Overview
In today’s ever-evolving digital world, safeguarding information
is paramount. This course is designed to provide you with a
comprehensive understanding of information security principles,
tools, and strategies to effectively protect sensitive data,
mitigate risks, and stay ahead of cyber threats. Whether you're
a beginner or looking to deepen your knowledge, this course is
your gateway to mastering information security management.
What You'll Experience in This Course:
-
Interactive Learning: Engage in hands-on activities, case
studies, and quizzes to solidify your knowledge.
-
Up-to-Date Content: Includes the latest trends and insights,
such as the evolving cybersecurity landscape in 2024 and Zero
Trust architecture.
-
Expert Instruction: Learn from an experienced instructor with
a passion for information security and a track record of
helping students succeed.
What you will learn ?
Section 1: Information Security Principles
- The CIA Triad
- Authentication, Authorization, and Accounting (AAA)
- Defense in Depth
- Least Privilege
- Non-Repudiation
- Implicit Deny
- Legal and Regulatory Issues
- Information Security Governance
- Authentication Basics
- Identify Proofing
- General Password Rules
- Modern Password Guidelines
Section 2: Risk Management
- Introduction to Risk Management
- Exploring Risks and Threats
- Quantitative Risk Analysis
- Attack Surface Analysis
Section 3: Asset Management
- Identifying & Classifying Assets
- Understanding the Asset Lifecycle
- Data Retention
- Understanding Data States
Section 4: Access Control
- Access Control
- Physical and Logical Access Controls
- Access Control Models
Section 5: IT Auditing
- Introduction to IT Audits
- Role of IT Audits
- Benefits of IT Audits
- Risk of Not Performing IT Audits
- IT Audit Process and Phases
- Audit and Control Objectives
- Gathering Evidence
- Documenting and Reporting
- IT Audit Frameworks
Section 6: Compliance, Laws and Regulations
- What is Compliance?
- Achieving & Maintaining Compliance
- Laws, Regulations & Compliance Frameworks
Section 7: Security Malware Threats
- Buffer Overflows
- Viruses & Polymorphic Viruses
- Worms
- Trojan Horses
- Logic Bombs
- Spyware and Adware
- Ransomware
- Rootkits
- Zero Day Attacks
- Protecting Against Malware
Section 8: Additional Threats & Vulnerabilities
- Social Engineering
- Social Engineering Phone Impersonation Scenarios
- Social Engineering Phone Call Example #1
- Social Engineering Phone Call Example #2
- Social Engineering Phone Call Example #3
-
Social Engineering Phone Impersonation Scenarios Discussion
- Email Spam, Spoofing, Phishing and Pharming
- Protocol Spoofing
- Common Attack Methods
Section 9: Network Segmentation & Isolation
- Intro to Network Segmentation & Isolation
- Demilitarized Zone (DMZ)
- Basic Network Zones
- Virtual LANs (VLANs)
- Routers
- Network Address Translation (NAT)
- Access Control Lists (ACLs)
Section 10: Network Security
- Virtual Private Networks
- Firewalls
- Web Proxy Servers
- Honeypots
- Intrusion Detection & Prevention Systems
Section 11: Wireless Networking Security
- Wireless Encryption Standards
- Wireless Equivalent Privacy (WEP)
- Wi-Fi Protected Access (WPA)
- Wi-Fi Protected Access 2 (WPA2)
- Wi-Fi Protected Access 3 (WPA3)
- WPA Enterprise vs. Personal Mode
- Wireless Vulnerabilities & Security Measures
- Common Wireless Security Threats
Section 12: Security Assessment & Testing
- Vulnerability Assessments
- Penetration Testing
-
Interview with a Professional Ethical Hacker Blog Article
- Security Assessments
Section 13: Security Assessment Tools
- WireShark Network Sniffing
- Nmap Zenmap Network Scanner
- Tenable Nessus Vulnerability Scanner
- Ethical Hacking for Beginners (YouTube Series)
Section 14: Hardening Client Systems & Servers
- Hardening End-User Systems
- Hardening Servers
- Patch and Change Management
- Separation of Services
Section 15: Introduction to Cryptography
- Introduction to Cryptography
- Symmetric Encryption
- Asymmetric Encryption
- Hashing Algorithms
- Digital Certificates and Certificate Authorities
- Email Encryption Use Cases
- Windows Encrypted File System Use Case
- Revisiting VPN
- Software versus Hardware-Based Encryption
Section 16: Incident Response, Disaster Recovery and Business
Continuity
- Understanding Incidents and Disasters
- Incident Response
- Disaster Recovery and Business Continuity
Section 17: Application Development Security
- Importance of IT Security in Application Development
- Software Development Lifecycle (SDLC)
- Static and Dynamic Testing
- Authorization to Operate (ATO)
Section 18: Introduction to Zero Trust
- What is Zero Trust?
- Tenets of Zero Trust
- Why Do We Need Zero Trust?
- Digital Transformation & Zero Trust
- The NIST Zero Trust Architectural (ZTA) Model
- The State of Zero Trust
Section 19: Personnel Policies
- Acceptable Use
- Code of Ethics
- Mandatory Vacations
- Separation of Duties
- Job Rotation
- Education and Training
Vacancies on Top Job Websites