Introduction to Cybersecurity- CIA Triad, Separation of Duties, Org Structure
- Top Down and Bottom-up Approach
Information Availability- Recovery Time Objective/Recovery Point Objective/Maximum Tolerable Downtime, SLA
- Disclosure, Alteration, and Destruction of Data
- IAAAA protocols
- Identification, Authentication, Authorization, Accountability, and Auditing
Corporate Governance and Plans- Introduction to Corporate Governance
- Strategic, Tactical, and Operational Plans
- Policies, Standards, Procedures, and Guidelines
Data Protection Mechanism- Data Layering, Abstraction, Data Hiding, Encryption
- Data Classification Methodologies
- Confidential, Sensitive, Top Secret, Private, Public, Unclassified
Risk Management- Asset Management, Threat and Vulnerability
- Threat, Threat Agent, Exploit, Quantitative and Qualitative Risk Assessment
- Risk Management Lifecycle
- Assessment, Analysis, Mitigation, and Response
- Risk Management Framework
- ISO27001, ISO31000, ISO27000, Steps involved in Risk Management Framework
Internal Controls- Preventive, Detective, and Corrective Controls
- Threat Identification Model
- STRIDE
- DREAD
Disaster Recovery and Business Continuity Management
- Contingency Plans, BCP Documentation, and DR Documentation
- Types of Tests
Information Systems Laws- Criminal, Civil, and Administrative Laws
-
Computer Security Act, Computer Fraud and Abuse Act, Government
Information Security Reform Act, Federal Information Security Management
Act
Information Systems Regulations- PCI-DSS, GDPR, HIPAA, Hi-Trust, SOX, ISO Series etc.
Intellectual Property- Copyright, Trademark, Patents, Trade Secrets
Data Security Controls and Data Ownership- Data in Use, Data in Rest, Data in Transit
- Data Custodian, Data Processor, Data Controller, System Owners, Administrators, End Users
Data Destruction Mechanism- Sanitize, Degaussing, Erase, Overwrite
Security Architecture Framework and Security Models-
Zachman Framework, Sherwood Applied Business Security Architecture
(SABSA), Information Technology Infrastructure Library (ITIL)
- State Machine Models, Multilevel Lattice Models, Information Flow Models
Mobile Security- Device Encryption
- Remote Wiping, Remote Lockout
- Internal Locks (Voice, Face Recognition, Pattern, PIN, Password)
- Application Installation Control, Asset Tracking (IMEI)
- Mobile Device Management, Removable Storage (SD CARD, Micro SD etc.)
IoT and Internet Security- Network Segmentation (Isolation), Logical Isolation (VLAN), Physical Isolation (Network Segments)
- Application Firewalls, Firmware Updates
Physical Security- Various Threats to Physical Security
System Virtualization- Guest OS, Virtualization Threats, Cloud Computing Models, Cloud Computing Threats
Web Security
- OWASP, OWASP Top 10, SQL Injection, XSS, CSRF
Cryptography- Goals of Cryptography, Symmetric and Asymmetric Encryption, Decryption, Digital Signature, Hashing
- Cryptography Algorithms (DES, AES, IDEA, Twofish)
Network Security- OSI Model, Attacks in OSI Layers, Network Types, Network Methods and Standards, Hardware Devices
- VPN Protocols, Firewall and Perimeter Security
- Firewall, Types of Firewalls, DMZ, Honeypot, Honeynet
- Different Types of Network Attacks
- Virus, Worms, Logic Bomb, Trojan, Backdoor, Sniffing, Zero-Day Attack, Ransomware, Rootkit, Spyware, DoS, DDoS, Botnet etc.
Email Security- LDAP, SASL, S/MIME
Identity and Access Management- 3 Factor Authentication, SSO, Authorization, Federated Identity
- Access Control Models, Access Control Categories, Access Control Types
Vulnerability Assessment and Pen Test- Steps Involved, Test Types, Test Strategies, Reporting
Software Development and Testing- Development Models, Development Lifecycle, Testing Types, Code Review and Testing
Security Operations and Incident Management- Evidence Lifecycle, IDS, IPS, Backup, SIEM, Hardening Process
Threat Hunting and Attack Framework- Cyber Kill Chain Process, MITRE Attack Framework, Threat Hunting Benefits
Social Engineering Attacks- Phishing, Spear Phishing, Whaling, Piggybacking, Watering Hole
Note: **The topics said above are only the short blueprint of the syllabus. On the off chance that you feel that we have missed any subject, you can simply come to us and learn it, or simply call us to affirm
Call at 8010911256 | 8485846227 WebAsha Provides Best Online [Live Interactive Class] / Calssroom with practical based hands-on Cyber Security Course Training and Certification in Pune and near by area. Get Course Details, Certification Cost, Fees, Syllabus, Duration, Batch Timings, Exam Preparation, workshops in Pune, Mumbai, Delhi NCR, Noida, Gurugram (Gurgaon), Hyderabad, Bengaluru (Bangalore), India, UK, USA, UAE, Dubai, Singapore, and Australia