Cyber Security
Cyber Security
Cyber Security (known as Information Security) refers to the processes and tools designed and deployed to protect sensitive business information from unauthorized access or alterations, both when it's being stored and when it's being transmitted from one machine or physical location to in order to protect data from modification, disruption, destruction, etc. InfoSec is a crucial part of cyber security, but it refers exclusively to the processes designed for data security.
Learning Objectives
-
Understand the principles of Cyber (Information) security
-
Able to incorporate approaches for risk management and best practices in a corporate world
-
Gain familiarity with distributed system attacks, defenses against them, and forensics to investigate the understanding of cryptography.
-
Learn about Security essentials, Cryptography, Networks Security, Application Security, Data and Endpoint Security, Cloud Security, Cyber-attacks, and various other Security practices for businesses.
All Courses Idea
Introduction to Cyber (Information) Security
- What is Cyber (Information) Security
- Business Need for Cyber Security
- CIA Triad
- Essential Terms
- Asset
- Threat
- Risk
Hacking | Cyber Attacks
- Case study of recent attacks
- Vulnerability
- Zero-Day – Vulnerability / Attack
- Security Assessment types & terminology
- Phases of penetration testing ( Hacking )
- Reconnaissance
- Passive Reconnaissance
- Active Reconnaissance
- Scanning & Vulnerability assessment
- Exploitation
- Social Engineering & Techniques
- What is Social Engineering
- Social Engineering Techniques
- Phishing
- SMShing
- Whaling
- Dumpster Diving
- Shoulder Surfing
- Tailgating/ Piggy-backing
- Identity Theft
- Credential harvesting/ Password guessing
- Reconnaissance
Malware, Ransomware & Key-loggers
-
- What is malware
- Types of malware
- Virus
- Worms
- Trojans
- Rootkits
- Adware
- Spyware
- Ransomware
- Key-loggers
- Advance Persistent Threats
Preventive Measures
-
- Vulnerability management
- Application security & secure SDLC
- Patch management
- AV updates
- Back-up
- Security Awareness Training & security Policy
Risk Management
-
- What is Risk – Definition
- Consequences of Failing to Manage Risk
- Data/ Asset Classification
- Risk Assessment Methodology
- Risk Mitigation/ Treatment
- Residual Risks
- Risk Controls
Incident Handling Process
-
- Objectives of Incident Response
- Incident Handling Process
- Knowledge of events & incidents
- Types of incidents
- Roles & responsibilities
- Defined Contact List
- Breach Response Strategy
- Case Study
Governance, Risk & Compliance
-
- Compliance to Corp ISMS
- Brief Overview of ISO 27001 Clauses & Controls
- Incident Response & Business Continuity Management (BCM)
- Objectives of BCM
- Need for Contingency Planning
- BCM V/s DR
- Brief Overview of ISO 22301
- BCM Cycle
- Difference between PII & Personal Data
- What is Data Protection Law
- GDPR Awareness
- Compliance to Corp ISMS
Security Best Practices
-
- Password guidelines
- 2-Factor/ Multi-factor authentication
- Internet security guideline
- Email security guideline
- Identifying phishing emails
- Mobile device security threats & prevention
- Portable device/ media security threats & prevention
- Handling / Disposal of sensitive data (print/digital)
- Data classification & labeling
- Storage – encryption / hashing
- Disposal
- Physical Security
- Access controls
- Visitor management
- Clear desk policy
- Password guidelines