Comprehensive Information Security & Cyber Security

Introduction

The course provides delegates with a high-level understanding of how to protect an organization from cyber-attacks and provides an overview of the threats facing organizations and the basics of Information Security techniques and controls to help protect against those threats. 

You will gain a global perspective of the challenges of designing a secure system, touching on all the cyber roles needed to provide a cohesive security solution. Through the lecture, you will learn about current threat trends across the Internet and their impact on organizational security. You will review standard cybersecurity terminology and compliance requirements, examine sample exploits, and gain hands-on experience mitigating controls.

Course Objectives

• Understand the cyber threats and vulnerabilities in organisations.
• Understand the basic Information Security techniques and controls to protect organsations from cyber attacks.
• Understand the basics of an Information Security Management System (ISMS).
• Explore different data protection principles.
• Explore social engineering threats, methods, and techniques.
• Examine software vulnerabilities and security solutions for reducing the risk of exploitation.
• Identify physical security controls and the relationship between physical and IT security.

Course Outlines

Day 1: Cybersecurity Awareness

• What is security?
• Confidentiality, integrity, and availability
• Security baselining
• Security concerns: Humans
• Types of threats
• Security controls
• What is hacking?
• Risk management
• Data in motion vs. data at rest

Day 2: Network Discovery

• Networking review
• Discovery, footprinting, and scanning
• Common vulnerabilities and exposures
• Security policies
• Vulnerabilities.

Day 3: Security Architecture

• Security architecture
• Network devices
• Network zones
• Network segmentation
• Network Address Translation
• Network Access Control.

Day 4: Data Security

• Cryptography
• Principles of permissions
• Steganography
• Module review

Day 5: Identity Management

• What is identity management?
• Personally identifiable information
• Authentication factors
• Directory services
• Password policies
• Cracking passwords
• Password assessment tools
• Password managers
• Group accounts
• Service accounts
• Federated identities
• Identity as a Service
• Module review

Day 6: Network Hardening

• Limiting remote admin access
• Administrative access
• Simple Network Management Protocol
• Network segmentation
• Limiting physical access
• Establishing secure access
• Network devices
• Fundamental device protection summary
• Traffic filtering best practices.

Day 7: Software Security

• Software engineering
• Security guidelines
• Software vulnerabilities
• Environment Monitoring
• Monitoring/logging benefits.
• Metrics

Day 8: Physical Security

• What is physical security?
• Defense in depth
• Types of physical security controls
• Device security
• Human security
• Security policies
• Equipment tracking
• Module review

Day 9: Incident Response

• Disaster types
• Incident investigation tips
• Business continuity planning
• Disaster recovery plan
• Forensic incident response
• Module review

Day 10: Trends in Cybersecurity

• Cybersecurity design constraints
• Cyber driving forces
• How connected are you?
• How reliant on connectivity are you?
• Identity management
• Cybersecurity standards.
• Cybersecurity training.