Introduction to Cybersecurity- CIA Triad, Separation of Duties, Org Structure
- Top Down and Bottom-up Approach
Information Availability- Recovery Time Objective/Recovery Point Objective/Maximum Tolerable Downtime, SLA
- Disclosure, Alteration, and Destruction of Data
- IAAAA protocols
- Identification, Authentication, Authorization, Accountability, and Auditing
Corporate Governance and Plans- Introduction to Corporate Governance
- Strategic, Tactical, and Operational Plans
- Policies, Standards, Procedures, and Guidelines
Data Protection Mechanism- Data Layering, Abstraction, Data Hiding, Encryption
- Data Classification Methodologies
- Confidential, Sensitive, Top Secret, Private, Public, Unclassified
Risk Management- Asset Management, Threat and Vulnerability
- Threat, Threat Agent, Exploit, Quantitative and Qualitative Risk Assessment
- Risk Management Lifecycle
- Assessment, Analysis, Mitigation, and Response
- Risk Management Framework
- ISO27001, ISO31000, ISO27000, Steps involved in Risk Management Framework
Internal Controls- Preventive, Detective, and Corrective Controls
- Threat Identification Model
- STRIDE
- DREAD
Disaster Recovery and Business Continuity Management
- Contingency Plans, BCP Documentation, and DR Documentation
- Types of Tests
Information Systems Laws- Criminal, Civil, and Administrative Laws
-
Computer Security Act, Computer Fraud and Abuse Act, Government
Information Security Reform Act, Federal Information Security Management
Act
Information Systems Regulations- PCI-DSS, GDPR, HIPAA, Hi-Trust, SOX, ISO Series etc.
Intellectual Property- Copyright, Trademark, Patents, Trade Secrets
Data Security Controls and Data Ownership- Data in Use, Data in Rest, Data in Transit
- Data Custodian, Data Processor, Data Controller, System Owners, Administrators, End Users
Data Destruction Mechanism- Sanitize, Degaussing, Erase, Overwrite
Security Architecture Framework and Security Models-
Zachman Framework, Sherwood Applied Business Security Architecture
(SABSA), Information Technology Infrastructure Library (ITIL)
- State Machine Models, Multilevel Lattice Models, Information Flow Models
Mobile Security- Device Encryption
- Remote Wiping, Remote Lockout
- Internal Locks (Voice, Face Recognition, Pattern, PIN, Password)
- Application Installation Control, Asset Tracking (IMEI)
- Mobile Device Management, Removable Storage (SD CARD, Micro SD etc.)
IoT and Internet Security- Network Segmentation (Isolation), Logical Isolation (VLAN), Physical Isolation (Network Segments)
- Application Firewalls, Firmware Updates
Physical Security- Various Threats to Physical Security
System Virtualization- Guest OS, Virtualization Threats, Cloud Computing Models, Cloud Computing Threats
Web Security
- OWASP, OWASP Top 10, SQL Injection, XSS, CSRF
Cryptography- Goals of Cryptography, Symmetric and Asymmetric Encryption, Decryption, Digital Signature, Hashing
- Cryptography Algorithms (DES, AES, IDEA, Twofish)
Network Security- OSI Model, Attacks in OSI Layers, Network Types, Network Methods and Standards, Hardware Devices
- VPN Protocols, Firewall and Perimeter Security
- Firewall, Types of Firewalls, DMZ, Honeypot, Honeynet
- Different Types of Network Attacks
- Virus, Worms, Logic Bomb, Trojan, Backdoor, Sniffing, Zero-Day Attack, Ransomware, Rootkit, Spyware, DoS, DDoS, Botnet etc.
Email Security- LDAP, SASL, S/MIME
Identity and Access Management- 3 Factor Authentication, SSO, Authorization, Federated Identity
- Access Control Models, Access Control Categories, Access Control Types
Vulnerability Assessment and Pen Test- Steps Involved, Test Types, Test Strategies, Reporting
Software Development and Testing- Development Models, Development Lifecycle, Testing Types, Code Review and Testing
Security Operations and Incident Management- Evidence Lifecycle, IDS, IPS, Backup, SIEM, Hardening Process
Threat Hunting and Attack Framework- Cyber Kill Chain Process, MITRE Attack Framework, Threat Hunting Benefits
Social Engineering Attacks- Phishing, Spear Phishing, Whaling, Piggybacking, Watering Hole