional Certifications - Certificate of Mastery Q/ WP Qualified/ Wireless Professional Certification (CWNA Test Prep) 40 hrs 5 days of the best Wireless LAN Admin instructors hands down! 802.11 a/b/g/n wireless tech & spectrum analysis. 15+ Vendor neutral labs, SU escalating security workshops, policy integration, tons of wireless packet analysis with sniffer tools that provide wireless defense in-depth tool from AirTight,, CISCO, Fluke, AirHorn, WiSpy, Cognio. Q/WSP Qualified Wireless Security Professional Certification (CWSP Test Prep) 40 hrs 5-day hands-on class teaches how build secure wireless networks and defend from attacks. 13+ escalating hands-on labs. Stop unauthorized access, ID theft, hacking, and hijacking. Configure WAN bridges, EAP, security policies. Q/WP / Q/WSP Bootcamp Test prep CWNA / CWSP Bootcamp 80 hrs Qualified Wireless Professional Certification / Qualified Wireless Security Professional Certification 10 day combined Q/WP & Q/WSP class materials + CWNA & CWSP test prep. Class fees included Study Guides, EXAMS & PT. Vendor neutral, 40+ labs & SU Workshops. Wireless professional instructors lead you to hands-on certifications. Q/WAD Qualified/Wireless Analyst & Defender Bootcamp 40 Hrs. 100% Hands-on wireless testing & analysis w/ step-by-step wireless pen testing methods! Hey CWSPs Tons of testing tools! Get Qualified! Rogue capture, War Driving, Wi-Spy tools Learn to analyze & secure your wireless networks now! ISMS Lead Auditor ISMS 27001 Lead Implementer Certification 40 Hrs. 5 days, how to implement & conduct audits in accordance with the registration process for the ISO 27001:2005 standard. Exam ISMS 27001 Lead Auditor Certification 40 Hrs. 5 days, how to conduct audits in accordance with the registration process for the ISO 27001:2005 standard. Exam Software Security Training Certificate of Mastery Q/SSE Qualified/SW Security Expert Certification 40 Hrs. This 3-part, 5day class delivers the best of all of the Qualified Software Security Expert classes and more. It includes items that are defensive in nature (e.g. checking error return codes before using, other data structures that should have been created, or protecting against using a pointer after it has been released), process-related and risk- related, hacking and XSS. Also included are items on how to prevent attacks with a step-by-step process how to FIX software with counter measures that protect your code. 5 days, 4 of the best QSSEP classes + SDL threat modeling tools Q/SSPT Qualified/ SW Security Penetration Tester 40 Hrs. "How To Break Software," a step-by-step method to effectively test code software + MS Maturity & Capability Models, Threat Modeling Tools & SDL Optimization. Eradicating coding vulnerabilities when implications are not enough. How security & privacy requirements must accompany functional requirements. Q/ST Qualified /Software Testing Bootcamp 40 hrs "How To test Software," a step-by-step method to effectively test soft coding. Q/SSE How To Break and Fix Web Security 5-DAY 40Hrs. Beyond OWASP 19 web application attacks including attacking the client, state, data, fraud. July 2015 STUDENT HANDBOOK 15
Q/SSE How To Break & Fix Software Security 5-DAY 40 Hrs. Learn an applied non-rigid approach to break, test and fix software for common bugs and flaws in live applications. Fundamentals Of Secure software Programming 40 hrs Q/SSH Qualified / SW Security Hacker/ Defender 40 hrs Q/STBP Qualified/ SW/ Security Tester Best Practices 40 hrs + Practical Introduction to Reverse Engineering 40Hrs. Discover the complimentary techniques of static and dynamic code analysis. Qualified/ Computer Security Awareness Classes Qualified/ Internet Security Awareness Training and Compliance for Managers 8 Hrs. The ultimate goal of the SU Security Awareness and Compliance class for Management is to educate management about what to look for to reduce risks that every organization faces from lapses in security Qualified/ Security Awareness Training 8hrs. The ultimate goal of the SU Security Awareness class is to reduce the risk for your organization from becoming a victim of cybercrime through education and awareness. Our class content satisfies the awareness training requirements of a broad range of industries Qualified/ Security Hacking Certificate For Managers 16 Hrs. This 2-day Anti-Hacking Certificate class teaches IT & Computer Security Professionals how to be an Ethical Hacker while defending your network from malicious software like Trojans, viruses and phishing attempts. In this class you will see 15+ network & computer security tools. Specialty Security Classes Mission Critical Certification 40 Hrs. During our 5-day Microsoft Certified IT Professional (MCITP): Windows 7 Enterprise Desktop Support Technician Training Class, students will live, learn, and take the Microsoft exams on site. Cyber Defense Analysis Classes Catching the Hackers - Introduction to Intrusion Detection Systems 24 HRS. This three-day seminar investigates the strengths and weaknesses of network- and host-based intrusion detection systems (IDS). You will explore the leading IDS products on the market today. Catching The Hackers Ii: Systems To Defend Networks 40 Hrs + Practical Certificate of Mastery Intrusion detection systems (IDS) give you the ability to detect when your networks or systems are being probed or attacked, or if they have been compromised in some manner. This critical monitoring capability is an essential component in any comprehensive enterprise network security class. Linux Unix Security 40 Hrs. Linux essentials will prepare the next generation of IT workers to fill the must-have skills of the future: knowledge of multiple computing environments, knowledge sharing, open source basics, and a dedication to the profession. July 2015 STUDENT HANDBOOK 16
July 2015 STUDENT HANDBOOK 17
Security University Q/ISP Qualification Pass 125 - question Q/ISP on- line exam Q/ISP Exam ($250, video camera, SU certified proctor ) or Q/ISP Qualified Trustmark $2,995 5 days 35+ Labs Online Exam-- last day of course Exam Q/SA $2,995 Q/SA 5 days Daily Labs Online Exam --l ast day of course Exam Q/PTL $2,995 or $1,500 w Q/SA Four 3hr evening workshops See additional requirements $2,995 5 days Daily Labs Practical validation workshop Online Exam -- last day of course Exam $2,995 5 days 75% Labs Practicals Online Exam -- last day of course Exam July 2015 STUDENT HANDBOOK 18
Website & Marketing Materials Disclaimer The SU site contains links to other sites. SU is not responsible for any actions /policies of third parties. When students voluntarily disclose personal data (e.g. user name, email address) on the SU website that kept confidential never provided to 3 rd party partners. CISSP is a registered trademark of (ISC)2 SU CISSP Training classes are not endorsed or sponsored by (ISC)2 CEH CHFI are EC Council registered trademarks.su CWNA / CWSP Training classes are not endorsed or sponsored by CWNP estudy online quizzes and e-resources The estudy helps students develop flexible knowledge, effective problem solving, effective test taking skills, intrinsic motivation (which ultimately assists students with reading comprehension), content knowledge, and preparation for an examination. Working with the estudy learning aide helps them identify what they already know, what they need to know, and how and where to access new information that may lead to resolution of the question. estudy videos help students continue to study and access "video study guides" for post class. SU found that more students scored higher and were more advanced in subject comprehension when using the pre-class estudy ebooka and quizzes. Technology innovation is bringing change to the classroom and helping to extend learning to non-traditional students who make up the adult workforce. Our study shows that the average test result from students using ipad mobile devices score higher on their daily quizzes (which they can track online), instantly strengthen their weaker skills, and learn both thinking strategies and (increased) domain knowledge. This instructional tool is also a postclass tool, so when they have left the classroom they can go back to specific knowledge domains from the class video to help prepare for their exam or use after they become certified. estudy online quizzes prepare students for on-site class. Allowing student to study pre class preparing them for the intense 5 day class. Students do not earn time spent preparing for class outside of the classroom. SU does not provide remote independent study education. All SU Classes are instructor-led, in-person classes. Legal Disclaimers If any term, provision, covenant or condition of this Agreement is held by a court of competent jurisdiction to be invalid or unenforceable, the remainder of this Agreement shall remain in full force and effect and shall not be affected, impaired or invalidated. Nothing in this handbook shall be construed as establishing or implying any partnership between the parties hereto, and nothing in this handbook shall be deemed to constitute either of the Parties hereto as the agent of the other party or to commit the other party in any way whatsoever, without obtaining the other party's prior written consent. Application for SUT Security University Testing Q/ISP, Q/IAP, Q/SSE, and Wireless Credential Students applying for a SUT CREDENTIAL can go to http://www.securityuniversity.net/sut/ataglance.php for more information. Student Acknowledgement Form I have read and understand the contents of the student handbook and will act in accordance with the policies and procedures as a condition of my attendance with Security University located at 510 Spring Street Suite 130 Herndon VA. 20170 Print Name Date Signature July 2015 STUDENT HANDBOOK 19