Security Essentials (020-100)

Overview

The LPI Security Essentials certification is an introductory, vendor-neutral credential designed to provide end users and power users with the knowledge and skills to identify and respond to cybersecurity threats. As part of LPI’s Essentials track, this single-exam certification (exam code 020-100) covers a wide range of topics, including security concepts, encryption, device and storage security, network and service security, and identity and privacy protection. The course serves as a foundational component of a comprehensive cybersecurity awareness program, enabling participants to safely use digital infrastructure and contribute to organizational security.

Target Audience

This course is ideal for:

• End users and professionals seeking to enhance their cybersecurity awareness.
• IT staff needing foundational knowledge to support compliance and security policies.
• Students and enthusiasts interested in understanding digital security basics.
• Anyone preparing for the LPI Security Essentials certification exam (020-100).

Prerequisites

To succeed in this course, participants should have:

• Basic familiarity with computers and internet usage.
• An introductory understanding of IT concepts (preferred but not required).
• Access to a computer or device for practical exercises.

What You Will Learn

In this course, you will gain expertise in:

• Understanding security goals, risk assessment, and ethical behavior in IT.
• Applying encryption for web, email, and data storage security.
• Securing hardware, software, and networks against threats like malware.
• Protecting identity and privacy through authentication and secure communication.

Benefits of the Course

By completing this course, you will:

• Develop the ability to recognize and mitigate cybersecurity risks effectively.
• Earn a globally recognized certification to boost your professional credibility.
• Gain practical skills to protect personal and organizational digital assets.
• Build confidence in applying secure practices across diverse IT environments.

Course Outline

• Topic 021: Security Concepts
  • 021.1 Goals, Roles, and Actors
    The candidate will learn the importance of IT security. This includes an understanding of essential security goals as well as various actors and roles in the field of IT security.
  • 021.2 Risk Assessment and Management
    The candidate will learn how to find and interpret relevant security information. This includes understanding the risk of a vulnerability and determining the need, urgency, and appropriateness for a reaction.
  • 021.3 Ethical Behavior
    The candidate will understand the technical, financial, and legal implications of their behavior when using digital infrastructure. This includes understanding the potential harm caused by using security tools and common principles in copyright and privacy laws.
• Topic 022: Encryption
  • 022.1 Cryptography Public Key Infrastructure
    The candidate should understand the principles of symmetric and asymmetric encryption. Furthermore, the candidate should understand how digital certificates are used to associate cryptographic keys with individuals and organizations.
  • 022.2 Web Encryption
    The candidate should understand the principle of HTTPS. This includes verifying the identity of existing websites and understanding common browser error messages.
  • 022.3 Email Encryption
    The candidate should understand the principles of OpenPGP and S/MIME for email encryption. This includes handling one’s own and foreign OpenPGP keys and S/MIME certificates, as well as sending and receiving encrypted emails.
  • 022.4 Data Storage Encryption
    The candidate should understand the principles of file encryption and storage media encryption. Furthermore, the candidate should be able to encrypt data stored on local storage devices and in the cloud.
• Topic 023: Node, Device, and Storage Security
  • 023.1 Hardware Security
    The candidate should understand security aspects of hardware. This includes understanding various types of computer devices, their major components, and the security implications of devices that interact with a computer.
  • 023.2 Application Security
    The candidate should understand the security aspects of software. This includes managing software updates, protecting software from remote access, and understanding how to securely install software.
  • 023.3 Malware
    The candidate should understand the principles of various types of malware. This includes how they are installed on a device, their effects, and how to protect against them.
  • 023.4 Data Availability
    The candidate should be able to ensure the availability of their data. This includes storing data in appropriate devices and services and creating backups.
• Topic 024: Network and Service Security
  • 024.1 Networks, Network Services, and the Internet
    The candidate should understand how devices are connected to a local network and the threats resulting from physical media access. Furthermore, candidates should be able to connect to a wireless network securely.
  • 024.2 Network and Internet Security
    The candidate should understand how devices are connected to a local network and the threats resulting from physical media access. Furthermore, candidates should be able to connect securely to a wireless network.
  • 024.3 Network Encryption and Anonymity
    The candidate should understand the principles of virtual private networks (VPNs). This includes using a VPN provider to encrypt transmitted data and understanding anonymity on the Internet and TOR.
• Topic 025: Identity and Privacy
  • 025.1 Identity and Authentication
    The candidate should understand various concepts for proving their identity when using internet services. This includes using a password manager, multi-factor authentication, and awareness of common threats against individual identities.
  • 025.2 Information Confidentiality and Secure Communication
    The candidate should be able to keep confidential information and communication contents secret. This includes recognizing phishing and social engineering attempts, as well as using secure communication methods.