September 24 2019 CERTIFIED CYBER SECURITY SPECIALIST 0 Adapting to evolving standards Information security standards (e.g. PCI-DSS/ISO27001)Documented tools:ISO/IEC 27001PAS 555Control Objectives for Information and Related Technology (COBIT)Future standardsISO/IEC 2018EU privacy regulationsLocal and international government stipulations implicating access to private data Principles of IT security Enterprise securityExternal defensesWeb filteringIntruder Prevention Systems (IPS)Intruder Detection Systems (IDS)FirewallsSecure codeSoftware Development Lifecycles (SDL)Potential insecurities within developed applicationsWiFi security protocols and attributesVoice over IP (VoIP) securityGovernance Risk and Compliance (GRC)Security Incident Event Management (SEIM) applicationsCloud securityThird party security and compliance Adopting cyber security measures Employee perception on security through Neuro Linguistic Programing (NLP)Security education and awareness: techniques, systems, and methodologiesPenetration testingEthical hackingOptions to mitigate viruses, malware, active code threats and Active Persistent Threats (APT)The Computer Incident Response Team (CSIRT) frameworks, tools and capabilitiesIncident first response: proven methodologies, tools, and systemsThe science of applying robust digital forensics: applicable law, capabilities, and methodologiesSupervisory Controls and Data Acquisition (SCADA); security requirements, processes and methodologiesAbuse images: complying with local and international law Building cyber security teams Creation and management of a Secure Operations Center (SOC)Development of the Corporate Security Organization FrameworkFormulation and deployment of a Computer Security Incident Response Team (CSIRT)Bespoke Security Incident and Event System (SIEM) for the operational deploymentRisks associated with I/O Security (e.g. USBs, CDs, other forms of media)Risks of Active Code Injection, and mitigation techniques Advanced cyber risks and tools Cybercrime and the darknet/darkweb: the world of the hackers/hacktivistsThe underground of cyber criminalitySocial engineering as a tool to test operational resilienceOpen Source Intelligence (OSINT)Cyber threat intelligenceOpen source and commercial security toolsThe operational use of encryptionVirtual private networks Steganography - Techniques used to hide hacking tools and malware on networks Command line and tools used to identify and extract dangerous files and contain malware and hacking applicationsThe 1-10-60 Rule to identify and contain dangerous hidden applicationsAlternate Data Streams (ADS) and the threats they can pose under an NTFS environmentLeveraging ADS to hide undetectable malware within an operational network
September 24 2019 IT SYSTEMS: IDENTITY AND ACCESS MANAGEMENT 0 Introduction and principles of information security Identity and access management (IAM) overview Attributes of information security: Confidentiality Integrity Availability Non-repudiation Accountability Auditability Symmetric and asymmetric cryptography Hashing and digital signature Key management Public Key Infrastructure (PKI) Architecture: certification and registration authority Life cycle management Types of certificates and usage patterns Encryption Digital signature Client certificate SSL server certificate Attribute based certificate Case studies (e.g. email protection, mobile banking, and document signing) Identification and authentication Identification, verification and authentication overview Mechanisms of identification and authentication One-time password Biometric Digital signature Smartcard Soft/hard tokens Mobile device Risk based authentication Step-up authentication Single-sign on and federated single-sign-on OATH, OpenID, BorwserID, and SAML Architecture framework and industrial tools Trusted computing role in identity assurance Security risks associated with the discussed mechanisms Access control Principles of authorization Access control schemes OAuth protocol Enterprise rights management and digital rights management Privileged account management Governance and compliance IAM framework and use cases IAM architecture framework IAM echo system IAM and cloud computing Illustrative use cases Border control E-passport National ID E-banking E-health system EMV scheme
September 23 2019 IT MANAGEMENT EXCELLENCE 0 Business and IT strategy Business strategyWhat is strategy?Solving the problems of business strategyLeading approaches to creating top level strategyCase study ‘Setting corporate direction’IT strategyA proven process for IT strategyAligning IT strategy to business prioritiesBalanced scorecard IT objectivesEnterprise architecture in IT strategyLooking for a better way — optimizing IT strategyStrategic plans — plot on a pageCommunicating strategy Project excellence Advanced project, program and portfolio managementValidating project business cases using investment appraisals and sensitivity analysisIT project management wisdom — lessons learned from successful and failed projectsEffective project governance and reportingProject portfolio management guidelinesThe first 90 daysMaking an impact — the first 90 daysStrategic importance and tactical urgencyCase study ‘Priorities of the new IT director’Business change leadershipThe emotional cycle of business changeGuidelines for successful change projectsIT\’s unique role in business change management Communicating technology Communication skillsThe art of communicating technologyPresenting IT to non-technical audiencesCreating a compelling technology message — IT’s elevator pitchHandling difficult (IT) situations — forum theatre and role playGroup debate — What has IT ever done for us?Business relationship managementBusiness relationship scenariosThe POSTMAN technique for identifying priority business requirementsThe advanced use of questioning strategies – opening and closing dialogueMethods of influencing outcomes Operational and crisis management Continual Service Improvement (CSI) modelsOverview of different frameworks, including ITIL, Six Sigma and Lean ITTechniques of root cause analysisCSI examples and guidelinesCrisis leadershipPreparing for major (technology) incidentsManaging major incidentsLeading in crisis — the art of communicationRole play ‘Handling difficult situations’ — media simulation Commercial acumen VendorsMaking good decisionsAvoiding supplier pitfallsChoosing good technology partnersCreating a culture of partnershipHarnessing vendor innovationEssentials of IT contracts Contract guidelines for successful ITGetting what you want from your legal teamDesigning contract flexibilityManaging IT contract portfoliosIT negotiation strategyCreating a negotiation strategyRational supporting argumentsAgreeing final positions and BATNANegotiating as a teamDelivering better negotiated outcomesNegotiation role plays and case studies
September 23 2019 IT AUDITING AND IT FRAUD DETECTION 0 Defining fraud Defining fraudIdentifying who commits fraudFraud auditingFraud awarenessComputer fraud Computer fraud and control Definition of computer fraudFraud opportunitiesNature of computer fraudOpportunities in advanced technologyInternet fraudStopping the hackersWhat is predication and how does it work Abilities of the IT fraud auditor Goals and objectives of the IT fraud auditorWhat makes a good IT auditorFinding the right auditorProgression of the fraud examinationThe auditor’s toolkit Types and nature of common frauds Types of fraudMisappropriation of goodsMisappropriation of cashFalsification of booksMethods of detectionComputer fraudControlling computer fraud The auditor in court EvidenceRelevance of evidenceExclusion of the evidenceThe chain of custody Investigating by computer Document collection and analysisInterviewing skillsDocumenting evidenceTestifying as a witness
September 23 2019 ETHICAL HACKING 0 Introduction to Ethical Hacking Short History of hackingCurrent developmentsEvolution and growthWhat is an “Ethical” HackerTypes of hackersHacking methodologiesKey issues plaguing the information security worldPenetration testingSystem fundamentalsIncident management processes Identifying the systems at risk Wireless networkingMobile platform security guidelinesMobile platform security toolsWeb serversWeb applicationsFootprinting toolsFootprinting reconnaissanceScanning networksEnumeration of services System hacking techniques and countermeasures Types of TrojansWorking of virusesComputer wormsCovert channelsSniffersSocial engineeringDenial of Service (DoS)CryptographyPublic Key Infrastructure (PKI)Cryptanalysis tools Hacking your own system Gaining access to a systemSession hijackingWireless hacking toolsHacking mobile platformsStructured Query Language (SQL) injectionEvading an Intrusion Detection System (IDS)FirewallsHoneypots Penetration testing Types of penetration testingVulnerability assessmentPenetration testing roadmap
September 23 2019 DIGITAL FORENSICS AND CYBER INVESTIGATIONS 0 Digital forensics – background and legal practices Introduction to the science of forensicsTerms and definitionsChain of digital crimeThe background of digital crimeCase histories of real-life casesDigital forensics – lawDigital forensics – legislationStandards of digital forensicsFundamentals of digital forensicsThe risks faced by organizations The digital forensics response framework The first responder digital forensics toolkitScene of digital crime managementThe Secure Operations Centre (SOC)The CSIRT (Computer Security Incident Response Team)Roles and responsibilitiesImplementing a frameworkCase management Collecting and processing digital evidence Domain Name System (DNS)Extended security infrastructuresInvestigating mobile technologiesAcquisition of digital evidence and artifactsHandling of digital evidence and artifactsProcessing of digital evidence and artifactsCase management protocolsWireless protocolsSupporting technologiesReporting practices Investigations of internal and external digital crimes OSINT (Open Source Intelligence)Its place in the digital forensic investigationDefining internal crimes Defining external crimesChild exploitation and investigationsMalicious applicationsRansomwareAnti-forensics capabilitiesDigital forensics and terrorism