CSX Cybersecurity Fundamentals Study Guide

Executive Summary
Section 1:  Cybersecurity Introduction and Overview
	Topic 1—Introduction to Cybersecurity
	Topic 2— Difference Between Information Security and Cybersecurity
	Topic 3—Cybersecurity Objectives
	Topic 4—Cybersecurity Roles
	Topic 5—Cybersecurity Domains
	Section 1—Knowledge Check
Section 2:  Cybersecurity Concepts
	Topic 1—Risk
	Topic 2—Common Attack Types and Vectors
	Topic 3—Policies and Procedures
	Topic 4—Cybersecurity Controls
	Section 2—Knowledge Check
Section 3:  Security Architecture Principles
	Topic 1—Overview of Security Architecture
	Topic 2—The OSI Model
	Topic 3—Defense in Depth
	Topic 4—Firewalls
	Topic 5—Isolation and Segmentation
	Topic 6—Monitoring, Detection and Logging
	Topic 7A—Encryption Fundamentals
	Topic 7B—Encryption Techniques
	Topic 7C—Encryption Applications
	Section 3—Knowledge Check
Section 4:  Security of Networks, Systems, Applications and Data
	Topic 1—Process Controls—Risk Assessments
	Topic 2—Process Controls—Vulnerability Management
	Topic 3—Process Controls—Penetration Testing
	Topic 4—Network Security
	Topic 5—Operating System Security
	Topic 6—Application Security
	Topic 7—Data Security
	Section 4—Knowledge Check
Section 5:  Incident Response
	Topic 1—Event vs. Incident
	Topic 2—Security Incident Response
	Topic 3— Investigations, Legal Holds and Preservation
	Topic 4—Forensics
	Topic 5— Disaster Recovery and Business Continuity Plans
	Section 5—Knowledge Check
Section 6:  Security Implications and Adoption of Evolving Technology
	Topic 1—Current Threat Landscape
	Topic 2—Advanced Persistent Threats
	Topic 3—Mobile Technology—Vulnerabilities, Threats and Risk
	Topic 4— Consumerization of IT and Mobile Devices
	Topic 5—Cloud and Digital Collaboration
	Section 6—Knowledge Check
Appendices
	Appendix A—Knowledge Statements
	Appendix B—Glossary
	Appendix C—Knowledge Check Answers
	Appendix D—Additional Resources