Cyber-Security

Duration: 8 weeks + 4weeks project
Language: English
Level: Beginners
Delivery Method: Online
Start Date: Jan 11, 2025
End Date: March 30th, 2025
Classes are weekends only

Overview

In today’s ever-evolving digital world, safeguarding information is paramount. This course is designed to provide you with a comprehensive understanding of information security principles, tools, and strategies to effectively protect sensitive data, mitigate risks, and stay ahead of cyber threats. Whether you're a beginner or looking to deepen your knowledge, this course is your gateway to mastering information security management.

What You'll Experience in This Course:

  • Interactive Learning: Engage in hands-on activities, case studies, and quizzes to solidify your knowledge.

  • Up-to-Date Content: Includes the latest trends and insights, such as the evolving cybersecurity landscape in 2024 and Zero Trust architecture.

  • Expert Instruction: Learn from an experienced instructor with a passion for information security and a track record of helping students succeed.

What you will learn ?

Section 1: Information Security Principles

  • The CIA Triad
  • Authentication, Authorization, and Accounting (AAA)
  • Defense in Depth
  • Least Privilege
  • Non-Repudiation
  • Implicit Deny
  • Legal and Regulatory Issues
  • Information Security Governance
  • Authentication Basics
  • Identify Proofing
  • General Password Rules
  • Modern Password Guidelines

Section 2: Risk Management

  • Introduction to Risk Management
  • Exploring Risks and Threats
  • Quantitative Risk Analysis
  • Attack Surface Analysis

Section 3: Asset Management

  • Identifying & Classifying Assets
  • Understanding the Asset Lifecycle
  • Data Retention
  • Understanding Data States

Section 4: Access Control

  • Access Control
  • Physical and Logical Access Controls
  • Access Control Models

Section 5: IT Auditing

  • Introduction to IT Audits
  • Role of IT Audits
  • Benefits of IT Audits
  • Risk of Not Performing IT Audits
  • IT Audit Process and Phases
  • Audit and Control Objectives
  • Gathering Evidence
  • Documenting and Reporting
  • IT Audit Frameworks

Section 6: Compliance, Laws and Regulations

  • What is Compliance?
  • Achieving & Maintaining Compliance
  • Laws, Regulations & Compliance Frameworks

Section 7: Security Malware Threats

  • Buffer Overflows
  • Viruses & Polymorphic Viruses
  • Worms
  • Trojan Horses
  • Logic Bombs
  • Spyware and Adware
  • Ransomware
  • Rootkits
  • Zero Day Attacks
  • Protecting Against Malware

Section 8: Additional Threats & Vulnerabilities

  • Social Engineering
  • Social Engineering Phone Impersonation Scenarios
  • Social Engineering Phone Call Example #1
  • Social Engineering Phone Call Example #2
  • Social Engineering Phone Call Example #3
  • Social Engineering Phone Impersonation Scenarios Discussion
  • Email Spam, Spoofing, Phishing and Pharming
  • Protocol Spoofing
  • Common Attack Methods

Section 9: Network Segmentation & Isolation

  • Intro to Network Segmentation & Isolation
  • Demilitarized Zone (DMZ)
  • Basic Network Zones
  • Virtual LANs (VLANs)
  • Routers
  • Network Address Translation (NAT)
  • Access Control Lists (ACLs)

Section 10: Network Security

  • Virtual Private Networks
  • Firewalls
  • Web Proxy Servers
  • Honeypots
  • Intrusion Detection & Prevention Systems

Section 11: Wireless Networking Security

  • Wireless Encryption Standards
  • Wireless Equivalent Privacy (WEP)
  • Wi-Fi Protected Access (WPA)
  • Wi-Fi Protected Access 2 (WPA2)
  • Wi-Fi Protected Access 3 (WPA3)
  • WPA Enterprise vs. Personal Mode
  • Wireless Vulnerabilities & Security Measures
  • Common Wireless Security Threats

Section 12: Security Assessment & Testing

  • Vulnerability Assessments
  • Penetration Testing
  • Interview with a Professional Ethical Hacker Blog Article
  • Security Assessments

Section 13: Security Assessment Tools

  • WireShark Network Sniffing
  • Nmap Zenmap Network Scanner
  • Tenable Nessus Vulnerability Scanner
  • Ethical Hacking for Beginners (YouTube Series)

Section 14: Hardening Client Systems & Servers

  • Hardening End-User Systems
  • Hardening Servers
  • Patch and Change Management
  • Separation of Services

Section 15: Introduction to Cryptography

  • Introduction to Cryptography
  • Symmetric Encryption
  • Asymmetric Encryption
  • Hashing Algorithms
  • Digital Certificates and Certificate Authorities
  • Email Encryption Use Cases
  • Windows Encrypted File System Use Case
  • Revisiting VPN
  • Software versus Hardware-Based Encryption

Section 16: Incident Response, Disaster Recovery and Business Continuity

  • Understanding Incidents and Disasters
  • Incident Response
  • Disaster Recovery and Business Continuity

Section 17: Application Development Security

  • Importance of IT Security in Application Development
  • Software Development Lifecycle (SDLC)
  • Static and Dynamic Testing
  • Authorization to Operate (ATO)

Section 18: Introduction to Zero Trust

  • What is Zero Trust?
  • Tenets of Zero Trust
  • Why Do We Need Zero Trust?
  • Digital Transformation & Zero Trust
  • The NIST Zero Trust Architectural (ZTA) Model
  • The State of Zero Trust

Section 19: Personnel Policies

  • Acceptable Use
  • Code of Ethics
  • Mandatory Vacations
  • Separation of Duties
  • Job Rotation
  • Education and Training

Vacancies on Top Job Websites