Cyber Security Training

Course Schedule – Topics & Activities

Cybersecurity Introduction & Overview

• Introduction to Cybersecurity

o The evolution of Cybersecurity

o Cybersecurity & situational awareness

o The Cybersecurity skills gap

• Difference between Information Security & Cybersecurity

o Protecting digital assets

• Cybersecurity objectives

o Confidentiality, integrity, & availability

o Nonrepudiation

• Cybersecurity roles

o Governance, risk management, & compliance

o What does a Cybersecurity professional do?

o Information Security roles

o Board of Directors

o Executive management

o Senior Information security management

o Cybersecurity practitioners

• Cybersecurity domains

o Cybersecurity concepts

o Security architecture principles

o Security of networks, systems, applications, & data o Incident response

o Security implications & adoption of evolving technology

Cybersecurity Concepts

• Risk

o Approaches to Cybersecurity

o Key terms & definitions

o Likelihood & impact

o Approaches to risk

o Third-party risk

o Risk management

• Common attack types & vectors o Threat agents

o Attack attributes

o Generalized attack process o Nonadversarial threat events o Malware & attack types

• Policies & procedures

o Policy life cycle

o Guidelines

o Policy frameworks

o Types of Information Security policies

o Access control policy

o Personnel Information Security policy

o Security incident response policy

• Cybersecurity controls

o Identity management

o Provisioning & de-provisioning o Authorization

o Access control lists

o Privileged user management o Change management

o Configuration management o Patch management

Security Architecture Principles

• Overview of security architecture o The security perimeter o Interdependencies

o Security architectures & frameworks o SABSA & the Zachman framework

o The open group architecture framework (TOGAF)

• The OSI model

o TCP/IP

• Defense in Depth

• Firewalls

o Firewall general features

o Network firewall types

o Packet filtering firewalls

o Stateful inspection firewalls

o Stateless vs. stateful

o Examples of firewall implementations

o Firewall issues

o Firewall platforms

• Isolation & segmentation o VLANs

o Security zones & DMZs

• Monitoring, detection, and logging

o Ingress, egress, & data loss prevention (DLP)

o Antivirus & anti-malware

o Intrusion detection systems

o IDS limitations

o IDS policy

o Intrusion prevention systems

• Cryptography Fundamentals

o Key elements of cryptographic systsms

o Key systems

• Encryption techniques

o Symmetric (private) key encryption

o Asymmetric (private) key encryption

o Elliptical curve cryptography

o Quantum cryptography

o Advanced encryption standard

o Digital signature

o Virtual private network

o Wireless network protections

o Stored data

o Public key infrastructure

• Encryption applications

o Applications of cryptographic systems

Security of Networks, Systems, Applications, & Data

• Process controls – risk assessments o Attributes of risk

o Risk response workflow o Risk analysis

o Evaluating security controls
o Risk assessment success criteria

o Managing risk

o Using the results of the risk assessment

• Process controls – vulnerability management o Vulnerability management

o Vulnerability scans

o Vulnerability assessment
o Remediation

o Reporting & metrics

• Process controls – penetration testing

o Penetration testers

o Penetration testing phases

• Network security

o Network management

o LAN/WAN security

o Network risks

o Wireless local area networks

o Wired equivalent privacy & Wi-Fi protected access (WPA/WPA2)

o Ports & protocols

o Port numbers

o Protocol numbers & assignment services

o Virtual private networks

o Remote access

• Operating system security

o System/platform hardening

o Modes of operations

o File system permissions

o Credentials & privileges

o Command line knowledge

o Logging & system monitoring

o Virtualization

o Specialized systems

• Application security

o System development life cycle (SDLC)

o Security within SDLC

o Design requirements

o Testing

o Review process

o Separation of development, testing, & production environments o OWASP top ten

o Wireless application protocol (WAP)

• Data security

o Data classification

o Data owners

o Data classification requirements

o Database security

Incident Response

• Event vs. incident

o Events vs. incident

o Types of incidents

• Security incident response

o What is incident response?

o Why do we need incident response?

o Elements of an incident response plan

o Security event management

• Investigations, legal holds, & preservation o Investigations

o Evidence preservation o Legal requirements

• Forensics

o Data protection

o Data acquisition

o Imaging

o Extraction

o Interrogation

o Ingestion/normalization

o Reporting

o Network traffic analysis

o Log file analysis

o Time lines

o Anti-forensics

• Disaster recovery & business continuity plans

o What is a disaster?

o Business continuity & disaster recovery

o Business impact analysis

o Recovery time objectives (RTO)

o Recover point objective (RPO)

o IS business continuity planning

o Recovery concepts

o Backup procedures

Security Implications & Adoption of Evolving Technology

• Current threat landscape

• Advanced persistent threats (APTs)

o Evolution of the threat landscape

o Defining APTs

o APT characteristics

o APT targets

o Stages of an APT attack

• Mobile technology – vulnerabilities, threats, & risk o Physical risk

o Organizational risk o Technical risk

o Activity monitoring & data retrieval o Unauthorized network connectivity

o Web view/user interface (UI) impersonation o Sensitive data leakage

o Unsafe sensitive data storage

o Unsafe sensitive data transmission o Drive-by vulnerabilities

• Consumerization of IT & mobile devices

o BYOD

• Cloud & digital collaboration

o Risk of cloud computing

o Web application risk

o Benefits of cloud computing