Login     Signup
   info@zetlantechnologies.com        +91-8680961847

  /   CertNexus Certification   /   CIoTSP Certification

Certified IoT Security Practitioner

Certified IoT Security Practitioner (CIoTSP) upskills OT, IT, and Security teams by validating the knowledge and skills to secure network environments for IoT devices, analyze vulnerabilities and determine reasonable controls against threats, and effectively monitor IoT devices and respond to incidents.



Certified IoT Security Practitioner

Certified IoT Security Practitioner (CIoTSP) upskills OT, IT, and Security teams by validating the knowledge and skills to secure network environments for IoT devices, analyze vulnerabilities and determine reasonable controls against threats, and effectively monitor IoT devices and respond to incidents.

CIoTSP Jobs


  • Network Administrator
  • Software Development Engineer
  • Solution Architect
  • Product Manager
  • Application Developer
  • Cybersecurity Analyst
  • Platform Engineer
  • Production Engineer/Floor Technician
  • Web Developer
  • Database Developer
  • Cloud Engineer
  • IAM Administrator/Engineer





CIoTSP Exam Details

This exam will certify that the candidate has the foundational skill set of secure IoT concepts, technologies, and tools that will enable them to become a capable IoT Security practitioner in a wide variety of IoT-related job functions.



TARGET CANDIDATE

This certification exam is designed for practitioners who are seeking to demonstrate a vendor-neutral, cross-industry skill set that will enable them to design, implement, operate, and/or manage a secure IoT ecosystem

EXAM CODES

ITS-110


LAUNCH DATE

September 2018


SUNSET DATE

TBD


EXAM DURATION

120 minutes (including 5 minutes for Candidate Agreement and 5 minutes for Pearson VUE tutorial)

PASSING SCORE

60 or 61% depending on exam form


NUMBER OF ITEMS

100


ITEM FORMATS

Multiple Choice/Multiple Response


EXAM OPTIONS

In person at Pearson VUE test centers or online via Pearson OnVUE online proctoring







Certified IoT Security Practitioner ensures you have the skills to protect your network to and beyond the edge.

PROVE YOUR SKILLS

Validate a foundational knowledge of security concepts related to IoT.

LEAD KNOWLEDGEABLE IoT EXPERTS

Verify that applicants and team members have the requisite skills and ability to defend your network and respond when needed.






Internet of Things (IoT) Security Training


To be an effective IoT Security Practitioner, you require hands-on practice. CertNexus CIoTSP training covers IoT security concepts while providing ample opportunities to practice the required skills of an IoT security professional.







Course Details

1. Identify unsecure Web, Cloud, or Mobile Interfaces

  • Account enumeration
  • Weak default credentials
  • Injection flaws
  • Unsecure direct object references
  • Sensitive data exposure
  • CSRF
  • Unvalidated redirects and forwards
  • Session Management
  • Malformed URLs
  • Session replay
  • Reverse shell
  • Misconfiguration
  • Weak account lockout settings
  • No account lockout
  • Unsecured credentials
  • Lack of integration credentials on Edge devices

  • Change default passwords
  • Secure password recovery mechanisms
  • Secure the web interface from XSS, SQLi, or CSRF
  • Protect credentials
  • Robust password policies
  • Account lockout policies
  • Protect against account enumeration
  • 2FA if possible
  • Granular role-based access

  • Lack of password complexity
  • Poorly protected credentials
  • Lack of 2FA
  • Unsecure password recovery
  • Privilege escalation
  • Lack of RBAC
  • Unsecure databases and datastores
  • Lack of account lockout policy
  • Lack of access auditing
  • Lack of security monitoring
  • Lack of security logging

  • Granular access control
  • Password management
  • Ensure re-authentication is required for sensitive features
  • Event logging and IT/OT admin notification
  • Security monitoring

  • Vulnerable services
  • Buffer overflow
  • Open ports via UPnP
  • Exploitable UDP services
  • DoS/DDoS
  • DoS via network device fuzzing
  • Endpoint (address) spoofing
  • Packet manipulation/injection
  • Networking, protocols, radio communications
  • Port control
  • Secure memory spaces
  • DoS mitigation/DDoS
  • Secure network nodes
  • Secure field devices
  • Secure network pathways

  • Vulnerable data in motion
  • Vulnerable data at rest
  • Vulnerable data in use
  • Encrypt data in motion, at rest, and in use

  • Collection of unnecessary personal or sensitive information (PII, PHI, metadata)
  • Unsecured data in transit or at rest
  • Unauthorized access to personal information
  • Lack of proper data anonymization
  • Lack of data retention policies
  • Only collect critical data
  • Protect sensitive data
  • Comply with regulations/laws
  • Authorize data users
  • Data retention policies
  • Data disposal policies
  • End-user notification policies (GDPR)
  • Enable courtesy notifications to end users
  • Enable notifications as required by law

  • Poorly designed/tested software/firmware
  • Unsecure updates/patches
  • Firmware contains sensitive information
  • Lack of OTA updates
  • Constrained devices with non-existent security features
  • Lack of end-to-end solution
  • Software/firmware not digitally signed
  • Unsecure bootloader/boot
  • Unsecure key storage
  • Digitally signed updates
  • Remote update capability for, e.g., bootloader, firmware, OS, drivers, application, certificates
  • Secure updates/digitally signed updates
  • Root-of-trust/secure enclave
  • Secure bootloader/boot, measured boot

  • Access to software/configuration via physical ports
  • Access to or removal of storage media
  • Unprotected shell access for accessible ports
  • Unrestricted physical access to vulnerable devices
  • Easily disassembled devices
  • Protect data storage medium
  • Encrypt data at rest
  • Protect physical ports
  • Tamper-resistant devices
  • Limit physical access when possible
  • Hardened security for shell access
  • Limit administrative capabilities and access


Fees Structure : 22500 INR / 270 USD
Total No of Class : 84 Video Class
Class Duration : 76 Working Hours
Download Feature : Download Avalable
Technical Support : Call / Whatsapp : +91 8680961847
Working Hours : Monday to Firday 9 AM to 6 PM
Payment Mode : Credit Card / Debit Card / NetBanking / Wallet (Gpay/Phonepay/Paytm/WhatsApp Pay)

Brochure       Buy Now       Sample Demo

Fees Structure : 30500 INR / 365 USD
Class Duration : 60 Days
Class Recording : Live Class Recording available
Class Time : Monday to Firday 1.5 hours per day / Weekend 3 Hours per day
Technical Support : Call / Whatsapp : +91 8680961847
Working Hours : Monday to Firday 9 AM to 6 PM
Payment Mode : Credit Card / Debit Card / NetBanking / Wallet (Gpay/Phonepay/Paytm/WhatsApp Pay)

Download Brochure       Pay Online

Information Technologies

Why People Like us!

For over a decade, we have been on a mission: helping everyone grow up in IT Industry. Today, we are asking that you join us.

Read More

More Info

About Us Contact Us Privacy Policy Terms & Condition Refund Policy FAQs & Help

Account

My Account Course Details Shopping Cart Wishlist Order History Payment Details

Contact

Address: Chennai, Tamilnadu, India

Email: info@zetlantechnologies.com

Phone: +91 8680961847

Payment Accepted

Zetlan Technologies, All right reserved.