Curriculums

• Security Essentials

  Learning Objective: In this module, you will learn about the essential building blocks and basic concepts around cyber security such as Confidentiality, Integrity, Availability, Authentication, Authorization, Vulnerability, Threat & Risk and so on. In addition to these concepts, you will also explore the core topics such as Security Governance, Audit, Compliance and Security Architecture.

  Topics:

  Need of Cyber Security
  CIA Triad
  Vulnerability, Threat and Risk
  Risk Governance & Risk Management
  Security Architecture
  Security Governance
  Security Auditing
  Compliance
  Computer Security Architecture & Design

  Hands On/Demo::

  Data Breaches
  Internet Threat Scenario

• Cryptography

  Learning Objective: In this module you will learn, various forms of Cryptographic techniques, their pragmatic relevance & weaknesses. You will learn how cryptography, its components, methods and its usage are employed in the enterprise to store and transmit messages safely.

  Topics:

  Background of Cryptography
  Symmetric Cryptography
  Data Encryption Standard (DES)
  Triple-DES
  The Advanced Encryption Standard (AES)
  International Data Encryption Algorithm (IDEA)
  Blowfish
  RC4
  RC5
  RC6
  Asymmetric Cryptography
  The Diffie-Hellman Algorithm
  RSA
  Elliptic Curve Cryptosystems (ECC)
  Cryptographic Hash Functions
  Attacks against Encrypted Data
  Digital Certificates and its Format (X.509, X.500)
  Certificate Authority, Certificate Repository, Certificate Revocation lists
  Digital Certificate life cycle (Initialize, Issue, Cancel)

  Hands On/Demo::

  Image Steganography
  Hashing

• Computer Networks & Security

  Learning Objective: In this module, you will glance over various aspects related to Computer Networks and in-parallel delve into understanding the weaknesses & concepts around securing the networks.

  Topics:

  Network architecture, protocols, and technologies: Layered architecture, Open Systems Interconnect (OSI) Model
  Transmission Control Protocol/Internet Protocol (TCP/IP)
  Hybrid TCP/IP Model
  Application Layer Protocols: HTTP, SNMP, DNS, POP, SMTP
  Transport layer protocols: Transmission Control Protocol (TCP), User Datagram Protocol (UDP)
  Network/Internet layer protocols: Internet Protocol (IP) v4, IPv6, IPsec protocols
  Link layer protocols: Address Resolution Protocol (ARP) / Reverse ARP / Proxy ARP, Ethernet, VLAN

  Hands On/Demo::

  Sniffer
  IP Address

• Application Security

  Learning Objective: In this module, you learn the importance of Application level security. You will glance over various known application weaknesses, techniques to attack them and various controls/ solutions to these vulnerabilities. You will also get an overview of Secure SDLC methodology.

  Topics:

  Importance of Application Security
  OWASP Top 10 web application vulnerabilities
  SSDLC (Secure Software Development Life Cycle)

  Hands On/Demo::

  SQL Injection
  Buffer Overflow

• Data & Endpoint Security

  Learning Objective: In this module, you will glance over, various aspects related to data and endpoint (host) security. This being a primary need, is a very crucial topic.

  Topics:

  Data Security
  Data Security Controls
  Endpoint Security
  Host/ Endpoint Security Controls

  Hands On/Demo::

  Computer Monitoring
  System Recovery

• IdAM (Identity & Access Management)

  Learning Objective: Identity and access management (IdAM) is the security discipline that enables the appropriate individuals to access the right resources at the right times for the right reasons. IdAM addresses the mission-critical need to ensure appropriate access to resources across increasingly heterogeneous technology environments, and to meet the increasingly rigorous compliance requirements. This security practice is a crucial undertaking for any enterprise. Enterprises that develop mature IAM capabilities can reduce their identity management costs and more importantly, become significantly more responsive in supporting new business initiatives.

  In this module you will glance over, various aspects related to the principle of Identity & Access Management. This covers various intricacies around concepts of Authorization, Authentication, Identity & access management and its benefits to an enterprise.

  Topics:

  Authorization
  Authentication
  Access Control
  Privilege levels
  IAM life cycle
  Identity & Access Management Process and activities (Role Based, Single Sign on)

  Hands On/Demo::

  Password Management
  Phishing

• Cloud Security

  Learning Objective: In this module you will glance over a vast topic of securing the cloud! You will first have an overview of types of cloud infrastructure and then delve into security concerns & potential solutions.

  Topics:

  Cloud Computing Architectural Framework
  Concerns & Best Practices
  Governance and Enterprise Risk Management
  Legal Issues: Contracts and Electronic Discovery
  Compliance and Audit Management
  Information Management and Data Security
  Interoperability and Portability
  Traditional Security, Business Continuity, and Disaster Recovery
  Data Centre Operations
  Incident Response
  Application Security
  Encryption and Key Management
  Identity, Entitlement, and Access Management
  Virtualization
  Security as a Service

  Hands On/Demo::

  Virtual Machine
  Cloud based Application Vulnerabilities

• Security Processes in practice for Businesses

  Note: This is a self-paced module

  Learning Objective: A business primarily is about making profits via achieving set targets and by catering best to customers and keeping shareholders and investors happy. This involves huge number of complex and interdependent discrete processes to run smoothly, efficiently and in a well monitored way. Today IT being one of the core enablers & also an increasingly major business platforms – threats are more than likely to cause enough disruption that may cause the business to derail completely.

  In this module we will glance over a variety of such business processes – to appreciate the relation, applicability and practicability of various information/ cyber security and risk management concepts that may be put in place to help the business stay predictable, safer and within a controlled cyber risk profile thereby enabling it to continue chasing its set targets.

  Topics:

  Key Security Business Processes
  Corp. & Security Governance
  IT Strategy management
  Portfolio/Program/Project management
  Change management
  Supplier (third party) management
  Problem management
  Knowledge management
  Info-sec management
  BCP
  IT Operations management
  Overview of top 20 security controls

  Hands On/Demo::

  Honeypot
  Website Mirroring